2020-04-26 15:37:26 +00:00
|
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
|
|
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
|
|
|
|
2020-04-27 18:50:29 +00:00
|
|
|
|
{ pkgs, ... }:
|
2020-04-26 15:37:26 +00:00
|
|
|
|
|
2020-06-12 22:31:49 +00:00
|
|
|
|
let
|
|
|
|
|
vars = import ./lib/vars.nix;
|
|
|
|
|
unstable = import <unstable> { };
|
2020-04-28 13:22:01 +00:00
|
|
|
|
|
|
|
|
|
in {
|
2020-06-12 22:31:49 +00:00
|
|
|
|
disabledModules = [
|
|
|
|
|
# Replaced with unstable for additional exporters.
|
|
|
|
|
"services/monitoring/prometheus/exporters.nix"
|
|
|
|
|
];
|
|
|
|
|
|
2020-04-26 15:37:26 +00:00
|
|
|
|
imports = [
|
|
|
|
|
# Hardware configuration.
|
|
|
|
|
./hardware-configuration.nix
|
2020-04-26 15:42:29 +00:00
|
|
|
|
|
|
|
|
|
# Base system configuration.
|
2020-04-26 15:59:10 +00:00
|
|
|
|
./lib/nix.nix
|
2020-04-26 15:50:56 +00:00
|
|
|
|
./lib/system.nix
|
2020-04-26 15:42:29 +00:00
|
|
|
|
./lib/users.nix
|
2020-04-26 18:42:41 +00:00
|
|
|
|
./lib/node_exporter.nix
|
2020-04-26 20:01:05 +00:00
|
|
|
|
|
|
|
|
|
# Service configuration.
|
|
|
|
|
./prometheus.nix
|
2020-05-28 16:29:19 +00:00
|
|
|
|
|
2020-06-12 22:31:49 +00:00
|
|
|
|
# Unstable or out-of-tree modules.
|
|
|
|
|
<unstable/nixos/modules/services/monitoring/prometheus/exporters.nix>
|
2020-05-28 16:29:19 +00:00
|
|
|
|
];
|
|
|
|
|
|
2020-06-12 22:31:49 +00:00
|
|
|
|
# Overlays for unstable and out-of-tree packages.
|
2020-05-28 16:29:19 +00:00
|
|
|
|
nixpkgs.overlays = [
|
|
|
|
|
(self: super: {
|
2020-06-12 22:34:48 +00:00
|
|
|
|
prometheus-apcupsd-exporter = unstable.prometheus-apcupsd-exporter;
|
2020-06-12 22:31:49 +00:00
|
|
|
|
prometheus-keylight-exporter = unstable.prometheus-keylight-exporter;
|
2020-05-28 16:29:19 +00:00
|
|
|
|
})
|
2020-04-26 15:37:26 +00:00
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
|
# Host name and ID.
|
|
|
|
|
hostName = "servnerr-3";
|
|
|
|
|
hostId = "efdd2a1b";
|
|
|
|
|
|
|
|
|
|
# No local firewall.
|
|
|
|
|
firewall.enable = false;
|
|
|
|
|
|
|
|
|
|
# Set up a bridge interface for VMs which is tagged into a lab VLAN.
|
|
|
|
|
bridges.br0.interfaces = [ "enp6s0" ];
|
|
|
|
|
|
|
|
|
|
# Use DHCP for all interfaces, but force the deprecated global setting off.
|
|
|
|
|
useDHCP = false;
|
|
|
|
|
interfaces = {
|
2020-05-28 17:35:32 +00:00
|
|
|
|
# 1GbE on management.
|
2020-04-26 15:37:26 +00:00
|
|
|
|
enp5s0.useDHCP = true;
|
2020-05-28 17:35:32 +00:00
|
|
|
|
|
|
|
|
|
# 10GbE VLAN.
|
2020-06-07 15:02:58 +00:00
|
|
|
|
enp11s0 = {
|
|
|
|
|
mtu = 9000;
|
|
|
|
|
useDHCP = true;
|
|
|
|
|
};
|
2020-05-28 17:35:32 +00:00
|
|
|
|
|
|
|
|
|
# 1GbE on Lab VLAN.
|
2020-04-26 15:37:26 +00:00
|
|
|
|
br0.useDHCP = false;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
boot = {
|
|
|
|
|
# Use the systemd-boot EFI boot loader.
|
|
|
|
|
loader = {
|
|
|
|
|
systemd-boot.enable = true;
|
|
|
|
|
efi.canTouchEfiVariables = true;
|
|
|
|
|
};
|
|
|
|
|
|
2020-04-26 17:52:05 +00:00
|
|
|
|
# Enable ZFS.
|
2020-04-26 15:37:26 +00:00
|
|
|
|
supportedFilesystems = [ "zfs" ];
|
2020-04-26 17:52:05 +00:00
|
|
|
|
|
2020-05-18 01:06:22 +00:00
|
|
|
|
# Latest Linux kernel for better hwmon support.
|
|
|
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
|
kernelModules = [ "drivetemp" ];
|
|
|
|
|
|
2020-04-26 17:52:05 +00:00
|
|
|
|
kernelParams = [
|
|
|
|
|
# Enable serial console.
|
|
|
|
|
"console=ttyS0,115200n8"
|
|
|
|
|
# 24GiB ZFS ARC.
|
|
|
|
|
"zfs.zfs_arc_max=25769803776"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Start getty over serial console.
|
|
|
|
|
systemd.services."serial-getty@ttyS0" = {
|
|
|
|
|
enable = true;
|
2020-04-26 18:14:17 +00:00
|
|
|
|
# Make sure agetty spawns at boot and always restarts whenever it
|
|
|
|
|
# exits due to user logout.
|
2020-04-26 17:52:05 +00:00
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
2020-04-26 18:37:39 +00:00
|
|
|
|
serviceConfig = { Restart = "always"; };
|
2020-04-26 15:37:26 +00:00
|
|
|
|
};
|
|
|
|
|
|
2020-05-09 01:44:10 +00:00
|
|
|
|
# Scale down CPU frequency when load is low.
|
|
|
|
|
powerManagement.cpuFreqGovernor = "ondemand";
|
|
|
|
|
|
2020-04-26 15:55:40 +00:00
|
|
|
|
# Packages specific to this machine. The base package set is defined in
|
|
|
|
|
# lib/system.nix.
|
|
|
|
|
environment.systemPackages = with pkgs; [ zfs ];
|
2020-04-26 15:37:26 +00:00
|
|
|
|
|
|
|
|
|
services = {
|
2020-04-27 17:23:49 +00:00
|
|
|
|
apcupsd.enable = true;
|
|
|
|
|
|
2020-04-26 15:37:26 +00:00
|
|
|
|
grafana = {
|
|
|
|
|
enable = true;
|
|
|
|
|
# Bind to all interfaces.
|
|
|
|
|
addr = "";
|
|
|
|
|
};
|
|
|
|
|
|
2020-04-26 20:50:58 +00:00
|
|
|
|
# Export ZFS pool via NFS to trusted LAN.
|
|
|
|
|
nfs.server = {
|
|
|
|
|
enable = true;
|
2020-04-28 13:22:01 +00:00
|
|
|
|
exports = with vars.interfaces.lan0; ''
|
2020-04-30 20:01:11 +00:00
|
|
|
|
/primary 192.168.1.0/24(rw,sync,no_subtree_check,crossmnt) fd9e:1a04:f01d::/64(rw,sync,no_subtree_check,crossmnt)
|
2020-04-26 20:50:58 +00:00
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2020-04-26 15:37:26 +00:00
|
|
|
|
# Enable the OpenSSH daemon.
|
|
|
|
|
openssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
passwordAuthentication = false;
|
|
|
|
|
};
|
|
|
|
|
|
2020-04-27 17:28:32 +00:00
|
|
|
|
zfs.autoScrub.enable = true;
|
2020-04-26 15:37:26 +00:00
|
|
|
|
};
|
|
|
|
|
|
2020-05-19 12:37:42 +00:00
|
|
|
|
virtualisation = {
|
|
|
|
|
docker.enable = true;
|
|
|
|
|
libvirtd.enable = true;
|
|
|
|
|
};
|
2020-04-26 20:45:55 +00:00
|
|
|
|
|
2020-04-26 15:42:29 +00:00
|
|
|
|
# root SSH key for remote builds.
|
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
2020-04-28 02:11:28 +00:00
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3+HUx05h15g95ID/lWbU5uvF6TLr2XESmthQjU7qvR NixOS distributed build"
|
2020-04-26 15:42:29 +00:00
|
|
|
|
];
|
2020-05-19 12:37:42 +00:00
|
|
|
|
|
|
|
|
|
docker-containers = {
|
|
|
|
|
# promlens running on TCP/9091 adjacent to Prometheus.
|
|
|
|
|
promlens = {
|
|
|
|
|
image = "promlabs/promlens";
|
2020-05-19 12:51:49 +00:00
|
|
|
|
ports = [ "9091:8080" ];
|
|
|
|
|
volumes = [ "/var/lib/promlens:/var/lib/promlens" ];
|
2020-05-19 12:37:42 +00:00
|
|
|
|
};
|
|
|
|
|
};
|
2020-06-10 20:34:37 +00:00
|
|
|
|
|
|
|
|
|
containers = {
|
2020-06-12 22:55:58 +00:00
|
|
|
|
# Plex server running containerized and on unstable for faster updates.
|
|
|
|
|
plex = {
|
|
|
|
|
autoStart = true;
|
|
|
|
|
bindMounts = {
|
|
|
|
|
# Mount the existing data directory.
|
|
|
|
|
"/var/lib/plex" = {
|
|
|
|
|
hostPath = "/var/lib/plex";
|
|
|
|
|
isReadOnly = false;
|
|
|
|
|
};
|
|
|
|
|
# Mount the ZFS pool as read-only.
|
|
|
|
|
"/primary/media" = {
|
|
|
|
|
hostPath = "/primary/media";
|
|
|
|
|
isReadOnly = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
config = { config, pkgs, ... }:
|
|
|
|
|
let unstable = import <unstable> { config.allowUnfree = true; };
|
|
|
|
|
in {
|
|
|
|
|
services.plex = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = unstable.plex;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2020-06-10 20:34:37 +00:00
|
|
|
|
# UniFi controller running containerized and on unstable for faster updates.
|
|
|
|
|
unifi = {
|
|
|
|
|
autoStart = true;
|
|
|
|
|
config = { config, pkgs, ... }:
|
2020-06-12 21:54:29 +00:00
|
|
|
|
let unstable = import <unstable> { config.allowUnfree = true; };
|
|
|
|
|
in {
|
|
|
|
|
services.unifi = {
|
|
|
|
|
enable = true;
|
|
|
|
|
unifiPackage = unstable.unifi;
|
|
|
|
|
};
|
2020-06-10 20:34:37 +00:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2020-04-26 15:37:26 +00:00
|
|
|
|
}
|