diff --git a/ops/nixos/default.nix b/ops/nixos/default.nix index ecd4138aab..94f95e1f2d 100644 --- a/ops/nixos/default.nix +++ b/ops/nixos/default.nix @@ -15,7 +15,7 @@ let system = builtins.currentSystem; modules = [ (baseModule systemName) (args: { imports = [ lib/common.nix config ]; }) ]; }).config.system.build.toplevel; - systems = [ "porcorosso" "ixvm-fra01" "marukuru" "clouvider-fra01" "totoro" ]; + systems = [ "porcorosso" "ixvm-fra01" "marukuru" "clouvider-fra01" "totoro" "kusakabe" ]; rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; })); systemCfgs = lib.genAttrs systems (name: import (./. + "/${name}")); diff --git a/ops/nixos/kusakabe/README.md b/ops/nixos/kusakabe/README.md new file mode 100644 index 0000000000..d285710961 --- /dev/null +++ b/ops/nixos/kusakabe/README.md @@ -0,0 +1,17 @@ + + +# kusakabe + +Dedicated host running NixOS on OVH. + +* Xen E5-1630v3 +* 64GiB RAM. +* 4x 2TB HDD. + +Internet: + +* 188.165.197.49 diff --git a/ops/nixos/kusakabe/default.nix b/ops/nixos/kusakabe/default.nix new file mode 100644 index 0000000000..548aee3744 --- /dev/null +++ b/ops/nixos/kusakabe/default.nix @@ -0,0 +1,77 @@ +# SPDX-FileCopyrightText: 2020 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ depot, lib, pkgs, rebuilder, config, ... }: +let + inherit (depot.ops) secrets; + machineSecrets = secrets.machineSpecific.kusakabe; +in { + imports = [ + ../lib/zfs.nix + ]; + + boot.initrd.availableKernelModules = [ + "ahci" + "xhci_pci" + "ehci_pci" + "usbhid" + "sd_mod" + ]; + boot.kernelModules = [ "kvm-intel" ]; + + nix.maxJobs = lib.mkDefault 8; + + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; + + fileSystems = let + zfs = device: { + device = device; + fsType = "zfs"; + }; + in { + "/" = zfs "tank/local/root"; + "/nix" = zfs "tank/local/nix"; + "/home" = zfs "tank/safe/home"; + + "/boot" = { + device = "/dev/disk/by-label/EFIBOOT"; + fsType = "vfat"; + }; + }; + + # Use systemd-boot. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Networking! + networking = { + hostName = "kusakabe"; + domain = "lukegb.com"; + hostId = "c6054536"; + + nameservers = [ + "2001:4860:4860::8888" + "2001:4860:4860::8844" + "8.8.8.8" + "8.8.4.4" + ]; + useDHCP = false; + defaultGateway = { + address = "188.165.197.254"; + interface = "eno1"; + }; + defaultGateway6 = { + address = "2001:41d0:2:8eff:ff:ff:ff:ff"; + interface = "eno1"; + }; + interfaces.eno1 = { + useDHCP = false; + ipv4.addresses = [{ address = "188.165.197.49"; prefixLength = 24; }]; + ipv6.addresses = [{ address = "2001:41d0:2:8e31::1"; prefixLength = 64; }]; + }; + firewall.allowPing = true; + }; + + system.stateVersion = "20.03"; +}