diff --git a/ops/nixos/cofractal-ams01/README.md b/ops/nixos/cofractal-ams01/README.md new file mode 100644 index 0000000000..b2ecb54756 --- /dev/null +++ b/ops/nixos/cofractal-ams01/README.md @@ -0,0 +1,11 @@ + + +# cofractal-ams01.as205479.net + +Dedicated host running NixOS. + +TODO(lukegb): all of this. diff --git a/ops/nixos/cofractal-ams01/default.nix b/ops/nixos/cofractal-ams01/default.nix new file mode 100644 index 0000000000..e6a0528de8 --- /dev/null +++ b/ops/nixos/cofractal-ams01/default.nix @@ -0,0 +1,128 @@ +# SPDX-FileCopyrightText: 2023 Luke Granger-Brown +# +# SPDX-License-Identifier: Apache-2.0 + +{ depot, lib, pkgs, config, ... }: +{ + imports = [ + ../lib/bgp.nix + ../lib/zfs.nix + ]; + + boot.initrd = { + availableKernelModules = [ + "ehci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + "sr_mod" + "bnx2" # ethernet + ]; + network = { + enable = true; + ssh = { + enable = true; + hostKeys = ["/persist/etc/ssh/ssh_host_ed25519_key"]; + authorizedKeys = map builtins.readFile config.users.users.lukegb.openssh.authorizedKeys.keyFiles; + }; + postCommands = '' + echo "zfs load-key -a; killall zfs" >> /root/.profile + ''; + }; + }; + boot.kernelParams = [ + "ip=83.97.19.68::83.97.19.65:255.255.255.224:cofractal-ams01:eno1:none" + ]; + boot.kernelModules = [ "kvm-amd" ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; + services.zfs.rollbackOnBoot = { + enable = true; + snapshot = "tank/local/root@blank"; + }; + + fileSystems = let + zfs = device: { + device = device; + fsType = "zfs"; + }; + in { + "/" = zfs "tank/local/root"; + "/nix" = zfs "tank/local/nix"; + "/tmp" = zfs "tank/local/tmp"; + + "/persist" = zfs "tank/safe/persist"; + "/home" = zfs "tank/safe/home"; + + "/boot" = { + device = "/dev/disk/by-partlabel/ESP"; + fsType = "vfat"; + }; + }; + + nix.settings.max-jobs = lib.mkDefault 8; + + # Networking! + networking = { + hostName = "cofractal-ams01"; + domain = "as205479.net"; + hostId = "a1cf1a9f"; + useNetworkd = true; + + nameservers = [ + "2001:4860:4860::8888" + "2001:4860:4860::8844" + "8.8.8.8" + "8.8.4.4" + ]; + defaultGateway = { + address = "83.97.19.65"; + }; + defaultGateway6 = { + address = "2a07:242:800:64::1"; + }; + }; + # my.ip.tailscale = "100.111.191.21"; + + services.openssh.hostKeys = [ + { + path = "/persist/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/persist/etc/ssh/ssh_host_rsa_key"; + type = "rsa"; + bits = 4096; + } + ]; + + systemd.mounts = let + bindMount' = dir: { + unitConfig.RequiresMountsFor = dir; + options = "bind"; + what = "/persist${dir}"; + where = dir; + }; + bindMountSvc = dir: svc: (bindMount' dir) // { + bindsTo = [svc]; + partOf = [svc]; + }; + bindMountSvcDynamic = dir: svc: (bindMount' "/var/lib/private/${dir}") // { + requiredBy = [svc]; + before = [svc]; + wantedBy = ["multi-user.target"]; + }; + bindMount = dir: (bindMount' dir) // { + wantedBy = ["multi-user.target"]; + }; + in [ + (bindMountSvc "/var/lib/tailscale" "tailscaled.service") + ]; + + system.stateVersion = "23.05"; +} diff --git a/ops/nixos/default.nix b/ops/nixos/default.nix index 73f635da2b..ab33a96611 100644 --- a/ops/nixos/default.nix +++ b/ops/nixos/default.nix @@ -47,6 +47,7 @@ let "bvm-paperless" "oracle-lon01" "kerrigan" + "cofractal-ams01" ]; rebuilder = system: (import ./lib/rebuilder.nix (args // { system = system; })); systemCfgs = lib.genAttrs systems diff --git a/ops/nixos/installcd/default.nix b/ops/nixos/installcd/default.nix index be1ac06aa4..7d116b65e8 100644 --- a/ops/nixos/installcd/default.nix +++ b/ops/nixos/installcd/default.nix @@ -13,7 +13,7 @@ in { isoImage.isoName = lib.mkForce "nixos-${depot.version}-${pkgs.stdenv.hostPlatform.system}.iso"; isoImage.storeContents = [ - depot.ops.nixos.systems.etheroute-lon01 + depot.ops.nixos.systems.cofractal-ams01 ]; system.disableInstallerTools = false;