From d8276603fa9cd1df469fb8407df37d6ff8e1ff9f Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Wed, 6 May 2020 00:28:23 +0100 Subject: [PATCH] Add first-pass for clouvider-fra01. --- ops/nixos/clouvider-fra01/README.md | 13 +++ ops/nixos/clouvider-fra01/default.nix | 144 ++++++++++++++++++++++++++ ops/nixos/default.nix | 2 +- 3 files changed, 158 insertions(+), 1 deletion(-) create mode 100644 ops/nixos/clouvider-fra01/README.md create mode 100644 ops/nixos/clouvider-fra01/default.nix diff --git a/ops/nixos/clouvider-fra01/README.md b/ops/nixos/clouvider-fra01/README.md new file mode 100644 index 0000000000..af038f8068 --- /dev/null +++ b/ops/nixos/clouvider-fra01/README.md @@ -0,0 +1,13 @@ +# clouvider-fra01.as205479.net + +Dedicated host running NixOS on clouvider.co.uk. + +* Xeon E-2276G @ 3.80GHz (12 cores). +* 16GiB RAM. +* 512GB NVMe drive. +* 4TB Toshiba HDWQ140 HDD. + +Internet: + +* 193.228.196.57 +* 2a0f:93c0:0:22::2 diff --git a/ops/nixos/clouvider-fra01/default.nix b/ops/nixos/clouvider-fra01/default.nix new file mode 100644 index 0000000000..474e051b8d --- /dev/null +++ b/ops/nixos/clouvider-fra01/default.nix @@ -0,0 +1,144 @@ +{ depot, lib, pkgs, rebuilder, ... }: +{ config, ... }: +let + inherit (depot.ops) secrets; +in { + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + "sr_mod" + ]; + boot.kernelModules = [ "kvm-intel" "tcp_bbr" ]; + boot.kernel.sysctl = { + "net.ipv6.conf.default.accept_ra" = 0; + "net.ipv6.conf.all.accept_ra" = 0; + "net.ipv6.conf.default.autoconf" = 0; + "net.ipv6.conf.all.autoconf" = 0; + }; + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.devNodes = "/dev/disk/by-partuuid"; + services.zfs.autoScrub.enable = true; + services.zfs.autoSnapshot = { + enable = true; + monthly = 1; + }; + + boot.initrd.postDeviceCommands = lib.mkAfter '' + zfs rollback -r zfast/local/root@blank + ''; + + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; + + fileSystems = let + zfs = device: { + device = device; + fsType = "zfs"; + }; + in { + "/" = zfs "zfast/local/root"; + "/nix" = zfs "zfast/local/nix"; + "/persist" = zfs "zfast/safe/persist"; + "/home" = zfs "zfast/safe/home"; + "/store" = zfs "zslow/local/store"; + + "/boot" = { + device = "/dev/disk/by-label/ESP"; + fsType = "vfat"; + }; + }; + + nix.maxJobs = lib.mkDefault 12; + hardware.enableRedistributableFirmware = true; + + nixpkgs.config = { allowUnfree = true; }; + + nix.nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ]; + + # Use systemd-boot. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Networking! + networking = { + hostName = "clouvider-fra01"; + domain = "as205479.net"; + hostId = "9e983570"; + + nameservers = [ + "2001:4860:4860::8888" + "2001:4860:4860::8844" + "8.8.8.8" + "8.8.4.4" + ]; + useDHCP = false; + defaultGateway = { + address = "193.228.196.56"; + interface = "enp1s0"; + }; + defaultGateway6 = { + address = "2a0f:93c0:0:22::1"; + interface = "enp1s0"; + }; + interfaces.enp1s0 = { + useDHCP = false; + ipv4.addresses = [{ address = "193.228.196.57"; prefixLength = 31; }]; + ipv6.addresses = [{ address = "2a0f:93c0:0:22::2"; prefixLength = 126; }]; + }; + firewall.allowPing = true; + }; + + # Select internationalisation properties. + i18n.defaultLocale = "en_GB.UTF-8"; + console.keyMap = "us"; + + # Set your time zone. + time.timeZone = "Etc/UTC"; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + vim + mercurial + rxvt_unicode.terminfo + rebuilder + ]; + + programs.mtr.enable = true; + services.openssh.enable = true; + + # Define a user account. + users.mutableUsers = false; + users.users = { + root.hashedPassword = secrets.passwordHashes.root; + lukegb = { + isNormalUser = true; + uid = 1000; + extraGroups = [ "wheel" ]; + hashedPassword = secrets.passwordHashes.root; + }; + }; + + boot.kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr"; + boot.kernel.sysctl."net.core.default_qdisc" = "fq_codel"; + + services.openssh.hostKeys = [ + { + path = "/persist/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/persist/etc/ssh/ssh_host_rsa_key"; + type = "rsa"; + bits = 4096; + } + ]; + environment.etc = { + "nixos" = { source = "/persist/etc/nixos/"; }; + }; + + system.stateVersion = "20.03"; +} diff --git a/ops/nixos/default.nix b/ops/nixos/default.nix index 2a703f4355..aed9ac2e03 100644 --- a/ops/nixos/default.nix +++ b/ops/nixos/default.nix @@ -5,7 +5,7 @@ let (depot.third_party.nixos { configuration = config; }).system; - systems = [ "porcorosso" "ixvm-fra01" "marukuru" ]; + systems = [ "porcorosso" "ixvm-fra01" "marukuru" "clouvider-fra01" ]; rebuilder = system: pkgs.writeShellScriptBin "rebuilder" '' set -ue