# SPDX-FileCopyrightText: 2020 Luke Granger-Brown # # SPDX-License-Identifier: Apache-2.0 { depot, lib, pkgs, rebuilder, config, ... }: let inherit (depot.ops) secrets; in { imports = [ ../../../third_party/nixpkgs/nixos/modules/installer/scan/not-detected.nix ../lib/client.nix ../lib/whitby-distributed.nix ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; boot.kernelModules = lib.mkAfter [ "kvm-intel" ]; boot.kernelParams = [ "mitigations=off" ]; fileSystems = let zfs = device: { device = device; fsType = "zfs"; }; in { "/" = zfs "zboot/safe/root"; "/nix" = zfs "zboot/local/nix"; "/home" = zfs "tank/safe/home"; "/export" = zfs "tank/safe/export"; "/boot" = { device = "/dev/disk/by-uuid/D178-4E19"; fsType = "vfat"; }; }; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; nix.maxJobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; virtualisation = { podman.enable = true; }; # Extra packages. environment.systemPackages = with pkgs; [ oven-media-engine (depot.nix.pkgs.secretsync.configure { workingDir = "/home/lukegb/depot"; gitlabAccessToken = secrets.deployer.gitlabAccessToken; manifestVariable = "SECRETS_MANIFEST"; variablesToFile = { "OPS_SECRETS_DEFAULT_NIX" = "ops/secrets/default.nix"; }; }) ]; # Networking! networking = { hostName = "totoro"; # Define your hostname. domain = "lukegb.xyz"; hostId = "676c08c4"; useDHCP = false; interfaces.br-ext.useDHCP = true; bridges.br-ext.interfaces = [ "enp0s31f6" ]; interfaces.br-int = { virtual = true; useDHCP = false; ipv4.addresses = [{ address = "10.0.0.2"; prefixLength = 24; }]; }; bridges.br-int.interfaces = []; }; my.ip.tailscale = "100.122.86.11"; # Virtualisation virtualisation.libvirtd = { enable = true; allowedBridges = [ "virbr0" "br-ext" ]; }; users.users.lukegb = { packages = with depot.pkgs; [ irssi ]; extraGroups = lib.mkAfter [ "libvirtd" ]; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; systemd.tmpfiles.rules = [ "L /var/lib/export - - - - /export" ]; services.prometheus = { enable = true; stateDir = "export/monitoring/prometheus"; alertmanagers = [{ scheme = "http"; static_configs = [{ targets = ["localhost:${toString config.services.prometheus.alertmanager.port}"]; }]; }]; scrapeConfigs = builtins.attrValues depot.ops.nixos.systemExporters; pushgateway.enable = true; alertmanager = { enable = true; configuration = { global = {}; route = { receiver = "default-receiver"; }; receivers = [{ name = "default-receiver"; slack_configs = [{ send_resolved = true; api_url = secrets.monitoring.alertmanager.discord.api_url; channel = "#alerts"; }]; }]; }; }; }; system.stateVersion = "20.03"; }