{ depot, lib, pkgs, rebuilder, ... }: { config, ... }: let inherit (depot.ops) secrets; in { boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; boot.kernelModules = [ "kvm-intel" "tcp_bbr" ]; boot.kernel.sysctl = { "net.ipv6.conf.default.accept_ra" = 0; "net.ipv6.conf.all.accept_ra" = 0; "net.ipv6.conf.default.autoconf" = 0; "net.ipv6.conf.all.autoconf" = 0; }; boot.supportedFilesystems = [ "zfs" ]; boot.zfs.devNodes = "/dev/disk/by-partuuid"; services.zfs.autoScrub.enable = true; services.zfs.autoSnapshot = { enable = true; monthly = 1; }; boot.initrd.postDeviceCommands = lib.mkAfter '' zfs rollback -r zfast/local/root@blank ''; powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; fileSystems = let zfs = device: { device = device; fsType = "zfs"; }; in { "/" = zfs "zfast/local/root"; "/nix" = zfs "zfast/local/nix"; "/persist" = zfs "zfast/safe/persist"; "/home" = zfs "zfast/safe/home"; "/store" = zfs "zslow/local/store"; "/boot" = { device = "/dev/disk/by-label/ESP"; fsType = "vfat"; }; }; nix.maxJobs = lib.mkDefault 12; hardware.enableRedistributableFirmware = true; nixpkgs.config = { allowUnfree = true; }; nix.nixPath = [ "depot=/home/lukegb/depot/" "nixpkgs=/home/lukegb/depot/third_party/nixpkgs/" ]; # Use systemd-boot. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; # Networking! networking = { hostName = "clouvider-fra01"; domain = "as205479.net"; hostId = "9e983570"; nameservers = [ "2001:4860:4860::8888" "2001:4860:4860::8844" "8.8.8.8" "8.8.4.4" ]; useDHCP = false; defaultGateway = { address = "193.228.196.56"; interface = "enp1s0"; }; defaultGateway6 = { address = "2a0f:93c0:0:22::1"; interface = "enp1s0"; }; interfaces.enp1s0 = { useDHCP = false; ipv4.addresses = [{ address = "193.228.196.57"; prefixLength = 31; }]; ipv6.addresses = [{ address = "2a0f:93c0:0:22::2"; prefixLength = 126; }]; }; firewall.allowPing = true; }; # Select internationalisation properties. i18n.defaultLocale = "en_GB.UTF-8"; console.keyMap = "us"; # Set your time zone. time.timeZone = "Etc/UTC"; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ vim mercurial rxvt_unicode.terminfo rebuilder ]; programs.mtr.enable = true; services.openssh.enable = true; # Define a user account. users.mutableUsers = false; users.users = { root.hashedPassword = secrets.passwordHashes.root; lukegb = { isNormalUser = true; uid = 1000; extraGroups = [ "wheel" ]; hashedPassword = secrets.passwordHashes.root; }; }; boot.kernel.sysctl."net.ipv4.tcp_congestion_control" = "bbr"; boot.kernel.sysctl."net.core.default_qdisc" = "fq_codel"; services.openssh.hostKeys = [ { path = "/persist/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; } { path = "/persist/etc/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; } ]; environment.etc = { "nixos" = { source = "/persist/etc/nixos/"; }; }; system.stateVersion = "20.03"; }