From 58252a93a4a1b1d012eb8c39daf34b48eda1539d Mon Sep 17 00:00:00 2001
From: Sebastien Bourdeauducq <sb@m-labs.hk>
Date: Sat, 7 Aug 2021 12:24:00 +0800
Subject: [PATCH] nixbld: new server

---
 nixbld-etc-nixos/backup-module.nix |  1 -
 nixbld-etc-nixos/configuration.nix | 37 ++++++++++++++++++++----------
 2 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/nixbld-etc-nixos/backup-module.nix b/nixbld-etc-nixos/backup-module.nix
index 73ba000..159cea6 100644
--- a/nixbld-etc-nixos/backup-module.nix
+++ b/nixbld-etc-nixos/backup-module.nix
@@ -18,7 +18,6 @@ let
     ${pkgs.gnutar}/bin/tar cf - --exclude "/var/lib/gitea/repositories/*/*.git/archives" /etc/nixos /var/lib/gitea flarum.sql mattermost.sql | \
         ${pkgs.bzip2}/bin/bzip2 | \
         ${pkgs.gnupg}/bin/gpg --symmetric --batch --passphrase-file /etc/nixos/secret/backup-passphrase | \
-        tee --output-error=warn /tank/backup/$FILENAME | \
         ${pkgs.rclone}/bin/rclone rcat --config /etc/nixos/secret/rclone.conf dropbox:$FILENAME
 
     popd
diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix
index 3a0438d..c2f89fb 100644
--- a/nixbld-etc-nixos/configuration.nix
+++ b/nixbld-etc-nixos/configuration.nix
@@ -5,9 +5,9 @@
 { config, pkgs, ... }:
 
 let
-  netifWan = "enp0s31f6";
-  netifLan = "enp3s0";
-  netifWifi = "wlp1s0";
+  netifWan = "enp4s0";
+  netifLan = "enp5s0f1";
+  netifWifi = "wlp6s0";
   netifSit = "henet0";
   hydraWwwOutputs = "/var/www/hydra-outputs";
 in
@@ -18,30 +18,42 @@ in
       ./backup-module.nix
     ];
 
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
+  boot.loader.grub.enable = true;
+  boot.loader.grub.copyKernels = true;
+  boot.loader.grub.device = "nodev";
+  boot.loader.grub.efiSupport = true;
+  boot.loader.grub.memtest86.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
-  boot.blacklistedKernelModules = ["iwlwifi"];
   boot.supportedFilesystems = ["zfs"];
+  boot.kernelParams = ["zfs.l2arc_write_max=536870912"];
 
   services.zfs.autoScrub.enable = true;
   services.zfs.autoScrub.interval = "monthly";
   services.zfs.autoSnapshot.enable = true;
-  fileSystems."/tank" = {
-    device = "tank";
-    fsType = "zfs";
-  };
+
+  systemd.suppressedSystemUnits = [
+      "hibernate.target"
+      "suspend.target"
+      "suspend-then-hibernate.target"
+      "sleep.target"
+      "hybrid-sleep.target"
+      "systemd-hibernate.service"
+      "systemd-hybrid-sleep.service"
+      "systemd-suspend.service"
+      "systemd-suspend-then-hibernate.service"
+  ];
 
   security.apparmor.enable = true;
 
   networking = {
     hostName = "nixbld";
-    hostId = "b82fb017";
+    hostId = "e423f012";
     firewall = {
       allowedTCPPorts = [ 80 443 ];
       allowedUDPPorts = [ 53 67 ];
       trustedInterfaces = [ netifLan ];
     };
+    interfaces."${netifWan}".useDHCP = true;
     interfaces."${netifLan}" = {
       ipv4.addresses = [{
         address = "192.168.1.1";
@@ -265,10 +277,11 @@ in
   services.udev.packages = [ pkgs.sane-backends ];
 
   nix.distributedBuilds = true;
+  nix.nrBuildUsers = 64;
   nix.buildMachines = [
     {
        hostName = "localhost";
-       maxJobs = 4;
+       maxJobs = 10;
        system = "x86_64-linux";
        supportedFeatures = ["big-parallel"];
     }