nixbld: new server
This commit is contained in:
parent
5f0d45a73a
commit
58252a93a4
@ -18,7 +18,6 @@ let
|
|||||||
${pkgs.gnutar}/bin/tar cf - --exclude "/var/lib/gitea/repositories/*/*.git/archives" /etc/nixos /var/lib/gitea flarum.sql mattermost.sql | \
|
${pkgs.gnutar}/bin/tar cf - --exclude "/var/lib/gitea/repositories/*/*.git/archives" /etc/nixos /var/lib/gitea flarum.sql mattermost.sql | \
|
||||||
${pkgs.bzip2}/bin/bzip2 | \
|
${pkgs.bzip2}/bin/bzip2 | \
|
||||||
${pkgs.gnupg}/bin/gpg --symmetric --batch --passphrase-file /etc/nixos/secret/backup-passphrase | \
|
${pkgs.gnupg}/bin/gpg --symmetric --batch --passphrase-file /etc/nixos/secret/backup-passphrase | \
|
||||||
tee --output-error=warn /tank/backup/$FILENAME | \
|
|
||||||
${pkgs.rclone}/bin/rclone rcat --config /etc/nixos/secret/rclone.conf dropbox:$FILENAME
|
${pkgs.rclone}/bin/rclone rcat --config /etc/nixos/secret/rclone.conf dropbox:$FILENAME
|
||||||
|
|
||||||
popd
|
popd
|
||||||
|
@ -5,9 +5,9 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
netifWan = "enp0s31f6";
|
netifWan = "enp4s0";
|
||||||
netifLan = "enp3s0";
|
netifLan = "enp5s0f1";
|
||||||
netifWifi = "wlp1s0";
|
netifWifi = "wlp6s0";
|
||||||
netifSit = "henet0";
|
netifSit = "henet0";
|
||||||
hydraWwwOutputs = "/var/www/hydra-outputs";
|
hydraWwwOutputs = "/var/www/hydra-outputs";
|
||||||
in
|
in
|
||||||
@ -18,30 +18,42 @@ in
|
|||||||
./backup-module.nix
|
./backup-module.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.grub.copyKernels = true;
|
||||||
|
boot.loader.grub.device = "nodev";
|
||||||
|
boot.loader.grub.efiSupport = true;
|
||||||
|
boot.loader.grub.memtest86.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
boot.blacklistedKernelModules = ["iwlwifi"];
|
|
||||||
boot.supportedFilesystems = ["zfs"];
|
boot.supportedFilesystems = ["zfs"];
|
||||||
|
boot.kernelParams = ["zfs.l2arc_write_max=536870912"];
|
||||||
|
|
||||||
services.zfs.autoScrub.enable = true;
|
services.zfs.autoScrub.enable = true;
|
||||||
services.zfs.autoScrub.interval = "monthly";
|
services.zfs.autoScrub.interval = "monthly";
|
||||||
services.zfs.autoSnapshot.enable = true;
|
services.zfs.autoSnapshot.enable = true;
|
||||||
fileSystems."/tank" = {
|
|
||||||
device = "tank";
|
systemd.suppressedSystemUnits = [
|
||||||
fsType = "zfs";
|
"hibernate.target"
|
||||||
};
|
"suspend.target"
|
||||||
|
"suspend-then-hibernate.target"
|
||||||
|
"sleep.target"
|
||||||
|
"hybrid-sleep.target"
|
||||||
|
"systemd-hibernate.service"
|
||||||
|
"systemd-hybrid-sleep.service"
|
||||||
|
"systemd-suspend.service"
|
||||||
|
"systemd-suspend-then-hibernate.service"
|
||||||
|
];
|
||||||
|
|
||||||
security.apparmor.enable = true;
|
security.apparmor.enable = true;
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "nixbld";
|
hostName = "nixbld";
|
||||||
hostId = "b82fb017";
|
hostId = "e423f012";
|
||||||
firewall = {
|
firewall = {
|
||||||
allowedTCPPorts = [ 80 443 ];
|
allowedTCPPorts = [ 80 443 ];
|
||||||
allowedUDPPorts = [ 53 67 ];
|
allowedUDPPorts = [ 53 67 ];
|
||||||
trustedInterfaces = [ netifLan ];
|
trustedInterfaces = [ netifLan ];
|
||||||
};
|
};
|
||||||
|
interfaces."${netifWan}".useDHCP = true;
|
||||||
interfaces."${netifLan}" = {
|
interfaces."${netifLan}" = {
|
||||||
ipv4.addresses = [{
|
ipv4.addresses = [{
|
||||||
address = "192.168.1.1";
|
address = "192.168.1.1";
|
||||||
@ -265,10 +277,11 @@ in
|
|||||||
services.udev.packages = [ pkgs.sane-backends ];
|
services.udev.packages = [ pkgs.sane-backends ];
|
||||||
|
|
||||||
nix.distributedBuilds = true;
|
nix.distributedBuilds = true;
|
||||||
|
nix.nrBuildUsers = 64;
|
||||||
nix.buildMachines = [
|
nix.buildMachines = [
|
||||||
{
|
{
|
||||||
hostName = "localhost";
|
hostName = "localhost";
|
||||||
maxJobs = 4;
|
maxJobs = 10;
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
supportedFeatures = ["big-parallel"];
|
supportedFeatures = ["big-parallel"];
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user