nixbld: new server

This commit is contained in:
Sebastien Bourdeauducq 2021-08-07 12:24:00 +08:00
parent 5f0d45a73a
commit 58252a93a4
2 changed files with 25 additions and 13 deletions

View File

@ -18,7 +18,6 @@ let
${pkgs.gnutar}/bin/tar cf - --exclude "/var/lib/gitea/repositories/*/*.git/archives" /etc/nixos /var/lib/gitea flarum.sql mattermost.sql | \ ${pkgs.gnutar}/bin/tar cf - --exclude "/var/lib/gitea/repositories/*/*.git/archives" /etc/nixos /var/lib/gitea flarum.sql mattermost.sql | \
${pkgs.bzip2}/bin/bzip2 | \ ${pkgs.bzip2}/bin/bzip2 | \
${pkgs.gnupg}/bin/gpg --symmetric --batch --passphrase-file /etc/nixos/secret/backup-passphrase | \ ${pkgs.gnupg}/bin/gpg --symmetric --batch --passphrase-file /etc/nixos/secret/backup-passphrase | \
tee --output-error=warn /tank/backup/$FILENAME | \
${pkgs.rclone}/bin/rclone rcat --config /etc/nixos/secret/rclone.conf dropbox:$FILENAME ${pkgs.rclone}/bin/rclone rcat --config /etc/nixos/secret/rclone.conf dropbox:$FILENAME
popd popd

View File

@ -5,9 +5,9 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
netifWan = "enp0s31f6"; netifWan = "enp4s0";
netifLan = "enp3s0"; netifLan = "enp5s0f1";
netifWifi = "wlp1s0"; netifWifi = "wlp6s0";
netifSit = "henet0"; netifSit = "henet0";
hydraWwwOutputs = "/var/www/hydra-outputs"; hydraWwwOutputs = "/var/www/hydra-outputs";
in in
@ -18,30 +18,42 @@ in
./backup-module.nix ./backup-module.nix
]; ];
# Use the systemd-boot EFI boot loader. boot.loader.grub.enable = true;
boot.loader.systemd-boot.enable = true; boot.loader.grub.copyKernels = true;
boot.loader.grub.device = "nodev";
boot.loader.grub.efiSupport = true;
boot.loader.grub.memtest86.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.blacklistedKernelModules = ["iwlwifi"];
boot.supportedFilesystems = ["zfs"]; boot.supportedFilesystems = ["zfs"];
boot.kernelParams = ["zfs.l2arc_write_max=536870912"];
services.zfs.autoScrub.enable = true; services.zfs.autoScrub.enable = true;
services.zfs.autoScrub.interval = "monthly"; services.zfs.autoScrub.interval = "monthly";
services.zfs.autoSnapshot.enable = true; services.zfs.autoSnapshot.enable = true;
fileSystems."/tank" = {
device = "tank"; systemd.suppressedSystemUnits = [
fsType = "zfs"; "hibernate.target"
}; "suspend.target"
"suspend-then-hibernate.target"
"sleep.target"
"hybrid-sleep.target"
"systemd-hibernate.service"
"systemd-hybrid-sleep.service"
"systemd-suspend.service"
"systemd-suspend-then-hibernate.service"
];
security.apparmor.enable = true; security.apparmor.enable = true;
networking = { networking = {
hostName = "nixbld"; hostName = "nixbld";
hostId = "b82fb017"; hostId = "e423f012";
firewall = { firewall = {
allowedTCPPorts = [ 80 443 ]; allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 53 67 ]; allowedUDPPorts = [ 53 67 ];
trustedInterfaces = [ netifLan ]; trustedInterfaces = [ netifLan ];
}; };
interfaces."${netifWan}".useDHCP = true;
interfaces."${netifLan}" = { interfaces."${netifLan}" = {
ipv4.addresses = [{ ipv4.addresses = [{
address = "192.168.1.1"; address = "192.168.1.1";
@ -265,10 +277,11 @@ in
services.udev.packages = [ pkgs.sane-backends ]; services.udev.packages = [ pkgs.sane-backends ];
nix.distributedBuilds = true; nix.distributedBuilds = true;
nix.nrBuildUsers = 64;
nix.buildMachines = [ nix.buildMachines = [
{ {
hostName = "localhost"; hostName = "localhost";
maxJobs = 4; maxJobs = 10;
system = "x86_64-linux"; system = "x86_64-linux";
supportedFeatures = ["big-parallel"]; supportedFeatures = ["big-parallel"];
} }