nixbld: new server

2021-08-07 12:24:00 +08:00 · 2021-08-07 12:24:00 +08:00 · 58252a93a4
parent 5f0d45a73a
commit 58252a93a4
2 changed files with 25 additions and 13 deletions
--- a/nixbld-etc-nixos/backup-module.nix
+++ b/nixbld-etc-nixos/backup-module.nix
@ -18,7 +18,6 @@ let
    ${pkgs.gnutar}/bin/tar cf - --exclude "/var/lib/gitea/repositories/*/*.git/archives" /etc/nixos /var/lib/gitea flarum.sql mattermost.sql | \
        ${pkgs.bzip2}/bin/bzip2 | \
        ${pkgs.gnupg}/bin/gpg --symmetric --batch --passphrase-file /etc/nixos/secret/backup-passphrase | \
-        tee --output-error=warn /tank/backup/$FILENAME | \
        ${pkgs.rclone}/bin/rclone rcat --config /etc/nixos/secret/rclone.conf dropbox:$FILENAME

    popd
--- a/nixbld-etc-nixos/configuration.nix
+++ b/nixbld-etc-nixos/configuration.nix
@ -5,9 +5,9 @@
 { config, pkgs, ... }:

 let
-  netifWan = "enp0s31f6";
-  netifLan = "enp3s0";
-  netifWifi = "wlp1s0";
+  netifWan = "enp4s0";
+  netifLan = "enp5s0f1";
+  netifWifi = "wlp6s0";
  netifSit = "henet0";
  hydraWwwOutputs = "/var/www/hydra-outputs";
 in
@ -18,30 +18,42 @@ in
      ./backup-module.nix
    ];

-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
+  boot.loader.grub.enable = true;
+  boot.loader.grub.copyKernels = true;
+  boot.loader.grub.device = "nodev";
+  boot.loader.grub.efiSupport = true;
+  boot.loader.grub.memtest86.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
-  boot.blacklistedKernelModules = ["iwlwifi"];
  boot.supportedFilesystems = ["zfs"];
+  boot.kernelParams = ["zfs.l2arc_write_max=536870912"];

  services.zfs.autoScrub.enable = true;
  services.zfs.autoScrub.interval = "monthly";
  services.zfs.autoSnapshot.enable = true;
-  fileSystems."/tank" = {
-    device = "tank";
-    fsType = "zfs";
-  };
+
+  systemd.suppressedSystemUnits = [
+      "hibernate.target"
+      "suspend.target"
+      "suspend-then-hibernate.target"
+      "sleep.target"
+      "hybrid-sleep.target"
+      "systemd-hibernate.service"
+      "systemd-hybrid-sleep.service"
+      "systemd-suspend.service"
+      "systemd-suspend-then-hibernate.service"
+  ];

  security.apparmor.enable = true;

  networking = {
    hostName = "nixbld";
-    hostId = "b82fb017";
+    hostId = "e423f012";
    firewall = {
      allowedTCPPorts = [ 80 443 ];
      allowedUDPPorts = [ 53 67 ];
      trustedInterfaces = [ netifLan ];
    };
+    interfaces."${netifWan}".useDHCP = true;
    interfaces."${netifLan}" = {
      ipv4.addresses = [{
        address = "192.168.1.1";
@ -265,10 +277,11 @@ in
  services.udev.packages = [ pkgs.sane-backends ];

  nix.distributedBuilds = true;
+  nix.nrBuildUsers = 64;
  nix.buildMachines = [
    {
       hostName = "localhost";
-       maxJobs = 4;
+       maxJobs = 10;
       system = "x86_64-linux";
       supportedFeatures = ["big-parallel"];
    }