nixbld: new server

This commit is contained in:
Sebastien Bourdeauducq 2021-08-07 12:24:00 +08:00
parent 5f0d45a73a
commit 58252a93a4
2 changed files with 25 additions and 13 deletions

View File

@ -18,7 +18,6 @@ let
${pkgs.gnutar}/bin/tar cf - --exclude "/var/lib/gitea/repositories/*/*.git/archives" /etc/nixos /var/lib/gitea flarum.sql mattermost.sql | \
${pkgs.bzip2}/bin/bzip2 | \
${pkgs.gnupg}/bin/gpg --symmetric --batch --passphrase-file /etc/nixos/secret/backup-passphrase | \
tee --output-error=warn /tank/backup/$FILENAME | \
${pkgs.rclone}/bin/rclone rcat --config /etc/nixos/secret/rclone.conf dropbox:$FILENAME
popd

View File

@ -5,9 +5,9 @@
{ config, pkgs, ... }:
let
netifWan = "enp0s31f6";
netifLan = "enp3s0";
netifWifi = "wlp1s0";
netifWan = "enp4s0";
netifLan = "enp5s0f1";
netifWifi = "wlp6s0";
netifSit = "henet0";
hydraWwwOutputs = "/var/www/hydra-outputs";
in
@ -18,30 +18,42 @@ in
./backup-module.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.grub.enable = true;
boot.loader.grub.copyKernels = true;
boot.loader.grub.device = "nodev";
boot.loader.grub.efiSupport = true;
boot.loader.grub.memtest86.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.blacklistedKernelModules = ["iwlwifi"];
boot.supportedFilesystems = ["zfs"];
boot.kernelParams = ["zfs.l2arc_write_max=536870912"];
services.zfs.autoScrub.enable = true;
services.zfs.autoScrub.interval = "monthly";
services.zfs.autoSnapshot.enable = true;
fileSystems."/tank" = {
device = "tank";
fsType = "zfs";
};
systemd.suppressedSystemUnits = [
"hibernate.target"
"suspend.target"
"suspend-then-hibernate.target"
"sleep.target"
"hybrid-sleep.target"
"systemd-hibernate.service"
"systemd-hybrid-sleep.service"
"systemd-suspend.service"
"systemd-suspend-then-hibernate.service"
];
security.apparmor.enable = true;
networking = {
hostName = "nixbld";
hostId = "b82fb017";
hostId = "e423f012";
firewall = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 53 67 ];
trustedInterfaces = [ netifLan ];
};
interfaces."${netifWan}".useDHCP = true;
interfaces."${netifLan}" = {
ipv4.addresses = [{
address = "192.168.1.1";
@ -265,10 +277,11 @@ in
services.udev.packages = [ pkgs.sane-backends ];
nix.distributedBuilds = true;
nix.nrBuildUsers = 64;
nix.buildMachines = [
{
hostName = "localhost";
maxJobs = 4;
maxJobs = 10;
system = "x86_64-linux";
supportedFeatures = ["big-parallel"];
}