Merge branch 'pr/new-server' into 'master'

Pr/new server See merge request steveeJ/infra!66
2020-11-25 21:14:33 +00:00 · 2020-11-25 21:14:33 +00:00 · d8e15dbade
commit d8e15dbade
parent d54fb0e96f 619046f05a
13 changed files with 284 additions and 4 deletions
--- a/3
+++ b/3
@ -285,6 +285,9 @@ run-with-channels +cmds:
 	source $(just -v _get_nix_path {{invocation_directory()}}/nix/variables/versions.nix)
 	{{cmds}}
 install-config config root:
 	sudo just run-with-channels nixos-install -I nixos-config={{invocation_directory()}}/{{config}} --root {{root}} --no-root-passwd
 # Switch between gpg-card capable devices which have a copy of the same key
 switch-gpg-card:
 	#!/usr/bin/env bash
--- a/nix/home-manager/profiles/common.nix
+++ b/nix/home-manager/profiles/common.nix
@ -49,5 +49,6 @@ in {
      just
      ripgrep
      du-dust
      ]);
 }
--- a/nix/home-manager/programs/zsh.nix
+++ b/nix/home-manager/programs/zsh.nix
@ -86,7 +86,7 @@ in {
          owner = "zsh-users";
          repo = "zsh-autosuggestions";
          rev = "v0.6.3";
-          sha256 = "1smskx9vkx78yhwspjq2c5r5swh9fc5xxa40ib4753f00wk4dwpp";
+          sha256 = "1h8h2mz9wpjpymgl2p7pc146c1jgb3dggpvzwm9ln3in336wl95c";
        };
      }
      {
--- a/nix/os/devices/167.233.1.14/boot.nix
+++ b/nix/os/devices/167.233.1.14/boot.nix
@ -0,0 +1,8 @@
 { lib
 , ...
 }:
 {
  boot.loader.grub.efiSupport = lib.mkForce false;
  boot.extraModulePackages = [ ];
 }
--- a/nix/os/devices/167.233.1.14/configuration.nix
+++ b/nix/os/devices/167.233.1.14/configuration.nix
@ -0,0 +1,14 @@
 { ... }:
 {
  disabledModules = [
  ];
  imports = [
    ../../profiles/common/configuration.nix
    ./system.nix
    ./hw.nix
    ./pkg.nix
    ./boot.nix
  ];
 }
--- a/nix/os/devices/167.233.1.14/hw.nix
+++ b/nix/os/devices/167.233.1.14/hw.nix
@ -0,0 +1,56 @@
 { ... }:
 let
  stage1Modules =  [
    # "aesni_intel"
    # "kvm-intel"
    "aes_x86_64"
    "virtio_balloon"
    "virtio_scsi"
    "virtio_net"
    "virtio_pci"
    "virtio_ring"
    "virtio"
    "scsi_mod"
    "virtio_blk"
    "virtio_ring"
    "bochs_drm"
    "ata_piix"
    "pata_acpi"
    "ata_generic"
  ];
 in
 {
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/354fb107-2f4a-42ad-80dd-9dddb61bfd02";
    fsType = "ext4";
  };
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b";
    fsType = "btrfs";
    options = [ "subvol=root" ];
    neededForBoot = true;
  };
  fileSystems."/home" = {
    device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b";
    fsType = "btrfs";
    options = [ "subvol=home" ];
    neededForBoot = true;
  };
  swapDevices = [ { device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d"; } ];
  boot.loader.grub = {
    device = "/dev/vda";
  };
  boot.initrd.availableKernelModules = stage1Modules;
  boot.initrd.kernelModules = stage1Modules;
  boot.extraModprobeConfig = ''
  '';
 }
--- a/nix/os/devices/167.233.1.14/pkg.nix
+++ b/nix/os/devices/167.233.1.14/pkg.nix
@ -0,0 +1,20 @@
 { config
 , pkgs
 , lib
 , ...
 }:
 {
  nixpkgs.config.packageOverrides = pkgs: with pkgs; {
    nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
  };
  home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
  nix.buildMachines = [
    { hostName = "localhost";
      system = "x86_64-linux";
      supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
      maxJobs = 4;
    }
  ];
 }
--- a/nix/os/devices/167.233.1.14/system.nix
+++ b/nix/os/devices/167.233.1.14/system.nix
@ -0,0 +1,102 @@
 { pkgs
 , lib
 , config
 , ... }:
 let
  keys = import ../../../variables/keys.nix;
 in {
  # TASK: new device
  networking.hostName = "sj-pvehtz-0"; # Define your hostname.
  # networking.domain =  "";
  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [
    # iperf3
    5201
  ];
  networking.firewall.logRefusedConnections = false;
  networking.usePredictableInterfaceNames = false;
  networking.interfaces.eth0 = {
    mtu = 1400;
    useDHCP = false;
    ipv4.addresses = [
      { "address" = "167.233.1.14"; "prefixLength" = 29; }
    ];
    ipv6.addresses = [
    ];
  };
  networking.defaultGateway = {
    address = "167.233.1.9";
    interface = "eth0";
  };
  networking.defaultGateway6 = {
    address = "fe80::1";
    interface = "eth0";
  };
  networking.nameservers = [
    "1.1.1.1"
  ];
  networking.nat = {
    enable = true;
    internalInterfaces = [ "ve-+" ];
    externalInterface = "eth0";
  };
  # Kubernetes
  # services.kubernetes.roles = ["master" "node"];
  # virtualization
  virtualisation = {
    docker.enable = true;
  };
  services.spice-vdagentd.enable = true;
  services.qemuGuest.enable = true;
  systemd.services."sshd-status" = {
    enable = true;
    description = "sshd-status service";
    path = [ pkgs.systemd ];
    script = ''
      systemctl status sshd | grep -i tasks
    '';
  };
  systemd.services.sshd.serviceConfig = {
    TasksMax = 32;
  };
  systemd.timers."sshd-status" = {
    description = "Timer to trigger sshd-status periodically";
    enable = true;
    wantedBy = [ "timer.target" "multi-user.target" ];
    timerConfig = {
      OnActiveSec="360s";
      OnUnitActiveSec="360s";
      AccuracySec="1s";
      Unit = "sshd-status.service";
    };
  };
  nix.gc = {
    automatic = true;
  };
  networking.useHostResolvConf = true;
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "20.09"; # Did you read the comment?
 }
--- a/nix/os/devices/167.233.1.14/versions.nix
+++ b/nix/os/devices/167.233.1.14/versions.nix
@ -0,0 +1,37 @@
 let
  nixpkgs = {
    url = "https://github.com/NixOS/nixpkgs/";
    ref = "nixos-20.09";
    rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67";
  };
 in
 {
  inherit nixpkgs;
  "channels-nixos-stable" = nixpkgs;
  "channels-nixos-20.03" = {
    url = "https://github.com/NixOS/nixpkgs/";
    ref = "nixos-20.03";
    rev = "ff6fda61600cc60404bab5cb6b18b8636785b7bc";
  };
  "channels-nixos-19.09" = {
    url = "https://github.com/NixOS/nixpkgs/";
    ref = "nixos-19.09";
    rev = "75f4ba05c63be3f147bcc2f7bd4ba1f029cedcb1";
  };
  "channels-nixos-unstable" = {
    url = "https://github.com/NixOS/nixpkgs/";
    ref = "nixos-unstable";
    rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb";
  };
  "nixpkgs-master" = {
    url = "https://github.com/NixOS/nixpkgs/";
    ref = "master";
    rev = "9b3e35d991ea6a43f256069dcb2e006006730d05";
  };
  "home-manager-module" = {
    url = "https://github.com/nix-community/home-manager";
    ref = "release-20.09";
    rev = "7339784e07217ed0232e08d1ea33b610c94657d8";
  };
 }
--- a/nix/os/devices/167.233.1.14/versions.tmpl.nix
+++ b/nix/os/devices/167.233.1.14/versions.tmpl.nix
@ -0,0 +1,37 @@
 let
  nixpkgs = {
    url = "https://github.com/NixOS/nixpkgs/";
    ref = "nixos-20.09";
    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
  };
 in
 {
  inherit nixpkgs;
  "channels-nixos-stable" = nixpkgs;
  "channels-nixos-20.03" = {
    url = "https://github.com/NixOS/nixpkgs/";
    ref = "nixos-20.03";
    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
  };
  "channels-nixos-19.09" = {
    url = "https://github.com/NixOS/nixpkgs/";
    ref = "nixos-19.09";
    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d '\n' -%>";
  };
  "channels-nixos-unstable" = {
    url = "https://github.com/NixOS/nixpkgs/";
    ref = "nixos-unstable";
    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
  };
  "nixpkgs-master" = {
    url = "https://github.com/NixOS/nixpkgs/";
    ref = "master";
    rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
  };
  "home-manager-module" = {
    url = "https://github.com/nix-community/home-manager";
    ref = "release-20.09";
    rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
  };
 }
--- a/nix/os/profiles/common/boot.nix
+++ b/nix/os/profiles/common/boot.nix
@ -3,7 +3,7 @@
 }:
 {
-  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.kernelPackages = pkgs.linuxPackages;
  boot.loader.grub = {
    efiSupport = true;
    efiInstallAsRemovable = false;
--- a/nix/os/profiles/common/system.nix
+++ b/nix/os/profiles/common/system.nix
@ -19,8 +19,8 @@
  nix.daemonNiceLevel = lib.mkDefault 19;
  nix.daemonIONiceLevel = lib.mkDefault 7;
-  nix.maxJobs = lib.mkDefault 3;
+  nix.maxJobs = lib.mkDefault "auto";
-  nix.buildCores = lib.mkDefault 3;
+  nix.buildCores = lib.mkDefault 0;
  nix.useSandbox = true;
  environment.etc."lvm/lvm.conf".text = ''
--- a/shell.nix
+++ b/shell.nix
@ -14,6 +14,7 @@ stdenv.mkDerivation {
    git-crypt
    vcsh
    gnupg
    git
    vncdo
    tesseract
@ -24,6 +25,7 @@ stdenv.mkDerivation {
    xorg.xwininfo
    nmap
    sysstat
    lshw
  ];
  # Set Environment Variables