Merge branch 'pr/new-server' into 'master'

Pr/new server See merge request steveeJ/infra!66
2020-11-25 21:14:33 +00:00 · 2020-11-25 21:14:33 +00:00 · d8e15dbade
commit d8e15dbade
parent d54fb0e96f 619046f05a
13 changed files with 284 additions and 4 deletions
--- a/3
+++ b/3
@ -285,6 +285,9 @@ run-with-channels +cmds:
 	source $(just -v _get_nix_path {{invocation_directory()}}/nix/variables/versions.nix)
 	{{cmds}}

+install-config config root:
+	sudo just run-with-channels nixos-install -I nixos-config={{invocation_directory()}}/{{config}} --root {{root}} --no-root-passwd
+
 # Switch between gpg-card capable devices which have a copy of the same key
 switch-gpg-card:
 	#!/usr/bin/env bash
--- a/nix/home-manager/profiles/common.nix
+++ b/nix/home-manager/profiles/common.nix
@ -49,5 +49,6 @@ in {

      just
      ripgrep
+      du-dust
      ]);
 }
--- a/nix/home-manager/programs/zsh.nix
+++ b/nix/home-manager/programs/zsh.nix
@ -86,7 +86,7 @@ in {
          owner = "zsh-users";
          repo = "zsh-autosuggestions";
          rev = "v0.6.3";
-          sha256 = "1smskx9vkx78yhwspjq2c5r5swh9fc5xxa40ib4753f00wk4dwpp";
+          sha256 = "1h8h2mz9wpjpymgl2p7pc146c1jgb3dggpvzwm9ln3in336wl95c";
        };
      }
      {
--- a/nix/os/devices/167.233.1.14/boot.nix
+++ b/nix/os/devices/167.233.1.14/boot.nix
@ -0,0 +1,8 @@
+{ lib
+, ...
+}:
+
+{
+  boot.loader.grub.efiSupport = lib.mkForce false;
+  boot.extraModulePackages = [ ];
+}
--- a/nix/os/devices/167.233.1.14/configuration.nix
+++ b/nix/os/devices/167.233.1.14/configuration.nix
@ -0,0 +1,14 @@
+{ ... }:
+
+{
+  disabledModules = [
+  ];
+  imports = [
+    ../../profiles/common/configuration.nix
+
+    ./system.nix
+    ./hw.nix
+    ./pkg.nix
+    ./boot.nix
+  ];
+}
--- a/nix/os/devices/167.233.1.14/hw.nix
+++ b/nix/os/devices/167.233.1.14/hw.nix
@ -0,0 +1,56 @@
+{ ... }:
+
+let
+  stage1Modules =  [
+    # "aesni_intel"
+    # "kvm-intel"
+    "aes_x86_64"
+
+    "virtio_balloon"
+    "virtio_scsi"
+    "virtio_net"
+    "virtio_pci"
+    "virtio_ring"
+    "virtio"
+    "scsi_mod"
+
+    "virtio_blk"
+    "virtio_ring"
+    "bochs_drm"
+    "ata_piix"
+    "pata_acpi"
+    "ata_generic"
+  ];
+
+in
+{
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/354fb107-2f4a-42ad-80dd-9dddb61bfd02";
+    fsType = "ext4";
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b";
+    fsType = "btrfs";
+    options = [ "subvol=root" ];
+    neededForBoot = true;
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/993cce35-cc1f-40cc-b07a-5ea58b99fb5b";
+    fsType = "btrfs";
+    options = [ "subvol=home" ];
+    neededForBoot = true;
+  };
+
+  swapDevices = [ { device = "/dev/disk/by-uuid/d16b5f4a-f38c-41c6-8aae-1625be815f9d"; } ];
+
+  boot.loader.grub = {
+    device = "/dev/vda";
+  };
+
+  boot.initrd.availableKernelModules = stage1Modules;
+  boot.initrd.kernelModules = stage1Modules;
+  boot.extraModprobeConfig = ''
+  '';
+}
--- a/nix/os/devices/167.233.1.14/pkg.nix
+++ b/nix/os/devices/167.233.1.14/pkg.nix
@ -0,0 +1,20 @@
+{ config
+, pkgs
+, lib
+, ...
+}:
+
+{
+  nixpkgs.config.packageOverrides = pkgs: with pkgs; {
+    nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
+  };
+  home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
+
+  nix.buildMachines = [
+    { hostName = "localhost";
+      system = "x86_64-linux";
+      supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
+      maxJobs = 4;
+    }
+  ];
+}
--- a/nix/os/devices/167.233.1.14/system.nix
+++ b/nix/os/devices/167.233.1.14/system.nix
@ -0,0 +1,102 @@
+{ pkgs
+, lib
+, config
+, ... }:
+
+let
+  keys = import ../../../variables/keys.nix;
+
+in {
+  # TASK: new device
+  networking.hostName = "sj-pvehtz-0"; # Define your hostname.
+  # networking.domain =  "";
+
+  networking.firewall.enable = true;
+  networking.firewall.allowedTCPPorts = [
+    # iperf3
+    5201
+  ];
+  networking.firewall.logRefusedConnections = false;
+
+  networking.usePredictableInterfaceNames = false;
+
+  networking.interfaces.eth0 = {
+    mtu = 1400;
+    useDHCP = false;
+    ipv4.addresses = [
+      { "address" = "167.233.1.14"; "prefixLength" = 29; }
+    ];
+    ipv6.addresses = [
+    ];
+  };
+
+  networking.defaultGateway = {
+    address = "167.233.1.9";
+    interface = "eth0";
+  };
+
+  networking.defaultGateway6 = {
+    address = "fe80::1";
+    interface = "eth0";
+  };
+
+  networking.nameservers = [
+    "1.1.1.1"
+  ];
+
+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ "ve-+" ];
+    externalInterface = "eth0";
+  };
+
+  # Kubernetes
+  # services.kubernetes.roles = ["master" "node"];
+
+  # virtualization
+  virtualisation = {
+    docker.enable = true;
+  };
+
+  services.spice-vdagentd.enable = true;
+  services.qemuGuest.enable = true;
+
+  systemd.services."sshd-status" = {
+    enable = true;
+    description = "sshd-status service";
+    path = [ pkgs.systemd ];
+    script = ''
+      systemctl status sshd | grep -i tasks
+    '';
+  };
+
+  systemd.services.sshd.serviceConfig = {
+    TasksMax = 32;
+  };
+
+  systemd.timers."sshd-status" = {
+    description = "Timer to trigger sshd-status periodically";
+    enable = true;
+    wantedBy = [ "timer.target" "multi-user.target" ];
+    timerConfig = {
+      OnActiveSec="360s";
+      OnUnitActiveSec="360s";
+      AccuracySec="1s";
+      Unit = "sshd-status.service";
+    };
+  };
+
+  nix.gc = {
+    automatic = true;
+  };
+
+  networking.useHostResolvConf = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.09"; # Did you read the comment?
+}
--- a/nix/os/devices/167.233.1.14/versions.nix
+++ b/nix/os/devices/167.233.1.14/versions.nix
@ -0,0 +1,37 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "51aaa3fa1b69559456f9bd4968bd5b179a784f67";
+  };
+in
+
+{
+  inherit nixpkgs;
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-20.03" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.03";
+    rev = "ff6fda61600cc60404bab5cb6b18b8636785b7bc";
+  };
+  "channels-nixos-19.09" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-19.09";
+    rev = "75f4ba05c63be3f147bcc2f7bd4ba1f029cedcb1";
+  };
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-unstable";
+    rev = "24c9b05ac53e422f1af81a156f1fd58499eb27fb";
+  };
+  "nixpkgs-master" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "master";
+    rev = "9b3e35d991ea6a43f256069dcb2e006006730d05";
+  };
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-20.09";
+    rev = "7339784e07217ed0232e08d1ea33b610c94657d8";
+  };
+}
--- a/nix/os/devices/167.233.1.14/versions.tmpl.nix
+++ b/nix/os/devices/167.233.1.14/versions.tmpl.nix
@ -0,0 +1,37 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.09";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+in
+
+{
+  inherit nixpkgs;
+  "channels-nixos-stable" = nixpkgs;
+  "channels-nixos-20.03" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-20.03";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.03 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "channels-nixos-19.09" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-19.09";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-19.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-unstable";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "nixpkgs-master" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "master";
+    rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-20.09";
+    rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+}
--- a/nix/os/profiles/common/boot.nix
+++ b/nix/os/profiles/common/boot.nix
@ -3,7 +3,7 @@
 }:

 {
-  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.kernelPackages = pkgs.linuxPackages;
  boot.loader.grub = {
    efiSupport = true;
    efiInstallAsRemovable = false;
--- a/nix/os/profiles/common/system.nix
+++ b/nix/os/profiles/common/system.nix
@ -19,8 +19,8 @@

  nix.daemonNiceLevel = lib.mkDefault 19;
  nix.daemonIONiceLevel = lib.mkDefault 7;
-  nix.maxJobs = lib.mkDefault 3;
-  nix.buildCores = lib.mkDefault 3;
+  nix.maxJobs = lib.mkDefault "auto";
+  nix.buildCores = lib.mkDefault 0;
  nix.useSandbox = true;

  environment.etc."lvm/lvm.conf".text = ''
--- a/shell.nix
+++ b/shell.nix
@ -14,6 +14,7 @@ stdenv.mkDerivation {
    git-crypt
    vcsh
    gnupg
+    git

    vncdo
    tesseract
@ -24,6 +25,7 @@ stdenv.mkDerivation {
    xorg.xwininfo
    nmap
    sysstat
+    lshw
  ];

  # Set Environment Variables