peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

formatting

Browse Source
This commit is contained in:
Giulio De Pasquale 2021-11-22 00:41:17 +01:00
parent 9ff2e78681
commit 9cd3f738e3
1 changed files with 119 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

237
hosts/architect/default.nix
View File

@ -2,140 +2,141 @@
with import ./network.nix; with import ./network.nix;
let let
pubkeys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230"]; pubkeys = [
hostname = "architect"; "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230"
in ];
{ hostname = "architect";
imports = in {
[ # Include the results of the hardware scan. imports = [ # Include the results of the hardware scan.
./backup.nix ./backup.nix
./hardware.nix ./hardware.nix
./firewall.nix ./firewall.nix
./nginx.nix ./nginx.nix
./gitea.nix ./gitea.nix
./sonarr.nix ./sonarr.nix
./radarr.nix ./radarr.nix
./bazarr.nix ./bazarr.nix
./nzbget.nix ./nzbget.nix
./nextcloud.nix ./nextcloud.nix
./wireguard.nix ./wireguard.nix
./minio.nix ./minio.nix
./matrix.nix ./matrix.nix
./fail2ban.nix ./fail2ban.nix
./dns.nix ./dns.nix
./minecraft.nix ./minecraft.nix
./prowlarr.nix ./prowlarr.nix
./plex.nix ./plex.nix
./transmission.nix ./transmission.nix
./githubrunner.nix ./githubrunner.nix
]; ];
time.timeZone = "Europe/Rome"; time.timeZone = "Europe/Rome";
system.stateVersion = "21.05"; # Did you read the comment? system.stateVersion = "21.05"; # Did you read the comment?
users.users.giulio.openssh.authorizedKeys.keys = pubkeys; users.users.giulio.openssh.authorizedKeys.keys = pubkeys;
fileSystems."/tmp" = { fileSystems."/tmp" = {
device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
options = ["size=20G"]; options = [ "size=20G" ];
}; };
boot = { boot = {
kernelParams = ["ip=${architect-lan}::10.0.0.1:255.255.255.0::${wan-if}:off"]; kernelParams =
kernel.sysctl."net.ipv4.ip_forward" = 1; [ "ip=${architect-lan}::10.0.0.1:255.255.255.0::${wan-if}:off" ];
kernel.sysctl."net.ipv4.ip_forward" = 1;
initrd = { initrd = {
availableKernelModules = ["igc" "r8169"]; availableKernelModules = [ "igc" "r8169" ];
network = { network = {
enable = true;
ssh = {
enable = true; enable = true;
ssh = { port = 22;
enable = true; hostKeys = [ /boot/ssh_host_rsa_key ];
port = 22; authorizedKeys = pubkeys;
hostKeys = [/boot/ssh_host_rsa_key];
authorizedKeys = pubkeys;
};
postCommands = ''
zpool import backedpool
zpool import zpool
mkdir /mnt-root
echo "zfs load-key -ar; mount -t zfs zpool/nixos/root /mnt-root; zfs load-key -a; umount /mnt-root; rmdir /mnt-root; killall zfs" >> /root/.profile
'';
}; };
};
loader = { postCommands = ''
systemd-boot.enable = true; zpool import backedpool
efi.canTouchEfiVariables = true; zpool import zpool
};
supportedFilesystems = ["zfs"]; mkdir /mnt-root
zfs.enableUnstable = true; echo "zfs load-key -ar; mount -t zfs zpool/nixos/root /mnt-root; zfs load-key -a; umount /mnt-root; rmdir /mnt-root; killall zfs" >> /root/.profile
zfs.requestEncryptionCredentials = true; '';
};
}; };
networking = { loader = {
hostName = hostname; systemd-boot.enable = true;
hostId = "49350853"; efi.canTouchEfiVariables = true;
useDHCP = false;
defaultGateway = "10.0.0.1";
interfaces = {
enp5s0.ipv4.addresses = [{ address = architect-lan; prefixLength = 24; }];
enp6s0.useDHCP = false;
wlp4s0.useDHCP = false;
};
extraHosts = ''
127.0.0.1 ${hostname}.devs.giugl.io localhost
# LAN
${architect-lan} ${hostname}.devs.giugl.io
${dvr-lan} dvr.devs.giugl.io
${nas-lan} nas.devs.giugl.io
${giupi-lan} giupi.devs.giugl.io
# Blacklist
0.0.0.0 metrics.plex.tv
0.0.0.0 analytics.plex.tv
0.0.0.0 cdn.luckyorange.com
0.0.0.0 w1.luckyorange.com
0.0.0.0 browser.sentry-cdn.com
0.0.0.0 analytics.facebook.com
0.0.0.0 ads.facebook.com
0.0.0.0 extmaps-api.yandex.net
0.0.0.0 logservice.hicloud.com
0.0.0.0 logbak.hicloud.com
0.0.0.0 logservice1.hicloud.com
0.0.0.0 samsung-com.112.2o7.net
0.0.0.0 supportmetrics.apple.com
0.0.0.0 analytics.oneplus.cn
0.0.0.0 click.oneplus.cn
0.0.0.0 analytics-api.samsunghealthcn.com
'';
}; };
environment.systemPackages = with pkgs; [ cudatoolkit ]; supportedFilesystems = [ "zfs" ];
zfs.enableUnstable = true;
zfs.requestEncryptionCredentials = true;
};
hardware = { networking = {
cpu.amd.updateMicrocode = true; hostName = hostname;
opengl.enable = true; hostId = "49350853";
opengl.extraPackages= with pkgs; [vaapiVdpau]; useDHCP = false;
opengl.driSupport = true; defaultGateway = "10.0.0.1";
interfaces = {
enp5s0.ipv4.addresses = [{
address = architect-lan;
prefixLength = 24;
}];
enp6s0.useDHCP = false;
wlp4s0.useDHCP = false;
}; };
extraHosts = ''
127.0.0.1 ${hostname}.devs.giugl.io localhost
# LAN
${architect-lan} ${hostname}.devs.giugl.io
${dvr-lan} dvr.devs.giugl.io
${nas-lan} nas.devs.giugl.io
${giupi-lan} giupi.devs.giugl.io
# Blacklist
0.0.0.0 metrics.plex.tv
0.0.0.0 analytics.plex.tv
0.0.0.0 cdn.luckyorange.com
0.0.0.0 w1.luckyorange.com
0.0.0.0 browser.sentry-cdn.com
0.0.0.0 analytics.facebook.com
0.0.0.0 ads.facebook.com
0.0.0.0 extmaps-api.yandex.net
0.0.0.0 logservice.hicloud.com
0.0.0.0 logbak.hicloud.com
0.0.0.0 logservice1.hicloud.com
0.0.0.0 samsung-com.112.2o7.net
0.0.0.0 supportmetrics.apple.com
0.0.0.0 analytics.oneplus.cn
0.0.0.0 click.oneplus.cn
0.0.0.0 analytics-api.samsunghealthcn.com
'';
};
environment.systemPackages = with pkgs; [ cudatoolkit ];
hardware = {
cpu.amd.updateMicrocode = true;
opengl.enable = true;
opengl.extraPackages = with pkgs; [ vaapiVdpau ];
opengl.driSupport = true;
};
boot.crashDump.enable = true; boot.crashDump.enable = true;
services.das_watchdog.enable = true; services.das_watchdog.enable = true;
services = { services = {
zfs.autoScrub.enable = true; zfs.autoScrub.enable = true;
xserver.videoDrivers = [ "nvidia" ]; xserver.videoDrivers = [ "nvidia" ];
openssh.enable = true; openssh.enable = true;
smartd.enable = true; smartd.enable = true;
}; };
environment.variables = {
LIBVA_DRIVER_NAME="vdpau";
};
}
environment.variables = { LIBVA_DRIVER_NAME = "vdpau"; };
}