From a5e308587ed4174685694a8412e6fcad27b4838e Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Thu, 15 Jun 2023 17:44:31 +0300 Subject: feat(tazjin/nixos): initialise koptevo system This is the "new polyanka" (eventually), as I'm decommissioning that host slowly. Change-Id: Ia0fe664f3bf64513d8177434c6c0fface857cd99 Reviewed-on: https://cl.tvl.fyi/c/depot/+/8783 Tested-by: BuildkiteCI Reviewed-by: tazjin --- users/tazjin/nixos/default.nix | 1 + users/tazjin/nixos/koptevo/default.nix | 117 +++++++++++++++++++++++++++++++++ 2 files changed, 118 insertions(+) create mode 100644 users/tazjin/nixos/koptevo/default.nix (limited to 'users/tazjin/nixos') diff --git a/users/tazjin/nixos/default.nix b/users/tazjin/nixos/default.nix index b9cae51d7f69..9a1ff8da25ee 100644 --- a/users/tazjin/nixos/default.nix +++ b/users/tazjin/nixos/default.nix @@ -7,4 +7,5 @@ in depot.nix.readTree.drvTargets { tverskoySystem = systemFor depot.users.tazjin.nixos.tverskoy; polyankaSystem = (depot.ops.nixos.nixosFor depot.users.tazjin.nixos.polyanka).system; zamalekSystem = systemFor depot.users.tazjin.nixos.zamalek; + koptevoSystem = systemFor depot.users.tazjin.nixos.koptevo; } diff --git a/users/tazjin/nixos/koptevo/default.nix b/users/tazjin/nixos/koptevo/default.nix new file mode 100644 index 000000000000..ed5c0ea63d30 --- /dev/null +++ b/users/tazjin/nixos/koptevo/default.nix @@ -0,0 +1,117 @@ +# NUC in my closet. +_: # ignore readTree options + +{ config, depot, lib, pkgs, ... }: + +let + mod = name: depot.path.origSrc + ("/ops/modules/" + name); + usermod = name: depot.path.origSrc + ("/users/tazjin/nixos/modules/" + name); +in +{ + imports = [ + (mod "quassel.nix") + (mod "www/base.nix") + # (usermod "tgsa.nix") + # (usermod "predlozhnik.nix") + ]; + + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; + kernelModules = [ "kvm-intel" ]; + kernelParams = [ "nomodeset" ]; + }; + + nix.settings.trusted-users = [ "tazjin" ]; + + fileSystems = { + "/" = { + device = "rpool/root"; + fsType = "zfs"; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/E214-E6B3"; + fsType = "vfat"; + }; + + "/var" = { + device = "rpool/var"; + fsType = "zfs"; + }; + + "/home" = { + device = "rpool/home"; + fsType = "zfs"; + }; + }; + + hardware.cpu.intel.updateMicrocode = true; + hardware.enableRedistributableFirmware = true; + services.fwupd.enable = true; + + networking = { + hostName = "koptevo"; + hostId = "07bbbf4f"; + domain = "tazj.in"; + useDHCP = true; + firewall.enable = true; + + wireless.enable = true; + wireless.networks."How do I computer fast?" = { + psk = "washyourface"; + }; + }; + + time.timeZone = "UTC"; + + security.acme.acceptTerms = true; + security.acme.defaults.email = "acme@tazj.in"; + + programs.fish.enable = true; + + users.users.tazjin = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" ]; + shell = pkgs.fish; + openssh.authorizedKeys.keys = depot.users.tazjin.keys.all; + }; + + security.sudo.wheelNeedsPassword = false; + + services.depot.quassel = { + enable = true; + acmeHost = "koptevo.tazj.in"; + bindAddresses = [ + "0.0.0.0" + ]; + }; + + # Automatically collect garbage from the Nix store. + services.depot.automatic-gc = { + enable = true; + interval = "daily"; + diskThreshold = 2; # GiB # TODO + maxFreed = 8; # GiB + preserveGenerations = "14d"; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + curl + htop + jq + nmap + bat + emacs-nox + nano + wget + ]; + + programs.mtr.enable = true; + programs.mosh.enable = true; + services.openssh.enable = true; + system.stateVersion = "23.05"; +} -- cgit 1.4.1