magic_rb/dotfiles
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/dotfiles synced 2024-11-25 17:46:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixup heater, prepare for compute rig

Browse source 
Signed-off-by: magic_rb <magic_rb@redalder.org>
This commit is contained in:
magic_rb 2024-03-30 14:52:58 +01:00
parent 39e63f2e09
commit 6f18aa5f55
No known key found for this signature in database
GPG key ID: 08D5287CC5DDCA0E
9 changed files with 124 additions and 85 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
nixos/systems/heater/default.nix
View file

@ -12,6 +12,7 @@
(lib')
flip
mapAttrs
loadSecrets
singleton
;
@ -24,7 +25,7 @@ in {
specialArgs = {
config' = config';
inputs' = inputs;
secret = lib'.loadSecrets;
secret = loadSecrets inputs.secret;
};
modules =
singleton
@ -34,32 +35,24 @@ in {
...
}: {
imports = [
./xserver.nix
../../common/steam.nix
./grub.nix
./networking.nix
./filesystems.nix
./hardware.nix
./users.nix
./nixpkgs.nix
../../common/sound.nix
];
./impermenance.nix
../../common/remote_access.nix
_module.args.nixinate = {
host = secret.network.ips.heater or "";
sshUser = "main";
buildOn = "local";
substituteOnTarget = true;
hermetic = false;
nixOptions = [
"--override-input secret path://$HOME/dotfiles/secret"
];
};
inputs.notnft.nixosModules.default
inputs.self.nixosModules.notnft
inputs.impermenance.nixosModules.impermanence
];
services.fwupd.enable = true;
time.timeZone = "Europe/Amsterdam";
system.stateVersion = "20.09";
system.stateVersion = "23.11";
});
};
}

71
nixos/systems/heater/filesystems.nix
View file

@ -1,75 +1,58 @@
{secret, ...}: let
nfsOptions = [
"noauto"
"X-mount.mkdir"
"x-systemd.device-timeout=10"
"timeo=14"
"soft"
"noatime"
"x-systemd.after=wireguard-wg0.target"
"x-systemd.wants=wireguard-wg0.target"
];
blowholeAddress = secret.network.ips.blowhole.dns or "";
in {
systemd.services.nix-daemon.environment.TMPDIR = "/nix/tmp";
fileSystems = {
"/" = {
device = "heater-zpool/local/root";
device = "none";
fsType = "tmpfs";
options = ["defaults" "size=512M" "mode=755" "noexec"];
};
"/tmp" = {
device = "none";
fsType = "tmpfs";
options = ["defaults" "size=512M" "mode=755"];
};
"/nix/persist" = {
device = "heater-ssd/persist";
fsType = "zfs";
neededForBoot = true;
};
"/nix" = {
device = "heater-zpool/local/nix";
device = "heater-ssd/local/nix";
fsType = "zfs";
};
"/home" = {
device = "heater-zpool/safe/home";
device = "heater-ssd/ephemeral/home";
fsType = "zfs";
neededForBoot = true;
};
"/var/lib/nomad" = {
device = "heater-zpool/persist/nomad";
"/root" = {
device = "heater-ssd/ephemeral/root";
fsType = "zfs";
neededForBoot = true;
};
"/var/lib/syncthing" = {
device = "heater-zpool/persist/syncthing";
fsType = "zfs";
};
"/etc/vault-agent" = {
device = "heater-zpool/persist/vault-agent";
"/nix/tmp" = {
device = "heater-ssd/ephemeral/nix-tmp";
fsType = "zfs";
neededForBoot = true;
};
"/boot" = {
device = "/dev/disk/by-uuid/5e590840-9e62-4231-8ac5-e6a27325254d";
device = "/dev/disk/by-uuid/c0a6bfbb-3553-4dc9-a299-b70070b8a52b";
fsType = "ext4";
};
"/boot/EFI" = {
device = "/dev/disk/by-uuid/D381-9D12";
device = "/dev/disk/by-uuid/90B0-657C";
fsType = "vfat";
};
"/mnt/cartman" = {
device = "${blowholeAddress}:/mnt/cartman";
fsType = "nfs";
options = nfsOptions;
};
"/mnt/kyle" = {
device = "${blowholeAddress}:/mnt/kyle";
fsType = "nfs";
options = nfsOptions;
};
"/mnt/stan" = {
device = "${blowholeAddress}:/mnt/stan";
fsType = "nfs";
options = nfsOptions;
};
};
swapDevices = [];

1
nixos/systems/heater/grub.nix
View file

@ -3,6 +3,7 @@
lib,
...
}: {
boot.initrd.systemd.enable = true;
boot.loader = {
systemd-boot.enable = false;
efi.canTouchEfiVariables = true;

2
nixos/systems/heater/hardware.nix
View file

@ -11,7 +11,7 @@
singleton
;
kernelPackages = pkgs.linuxKernel.packages.linux_6_1;
kernelPackages = pkgs.linuxKernel.packages.linux_6_6;
in {
boot = {
initrd.availableKernelModules = [

82
nixos/systems/heater/impermenance.nix Normal file
View file

@ -0,0 +1,82 @@
{
inputs',
pkgs,
...
}: let
rollbackStart = pkgs.writeText "rollback-start" ''
${pkgs.rolling_datasets}/bin/roll_dataset "heater-ssd/ephemeral/home" "10"
${pkgs.rolling_datasets}/bin/roll_dataset "heater-ssd/ephemeral/root" "10"
${pkgs.rolling_datasets}/bin/roll_dataset "heater-ssd/ephemeral/nix-tmp" "10"
'';
in {
nixpkgs.overlays = [
inputs'.self.overlays.show-files-to-be-deleted
inputs'.self.overlays.rolling_datasets
];
environment.systemPackages = [
pkgs.show-files-to-be-deleted
];
environment.persistence."/nix/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
];
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
boot.initrd.systemd.storePaths = with pkgs; [
zfs
busybox
rolling_datasets
rollbackStart
];
boot.initrd.systemd.services.rollback = {
description = "Rollback ZFS datasets to a pristine state";
wantedBy = [
"initrd.target"
];
after = [
"zfs-import-heater-ssd.service"
];
before = [
"sysroot.mount"
];
path = with pkgs; [
zfs
busybox
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
serviceConfig.ExecStart = "/bin/sh ${rollbackStart}";
};
systemd.services."mount-old-datasets" = {
description = "Mount old versions of datasets";
wantedBy = ["local-fs.target"];
after = ["local-fs.target"];
script = ''
${pkgs.rolling_datasets}/bin/mount_datasets "heater-ssd/ephemeral/home" "/home/.old"
${pkgs.rolling_datasets}/bin/mount_datasets "heater-ssd/ephemeral/root" "/root/.old"
${pkgs.rolling_datasets}/bin/mount_datasets "heater-ssd/ephemeral/nix-tmp" "/nix/tmp/.old"
'';
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
TimeoutStartSec = "5m";
};
};
}

6
nixos/systems/heater/nixpkgs.nix
View file

@ -10,12 +10,6 @@
nixpkgs.overlays =
(with config'.flake.overlays; [
emacsclient-remote
magic-screenshot
emacs-rofi
tree-sitter-grammars
emacs-master-nativecomp
ledger-compat
thingiverse-downloader
])
++ (with inputs'.nixng.overlays; [
default

4
nixos/systems/heater/users.nix
View file

@ -16,8 +16,8 @@
secret = secret;
};
home-manager.users.main = {
imports = [(inputs'.self + "/home-manager/modules/profiles/workstation.nix")];
imports = [(inputs'.self + "/home-manager/modules/profiles/server.nix")];
home.stateVersion = "21.05";
home.stateVersion = "23.11";
};
}

16
nixos/systems/heater/xserver.nix
View file

@ -1,16 +0,0 @@
{
pkgs,
lib,
...
}: let
inherit
(lib)
getExe
;
in {
imports = [
../../common/xserver.nix
];
services.xserver.videoDrivers = ["nvidia"];
}

2
nixos/systems/omen/firewall.nix
View file

@ -124,6 +124,8 @@
[(is.eq ip.protocol (f: with f; set [tcp])) (is.eq th.dport (set [22 4646 8200])) (is.eq ip.saddr (secret.network.ips.omen.vpn or "")) (is.eq ip.daddr (secret.network.ips.toothpick or "")) accept]
# TCP 22 altra
[(is.eq ip.protocol (f: with f; set [tcp])) (is.eq th.dport (set [22])) (is.eq ip.saddr (secret.network.ips.omen.vpn or "")) (is.eq ip.daddr (secret.network.ips.altra.ip or "")) accept]
# TCP 22 heater
[(is.eq ip.protocol (f: with f; set [tcp])) (is.eq th.dport (set [22])) (is.eq ip.saddr (secret.network.ips.omen.vpn or "")) (is.eq ip.daddr (secret.network.ips.heater or "")) accept]
# ICMP to blowhole, toothpick, altra
[(is.eq ip.protocol (f: f.icmp)) (is.eq ip.saddr (secret.network.ips.omen.vpn or "")) (is.eq ip.daddr (set [(secret.network.ips.toothpick or "") (secret.network.ips.altra.ip or "") (secret.network.ips.blowhole.ip or "")])) accept]
[(is.eq ip.protocol (f: f.tcp)) (is.eq th.dport 8883) (is.eq ip.saddr (secret.network.ips.omen.vpn or "")) (is.eq ip.daddr (secret.network.ips.altra.ip or "")) accept]