Merge remote-tracking branches 'origin/nas-disable-nvidia', 'origin/add-ssd-to-nas', 'origin/switch-nas-to-bcachefs', 'origin/update-matrix-configs', 'origin/disable-mandatory-e2ee', 'origin/update-pgtune-configs' and 'origin/add-netboot-target'
This commit is contained in:
commit
6deddc7866
13 changed files with 71 additions and 175 deletions
|
@ -10,14 +10,8 @@
|
|||
networking.wireguard.interfaces."wg0".ips = [
|
||||
"fd0d:a262:1fa6:e621:6ec2:1e4e:ce7f:d2af/64"
|
||||
];
|
||||
boot.supportedFilesystems = ["zfs"];
|
||||
boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"];
|
||||
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_testing_bcachefs;
|
||||
networking.hostId = "8425e349";
|
||||
# Oldest system I have is skylake-based
|
||||
/*
|
||||
nixpkgs.localSystem = {
|
||||
gcc.arch = "skylake";
|
||||
gcc.tune = "skylake";
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
*/
|
||||
nix.settings.post-build-hook = lib.mkForce "true";
|
||||
}
|
||||
|
|
157
config/nas.nix
157
config/nas.nix
|
@ -17,7 +17,7 @@
|
|||
./services/hydra.nix
|
||||
./services/backup.nix
|
||||
nixos-hardware.nixosModules.common-cpu-amd
|
||||
nixos-hardware.nixosModules.common-pc-hdd
|
||||
nixos-hardware.nixosModules.common-pc-ssd
|
||||
./services/hostapd.nix
|
||||
./services/synapse.nix
|
||||
./services/mautrix-discord.nix
|
||||
|
@ -37,148 +37,26 @@
|
|||
];
|
||||
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod"];
|
||||
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod"];
|
||||
boot.initrd.kernelModules = ["igb"];
|
||||
boot.kernelModules = ["kvm-amd"];
|
||||
boot.extraModulePackages = [
|
||||
config.boot.kernelPackages.zenpower
|
||||
];
|
||||
|
||||
boot.supportedFilesystems = ["zfs"];
|
||||
boot.zfs.devNodes = "/dev/";
|
||||
|
||||
services.zfs.autoScrub.enable = true;
|
||||
services.zfs.autoScrub.pools = ["tank"];
|
||||
|
||||
boot.initrd.luks.devices = {
|
||||
disk0.device = "/dev/disk/by-partuuid/b122f4e7-9edf-402e-87a9-b709741fe8c9";
|
||||
disk1.device = "/dev/disk/by-partuuid/6e080c43-35fc-4c7c-a749-112d5b618a64";
|
||||
disk2.device = "/dev/disk/by-partuuid/13f012a4-b9a9-4144-8888-cbb637657f69";
|
||||
};
|
||||
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_testing_bcachefs;
|
||||
boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "tank/nixos";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/nix" = {
|
||||
device = "tank/nixos/nix";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/etc" = {
|
||||
device = "tank/nixos/etc";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/var" = {
|
||||
device = "tank/nixos/var";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib" = {
|
||||
device = "tank/nixos/var/lib";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/syncthing" = {
|
||||
device = "tank/nixos/var/lib/syncthing";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/syncthing/.wine" = {
|
||||
device = "tank/nixos/var/lib/syncthing/.wine";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
fileSystems."/var/lib/syncthing/lennyface" = {
|
||||
device = "tank/nixos/var/lib/syncthing/lennyface";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
fileSystems."/var/lib/syncthing/Music-flac" = {
|
||||
device = "tank/nixos/var/lib/syncthing/Music-flac";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
fileSystems."/var/lib/syncthing/Studium" = {
|
||||
device = "tank/nixos/var/lib/syncthing/Studium";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
fileSystems."/var/lib/syncthing/Pictures" = {
|
||||
device = "tank/nixos/var/lib/syncthing/Pictures";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
fileSystems."/var/lib/syncthing/Data" = {
|
||||
device = "tank/nixos/var/lib/syncthing/Data";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
fileSystems."/var/lib/syncthing/CarolineFlac" = {
|
||||
device = "tank/nixos/var/lib/syncthing/CarolineFlac";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
fileSystems."/var/lib/syncthing/Camera" = {
|
||||
device = "tank/nixos/var/lib/syncthing/Camera";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
fileSystems."/var/lib/syncthing/reveng" = {
|
||||
device = "tank/nixos/var/lib/syncthing/reveng";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
fileSystems."/var/lib/syncthing/Music" = {
|
||||
device = "tank/nixos/var/lib/syncthing/Music";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
fileSystems."/var/lib/syncthing/Documents" = {
|
||||
device = "tank/nixos/var/lib/syncthing/Documents";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/var/log" = {
|
||||
device = "tank/nixos/var/log";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/var/spool" = {
|
||||
device = "tank/nixos/var/spool";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/home" = {
|
||||
device = "tank/userdata/home";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/root" = {
|
||||
device = "tank/userdata/home/root";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/home/darkkirb" = {
|
||||
device = "tank/userdata/home/darkkirb";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
device = "/dev/nvme0n1p2:/dev/sda1:/dev/sdb1:/dev/sdc2";
|
||||
fsType = "bcachefs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/nvme0n1p1";
|
||||
fsType = "vfat";
|
||||
};
|
||||
fileSystems."/boot1" = {
|
||||
device = "/dev/disk/by-partuuid/b50f9cff-552d-4c6e-bda2-104723ee638e";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
@ -216,7 +94,7 @@
|
|||
};
|
||||
};
|
||||
networking.bridges = {
|
||||
br0.interfaces = ["enp8s0" "wlp6s0"];
|
||||
br0.interfaces = ["enp9s0" "wlp9s0"];
|
||||
};
|
||||
networking.wireguard.interfaces."wg0".ips = ["fd0d:a262:1fa6:e621:bc9b:6a33:86e4:873b/64"];
|
||||
environment.etc."sysconfig/lm_sensors".text = ''
|
||||
|
@ -265,7 +143,7 @@
|
|||
};
|
||||
|
||||
networking.tc_cake = {
|
||||
enp1s0f0u4 = {
|
||||
enp2s0f0u4 = {
|
||||
disableOffload = true;
|
||||
shapeEgress = {
|
||||
bandwidth = "4mbit";
|
||||
|
@ -273,15 +151,10 @@
|
|||
};
|
||||
shapeIngress = {
|
||||
bandwidth = "33mbit";
|
||||
ifb = "ifb4enp1s0f0u4";
|
||||
ifb = "ifb4enp2s0f0u4";
|
||||
};
|
||||
};
|
||||
};
|
||||
virtualisation.docker.daemon.settings = {
|
||||
storage-opts = [
|
||||
"zfs.fsname=tank/docker"
|
||||
];
|
||||
};
|
||||
services.postgresql.settings = {
|
||||
max_connections = 200;
|
||||
shared_buffers = "4GB";
|
||||
|
@ -290,8 +163,8 @@
|
|||
checkpoint_completion_target = 0.9;
|
||||
wal_buffers = "16MB";
|
||||
default_statistics_target = 100;
|
||||
random_page_cost = 4;
|
||||
effective_io_concurrency = 2;
|
||||
random_page_cost = 1.1;
|
||||
effective_io_concurrency = 200;
|
||||
work_mem = "5242kB";
|
||||
min_wal_size = "1GB";
|
||||
max_wal_size = "4GB";
|
||||
|
|
17
config/netboot.nix
Normal file
17
config/netboot.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
nixpkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
"${nixpkgs}/nixos/modules/installer/netboot/netboot-base.nix"
|
||||
];
|
||||
networking.wireguard.interfaces."wg0".ips = [
|
||||
"fd0d:a262:1fa6:e621:6ec2:1e4e:ce7f:d2af/64"
|
||||
];
|
||||
boot.supportedFilesystems = lib.mkForce ["bcachefs" "vfat"];
|
||||
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_testing_bcachefs;
|
||||
networking.hostId = "8425e349";
|
||||
nix.settings.post-build-hook = lib.mkForce "true";
|
||||
}
|
|
@ -187,15 +187,15 @@
|
|||
|
||||
services.postgresql.settings = {
|
||||
max_connections = 200;
|
||||
shared_buffers = "2GB";
|
||||
effective_cache_size = "6GB";
|
||||
maintenance_work_mem = "512MB";
|
||||
shared_buffers = "1GB";
|
||||
effective_cache_size = "3GB";
|
||||
maintenance_work_mem = "256MB";
|
||||
checkpoint_completion_target = 0.9;
|
||||
wal_buffers = "16MB";
|
||||
default_statistics_target = 100;
|
||||
random_page_cost = 1.1;
|
||||
effective_io_concurrency = 200;
|
||||
work_mem = "10485kB";
|
||||
work_mem = "52422kB";
|
||||
min_wal_size = "1GB";
|
||||
max_wal_size = "4GB";
|
||||
max_worker_processes = 2;
|
||||
|
|
|
@ -111,11 +111,6 @@
|
|||
384000
|
||||
];
|
||||
services.pipewire.config.pipewire."context.properties"."default.clock.quantum" = 8192;
|
||||
virtualisation.docker.daemon.settings = {
|
||||
storage-opts = [
|
||||
"zfs.fsname=hdd/docker"
|
||||
];
|
||||
};
|
||||
nix.settings.substituters = lib.mkForce [
|
||||
"https://hydra.int.chir.rs/"
|
||||
"https://cache.nixos.org/"
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
services.hostapd = {
|
||||
enable = true;
|
||||
countryCode = "DE";
|
||||
interface = "wlp6s0";
|
||||
interface = "wlp7s0";
|
||||
ssid = "🦝";
|
||||
wpa = true;
|
||||
wpaPassphraseFile = config.sops.secrets."services/hostapd".path;
|
||||
|
|
|
@ -30,8 +30,8 @@
|
|||
delete_portal_on_channel_delete = true;
|
||||
encryption = {
|
||||
allow = true;
|
||||
default = true;
|
||||
require = true;
|
||||
default = false;
|
||||
require = false;
|
||||
allow_key_sharing = true;
|
||||
};
|
||||
permissions = {
|
||||
|
|
|
@ -38,10 +38,11 @@
|
|||
sync_with_custom_puppets = true;
|
||||
encryption = {
|
||||
allow = true;
|
||||
default = true;
|
||||
require = true;
|
||||
default = false;
|
||||
require = false;
|
||||
allow_key_sharing = true;
|
||||
};
|
||||
sync_direct_chat_list = true;
|
||||
private_chat_portal_meta = true;
|
||||
delivery_receipts = true;
|
||||
delivery_error_reports = true;
|
||||
|
|
|
@ -43,10 +43,11 @@
|
|||
sync_with_custom_puppets = true;
|
||||
encryption = {
|
||||
allow = true;
|
||||
default = true;
|
||||
require = true;
|
||||
default = false;
|
||||
require = false;
|
||||
allow_key_sharing = true;
|
||||
};
|
||||
public_portals = true;
|
||||
private_chat_portal_meta = true;
|
||||
mute_bridging = true;
|
||||
backfill = {
|
||||
|
@ -57,6 +58,7 @@
|
|||
};
|
||||
delivery_receipts = true;
|
||||
delivery_error_reports = true;
|
||||
incoming_bridge_error_reports = true;
|
||||
pinned_tag = "m.favourite";
|
||||
archive_tag = "m.lowpriority";
|
||||
permissions = {
|
||||
|
|
|
@ -42,8 +42,8 @@
|
|||
url_previews = true;
|
||||
encryption = {
|
||||
allow = true;
|
||||
default = true;
|
||||
require = true;
|
||||
default = false;
|
||||
require = false;
|
||||
allow_key_sharing = true;
|
||||
};
|
||||
sync_with_custom_puppets = true;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
_: {
|
||||
networking.dhcpcd.allowInterfaces = ["enp1s0f0u4"]; # yes a usb network card don’t judge
|
||||
networking.dhcpcd.allowInterfaces = ["enp2s0f0u4"]; # yes a usb network card don’t judge
|
||||
services.dhcpd4 = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
|
@ -31,7 +31,7 @@ _: {
|
|||
# No i don’t have ipv6 :(
|
||||
networking.firewall.extraCommands = ''
|
||||
iptables -A FORWARD -i br0 -j ACCEPT
|
||||
iptables -t nat -A POSTROUTING -o enp1s0f0u4 -s 192.168.2.0/24 -j MASQUERADE
|
||||
iptables -t nat -A POSTROUTING -o enp2s0f0u4 -s 192.168.2.0/24 -j MASQUERADE
|
||||
'';
|
||||
networking.interfaces.enp1s0f0u4.macAddress = "00:d8:61:d0:de:1e"; # fucking ISP
|
||||
boot.kernel.sysctl = {
|
||||
|
|
|
@ -10,7 +10,6 @@
|
|||
server_name = "chir.rs";
|
||||
public_baseurl = "https://matrix.chir.rs/";
|
||||
default_room_version = 10;
|
||||
encryption_enabled_by_default_for_room_type = "all";
|
||||
listeners = [
|
||||
{
|
||||
port = 8008;
|
||||
|
@ -84,7 +83,7 @@
|
|||
msc2716_enabled = true;
|
||||
msc3244_enabled = true;
|
||||
msc3266_enabled = true;
|
||||
msc3030_enabled = true;
|
||||
|
||||
msc2409_to_device_messages_enabled = true;
|
||||
msc3202_device_masquerading_enabled = true;
|
||||
msc3202_transaction_extensions = true;
|
||||
|
@ -93,6 +92,7 @@
|
|||
msc3720_enabled = true;
|
||||
msc2654_enabled = true;
|
||||
msc2815_enabled = true;
|
||||
msc3391_enabled = true;
|
||||
msc3773_enabled = true;
|
||||
msc3664_enabled = true;
|
||||
msc3848_enabled = true;
|
||||
|
@ -100,8 +100,14 @@
|
|||
msc3881_enabled = true;
|
||||
msc3882_enabled = true;
|
||||
msc3874_enabled = true;
|
||||
msc3890_enabled = true;
|
||||
msc3381_polls_enabled = true;
|
||||
msc3912_enabled = true;
|
||||
spaces_enabled = true;
|
||||
msc1767_enabled = true;
|
||||
msc3952_intentional_mentions = true;
|
||||
msc3958_supress_edit_notifs = true;
|
||||
msc3967_enabled = true;
|
||||
msc2659_enabled = true;
|
||||
};
|
||||
#sentry.dsn = "https://18e36e6f16b5490c83364101717cddba@o253952.ingest.sentry.io/6449283";
|
||||
};
|
||||
|
|
|
@ -115,6 +115,14 @@ rec {
|
|||
name = "nas"; # My nas
|
||||
system = "x86_64-linux";
|
||||
}
|
||||
{
|
||||
name = "installer"; # Installer iso
|
||||
system = "x86_64-linux";
|
||||
}
|
||||
{
|
||||
name = "netboot"; # Installer netboot
|
||||
system = "x86_64-linux";
|
||||
}
|
||||
{
|
||||
name = "instance-20221213-1915"; # Oracle server
|
||||
system = "aarch64-linux";
|
||||
|
|
Loading…
Reference in a new issue