From 975c079982137dae09016366998a388b4bd521f6 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Mon, 18 Jul 2022 10:04:42 -0400 Subject: [PATCH 1/4] add ax41.nix --- systems/hetzner/ax101.nix | 5 -- systems/hetzner/ax41.nix | 122 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 122 insertions(+), 5 deletions(-) create mode 100644 systems/hetzner/ax41.nix diff --git a/systems/hetzner/ax101.nix b/systems/hetzner/ax101.nix index a04959c..d814812 100644 --- a/systems/hetzner/ax101.nix +++ b/systems/hetzner/ax101.nix @@ -53,11 +53,6 @@ # available there. boot.initrd.services.swraid.mdadmConf = config.environment.etc."mdadm.conf".text; - # https://code.visualstudio.com/docs/setup/linux#_visual-studio-code-is-unable-to-watch-for-file-changes-in-this-large-workspace-error-enospc - boot.kernel.sysctl = { - "fs.inotify.max_user_watches" = "524288"; - }; - # Network (Hetzner uses static IP assignments, and we don't use DHCP here) networking.useDHCP = false; diff --git a/systems/hetzner/ax41.nix b/systems/hetzner/ax41.nix new file mode 100644 index 0000000..8feaabe --- /dev/null +++ b/systems/hetzner/ax41.nix @@ -0,0 +1,122 @@ +{ config, pkgs, lib, inputs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "ahci" "usbhid" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/bede3321-d976-475a-ace3-33c8977a590a"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + nix.max-jobs = lib.mkDefault 32; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + + # Use GRUB2 as the boot loader. + # We don't use systemd-boot because Hetzner uses BIOS legacy boot. + boot.loader.systemd-boot.enable = false; + boot.loader.grub = { + enable = true; + efiSupport = false; + devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ]; + }; + + # The madm RAID was created with a certain hostname, which madm will consider + # the "home hostname". Changing the system hostname will result in the array + # being considered "foregin" as opposed to "local", and showing it as + # '/dev/md/:root0' instead of '/dev/md/root0'. + + # This is mdadm's protection against accidentally putting a RAID disk + # into the wrong machine and corrupting data by accidental sync, see + # https://bugzilla.redhat.com/show_bug.cgi?id=606481#c14 and onward. + # We set the HOMEHOST manually go get the short '/dev/md' names, + # and so that things look and are configured the same on all such + # machines irrespective of host names. + # We do not worry about plugging disks into the wrong machine because + # we will never exchange disks between machines. + environment.etc."mdadm.conf".text = '' + HOMEHOST pinch + ''; + + # The RAIDs are assembled in stage1, so we need to make the config + # available there. + boot.initrd.mdadmConf = config.environment.etc."mdadm.conf".text; + + # Network (Hetzner uses static IP assignments, and we don't use DHCP here) + networking.useDHCP = false; + + networking.interfaces."enp41s0" = { + ipv4 = { + addresses = [{ + # Server main IPv4 address + address = "88.198.33.237"; + prefixLength = 24; + }]; + + routes = [ + # Default IPv4 gateway route + { + address = "0.0.0.0"; + prefixLength = 0; + via = "88.198.33.225"; + } + ]; + }; + + ipv6 = { + addresses = [{ + address = "2a01:4f8:a0:305f::1"; + prefixLength = 64; + }]; + + # Default IPv6 route + routes = [{ + address = "::"; + prefixLength = 0; + via = "fe80::1"; + }]; + }; + }; + + + networking = { + nameservers = [ "8.8.8.8" "8.8.4.4" ]; + hostName = "pinch"; + }; + + nix = { + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + + services.netdata.enable = true; + + environment.systemPackages = with pkgs; [ + lsof + ]; + + services.openssh.permitRootLogin = "prohibit-password"; + services.openssh.enable = true; + services.tailscale.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.srid = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" ]; + }; + security.sudo.wheelNeedsPassword = false; + + system.stateVersion = "20.03"; + +} From b2721cf33ed12e9f7c368aa253fc9445793df739 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Mon, 18 Jul 2022 10:06:27 -0400 Subject: [PATCH 2/4] add pinch --- flake.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index bdf7520..71649ad 100644 --- a/flake.nix +++ b/flake.nix @@ -88,12 +88,12 @@ }; in { - # My beefy development computer - now = mkLinuxSystem + # My Linux development computer (on Hetzner) + pinch = mkLinuxSystem [ - ./systems/hetzner/ax101.nix + ./systems/hetzner/ax41.nix ./nixos/server/harden.nix - ./nixos/hercules.nix + # ./nixos/hercules.nix ]; # For downloading stuff off internet in VPN. From 2763fc6aa492c858cd2e62fcc9953c81b47f73ed Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Mon, 18 Jul 2022 10:11:24 -0400 Subject: [PATCH 3/4] fix max jobs --- systems/hetzner/ax41.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/hetzner/ax41.nix b/systems/hetzner/ax41.nix index 8feaabe..45f328a 100644 --- a/systems/hetzner/ax41.nix +++ b/systems/hetzner/ax41.nix @@ -19,7 +19,7 @@ swapDevices = [ ]; - nix.max-jobs = lib.mkDefault 32; + nix.settings.max-jobs = lib.mkDefault 12; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; # Use GRUB2 as the boot loader. From b7e153b9c471d46145fe6776066791bf441eba98 Mon Sep 17 00:00:00 2001 From: Sridhar Ratnakumar Date: Mon, 18 Jul 2022 10:14:10 -0400 Subject: [PATCH 4/4] hm: stateVersion https://nix-community.github.io/home-manager/options.html#opt-home.stateVersion --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index 71649ad..fdf44b7 100644 --- a/flake.nix +++ b/flake.nix @@ -76,6 +76,7 @@ programs.bash = { enable = true; } // (import ./home/shellcommon.nix { inherit pkgs; }); + home.stateVersion = "22.11"; }; } ];