rrix
/
complete-computing-environment
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
complete-computing-environment/morph.org

670 lines
23 KiB
Org Mode
Raw Permalink Blame History

:PROPERTIES:
:ID: cce/morph
:ROAM_REFS: https://github.com/DBCDK/morph/
:ROAM_ALIASES: Morph
:END:
#+TITLE: Morph for managing NixOS
#+filetags: :Project:
#+AUTO_TANGLE: t
#+ARCOLOGY_KEY: cce/morph
#+ARCOLOGY_ALLOW_CRAWL: t
#+begin_quote
Morph is a tool for managing existing NixOS hosts - basically a fancy wrapper around nix-build, nix copy, nix-env, /nix/store/.../bin/switch-to-configuration, scp and more. Morph supports updating multiple hosts in a row, and with support for health checks makes it fairly safe to do so.
#+end_quote
Interestingly, it seems like I can just use my [[id:cce/nixops][NixOps]] laptop profile...? stealin' it! that's nice.
In the embeds you'll learn how I pick the hostnames for my computers.
* Deploying from my =hosts.toml=
:PROPERTIES:
:ID: 20230530T120902.994787
:END:
Morph is fine to use, but it's a little bit unergonomic, especially if i want to blast out builds to a bunch of hosts. I am taking a cue from [[https://xeiaso.net/][Xe Iaso]] and moving toward defining my host configurations in a =hosts.toml= file. For now, it only has the bare necessities to generate deployment networks for each of my roles, but it could be extended with other things like SSH host keys, or encrypted secrets in the near future. I'm also planning to write a little python script so that I can type to my computer =deploy virtuous-cassette= and have that roll out rather than the complicated [[id:20220912T114451.341788][Shell Spell]] =morph deploy --on=virtuous-cassette --passwd ~/arroyo-nix/networks/laptops.nix switch=.
#+begin_src nix :tangle ~/arroyo-nix/networks/mkNetwork.nix
{ pkgs, networks }:
let
mkHost = rollConfig: hostname: config:
let hostConfig = ./. + "/../hosts/${hostname}";
in
{
imports = [ rollConfig hostConfig ];
deployment.targetHost = (if config ? target then config.target else hostname);
deployment.targetUser = (if config ? user then config.user else "rrix");
} // (if config ? stateVersion then {
system.stateVersion = config.stateVersion;
} else {});
mkNetwork = subnet:
let
network = networks."${subnet}";
roleConfig = ./. + "/${network.config}";
mkHost' = mkHost roleConfig;
in
{
network.pkgs = pkgs;
network.description = network.description;
network.enableRollback = (if network ? enableRollback then network.enableRollback else true);
} // builtins.mapAttrs mkHost' network.hosts;
in mkNetwork
#+end_src
this =mkNetwork= function is easy to operate as you can see below; it provides reasonable defaults so that my Tailscale-backed hosts can just be added to the network with a single line. Bootstrapping hosts is as simple as adding the local DHCP address as the =target= key and setting the =user= for the first SSH.
* Deploying My Laptops and Desktop
:PROPERTIES:
:ID: cce/morph-laptops
:END:
My laptops are installed through my [[id:cce/nixos_automatic_partitioning_installer][NixOS Automatic Partitioning Installer]] and carry [[id:cce/my_nixos_configuration][My NixOS configuration for laptops]], the "endpoint configuration".
#+begin_src nix :tangle ~/arroyo-nix/networks/endpoints.nix
let
pkgs = import <nixpkgs> { allowUnfree = true; };
allNetworks = pkgs.lib.importTOML ./hosts.toml;
mkNetwork = import ./mkNetwork.nix { inherit pkgs; networks = allNetworks; };
in mkNetwork "endpoints"
#+end_src
#+begin_src toml :tangle ~/arroyo-nix/networks/hosts.toml
[endpoints]
description = "my laptops and desktop"
enableRollback = true
config = "../roles/endpoint"
#+end_src
** Rose Quine
:PROPERTIES:
:ID: 20230328T191051.959009
:END:
#+begin_export html
<iframe style="border: 0; width: 200px; height: 200px;" src="https://bandcamp.com/EmbeddedPlayer/album=1563537773/size=large/bgcol=ffffff/linkcol=2ebd35/minimal=true/track=1268670717/transparent=true/" seamless><a href="https://theflashbulb.bandcamp.com/album/our-simulacra">Our Simulacra by The Flashbulb</a></iframe>
#+end_export
Rose Quine is my [[id:20230404T153703.708523][GPD Pocket 3]].
#+begin_src toml :tangle ~/arroyo-nix/networks/hosts.toml
[endpoints.hosts.rose-quine]
# target = "rose-quine"
# stateVersion = "23.05"
#+end_src
#+begin_src nix :tangle ~/arroyo-nix/hosts/rose-quine/default.nix :mkdirp yes
{ config, pkgs, lib, ... }:
{
imports = [ <arroyo/nixos/gpd-pocket-3.nix> ];
networking.hostName = "rose-quine";
system.stateVersion = "23.05";
services.xserver.dpi = 280;
services.tailscale.authKey = "tskey-auth-knLBN35CNTRL-ignbakuis45bC5m5mrvX95o4DW9JHoRV8";
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub.efiSupport = true;
boot.loader.grub.device = "nodev";
boot.loader.grub.enable = true;
boot.loader.grub.gfxmodeBios = "1200x1920x32";
boot.loader.systemd-boot.enable = lib.mkForce false;
# boot.loader.systemd-boot.consoleMode = "max";
networking.hostId = "3f5dbbf9"; # required for zfs use
boot.zfs.devNodes = "/dev/mapper"; # (ref:devNodes)
boot.initrd.luks.devices = {
"swap" = { name = "swap"; device = "/dev/nvme0n1p2"; preLVM = true; };
"root" = { name = "root"; device = "/dev/nvme0n1p3"; preLVM = true; };
};
# === from hardware-configuration.nix
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "tank/root";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "tank/home";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "tank/nix";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/9FDC-2C40";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/455bbc40-e01c-4137-b593-a05b6220ce6b"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp175s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp174s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}
#+end_src
*** NEXT derivation for [[https://github.com/wimpysworld/umpc-ubuntu/blob/master/data/umpc-display-rotate.c][umpc-display-rotate.c]]
*** NEXT split and document all this out in to an import on [[roam:GPD Pocket 3 Support]] page
** Window Smoke
:PROPERTIES:
:ID: 20230225T145612.522017
:END:
#+begin_export html
<iframe style="border: 0; width: 200px; height: 200px;" src="https://bandcamp.com/EmbeddedPlayer/album=1436740419/size=large/bgcol=ffffff/linkcol=2ebd35/minimal=true/track=130097483/transparent=true/" seamless><a href="https://theflashbulb.bandcamp.com/album/seven-quarantine-poems">Seven Quarantine Poems by The Flashbulb</a></iframe>
#+end_export
#+begin_src toml :tangle ~/arroyo-nix/networks/hosts.toml
[endpoints.hosts.window-smoke]
# target = "window-smoke"
# stateVersion = "22.11"
# user = "rrix"
#+end_src
Window Smoke is my desktop. It runs my [[id:cce/my_nixos_configuration][Endpoint Configuration]] and some of [[id:20230225T150449.622645][My NixOS Tower Customizations]]
#+begin_src nix :tangle ~/arroyo-nix/hosts/window-smoke/default.nix :mkdirp yes
{ lib, config, ... }:
{
imports = [ ./hardware-configuration.nix ../../roles/desktop ];
boot.enableVFIO = false;
networking.hostName = "window-smoke";
system.stateVersion = "22.11"; #
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.device = "nodev";
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true;
services.xserver.dpi = 110;
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "wl" ];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
services.tailscale.authKey = "tskey-auth-k38z9b3CNTRL-DeWdeU2Zt4ccxM2RqHduzbu9h2D7mmP74";
networking.hostId = "141e1b4f"; # required for zfs use
boot.zfs.devNodes = lib.mkForce "/dev/disk/by-id/";
boot.initrd.luks.devices = {
"swap" = { name = "swap"; device = "/dev/nvme0n1p2"; preLVM = true; };
"root" = { name = "root"; device = "/dev/nvme0n1p3"; preLVM = true; };
};
fileSystems."/" =
{ device = "window-smoke/root";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "window-smoke/home";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "window-smoke/nix";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/12CA-451F";
fsType = "vfat";
};
fileSystems."/media" =
{ device = "tank/media";
fsType = "zfs";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/26776a6d-4e53-4e39-b0e5-5a540ce78406"; }
];
}
#+end_src
** Virtuous Cassette
:PROPERTIES:
:ID: 20211029T115928.954970
:END:
#+begin_export html
<iframe style="border: 0; width: 200px; height: 200px;" src="https://bandcamp.com/EmbeddedPlayer/album=3533678702/size=large/bgcol=ffffff/linkcol=2ebd35/minimal=true/track=1697170446/transparent=true/" seamless><a href="https://theflashbulb.bandcamp.com/album/love-as-a-dark-hallway">Love As A Dark Hallway by The Flashbulb</a></iframe>
#+end_export
Virtuous Cassette is my [[roam:Framework Laptop]].
#+begin_src toml :tangle ~/arroyo-nix/networks/hosts.toml
[endpoints.hosts.virtuous-cassette]
stateVersion = "23.05"
target = "192.168.69.71"
user = "root"
#+end_src
=hosts/tres-ebow/default.nix= replaces the =generated.nix=, basically, for my [[id:6834cb8f-319f-4dd9-bade-2521417f584b][GPD Pocket]]:
#+begin_src nix :tangle ~/arroyo-nix/hosts/virtuous-cassette/default.nix :mkdirp yes
{
imports = [ <arroyo/nixos/framework-laptop.nix> ];
networking.hostName = "virtuous-cassette";
boot.loader.grub.efiSupport = true;
boot.loader.grub.device = "nodev";
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub.enable = true;
boot.loader.systemd-boot.enable = false;
boot.initrd.luks.devices = {
"swap" = { name = "swap"; device = "/dev/nvme0n1p2"; preLVM = true; };
"root" = { name = "root"; device = "/dev/nvme0n1p3"; preLVM = true; };
};
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
powerManagement.cpuFreqGovernor = "powersave";
# ===8<--- everything below here will change if i ever reinitialize the host!
services.tailscale.authKey = "tskey-auth-k1WxJ97CNTRL-6Rp5sqDZxM1yAH7mvKp9T1dj1Ps4iKYDY";
networking.hostId = "291fe33d"; # required for zfs use
fileSystems."/" =
{ device = "host/root";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "host/home";
fsType = "zfs";
};
fileSystems."/media" =
{ device = "host/landfill";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "host/nix";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/CD54-B840";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/ddfce221-2d29-4882-9c66-1669ea60bc49"; }
];
}
#+end_src
** Meadow Crush
:PROPERTIES:
:ID: cce/morph-meadow-crush
:END:
Meadow Crush is my [[id:6834cb8f-319f-4dd9-bade-2521417f584b][GPD Pocket 2]]; I don't use this right now but it's still running a viable NixOS if I need it in a Situation.
#+begin_export html
<iframe style="border: 0; width: 200px; height: 200px;" src="https://bandcamp.com/EmbeddedPlayer/album=1889307725/size=large/bgcol=ffffff/linkcol=2ebd35/minimal=true/track=1231014309/transparent=true/" seamless><a href="https://theflashbulb.bandcamp.com/album/arboreal">Arboreal by The Flashbulb</a></iframe>
#+end_export
#+begin_src toml :tangle ~/arroyo-nix/networks/hosts.toml
# [endpoints.hosts.meadow-crush]
# target = "meadow-crush"
# stateVersion = "22.05"
#+end_src
#+begin_src nix :tangle ~/arroyo-nix/hosts/meadow-crush/default.nix :mkdirp yes
{
imports = [ ./hardware-configuration.nix ../../nixos/gpd-pocket.nix ];
networking.hostName = "meadow-crush";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
services.tailscale.authKey = "tskey-kqvV5P3CNTRL-K3bdvSJcUreG8nrGcDKXCh";
networking.hostId = "c9ec7cad"; # required for zfs use
boot.initrd.luks.devices = {
"swap" = { name = "swap"; device = "/dev/mmcblk0p2"; preLVM = true; };
"root" = { name = "root"; device = "/dev/mmcblk0p3"; preLVM = true; };
};
fileSystems."/mnt/music" =
{ device = "/dev/disk/by-label/muzak";
fsType = "ext4";
noCheck = true;
};
}
#+end_src
** NEXT implement [[https://christine.website/blog/nixos-encrypted-secrets-2021-01-20][nixos encrypted secrets]] and make these safe! maybe [[https://christine.website/blog/my-wireguard-setup-2021-02-06][hosts.toml]] for a lot of this too...
* Deploying My [[id:20220131T152041.472624][NixOS Set Top Box]]
:PROPERTIES:
:ID: 20220202T153605.995078
:END:
#+begin_src nix :tangle ~/arroyo-nix/networks/settop.nix :mkdirp yes
let
pkgs = import <nixpkgs> { allowUnfree = true; };
allNetworks = pkgs.lib.importTOML ./hosts.toml;
mkNetwork = import ./mkNetwork.nix { inherit pkgs; networks = allNetworks; };
in mkNetwork "settop"
#+end_src
#+begin_src toml :tangle ~/arroyo-nix/networks/hosts.toml
[settop]
description = "my kodi box"
enableRollback = true
config = "../roles/settop"
#+end_src
** Tres Ebow
:PROPERTIES:
:ID: cce/morph-tres-ebow
:END:
#+begin_export html
<iframe style="border: 0; width: 200px; height: 200px;" src="https://bandcamp.com/EmbeddedPlayer/album=3533678702/size=large/bgcol=ffffff/linkcol=2ebd35/minimal=true/track=1431497952/transparent=true/" seamless><a href="https://theflashbulb.bandcamp.com/album/love-as-a-dark-hallway">Love As A Dark Hallway by The Flashbulb</a></iframe>
#+end_export
#+begin_src toml :tangle ~/arroyo-nix/networks/hosts.toml
[settop.hosts.tres-ebow]
# target = "tres-ebow"
target = "192.168.69.69"
user = "root"
# will probably reinstall soon
stateVersion = "23.05"
#+end_src
Tres Ebow is my Thinkpad Yoga gen 3 -- a decent 2-in-1 with [[id:25942086-23fa-4fff-938d-a7a9c0fa7365][very un-Lenovo serviceability]], and due to ordering error and soldered RAM, only 4 GiB of RAM. awkward. it'll be a fine kodi box.
#+begin_src nix :tangle ~/arroyo-nix/hosts/tres-ebow/default.nix :mkdirp yes
{ config, lib, ... }:
{
networking.hostName = "tres-ebow";
boot.loader.grub.efiSupport = true;
boot.loader.grub.device = "nodev";
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub.enable = true;
boot.loader.systemd-boot.enable = false;
services.xserver.dpi = 207;
networking.hostId = "389acda5"; # required for zfs use
boot.zfs.devNodes = lib.mkForce "/dev/disk/by-uuid"; # (ref:devNodes)
services.tailscale.authKey = "tskey-auth-kjuYea5CNTRL-YApNAAdxe5aucWNb823g1aNCwTK11pVTA";
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "host/root";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "host/home";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "host/nix";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/CB62-8263";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/4f1751ef-0ddd-4005-b69c-daafc518e9df"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "balanced";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.enableRedistributableFirmware = true;
}
#+end_src
* Deploying [[id:20211120T220054.226284][The Wobserver]]
:PROPERTIES:
:ID: 20221112T153200.008557
:END:
#+begin_src nix :tangle ~/arroyo-nix/networks/wobserver.nix :mkdirp yes
let
pkgs = import <nixpkgs> { allowUnfree = true; };
allNetworks = pkgs.lib.importTOML ./hosts.toml;
mkNetwork = import ./mkNetwork.nix { inherit pkgs; networks = allNetworks; };
in mkNetwork "wobserver"
#+end_src
#+begin_src toml :tangle ~/arroyo-nix/networks/hosts.toml
[wobserver]
description = "the wobserver and friends"
enableRollback = true
config = "../roles/server"
#+end_src
** Terra Firma
:PROPERTIES:
:ID: 20221112T130047.292304
:END:
#+begin_export html
<iframe style="border: 0; width: 200px; height: 200px;" src="https://bandcamp.com/EmbeddedPlayer/album=78877835/size=large/bgcol=ffffff/linkcol=2ebd35/minimal=true/track=2552183726/transparent=true/" seamless><a href="https://theflashbulb.bandcamp.com/album/opus-at-the-end-of-everything">Opus At The End Of Everything by The Flashbulb</a></iframe>
#+end_export
Terra Firma is my [[id:20211120T220054.226284][Wobserver]] hosted by [[id:7fea3caa-5fa0-415a-96c7-45a1d64512fb][Wobscale Technologies]] in Seattle, WA.
#+begin_src nix :tangle ~/arroyo-nix/hosts/terra-firma/default.nix :mkdirp yes
{
imports = [ ./hardware-configuration.nix ];
system.stateVersion = "22.11";
networking.hostName = "terra-firma";
boot.loader.grub.enable = true;
# boot.loader.grub.device = "/dev/sde";
boot.loader.grub.device = "/dev/sdf";
networking.hostId = "628c9fc3"; # required for zfs use
services.tailscale.authKey = "tskey-auth-kc6ULA7CNTRL-DwkDu5vJo2RrekxqbUHNxQP4LmMDnRjS3";
}
#+end_src
#+begin_src nix :tangle ~/arroyo-nix/hosts/terra-firma/hardware-configuration.nix :mkdirp yes
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "uhci_hcd" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "terra-firma/root";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "tank/home";
fsType = "zfs";
};
fileSystems."/media" =
{ device = "tank/media";
fsType = "zfs";
};
fileSystems."/srv" =
{ device = "tank/srv";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "terra-firma/nix";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2C1E-582F";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/1ee46640-6164-4882-a59d-aa260c7780a2"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}
#+end_src
** Last Bank
:PROPERTIES:
:ID: 20230506T010603.522707
:END:
#+begin_export html
<iframe style="border: 0; width: 200px; height: 200px;" src="https://bandcamp.com/EmbeddedPlayer/album=4030854985/size=large/bgcol=ffffff/linkcol=2ebd35/minimal=true/track=3639413635/transparent=true/" seamless><a href="https://theflashbulb.bandcamp.com/album/hardscrabble">Hardscrabble by The Flashbulb</a></iframe>
#+end_export
Last Bank is my [[id:20230429T140217.184029][New Homelab Build]], a living-room server that will be proxied through [[id:7fea3caa-5fa0-415a-96c7-45a1d64512fb][Wobscale Technologies]] in Seattle, WA. It's going to replace [[id:20221112T130047.292304][terra-firma]].
#+begin_src toml :tangle ~/arroyo-nix/networks/hosts.toml
[wobserver.hosts.last-bank]
#+end_src
#+begin_src nix :tangle ~/arroyo-nix/hosts/last-bank/default.nix :mkdirp yes
{ lib, config, ... }:
{
imports = [ ../../roles/desktop ];
boot.enableVFIO = true;
networking.hostName = "last-bank";
system.stateVersion = "23.05";
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/disk/by-id/wwn-0x5000c5005d11c7e4";
services.tailscale.authKey = "tskey-auth-kzWZMt1CNTRL-48JC1bwTin5b1crXxBcti5Qru3zf8wC3";
networking.hostId = "56c334f2"; # required for zfs use
boot.zfs.devNodes = "/dev/disk/by-uuid"; # (ref:devNodes)
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "isci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "host/root";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "host/nix";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "tank/home";
fsType = "zfs";
};
fileSystems."/media" =
{ device = "tank/media";
fsType = "zfs";
};
fileSystems."/srv" =
{ device = "tank/srv";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/19C9-747A";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/554d8e90-f4ea-49dc-b057-c69d0385bbc6"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.eno3.useDHCP = lib.mkDefault true;
# networking.interfaces.eno4.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}
#+end_src
Reference in New Issue View Git Blame Copy Permalink