configurations of hq services
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

configuration.nix 2.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125
  1. { config, pkgs, lib, ... }:
  2. {
  3. imports = [
  4. <nixpkgs/nixos/modules/profiles/minimal.nix>
  5. ./hydra.nix
  6. ./cache.nix
  7. ../../lib
  8. ../../lib/hq.nix
  9. ../../lib/known-hosts.nix
  10. ../../lib/emery.nix
  11. ../../lib/buildfarmer.nix
  12. ../../lib/yggdrasil.nix
  13. ../../lib/tun.nix
  14. ];
  15. c3d2 = {
  16. isInHq = true;
  17. mapHqHosts = true;
  18. hq.interface = "eth0";
  19. };
  20. networking.interfaces.eth0.preferTempAddress = false;
  21. services.yggdrasil = {
  22. configFile = "/var/lib/yggdrasil/keys";
  23. config.Peers = [
  24. "tcp://[2a03:3b40:fe:ab::1]:46370" # Praha
  25. "tcp://ygg.thingylabs.io:443" # Nürnberg
  26. "tcp://176.223.130.120:22632" # Wrocław
  27. "tcp://[2a05:9403::8b]:7743" # Praha
  28. ];
  29. };
  30. nixpkgs.config.allowUnfree = true;
  31. security.pam.enableSSHAgentAuth = true;
  32. services.openssh = {
  33. enable = true;
  34. passwordAuthentication = false;
  35. };
  36. programs.mosh.enable = true;
  37. nix = {
  38. distributedBuilds = true;
  39. package = pkgs.nixFlakes;
  40. useSandbox = false;
  41. maxJobs = lib.mkDefault 4;
  42. autoOptimiseStore = true;
  43. gc = {
  44. automatic = true;
  45. dates = "06:00";
  46. options = "--delete-older-than 14d";
  47. };
  48. sshServe.enable = true;
  49. trustedUsers = [ "root" ];
  50. };
  51. boot = {
  52. tmpOnTmpfs = true;
  53. isContainer = true;
  54. loader.initScript.enable = true;
  55. loader.grub.enable = false;
  56. # For cross-building
  57. binfmt.emulatedSystems = [ "aarch64-linux" ];
  58. };
  59. fileSystems."/" = {
  60. fsType = "rootfs";
  61. device = "rootfs";
  62. };
  63. networking.hostName = "hydra";
  64. networking.useHostResolvConf = true;
  65. # caused problems on this host -- Astro 2019-09-08
  66. services.resolved.enable = false;
  67. # Set your time zone.
  68. time.timeZone = "Europe/Berlin";
  69. i18n = {
  70. defaultLocale = "en_US.UTF-8";
  71. supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
  72. };
  73. environment.systemPackages = with pkgs; [ tmux htop vim gitMinimal ];
  74. # Create a few files early before packing tarball for Proxmox
  75. # architecture/OS detection.
  76. system.extraSystemBuilderCmds = ''
  77. mkdir -m 0755 -p $out/bin
  78. ln -s ${pkgs.bash}/bin/bash $out/bin/sh
  79. mkdir -m 0755 -p $out/sbin
  80. ln -s ../init $out/sbin/init
  81. '';
  82. services.collectd = {
  83. enable = true;
  84. autoLoadPlugin = true;
  85. extraConfig = ''
  86. Interval 10
  87. <Plugin "cpu">
  88. </Plugin>
  89. <Plugin "memory">
  90. </Plugin>
  91. <Plugin "interface">
  92. </Plugin>
  93. <Plugin "load">
  94. </Plugin>
  95. <Plugin "swap">
  96. </Plugin>
  97. <Plugin "network">
  98. Server "grafana.hq.c3d2.de" "25826"
  99. </Plugin>
  100. '';
  101. };
  102. # This value determines the NixOS release with which your system is to be
  103. # compatible, in order to avoid breaking some software such as database
  104. # servers. You should change this only after NixOS release notes say you
  105. # should.
  106. system.stateVersion = "19.03"; # Did you read the comment?
  107. }