From 5aeaaf338cec13527e24e60af094d2bca2d3a886 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sat, 20 May 2023 04:39:06 +0200
Subject: [PATCH] Add server6

---
 .sops.yaml                               |  8 ++++
 flake.nix                                | 11 ++++++
 hosts/server6/default.nix                | 47 ++++++++++++++++++++++++
 hosts/server6/hardware-configuration.nix | 31 ++++++++++++++++
 4 files changed, 97 insertions(+)
 create mode 100644 hosts/server6/default.nix
 create mode 100644 hosts/server6/hardware-configuration.nix

diff --git a/.sops.yaml b/.sops.yaml
index de2ecafc..ab1e419c 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -58,6 +58,7 @@ keys:
   - &riscbert age148d87gqw59lmst5jv3vynhsu3tv4t4sj49s4lktvnplfcrjq2y5sjcwsu8
   - &scrape age1p60rg45qrzpv2hcfzxl8d8k9afkk7dtrhr98cngeyuhlega83ynssmtx5k
   - &sdrweb age1makkpv2t74lxmw0nk6m89nespva7j700pmt83pl5a4ldtj2k8fzqakw8h7
+  - &server6
   - &server7 age1xd8x0m27zhvvsm7rq2amtu3a4nvpfnlcdgp9tqt3g47hfzchsa9svgmemz
   - &server8 age12jcu0jtw7m96evxnd0vu6lvsm8uswslrdhxd2u655vjrwhljmqdsptry37
   - &server9 age15vrlmtckjf4j242juw7l5e0s6eunn67ejr9acaztnl3tmvwpufrsevntva
@@ -124,6 +125,7 @@ creation_rules:
       - *riscbert
       - *scrape
       - *sdrweb
+      - *server6
       - *server7
       - *server8
       - *server9
@@ -276,6 +278,12 @@ creation_rules:
       age:
       - *radiobert
       - *polygon-snowflake
+  - path_regex: hosts/server6/[^/]+\.yaml$
+    key_groups:
+    - pgp: *admins
+      age:
+      - *server6
+      - *polygon-snowflake
   - path_regex: hosts/server7/[^/]+\.yaml$
     key_groups:
     - pgp: *admins
diff --git a/flake.nix b/flake.nix
index 1626bf49..9e00272d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -663,6 +663,17 @@
           ];
         };
 
+        server6 = nixosSystem' {
+          modules = [
+            ./hosts/server6
+            # TODO
+            # self.nixosModules.cluster-network
+            # self.nixosModules.cluster
+            # skyflake.nixosModules.default
+            { _module.args = { inherit self; }; }
+          ];
+        };
+
         server7 = nixosSystem' {
           modules = [
             ./hosts/server7
diff --git a/hosts/server6/default.nix b/hosts/server6/default.nix
new file mode 100644
index 00000000..492a0492
--- /dev/null
+++ b/hosts/server6/default.nix
@@ -0,0 +1,47 @@
+{ config, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  c3d2 = {
+    baremetal = true;
+    hq.statistics.enable = true;
+  };
+
+  boot = {
+    loader.systemd-boot.enable = true;
+    kernelParams = [
+      "preempt=none"
+      # No server/router runs any untrusted user code
+      "mitigations=off"
+    ];
+    tmpOnTmpfs = true;
+    tmpOnTmpfsSize = "80%";
+  };
+
+  disko.disks = [ {
+    device = "/dev/disk/by-id/ata-Samsung_SSD_860_EVO_1TB_S3Z9NB0M203733F";
+    name = "ssd0";
+  } ];
+
+  networking = {
+    hostName = "server6";
+    hostId = "8a3ba5a7";
+  };
+
+  simd.arch = "ivybridge"; # E5-2690 v2
+
+  # sops = {
+  #   defaultSopsFile = ./secrets.yaml;
+  #   secrets."machine-id" = {
+  #     mode = "444";
+  #     path = "/etc/machine-id";
+  #   };
+  # };
+
+  # skyflake.nomad.client.meta."c3d2.cpuSpeed" = "5";
+
+  system.stateVersion = "22.11";
+}
diff --git a/hosts/server6/hardware-configuration.nix b/hosts/server6/hardware-configuration.nix
new file mode 100644
index 00000000..9df75c37
--- /dev/null
+++ b/hosts/server6/hardware-configuration.nix
@@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "megaraid_sas" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno4.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno5.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s29u1u1u5.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp144s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp144s0d1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}