nix-config/hosts/hydra/default.nix

{ zentralwerk, config, pkgs, lib, ... }:

{
  imports = [
    ./hardware-configuration.nix
    ./hydra.nix
    ./cache.nix
    ./updater.nix
  ];

  nixpkgs.config.allowUnfree = true;

  security.pam.enableSSHAgentAuth = true;

  services.openssh = {
    enable = true;
    passwordAuthentication = false;
  };

  programs.mosh.enable = true;

  nix = {
    useSandbox = false;
    maxJobs = 4;
    buildCores = 20;
    gc = {
      automatic = true;
      dates = lib.mkForce "06:00";
      options = "--delete-older-than 14d";
    };
    sshServe.enable = true;
    trustedUsers = [ "@wheel" ];
  };

  boot = {
    tmpOnTmpfs = true;
    kernelModules = [ "kvm-intel" ];
    kernelParams = [ "mitigations=off" "preempt=none" ];
    # For cross-building
    binfmt.emulatedSystems = [ "armv6l-linux" "armv7l-linux" "aarch64-linux" "riscv32-linux" "riscv64-linux" ];
  };

  networking = {
    hostName = "hydra";
    firewall.enable = false;
    defaultGateway = "172.20.73.1";
    interfaces.enp3s0 = {
      useDHCP = false;
      tempAddress = "disabled";
      ipv4.addresses = [{
        address = "172.20.73.49";
        prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
      }];
    };
    nameservers = [ "172.20.73.8" "9.9.9.9" ];
  };
  networking.interfaces.eth0 = {
    useDHCP = false;
    tempAddress = "disabled";
  };
  systemd.network.networks."40-eth0"
    .networkConfig = {
      IPv6AcceptRA = true;
      LinkLocalAddressing = "ipv6";
    };

  nixpkgs.config.packageOverrides = pkgs: {
    # HACK: nix-2.5.1 is broken <https://github.com/NixOS/nix/issues/5728>
    nixUnstable = pkgs.nixUnstable.overrideAttrs (oa: rec {
      version = "2.6${VERSION_SUFFIX}";
      VERSION_SUFFIX = "pre20220107_${pkgs.lib.substring 0 7 src.rev}";
      patches = [];
      src = pkgs.fetchFromGitHub {
        owner = "nixos";
        repo = "nix";
        rev = "fcddaa4b9b22a910a24a513bc05579a12eb1db41";
        sha256 = "1v5z2kc9gard6sqxqi73w37x1jfa9ja04svkwr9f1dfj3vl3xygp";
      };
    });
  };


  # This value determines the NixOS release with which your system is to be
  # compatible, in order to avoid breaking some software such as database
  # servers. You should change this only after NixOS release notes say you
  # should.
  system.stateVersion = "20.09"; # Did you read the comment?
}