2024-02-01 16:50:14 -05:00
|
|
|
{ config, pkgs, ... }: {
|
2023-12-23 07:39:10 +01:00
|
|
|
time.timeZone = "America/New_York";
|
|
|
|
|
console.keyMap = "us";
|
2024-02-05 22:45:43 +01:00
|
|
|
systemd.services.hydra-notify.serviceConfig.EnvironmentFile = config.sops.secrets."hydra/environment".path;
|
2024-02-06 23:58:33 +01:00
|
|
|
programs.git.lfs.enable = false;
|
2024-02-05 22:45:43 +01:00
|
|
|
networking = {
|
|
|
|
|
hostId = "dc2f9781";
|
|
|
|
|
firewall.enable = false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
nixpkgs.config.packageOverrides = pkgs: {
|
|
|
|
|
vaapiIntel = pkgs.vaapiIntel.override {
|
|
|
|
|
enableHybridCodec = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-12-26 04:07:18 +01:00
|
|
|
boot = {
|
|
|
|
|
zfs.extraPools = [ "ZFS-primary" ];
|
2023-12-27 10:03:13 +01:00
|
|
|
loader.grub.device = "/dev/sda";
|
|
|
|
|
filesystem = "zfs";
|
|
|
|
|
useSystemdBoot = true;
|
2024-02-01 16:50:14 -05:00
|
|
|
kernelParams = [ "i915.force_probe=56a5" "i915.enable_guc=2" ];
|
2023-12-26 04:07:18 +01:00
|
|
|
};
|
2023-12-23 07:39:10 +01:00
|
|
|
|
2024-02-03 22:00:35 +01:00
|
|
|
nix = {
|
|
|
|
|
extraOptions = ''
|
|
|
|
|
allowed-uris = github: gitlab: git+https:// git+ssh:// https://
|
2024-02-06 20:35:02 +01:00
|
|
|
builders-use-substitutes = true
|
2024-02-03 22:00:35 +01:00
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
buildMachines = [{
|
|
|
|
|
hostName = "localhost";
|
|
|
|
|
maxJobs = 2;
|
|
|
|
|
protocol = "ssh-ng";
|
|
|
|
|
speedFactor = 2;
|
2024-02-07 00:51:31 +01:00
|
|
|
systems = [
|
|
|
|
|
"x86_64-linux"
|
|
|
|
|
"aarch64-linux"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
supportedFeatures = [
|
|
|
|
|
"kvm"
|
|
|
|
|
"nixos-test"
|
|
|
|
|
"big-parallel"
|
|
|
|
|
"benchmark"
|
|
|
|
|
];
|
2024-02-03 22:00:35 +01:00
|
|
|
}];
|
|
|
|
|
};
|
2024-02-02 06:31:40 +01:00
|
|
|
|
2024-02-01 05:24:04 +01:00
|
|
|
hardware = {
|
|
|
|
|
enableAllFirmware = true;
|
|
|
|
|
opengl = {
|
|
|
|
|
enable = true;
|
|
|
|
|
extraPackages = with pkgs; [
|
|
|
|
|
intel-media-driver # LIBVA_DRIVER_NAME=iHD
|
|
|
|
|
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
|
|
|
|
|
vaapiVdpau
|
|
|
|
|
libvdpau-va-gl
|
|
|
|
|
intel-compute-runtime
|
|
|
|
|
intel-media-sdk
|
|
|
|
|
];
|
|
|
|
|
};
|
2024-01-27 12:00:32 -05:00
|
|
|
};
|
|
|
|
|
|
2023-12-23 07:39:10 +01:00
|
|
|
virtualisation = {
|
2024-02-05 22:45:43 +01:00
|
|
|
# Disabling Podman as topgrade apparently prefers podman over docker and now I cant update anything :(
|
2023-12-23 07:39:10 +01:00
|
|
|
docker = {
|
|
|
|
|
enable = true;
|
|
|
|
|
recommendedDefaults = true;
|
|
|
|
|
logDriver = "local";
|
2024-02-01 05:24:04 +01:00
|
|
|
storageDriver = "overlay2";
|
2023-12-23 07:39:10 +01:00
|
|
|
daemon."settings" = {
|
2023-12-25 19:17:39 +01:00
|
|
|
experimental = true;
|
2024-02-01 05:24:04 +01:00
|
|
|
data-root = "/var/lib/docker2";
|
2023-12-23 07:39:10 +01:00
|
|
|
exec-opts = [ "native.cgroupdriver=systemd" ];
|
|
|
|
|
log-opts = {
|
|
|
|
|
max-size = "10m";
|
|
|
|
|
max-file = "5";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-02-05 22:45:43 +01:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
docker-compose
|
|
|
|
|
jellyfin-ffmpeg
|
|
|
|
|
];
|
2023-12-23 07:39:10 +01:00
|
|
|
|
|
|
|
|
services = {
|
|
|
|
|
samba.enable = true;
|
|
|
|
|
nfs.server.enable = true;
|
2023-12-25 13:30:28 -05:00
|
|
|
openssh.ports = [ 666 ];
|
2023-12-29 00:00:49 -05:00
|
|
|
smartd.enable = true;
|
2023-12-29 00:17:27 -05:00
|
|
|
zfs = {
|
|
|
|
|
trim.enable = true;
|
2023-12-29 11:42:31 -05:00
|
|
|
autoScrub.enable = true;
|
2023-12-29 00:17:27 -05:00
|
|
|
};
|
2024-02-01 05:24:04 +01:00
|
|
|
|
|
|
|
|
postgresql = {
|
|
|
|
|
enable = true;
|
|
|
|
|
enableJIT = true;
|
2024-02-02 04:25:10 +01:00
|
|
|
identMap = ''
|
|
|
|
|
# ArbitraryMapName systemUser DBUser
|
|
|
|
|
superuser_map root postgres
|
|
|
|
|
superuser_map alice postgres
|
|
|
|
|
# Let other names login as themselves
|
|
|
|
|
superuser_map /^(.*)$ \1
|
|
|
|
|
'';
|
|
|
|
|
|
2024-02-01 05:24:04 +01:00
|
|
|
upgrade = {
|
|
|
|
|
enable = true;
|
|
|
|
|
stopServices = [ "hydra" ];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
hydra = {
|
|
|
|
|
enable = true;
|
|
|
|
|
hydraURL = "http://localhost:3000";
|
|
|
|
|
smtpHost = "alicehuston.xyz";
|
|
|
|
|
notificationSender = "hydra@alicehuston.xyz";
|
2024-02-10 16:39:33 -05:00
|
|
|
gcRootsDir = "/ZFS/ZFS-primary/hydra";
|
2024-02-01 05:24:04 +01:00
|
|
|
useSubstitutes = true;
|
|
|
|
|
minimumDiskFree = 50;
|
|
|
|
|
minimumDiskFreeEvaluator = 100;
|
|
|
|
|
};
|
2024-02-01 16:50:14 -05:00
|
|
|
|
|
|
|
|
nix-serve = {
|
|
|
|
|
enable = true;
|
|
|
|
|
secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
|
|
|
|
|
};
|
2023-12-23 07:39:10 +01:00
|
|
|
};
|
|
|
|
|
|
2024-02-01 16:50:14 -05:00
|
|
|
sops = {
|
|
|
|
|
defaultSopsFile = ./secrets.yaml;
|
|
|
|
|
secrets = {
|
|
|
|
|
"hydra/environment".owner = "hydra";
|
|
|
|
|
"nix-serve/secret-key".owner = "root";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-12-23 08:27:00 +01:00
|
|
|
system.stateVersion = "23.05";
|
2023-12-25 12:40:59 -05:00
|
|
|
}
|
