nix-dotfiles/systems/palatine-hill/configuration.nix

{ config, pkgs, ... }: {
  time.timeZone = "America/New_York";
  console.keyMap = "us";
  networking.hostId = "dc2f9781";
  boot = {
    zfs.extraPools = [ "ZFS-primary" ];
    loader.grub.device = "/dev/sda";
    filesystem = "zfs";
    useSystemdBoot = true;
    kernelParams = [ "i915.force_probe=56a5" "i915.enable_guc=2" ];
  };

  nix = {
    extraOptions = ''
      allowed-uris = github: gitlab: git+https:// git+ssh:// https://
    '';

    buildMachines = [{
      hostName = "localhost";
      maxJobs = 2;
      protocol = "ssh-ng";
      speedFactor = 2;
      supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
      system = "x86_64-linux";
    }];
  };

  nixpkgs.config.packageOverrides = pkgs: { vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; };

  hardware = {
    enableAllFirmware = true;
    opengl = {
      enable = true;
      extraPackages = with pkgs; [
        intel-media-driver # LIBVA_DRIVER_NAME=iHD
        vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
        vaapiVdpau
        libvdpau-va-gl
        intel-compute-runtime
        intel-media-sdk
      ];
    };
  };

  virtualisation = {
    docker = {
      enable = true;
      recommendedDefaults = true;
      logDriver = "local";
      storageDriver = "overlay2";
      daemon."settings" = {
        experimental = true;
        data-root = "/var/lib/docker2";
        exec-opts = [ "native.cgroupdriver=systemd" ];
        log-opts = {
          max-size = "10m";
          max-file = "5";
        };
      };
    };

    # Disabling as topgrade apparently prefers podman over docker and now I cant update anything :(
    # podman = {
    #   enable = true;
    #   recommendedDefaults = true;
    # };
  };

  environment.systemPackages = with pkgs; [ docker-compose jellyfin-ffmpeg ];

  systemd.services.hydra-notify = { serviceConfig.EnvironmentFile = config.sops.secrets."hydra/environment".path; };

  services = {
    samba.enable = true;
    nfs.server.enable = true;
    openssh.ports = [ 666 ];
    smartd.enable = true;

    zfs = {
      trim.enable = true;
      autoScrub.enable = true;
    };

    postgresql = {
      enable = true;
      enableJIT = true;
      identMap = ''
        # ArbitraryMapName systemUser DBUser
           superuser_map      root      postgres
           superuser_map      alice  postgres
           # Let other names login as themselves
           superuser_map      /^(.*)$   \1
      '';

      upgrade = {
        enable = true;
        stopServices = [ "hydra" ];
      };
    };

    hydra = {
      enable = true;
      hydraURL = "http://localhost:3000";
      smtpHost = "alicehuston.xyz";
      notificationSender = "hydra@alicehuston.xyz";
      gcRootsDir = "/ZFS/ZFS-Primary/hydra";
      buildMachinesFiles = [ ];
      useSubstitutes = true;
      minimumDiskFree = 50;
      minimumDiskFreeEvaluator = 100;
    };

    nix-serve = {
      enable = true;
      secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
    };
  };

  networking.firewall.enable = false;

  sops = {
    defaultSopsFile = ./secrets.yaml;
    secrets = {
      "hydra/environment".owner = "hydra";
      "nix-serve/secret-key".owner = "root";
    };
  };

  system.stateVersion = "23.05";
}
enable external SMTP for hydra (#49) * external SMTP for hydra Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * nix-serve sops Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add binary cache * add hydra jobs * cleanup (#50) * finish up cleanup branch merge * switched back to nixpkgs-fmt * add nixpkgs-fmt to hydrajobs.build --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis Wuitz <dennish@wuitz.de> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> 2024-02-01 16:50:14 -05:00			`{ config, pkgs, ... }: {`
add system palatine-hill 2023-12-23 07:39:10 +01:00			`time.timeZone = "America/New_York";`
			`console.keyMap = "us";`
Overwrite hardware config, add ZFS params to config Both apply to palatine-hill Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2023-12-25 12:40:59 -05:00			`networking.hostId = "dc2f9781";`
add grub bootloader device 2023-12-26 04:07:18 +01:00			`boot = {`
			`zfs.extraPools = [ "ZFS-primary" ];`
reconfigure photon 2023-12-27 10:03:13 +01:00			`loader.grub.device = "/dev/sda";`
			`filesystem = "zfs";`
			`useSystemdBoot = true;`
enable external SMTP for hydra (#49) * external SMTP for hydra Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * nix-serve sops Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add binary cache * add hydra jobs * cleanup (#50) * finish up cleanup branch merge * switched back to nixpkgs-fmt * add nixpkgs-fmt to hydrajobs.build --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis Wuitz <dennish@wuitz.de> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> 2024-02-01 16:50:14 -05:00			`kernelParams = [ "i915.force_probe=56a5" "i915.enable_guc=2" ];`
add grub bootloader device 2023-12-26 04:07:18 +01:00			`};`
add system palatine-hill 2023-12-23 07:39:10 +01:00
remove sieve script# (#62) 2024-02-03 22:00:35 +01:00			`nix = {`
			`extraOptions = ''`
			`allowed-uris = github: gitlab: git+https:// git+ssh:// https://`
			`'';`

			`buildMachines = [{`
			`hostName = "localhost";`
			`maxJobs = 2;`
			`protocol = "ssh-ng";`
			`speedFactor = 2;`
			`supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];`
			`system = "x86_64-linux";`
			`}];`
			`};`
add allowed-uris (#56) 2024-02-02 06:31:40 +01:00
enable external SMTP for hydra (#49) * external SMTP for hydra Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * nix-serve sops Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add binary cache * add hydra jobs * cleanup (#50) * finish up cleanup branch merge * switched back to nixpkgs-fmt * add nixpkgs-fmt to hydrajobs.build --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis Wuitz <dennish@wuitz.de> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> 2024-02-01 16:50:14 -05:00			`nixpkgs.config.packageOverrides = pkgs: { vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; };`
add hydra (#48) 2024-02-01 05:24:04 +01:00
			`hardware = {`
			`enableAllFirmware = true;`
			`opengl = {`
			`enable = true;`
			`extraPackages = with pkgs; [`
			`intel-media-driver # LIBVA_DRIVER_NAME=iHD`
			`vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)`
			`vaapiVdpau`
			`libvdpau-va-gl`
			`intel-compute-runtime`
			`intel-media-sdk`
			`];`
			`};`
Add ARC/FFMPEG requirements (#44) Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-01-27 12:00:32 -05:00			`};`

add system palatine-hill 2023-12-23 07:39:10 +01:00			`virtualisation = {`
			`docker = {`
			`enable = true;`
			`recommendedDefaults = true;`
			`logDriver = "local";`
add hydra (#48) 2024-02-01 05:24:04 +01:00			`storageDriver = "overlay2";`
add system palatine-hill 2023-12-23 07:39:10 +01:00			`daemon."settings" = {`
add experimental docker features 2023-12-25 19:17:39 +01:00			`experimental = true;`
add hydra (#48) 2024-02-01 05:24:04 +01:00			`data-root = "/var/lib/docker2";`
add system palatine-hill 2023-12-23 07:39:10 +01:00			`exec-opts = [ "native.cgroupdriver=systemd" ];`
			`log-opts = {`
			`max-size = "10m";`
			`max-file = "5";`
			`};`
			`};`
			`};`

Disable podman, fix topgrade config (#34) Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-01-09 11:11:00 -05:00			`# Disabling as topgrade apparently prefers podman over docker and now I cant update anything :(`
			`# podman = {`
			`# enable = true;`
			`# recommendedDefaults = true;`
			`# };`
add system palatine-hill 2023-12-23 07:39:10 +01:00			`};`

enable external SMTP for hydra (#49) * external SMTP for hydra Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * nix-serve sops Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add binary cache * add hydra jobs * cleanup (#50) * finish up cleanup branch merge * switched back to nixpkgs-fmt * add nixpkgs-fmt to hydrajobs.build --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis Wuitz <dennish@wuitz.de> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> 2024-02-01 16:50:14 -05:00			`environment.systemPackages = with pkgs; [ docker-compose jellyfin-ffmpeg ];`

			`systemd.services.hydra-notify = { serviceConfig.EnvironmentFile = config.sops.secrets."hydra/environment".path; };`
add system palatine-hill 2023-12-23 07:39:10 +01:00
			`services = {`
			`samba.enable = true;`
			`nfs.server.enable = true;`
Fix ports for ssh Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2023-12-25 13:30:28 -05:00			`openssh.ports = [ 666 ];`
Enable smartd for palatine-hill Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2023-12-29 00:00:49 -05:00			`smartd.enable = true;`
add hydra (#48) 2024-02-01 05:24:04 +01:00
Add auto trimming and scrubbing to palatine-hill Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2023-12-29 00:17:27 -05:00			`zfs = {`
			`trim.enable = true;`
Fix hostkeys, zfs autoscrub service Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2023-12-29 11:42:31 -05:00			`autoScrub.enable = true;`
Add auto trimming and scrubbing to palatine-hill Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2023-12-29 00:17:27 -05:00			`};`
add hydra (#48) 2024-02-01 05:24:04 +01:00
			`postgresql = {`
			`enable = true;`
			`enableJIT = true;`
changes to pg (#52) 2024-02-02 04:25:10 +01:00			`identMap = ''`
			`# ArbitraryMapName systemUser DBUser`
			`superuser_map root postgres`
			`superuser_map alice postgres`
			`# Let other names login as themselves`
			`superuser_map /^(.*)$ \1`
			`'';`

add hydra (#48) 2024-02-01 05:24:04 +01:00			`upgrade = {`
			`enable = true;`
			`stopServices = [ "hydra" ];`
			`};`
			`};`

			`hydra = {`
			`enable = true;`
			`hydraURL = "http://localhost:3000";`
			`smtpHost = "alicehuston.xyz";`
			`notificationSender = "hydra@alicehuston.xyz";`
			`gcRootsDir = "/ZFS/ZFS-Primary/hydra";`
			`buildMachinesFiles = [ ];`
			`useSubstitutes = true;`
			`minimumDiskFree = 50;`
			`minimumDiskFreeEvaluator = 100;`
			`};`
enable external SMTP for hydra (#49) * external SMTP for hydra Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * nix-serve sops Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add binary cache * add hydra jobs * cleanup (#50) * finish up cleanup branch merge * switched back to nixpkgs-fmt * add nixpkgs-fmt to hydrajobs.build --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis Wuitz <dennish@wuitz.de> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> 2024-02-01 16:50:14 -05:00
			`nix-serve = {`
			`enable = true;`
			`secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;`
			`};`
add system palatine-hill 2023-12-23 07:39:10 +01:00			`};`

			`networking.firewall.enable = false;`
add basic user management 2023-12-23 08:27:00 +01:00
enable external SMTP for hydra (#49) * external SMTP for hydra Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * nix-serve sops Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add binary cache * add hydra jobs * cleanup (#50) * finish up cleanup branch merge * switched back to nixpkgs-fmt * add nixpkgs-fmt to hydrajobs.build --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis Wuitz <dennish@wuitz.de> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> 2024-02-01 16:50:14 -05:00			`sops = {`
			`defaultSopsFile = ./secrets.yaml;`
			`secrets = {`
			`"hydra/environment".owner = "hydra";`
			`"nix-serve/secret-key".owner = "root";`
			`};`
			`};`

add basic user management 2023-12-23 08:27:00 +01:00			`system.stateVersion = "23.05";`
Overwrite hardware config, add ZFS params to config Both apply to palatine-hill Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2023-12-25 12:40:59 -05:00			`}`