coace/aegis
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: coace:d45c64d92b5f9ad10256ec7a67aa2830efd42d53
Branches Tags
coace:master
..
compare: coace:master
Branches Tags
coace:master

12 Commits
d45c64d92b ... master

Author SHA1 Message Date
coolneng
c33c04987f Remove duplicate definition of hostname 2021-09-07 21:44:04 +02:00
coolneng
7e74ff0892 Update README 2021-08-03 12:27:45 +01:00
coolneng
87f35f3bb3 Spin down the HDDs when not in use 2021-05-26 11:53:07 +02:00
coolneng
76c49857db Remove redundant inotify configuration 2021-05-25 12:31:28 +02:00
coolneng
1b2f799d77 Add SSH key for znapzend 2021-04-06 15:09:54 +02:00
coolneng
4b105b0517 Remove zeroconf and firewall configuration 2021-04-06 12:56:28 +02:00
coolneng
79fe0645a0 Add zpool to system 2021-04-06 12:31:08 +02:00
coolneng
c8a54817b7 Update system weekly 2021-04-06 11:11:02 +02:00
coolneng
08db88e202 Add networking and hardware-configuration modules 2021-04-06 11:10:49 +02:00
coolneng
6273a5e999 Change SSH key 2021-04-06 11:10:26 +02:00
coolneng
01240d5fda Change hostname and regular user name 2021-04-06 11:10:09 +02:00
coolneng
ad688375bf Remove old cruft 2021-04-06 11:09:51 +02:00
5 changed files with 85 additions and 26 deletions
Expand all files Collapse all files

10
README.org
View File

@@ -1,3 +1,13 @@
* Aegis * Aegis
Declarative configuration for the ZFS backup server, using [[https://nixos.org][NixOS]] Declarative configuration for the ZFS backup server, using [[https://nixos.org][NixOS]]
** Modules
The configuration is sliced into different files, per category:
- ZFS pool configuration: hardware-configuration.nix
- Network configuration: networking.nix
- Systemd services and timers: periodic.nix
All the modules are imported in *configuration.nix*

37
configuration.nix
View File

@@ -33,17 +33,13 @@
# Cleanup tmp on startup # Cleanup tmp on startup
boot.cleanTmpDir = true; boot.cleanTmpDir = true;
# Set hostname # Create coace user
networking.hostName = "zion"; users.users.coace = {
# Create coolneng user
users.users.coolneng = {
isNormalUser = true; isNormalUser = true;
home = "/home/coolneng"; extraGroups = [ "wheel" ];
extraGroups = [ "wheel" "docker" ]; openssh.authorizedKeys.keys = [''
openssh.authorizedKeys.keys = [ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINNmNckWBxa2fQkUjWLHgQd32C272yB+f9kTcnooszd5 coolneng@panacea
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFRqINHR7/zc+c3/PuR+NeSsBHXXzBiEtFWSK6QaxQTW coolneng@panacea" ''];
];
shell = "${pkgs.fish}/bin/fish"; shell = "${pkgs.fish}/bin/fish";
}; };
@@ -55,7 +51,6 @@
services.timesyncd.enable = true; services.timesyncd.enable = true;
# Enable ZFS support # Enable ZFS support
networking.hostId = "4e74ea68";
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
# Scrub zpool monthly # Scrub zpool monthly
@@ -68,6 +63,7 @@
system.autoUpgrade = { system.autoUpgrade = {
enable = true; enable = true;
allowReboot = true; allowReboot = true;
dates = "Sat *-*-* 04:40:00";
}; };
# Run Nix garbage collector, while avoiding recompilation # Run Nix garbage collector, while avoiding recompilation
@@ -88,31 +84,20 @@
programs.fish.enable = true; programs.fish.enable = true;
users.users.root = { users.users.root = {
shell = "${pkgs.fish}/bin/fish"; shell = "${pkgs.fish}/bin/fish";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [''
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFRqINHR7/zc+c3/PuR+NeSsBHXXzBiEtFWSK6QaxQTW coolneng@panacea" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINNmNckWBxa2fQkUjWLHgQd32C272yB+f9kTcnooszd5 coolneng@panacea
]; ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICo/y05fFCh8VkDN40cgTR5ZqcbxWvzp0+OzaGIn6vEQ root@unit
''];
}; };
# Rotate logs after 7 days # Rotate logs after 7 days
services.journald.extraConfig = "SystemMaxFiles=7"; services.journald.extraConfig = "SystemMaxFiles=7";
# Increase inotify limits
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
# MOTD message
programs.fish.interactiveShellInit = "${./scripts/motd.sh}";
# Import other configuration modules # Import other configuration modules
imports = [ imports = [
./modules/hardware-configuration.nix ./modules/hardware-configuration.nix
./modules/networking.nix ./modules/networking.nix
./modules/datasync.nix
./modules/webstack.nix
./modules/devops.nix
./modules/monitoring.nix
./modules/periodic.nix ./modules/periodic.nix
./modules/communication.nix
./modules/information.nix
]; ];
} }

29
modules/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,29 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
fileSystems."/shield/unit" =
{ device = "shield/unit";
fsType = "zfs";
};
swapDevices = [ ];
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

22
modules/networking.nix Normal file
View File

@@ -0,0 +1,22 @@
{ config, lib, pkgs, ... }:
{
# Assign a static IP
networking = {
hostName = "aegis";
hostId = "78bb604d";
interfaces.eth0 = {
useDHCP = false;
ipv4.addresses = [{
address = "10.0.1.4";
prefixLength = 24;
}];
};
defaultGateway = {
address = "10.0.1.1";
interface = "eth0";
};
nameservers = [ "1.1.1.1" "8.8.8.8" ];
enableIPv6 = false;
};
}

13
modules/periodic.nix Normal file
View File

@@ -0,0 +1,13 @@
{ config, lib, pkgs, ... }:
{
# Idle HDDs when not used
systemd.services.hd-idle = {
description = "Idle HDDs when not in use";
wantedBy = [ "default.target" ];
path = with pkgs; [ hd-idle ];
script = "${pkgs.hd-idle}/bin/hd-idle";
serviceConfig.Type = "simple";
after = [ "shield-unit.mount" ];
};
}