AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: add wip orion host config

Browse Source
This commit is contained in:
Dmitriy Kholkin 2025-07-08 19:58:35 +03:00
parent 537b517b3e
commit 90013674f6
Signed by: AtaraxiaDev
GPG Key ID: FD266B810DF48DF2
2 changed files with 346 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
hosts/orion/default.nix
View File

@ -1,26 +1,104 @@
{ ... }:
{
lib,
pkgs,
inputs,
...
}:
{
imports = [
inputs.srvos.nixosModules.server
inputs.srvos.nixosModules.mixins-terminfo
./disk-config.nix
];
ataraxia.defaults.role = "server";
ataraxia.defaults.hardware.cpuVendor = "intel";
ataraxia.defaults.hardware.gpuVendor = "intel";
# Impermanence
ataraxia.filesystems.zfs.enable = true;
ataraxia.filesystems.zfs.eraseOnBoot.enable = true;
ataraxia.filesystems.zfs.eraseOnBoot.snapshots = [
"rpool/nixos/root@blank"
"rpool/user/home@blank"
"rpool/nixos/root@empty"
"rpool/user/home@empty"
];
ataraxia.filesystems.zfs.mountpoints = [
"/etc/secrets"
"/media/bittorrent"
"/media/libvirt"
"/media/libvirt/images"
"/nix"
"/persist"
"/srv/home"
"/srv"
"/var/lib/containers"
"/etc/secrets"
"/var/lib/docker"
"/var/lib/libvirt"
"/var/lib/nixos-containers"
"/var/lib/ocis"
"/var/lib/postgresql"
"/var/log"
"/vol"
];
ataraxia.networkd = {
enable = true;
domain = "home.ataraxiadev.com";
ifname = "enp2s0";
mac = "d4:3d:7e:26:a8:af";
bridge.enable = true;
ipv4 = [
{
address = "10.10.10.10/24";
gateway = "10.10.10.1";
dns = [
"10.10.10.1"
"9.9.9.9"
];
}
];
};
security.lockKernelModules = lib.mkForce false;
environment.memoryAllocator.provider = lib.mkForce "libc";
# Services
services.postgresql.enable = true;
services.postgresql.settings = {
full_page_writes = "off";
wal_init_zero = "off";
wal_recycle = "off";
};
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
};
# Auto-mount lan nfs share
fileSystems."/media/local-nfs" = {
device = "10.10.10.11:/";
fsType = "nfs4";
options = [
"nfsvers=4.2"
"x-systemd.automount"
"noauto"
];
};
environment.systemPackages = with pkgs; [
bat
bottom
dnsutils
fd
kitty.terminfo
micro
mkvtoolnix-cli
nfs-utils
p7zip
podman-compose
pwgen
ripgrep
rsync
rustic-rs
smartmontools
];
system.stateVersion = "25.05";
}

261
hosts/orion/disk-config.nix Normal file
View File

@ -0,0 +1,261 @@
{ inputs, ... }:
let
emptySnapshot =
name: "zfs list -t snapshot -H -o name | grep -E '^${name}@empty$' || zfs snapshot ${name}@empty";
in
{
imports = [ inputs.disko.nixosModules.disko ];
disko.devices = {
disk = {
main = {
device = "/dev/disk/by-id/ata-Samsung_SSD_870_EVO_500GB_S5Y1NJ1R160554B";
type = "disk";
content = {
type = "gpt";
partitions = {
esp = {
type = "EF00";
name = "ESP";
size = "512M";
priority = 1;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/efi";
mountOptions = [ "umask=0077" ];
};
};
swap = {
name = "swap";
size = "16G";
priority = 2;
content = {
type = "swap";
randomEncryption = true;
};
};
boot = {
name = "bpool";
size = "4G";
priority = 3;
content = {
type = "zfs";
pool = "bpool";
};
};
cryptroot = {
size = "100%";
priority = 4;
content = {
type = "zfs";
pool = "rpool";
};
};
};
};
};
};
zpool = {
bpool = {
type = "zpool";
options = {
ashift = "13";
autotrim = "on";
compatibility = "grub2";
};
rootFsOptions = {
acltype = "posixacl";
atime = "on";
canmount = "off";
compression = "lz4";
devices = "off";
normalization = "formD";
relatime = "on";
xattr = "sa";
dedup = "off";
};
mountpoint = "/boot";
postCreateHook = emptySnapshot "bpool";
datasets = {
nixos = {
type = "zfs_fs";
options.mountpoint = "none";
options.canmount = "off";
postCreateHook = emptySnapshot "bpool/nixos";
};
"nixos/boot" = {
type = "zfs_fs";
mountpoint = "/boot";
options.canmount = "on";
postCreateHook = emptySnapshot "bpool/nixos/boot";
};
};
};
rpool = {
type = "zpool";
options = {
ashift = "13";
autotrim = "on";
cachefile = "none";
};
rootFsOptions = {
acltype = "posixacl";
atime = "on";
canmount = "off";
compression = "zstd";
dedup = "off";
dnodesize = "auto";
normalization = "formD";
relatime = "on";
xattr = "sa";
};
mountpoint = "/";
postCreateHook = emptySnapshot "rpool";
datasets = {
reserved = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
canmount = "off";
refreservation = "10G";
};
};
nixos = {
type = "zfs_fs";
options.mountpoint = "none";
options.canmount = "off";
postCreateHook = emptySnapshot "rpool/nixos";
};
user = {
type = "zfs_fs";
options.mountpoint = "none";
options.canmount = "off";
postCreateHook = emptySnapshot "rpool/user";
};
persistent = {
type = "zfs_fs";
options.mountpoint = "none";
options.canmount = "off";
postCreateHook = emptySnapshot "rpool/persistent";
};
"nixos/root" = {
type = "zfs_fs";
mountpoint = "/";
options.canmount = "noauto";
postCreateHook = emptySnapshot "rpool/nixos/root";
};
"user/home" = {
type = "zfs_fs";
mountpoint = "/home";
options.canmount = "on";
postCreateHook = emptySnapshot "rpool/user/home";
};
"persistent/impermanence" = {
type = "zfs_fs";
mountpoint = "/persist";
options.canmount = "on";
postCreateHook = emptySnapshot "rpool/persistent/impermanence";
};
"persistent/servers" = {
type = "zfs_fs";
mountpoint = "/srv";
options.canmount = "on";
postCreateHook = emptySnapshot "rpool/persistent/servers";
};
"persistent/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options.canmount = "on";
postCreateHook = emptySnapshot "rpool/persistent/nix";
};
"persistent/secrets" = {
type = "zfs_fs";
mountpoint = "/etc/secrets";
options.canmount = "on";
postCreateHook = emptySnapshot "rpool/persistent/secrets";
};
"persistent/log" = {
type = "zfs_fs";
mountpoint = "/var/log";
options.canmount = "on";
postCreateHook = emptySnapshot "rpool/persistent/log";
};
"persistent/docker" = {
type = "zfs_fs";
mountpoint = "/var/lib/docker";
options.canmount = "on";
postCreateHook = emptySnapshot "rpool/persistent/docker";
};
"persistent/nixos-containers" = {
type = "zfs_fs";
mountpoint = "/var/lib/nixos-containers";
options.canmount = "on";
postCreateHook = emptySnapshot "rpool/persistent/nixos-containers";
};
"persistent/libvirt" = {
type = "zfs_fs";
mountpoint = "/var/lib/libvirt";
options.canmount = "on";
postCreateHook = emptySnapshot "rpool/persistent/libvirt";
};
"persistent/libvirt-user" = {
type = "zfs_fs";
mountpoint = "/media/libvirt";
options.canmount = "on";
postCreateHook = emptySnapshot "rpool/persistent/libvirt-user";
};
"persistent/libvirt-user/images" = {
type = "zfs_fs";
mountpoint = "/media/libvirt/images";
options.canmount = "on";
options.atime = "off";
options.recordsize = "16K";
options.compression = "lz4";
postCreateHook = emptySnapshot "rpool/persistent/libvirt-user/images";
};
"persistent/ocis" = {
type = "zfs_fs";
mountpoint = "/var/lib/ocis";
options.canmount = "on";
options.recordsize = "1M";
postCreateHook = emptySnapshot "rpool/persistent/ocis";
};
# "persistent/podman" = {
# type = "zfs_fs";
# mountpoint = "/var/lib/podman";
# options.canmount = "on";
# options.atime = "off";
# postCreateHook = emptySnapshot "rpool/persistent/podman";
# };
"persistent/postgresql" = {
type = "zfs_fs";
mountpoint = "/var/lib/postgresql";
options.canmount = "on";
options.recordsize = "16K";
options.atime = "off";
options.logbias = "latency";
postCreateHook = emptySnapshot "rpool/persistent/postgresql";
};
vol = {
type = "zfs_fs";
options.canmount = "off";
postCreateHook = emptySnapshot "rpool/vol";
};
"vol/podman" = {
type = "zfs_volume";
size = "40G";
options.volblocksize = "16K";
content = {
type = "filesystem";
format = "xfs";
mountpoint = "/var/lib/containers";
};
};
};
};
};
};
}