From 90013674f62e8171777787154a96a88b8b92f6e4 Mon Sep 17 00:00:00 2001 From: Dmitriy Kholkin Date: Tue, 8 Jul 2025 19:58:35 +0300 Subject: [PATCH] feat: add wip orion host config --- hosts/orion/default.nix | 92 ++++++++++++- hosts/orion/disk-config.nix | 261 ++++++++++++++++++++++++++++++++++++ 2 files changed, 346 insertions(+), 7 deletions(-) create mode 100644 hosts/orion/disk-config.nix diff --git a/hosts/orion/default.nix b/hosts/orion/default.nix index 34aa101..7703bc5 100644 --- a/hosts/orion/default.nix +++ b/hosts/orion/default.nix @@ -1,26 +1,104 @@ -{ ... }: { + lib, + pkgs, + inputs, + ... +}: +{ + imports = [ + inputs.srvos.nixosModules.server + inputs.srvos.nixosModules.mixins-terminfo + + ./disk-config.nix + ]; + ataraxia.defaults.role = "server"; + ataraxia.defaults.hardware.cpuVendor = "intel"; + ataraxia.defaults.hardware.gpuVendor = "intel"; # Impermanence + ataraxia.filesystems.zfs.enable = true; ataraxia.filesystems.zfs.eraseOnBoot.enable = true; ataraxia.filesystems.zfs.eraseOnBoot.snapshots = [ - "rpool/nixos/root@blank" - "rpool/user/home@blank" + "rpool/nixos/root@empty" + "rpool/user/home@empty" ]; ataraxia.filesystems.zfs.mountpoints = [ "/etc/secrets" - "/media/bittorrent" "/media/libvirt" - "/media/libvirt/images" "/nix" "/persist" - "/srv/home" + "/srv" + "/var/lib/containers" + "/etc/secrets" "/var/lib/docker" "/var/lib/libvirt" "/var/lib/nixos-containers" - "/var/lib/ocis" "/var/lib/postgresql" "/var/log" "/vol" ]; + + ataraxia.networkd = { + enable = true; + domain = "home.ataraxiadev.com"; + ifname = "enp2s0"; + mac = "d4:3d:7e:26:a8:af"; + bridge.enable = true; + ipv4 = [ + { + address = "10.10.10.10/24"; + gateway = "10.10.10.1"; + dns = [ + "10.10.10.1" + "9.9.9.9" + ]; + } + ]; + }; + + security.lockKernelModules = lib.mkForce false; + environment.memoryAllocator.provider = lib.mkForce "libc"; + + # Services + services.postgresql.enable = true; + services.postgresql.settings = { + full_page_writes = "off"; + wal_init_zero = "off"; + wal_recycle = "off"; + }; + services.tailscale = { + enable = true; + useRoutingFeatures = "both"; + }; + + # Auto-mount lan nfs share + fileSystems."/media/local-nfs" = { + device = "10.10.10.11:/"; + fsType = "nfs4"; + options = [ + "nfsvers=4.2" + "x-systemd.automount" + "noauto" + ]; + }; + + environment.systemPackages = with pkgs; [ + bat + bottom + dnsutils + fd + kitty.terminfo + micro + mkvtoolnix-cli + nfs-utils + p7zip + podman-compose + pwgen + ripgrep + rsync + rustic-rs + smartmontools + ]; + + system.stateVersion = "25.05"; } diff --git a/hosts/orion/disk-config.nix b/hosts/orion/disk-config.nix new file mode 100644 index 0000000..62c31f3 --- /dev/null +++ b/hosts/orion/disk-config.nix @@ -0,0 +1,261 @@ +{ inputs, ... }: +let + emptySnapshot = + name: "zfs list -t snapshot -H -o name | grep -E '^${name}@empty$' || zfs snapshot ${name}@empty"; +in +{ + imports = [ inputs.disko.nixosModules.disko ]; + + disko.devices = { + disk = { + main = { + device = "/dev/disk/by-id/ata-Samsung_SSD_870_EVO_500GB_S5Y1NJ1R160554B"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + esp = { + type = "EF00"; + name = "ESP"; + size = "512M"; + priority = 1; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/efi"; + mountOptions = [ "umask=0077" ]; + }; + }; + swap = { + name = "swap"; + size = "16G"; + priority = 2; + content = { + type = "swap"; + randomEncryption = true; + }; + }; + boot = { + name = "bpool"; + size = "4G"; + priority = 3; + content = { + type = "zfs"; + pool = "bpool"; + }; + }; + cryptroot = { + size = "100%"; + priority = 4; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + }; + zpool = { + bpool = { + type = "zpool"; + options = { + ashift = "13"; + autotrim = "on"; + compatibility = "grub2"; + }; + rootFsOptions = { + acltype = "posixacl"; + atime = "on"; + canmount = "off"; + compression = "lz4"; + devices = "off"; + normalization = "formD"; + relatime = "on"; + xattr = "sa"; + dedup = "off"; + }; + mountpoint = "/boot"; + postCreateHook = emptySnapshot "bpool"; + + datasets = { + nixos = { + type = "zfs_fs"; + options.mountpoint = "none"; + options.canmount = "off"; + postCreateHook = emptySnapshot "bpool/nixos"; + }; + "nixos/boot" = { + type = "zfs_fs"; + mountpoint = "/boot"; + options.canmount = "on"; + postCreateHook = emptySnapshot "bpool/nixos/boot"; + }; + }; + }; + rpool = { + type = "zpool"; + options = { + ashift = "13"; + autotrim = "on"; + cachefile = "none"; + }; + rootFsOptions = { + acltype = "posixacl"; + atime = "on"; + canmount = "off"; + compression = "zstd"; + dedup = "off"; + dnodesize = "auto"; + normalization = "formD"; + relatime = "on"; + xattr = "sa"; + }; + mountpoint = "/"; + postCreateHook = emptySnapshot "rpool"; + + datasets = { + reserved = { + type = "zfs_fs"; + options.mountpoint = "none"; + options = { + canmount = "off"; + refreservation = "10G"; + }; + }; + nixos = { + type = "zfs_fs"; + options.mountpoint = "none"; + options.canmount = "off"; + postCreateHook = emptySnapshot "rpool/nixos"; + }; + user = { + type = "zfs_fs"; + options.mountpoint = "none"; + options.canmount = "off"; + postCreateHook = emptySnapshot "rpool/user"; + }; + persistent = { + type = "zfs_fs"; + options.mountpoint = "none"; + options.canmount = "off"; + postCreateHook = emptySnapshot "rpool/persistent"; + }; + "nixos/root" = { + type = "zfs_fs"; + mountpoint = "/"; + options.canmount = "noauto"; + postCreateHook = emptySnapshot "rpool/nixos/root"; + }; + "user/home" = { + type = "zfs_fs"; + mountpoint = "/home"; + options.canmount = "on"; + postCreateHook = emptySnapshot "rpool/user/home"; + }; + "persistent/impermanence" = { + type = "zfs_fs"; + mountpoint = "/persist"; + options.canmount = "on"; + postCreateHook = emptySnapshot "rpool/persistent/impermanence"; + }; + "persistent/servers" = { + type = "zfs_fs"; + mountpoint = "/srv"; + options.canmount = "on"; + postCreateHook = emptySnapshot "rpool/persistent/servers"; + }; + "persistent/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options.canmount = "on"; + postCreateHook = emptySnapshot "rpool/persistent/nix"; + }; + "persistent/secrets" = { + type = "zfs_fs"; + mountpoint = "/etc/secrets"; + options.canmount = "on"; + postCreateHook = emptySnapshot "rpool/persistent/secrets"; + }; + "persistent/log" = { + type = "zfs_fs"; + mountpoint = "/var/log"; + options.canmount = "on"; + postCreateHook = emptySnapshot "rpool/persistent/log"; + }; + "persistent/docker" = { + type = "zfs_fs"; + mountpoint = "/var/lib/docker"; + options.canmount = "on"; + postCreateHook = emptySnapshot "rpool/persistent/docker"; + }; + "persistent/nixos-containers" = { + type = "zfs_fs"; + mountpoint = "/var/lib/nixos-containers"; + options.canmount = "on"; + postCreateHook = emptySnapshot "rpool/persistent/nixos-containers"; + }; + "persistent/libvirt" = { + type = "zfs_fs"; + mountpoint = "/var/lib/libvirt"; + options.canmount = "on"; + postCreateHook = emptySnapshot "rpool/persistent/libvirt"; + }; + "persistent/libvirt-user" = { + type = "zfs_fs"; + mountpoint = "/media/libvirt"; + options.canmount = "on"; + postCreateHook = emptySnapshot "rpool/persistent/libvirt-user"; + }; + "persistent/libvirt-user/images" = { + type = "zfs_fs"; + mountpoint = "/media/libvirt/images"; + options.canmount = "on"; + options.atime = "off"; + options.recordsize = "16K"; + options.compression = "lz4"; + postCreateHook = emptySnapshot "rpool/persistent/libvirt-user/images"; + }; + "persistent/ocis" = { + type = "zfs_fs"; + mountpoint = "/var/lib/ocis"; + options.canmount = "on"; + options.recordsize = "1M"; + postCreateHook = emptySnapshot "rpool/persistent/ocis"; + }; + # "persistent/podman" = { + # type = "zfs_fs"; + # mountpoint = "/var/lib/podman"; + # options.canmount = "on"; + # options.atime = "off"; + # postCreateHook = emptySnapshot "rpool/persistent/podman"; + # }; + "persistent/postgresql" = { + type = "zfs_fs"; + mountpoint = "/var/lib/postgresql"; + options.canmount = "on"; + options.recordsize = "16K"; + options.atime = "off"; + options.logbias = "latency"; + postCreateHook = emptySnapshot "rpool/persistent/postgresql"; + }; + vol = { + type = "zfs_fs"; + options.canmount = "off"; + postCreateHook = emptySnapshot "rpool/vol"; + }; + "vol/podman" = { + type = "zfs_volume"; + size = "40G"; + options.volblocksize = "16K"; + content = { + type = "filesystem"; + format = "xfs"; + mountpoint = "/var/lib/containers"; + }; + }; + }; + }; + }; + }; +}