nixos-config/config/host-config/nostromo.nix

{ config, lib, pkgs, ... }:

with lib;
let hostname = "nostromo";
in {

  networking = {
    interfaces = {
      eno1.useDHCP = false;
      eno2.useDHCP = false;
      eno3.useDHCP = false;
      eno4.useDHCP = false;
      enp33s0f0.useDHCP = false;
      enp33s0f1.useDHCP = false;
      enp9s0f0.useDHCP = false;
      enp9s0f1.useDHCP = false;

      intif0 = { useDHCP = true; };
    };
  };

  # Hopefully this'll help with NFS...
  boot.kernelModules = [ "rpcsec_gss_krb5" ];

  fudo.hosts.nostromo.encrypted-filesystems.sea-store = {
    encrypted-device = "/dev/nostromo-store/locked";
    key-path = "/run/keys/sea-store";
    filesystem-type = "btrfs";
    options = [ "noatime" "nodiratime" "compress=zstd" "noexec" ];
    mountpoints = {
      "/export/documents" = {
        options = [ "subvol=@documents" ];
        group = "sea-documents";
        users = [ "niten" ];
      };
      "/export/downloads" = {
        options = [ "subvol=@downloads" ];
        group = "sea-downloads";
        users = [ "niten" ];
      };
    };
  };

  services.nfs = {
    # See lib/fudo/users.nix for the user@REALM -> user mapping
    server = {
      enable = true;
      createMountPoints = false;
      exports = let
        exportList = [
          "/export/documents 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=10,sec=krb5p)"
          "/export/downloads 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=11,sec=krb5i)"
        ];
      in ''
        ${concatStringsSep "\n" exportList}
      '';
    };
  };

  systemd.services.nfs-server = {
    # Don't start on boot
    wantedBy = mkForce [ "sea-store.target" ];
    # Only start after filesystem mounts are available
    after = [ "export-documents.mount" "export-downloads.mount" ];
  };

  fudo.ipfs = {
    enable = true;
    users = [ "niten" ];
    api-address = "/ip4/0.0.0.0/tcp/5001";
  };

  virtualisation = {
    libvirtd = {
      enable = true;
      qemuPackage = pkgs.qemu_kvm;
      onShutdown = "shutdown";
    };
  };
}
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`{ config, lib, pkgs, ... }:`

Disable dns client for now 2021-04-21 10:50:09 -07:00			`with lib;`
			`let hostname = "nostromo";`
			`in {`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00
			`networking = {`
nostromo: add 'interfaces' nesting 2021-04-21 10:55:09 -07:00			`interfaces = {`
			`eno1.useDHCP = false;`
			`eno2.useDHCP = false;`
			`eno3.useDHCP = false;`
			`eno4.useDHCP = false;`
			`enp33s0f0.useDHCP = false;`
			`enp33s0f1.useDHCP = false;`
			`enp9s0f0.useDHCP = false;`
			`enp9s0f1.useDHCP = false;`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00
nostromo: add 'interfaces' nesting 2021-04-21 10:55:09 -07:00			`intif0 = { useDHCP = true; };`
			`};`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`};`

Daaamn NFS is a pain 2021-10-18 21:55:24 -07:00			`# Hopefully this'll help with NFS...`
			`boot.kernelModules = [ "rpcsec_gss_krb5" ];`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00
Try to get sea-store working 2021-10-17 23:12:49 -07:00			`fudo.hosts.nostromo.encrypted-filesystems.sea-store = {`
			`encrypted-device = "/dev/nostromo-store/locked";`
			`key-path = "/run/keys/sea-store";`
			`filesystem-type = "btrfs";`
			`options = [ "noatime" "nodiratime" "compress=zstd" "noexec" ];`
			`mountpoints = {`
Various fixes to sea-store 2021-10-17 23:33:07 -07:00			`"/export/documents" = {`
Try to get sea-store working 2021-10-17 23:12:49 -07:00			`options = [ "subvol=@documents" ];`
Daaamn NFS is a pain 2021-10-18 21:55:24 -07:00			`group = "sea-documents";`
			`users = [ "niten" ];`
			`};`
			`"/export/downloads" = {`
			`options = [ "subvol=@downloads" ];`
			`group = "sea-downloads";`
			`users = [ "niten" ];`
Try to get sea-store working 2021-10-17 23:12:49 -07:00			`};`
			`};`
			`};`

Daaamn NFS is a pain 2021-10-18 21:55:24 -07:00			`services.nfs = {`
			`# See lib/fudo/users.nix for the user@REALM -> user mapping`
			`server = {`
			`enable = true;`
			`createMountPoints = false;`
			`exports = let`
			`exportList = [`
Networks aren't a function 2021-10-19 10:04:35 -07:00			`"/export/documents 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=10,sec=krb5p)"`
			`"/export/downloads 10.0.0.0/24(rw,sync,no_root_squash,no_subtree_check,fsid=11,sec=krb5i)"`
Daaamn NFS is a pain 2021-10-18 21:55:24 -07:00			`];`
			`in ''`
			`${concatStringsSep "\n" exportList}`
			`'';`
			`};`
			`};`

			`systemd.services.nfs-server = {`
Networks aren't a function 2021-10-19 10:04:35 -07:00			`# Don't start on boot`
Daaamn NFS is a pain 2021-10-18 21:55:24 -07:00			`wantedBy = mkForce [ "sea-store.target" ];`
			`# Only start after filesystem mounts are available`
			`after = [ "export-documents.mount" "export-downloads.mount" ];`
			`};`

Various changes, and added a live-disk config. 2021-07-16 12:57:36 -07:00			`fudo.ipfs = {`
			`enable = true;`
			`users = [ "niten" ];`
			`api-address = "/ip4/0.0.0.0/tcp/5001";`
			`};`

nostromo: virtualization -> virtualisation 2021-04-21 10:52:06 -07:00			`virtualisation = {`
Switch to using a common hostconfig at build and config time. 2021-04-07 14:03:52 -07:00			`libvirtd = {`
			`enable = true;`
			`qemuPackage = pkgs.qemu_kvm;`
			`onShutdown = "shutdown";`
			`};`
			`};`
			`}`