diff --git a/host/montalin.nix b/host/montalin.nix deleted file mode 100644 index 284f02e..0000000 --- a/host/montalin.nix +++ /dev/null @@ -1,106 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - - imports = [ - ../hardware/nuc.nix - ../role/base - ../role/dropbear - (import ../role/backup { - systemdMount = "var-backup.mount"; - borgArchiveFolder = "/var/backup/montalin"; - }) - ]; - - boot.initrd.luks.devices = { - "root".device = "/dev/disk/by-uuid/3a0a5071-67ab-4e13-a0b7-d31b86f5e8b1"; - "swap".device = "/dev/disk/by-uuid/6dee6e3c-e2f3-46c5-8751-5fce8c80ed49"; - "backup".device = "/dev/disk/by-uuid/a965933d-516c-46cf-8384-006b1770e46b"; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/root"; - fsType = "btrfs"; - options = [ "defaults" "noatime" ]; - }; - "/var/backup" = { - device = "/dev/mapper/backup"; - fsType = "ext4"; - options = [ "defaults" "noauto" "noatime" ]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/0065-E4EA"; - fsType = "vfat"; - options = [ "defaults" "noatime" ]; - }; - }; - - swapDevices = [{ device = "/dev/mapper/swap"; }]; - - # Get disk identifier with `udevadm info -n /dev/sdX | grep ID_SERIAL_SHORT` - services.udev.extraRules = '' - ACTION=="add", KERNEL=="sd[a-z]", ENV{ID_SERIAL_SHORT}=="WD-WXH1A89L54LA", RUN+="${pkgs.hdparm}/bin/hdparm -S 60 /dev/%k" - ''; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostName = "montalin"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - networking.interfaces.eno1 = { - ipv4.addresses = [{ - address = "10.1.2.2"; - prefixLength = 24; - }]; - }; - networking.interfaces.wlp1s0.useDHCP = true; - - networking.defaultGateway = "10.1.2.1"; - networking.nameservers = [ "10.1.2.1" ]; - - #networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - #networking.wireless.networks = { - # yummi = { - # psk = "cookies!"; - # }; - #}; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # List services that you want to enable: - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.jane = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # }; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "19.09"; # Did you read the comment? - -} diff --git a/host/montalin/applications/cloud.nix b/host/montalin/applications/cloud.nix new file mode 100644 index 0000000..a7e6e79 --- /dev/null +++ b/host/montalin/applications/cloud.nix @@ -0,0 +1,13 @@ +{ config, pkgs, ... }: +{ + + imports = [ + + ../role/nextcloud + ]; + + services.nextcloud = { + hostName = "cloud.qo.is"; + package = pkgs.nextcloud19; + } +} diff --git a/host/montalin/applications/default.nix b/host/montalin/applications/default.nix new file mode 100644 index 0000000..6e56662 --- /dev/null +++ b/host/montalin/applications/default.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +{ + + imports = [ + ./cloud.nix + #./dns.nix #TODO + #./feedreader.nix #TODO + #./id.nix #TODO + #./mx.nix #TODO + #./mail.nix #TODO + ]; +} diff --git a/host/montalin/backup.nix b/host/montalin/backup.nix new file mode 100644 index 0000000..ce7483c --- /dev/null +++ b/host/montalin/backup.nix @@ -0,0 +1,34 @@ +{ config, pkgs, ... }: + +let mountService = "var-backup.mount"; + repo = "/var/backup/montalin"; # TODO: Does this make sense? +{ + services.borgbackup.jobs = rec { + data = { + exclude = [ + "/var/backup" #TODO: Does this make sense? + "/var/tmp" + "/var/cache" + ]; + paths = [ + "/etc" + "/home" + "/root" + "/var" + ]; + preHook = "systemctl mount ${mountService}"; + postHook = "systemctl stop ${mountService}"; + prune.keep = { + within = "14d"; + weekly = 4; + monthly 6; + yearly = -1; + + }; + removeableDevices = true; + repo = repo; + startAt = ; #TODO: systemdtime + environment.BORG_BASE_DIR="${repo}/borg-base-dir"; + }; + }; +} diff --git a/host/montalin/database.nix b/host/montalin/database.nix new file mode 100644 index 0000000..59e0bc0 --- /dev/null +++ b/host/montalin/database.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: + +{ + + services.postgresql = { + #enable = true; # Required? Better in role? + package = pkgs.postgresql_12; + }; + + services.postgresqlBackup.enable = true; #TODO: Role? +} diff --git a/host/montalin/default.nix b/host/montalin/default.nix new file mode 100644 index 0000000..5289b12 --- /dev/null +++ b/host/montalin/default.nix @@ -0,0 +1,26 @@ +{ config, pkgs, ... }: +{ + + imports = [ + ./networking.nix + ./filesystems.nix + ./database.nix + ./backup.nix + ./applications + + ../hardware/nuc.nix + + ../role/base + ../role/dropbear + ]; + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "19.09"; # Did you read the comment? + +} diff --git a/host/montalin/filesystems.nix b/host/montalin/filesystems.nix new file mode 100644 index 0000000..0f23ee4 --- /dev/null +++ b/host/montalin/filesystems.nix @@ -0,0 +1,39 @@ +{ config, pkgs, ... }: +{ + boot.initrd.luks.devices = { + "root".device = "/dev/disk/by-uuid/3a0a5071-67ab-4e13-a0b7-d31b86f5e8b1"; + "swap".device = "/dev/disk/by-uuid/6dee6e3c-e2f3-46c5-8751-5fce8c80ed49"; + "backup".device = "/dev/disk/by-uuid/a965933d-516c-46cf-8384-006b1770e46b"; + }; + + fileSystems = { + "/" = { + device = "/dev/mapper/root"; + fsType = "btrfs"; + options = [ "defaults" "noatime" ]; + }; + "/var/backup" = { + device = "/dev/mapper/backup"; + fsType = "ext4"; + options = [ "defaults" "noauto" "noatime" ]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/0065-E4EA"; + fsType = "vfat"; + options = [ "defaults" "noatime" ]; + }; + }; + + swapDevices = [{ device = "/dev/mapper/swap"; }]; + + # Set Spin-Down times of HDDs + # To get the disk identifier with `udevadm info -n /dev/sdX | grep ID_SERIAL_SHORT` + services.udev.extraRules = '' + ACTION=="add", KERNEL=="sd[a-z]", ENV{ID_SERIAL_SHORT}=="WD-WXH1A89L54LA", RUN+="${pkgs.hdparm}/bin/hdparm -S 60 /dev/%k" + ''; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + +} diff --git a/host/montalin/networking.nix b/host/montalin/networking.nix new file mode 100644 index 0000000..780dce4 --- /dev/null +++ b/host/montalin/networking.nix @@ -0,0 +1,21 @@ +{ config, pkgs, ... }: + +{ + networking.hostName = "montalin"; # Define your hostname. + + networking.useDHCP = false; + networking.interfaces.eno1 = { + ipv4.addresses = [{ + address = "10.1.2.2"; + prefixLength = 24; + }]; + }; + networking.interfaces.wlp1s0.useDHCP = true; + + networking.defaultGateway = "10.1.2.1"; + networking.nameservers = [ "10.1.2.1" ]; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; +}