os/hosts/flora-6/flora-6.nix
teutat3s 80c1a7927a
flora-6: configure more agressive garbage
collection

Reason: it has already happened a few times, that flora-6 ran out of
disk space. With this fix, hopefully the garbage collection should
kick in earlier and prevent this from happening
2023-03-05 18:38:42 +01:00

155 lines
4.1 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
config,
latestModulesPath,
lib,
inputs,
pkgs,
profiles,
self,
...
}: let
psCfg = config.pub-solar;
in {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./triton-vmtools.nix
./caddy.nix
./drone.nix
./keycloak.nix
./gitea.nix
./mailman.nix
profiles.base-user
profiles.users.root # make sure to configure ssh keys
profiles.users.barkeeper
"${latestModulesPath}/services/misc/gitea.nix"
];
disabledModules = [
"services/misc/gitea.nix"
];
config = {
# # #
# # # pub.solar options
# # #
pub-solar.core = {
disk-encryption-active = false;
iso-options.enable = true;
lite = true;
};
# Allow sudo without a password for the barkeeper user
security.sudo.extraRules = [
{
users = ["${psCfg.user.name}"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
# Override nix.conf for more agressive garbage collection
nix.extraOptions = lib.mkForce ''
min-free = 536870912
keep-outputs = false
keep-derivations = false
fallback = true
'';
# Machine user for CI pipelines
users.users.hakkonaut = {
description = "CI and automation user";
home = "/var/nix/iso-cache";
useDefaultShell = true;
uid = 998;
group = "hakkonaut";
isSystemUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5MvCwNRtCcP1pSDrn0XZTNlpOqYnjHDm9/OI4hECW hakkonaut@flora-6"
];
};
users.groups.hakkonaut = {};
# # #
# # # Triton host specific options
# # # DO NOT ALTER below this line, changes might render system unbootable
# # #
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Force getting the hostname from cloud-init
networking.hostName = lib.mkDefault "";
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Select internationalisation properties.
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
git
vim
wget
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
services.cloud-init.enable = true;
services.cloud-init.ext4.enable = true;
services.cloud-init.network.enable = true;
# use the default NixOS cloud-init config, but add some SmartOS customization to it
environment.etc."cloud/cloud.cfg.d/90_smartos.cfg".text = ''
datasource_list: [ SmartOS ]
# Do not create the centos/ubuntu/debian user
users: [ ]
# mount second disk with label ephemeral0, gets formated by cloud-init
# this will fail to get added to /etc/fstab as it's read-only, but should
# mount at boot anyway
mounts:
- [ vdb, /data, auto, "defaults,nofail" ]
'';
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
passwordAuthentication = false;
permitRootLogin = "no";
};
# We manage the firewall with nix, too
# altough triton can also manage firewall rules via the triton fwrule subcommand
networking.firewall.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
};
}