[host/faunus-ater] Envision & Create

2022-05-27 18:11:47 +02:00 · 2022-05-27 18:11:47 +02:00 · e5784f9a02
parent f7278ae2e1
commit e5784f9a02
3 changed files with 96 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -97,6 +97,7 @@
      "elysia-clarki"
      "trochulus-hispidus"
      "radix-balthica"
+      "faunus-ater"
    ];

    defaultModules = [
@ -238,6 +239,12 @@
            ./hosts/radix-balthica.nix
          ];
        };
+        faunus-ater = {...}: {
+          imports = [
+            ./hosts/faunus-ater.nix
+            ./hardware/asrock-z370-i3-black-box.nix
+          ];
+        };
      };

      colmena =
--- a/hardware/asrock-z370-i3-black-box.nix
+++ b/hardware/asrock-z370-i3-black-box.nix
@ -0,0 +1,68 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: let
+  cryptRoot.encrypted = {
+    enable = true;
+    blkDev = "/dev/disk/by-id/nvme-Samsung_SSD_960_PRO_512GB_S3EWNCAJ110156V-part3";
+    label = "crypt-root";
+  };
+in {
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+
+  # === Boot options ===
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.supportedFilesystems = ["zfs"];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
+  boot.initrd.kernelModules = ["usb_storage"];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+  boot.zfs.devNodes = "/dev/";
+  boot.kernelParams = [
+    # Increase ARC cache for zfs (https://nixos.wiki/wiki/ZFS)
+    "zfs.zfs_arc_max=12884901888"
+  ];
+
+  # === Drives ===
+  boot.initrd.luks.devices.crypt-root = {
+    allowDiscards = true;
+    keyFile = "/dev/disk/by-id/usb-General_USB_Flash_Disk_0416KKFIDFY07WXD-0:0";
+    keyFileSize = 4096;
+    fallbackToPassword = true;
+    device = cryptRoot.encrypted.blkDev;
+  };
+
+  fileSystems."/" = {
+    device = "rpool/local/root";
+    fsType = "zfs";
+    options = ["zfsutil"];
+    inherit (cryptRoot) encrypted;
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/9071-3F2A";
+    fsType = "vfat";
+  };
+
+  fileSystems."/nix" = {
+    device = "rpool/local/nix";
+    fsType = "zfs";
+    options = ["zfsutil"];
+  };
+
+  fileSystems."/persist" = {
+    device = "rpool/safe/persist";
+    fsType = "zfs";
+    options = ["zfsutil"];
+  };
+
+  # === Swap ===
+  swapDevices = [
+    {device = "/dev/disk/by-uuid/206155f9-6ca0-4d0e-a269-c19766e56902";}
+  ];
+}
--- a/hosts/faunus-ater.nix
+++ b/hosts/faunus-ater.nix
@ -0,0 +1,21 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  networking.hostName = "faunus-ater";
+  networking.hostId = "a4d7bec4";
+  networking.interfaces.eno1.useDHCP = true;
+
+  # === Settings ===
+  settings.ssh.openOutsideVPN = true;
+
+  # === ZFS services ===
+  services.zfs.trim.enable = true;
+  services.zfs.autoScrub.enable = true;
+  services.zfs.autoScrub.pools = ["rpool"];
+
+  powerManagement.cpuFreqGovernor = "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}