nixos-config/machines/odin/configuration.nix

{
  nixos-hardware,
  disko,
  nix-ld-rs,
  ...
}:
{ pkgs, config, ... }:
{
  imports = [
    nixos-hardware.nixosModules.common-cpu-intel
    nixos-hardware.nixosModules.common-pc-ssd

    disko.nixosModules.disko

    ./storage.nix
    ./network.nix
    ./virtualisation.nix
    ./promtail
    ../../users/erwin
    ../../users/root
  ];

  eboskma = {
    users.erwin = {
      enable = true;
      server = true;
    };

    base = {
      plymouth.enable = true;
    };

    nix-common = {
      enable = true;
      remote-builders = true;
    };

    # libvirtd.enable = true;
    systemd.enable = true;
    tailscale.enable = true;
  };

  security = {
    sudo-rs = {
      enable = true;
    };
    sudo.enable = false;
    apparmor = {
      enable = false;
    };
  };

  boot = {
    loader = {
      systemd-boot = {
        enable = true;
        configurationLimit = 10;
      };
      efi.canTouchEfiVariables = true;
    };

    initrd = {
      availableKernelModules = [
        "xhci_pci"
        "thunderbolt"
        "nvme"
        "ahci"
        "usb_storage"
        "usbhid"
        "sd_mod"
        "virtio_blk"
        "virtio_pci"
      ];
      kernelModules = [ "kvm-intel" ];
    };

    kernelPackages = pkgs.linuxPackages_latest;
    kernelModules = [
      "kvm-intel"
      "dm-thin-pool"
      "dm-snapshot"
    ];
    # From PVE: ro quiet intel_iommu=on i915.enable_gvt=1 cpufreq.default_governor=ondemand
    # kernelParams = [ "intel_iommu=on" "i915.enable_gvt=1" "cpufreq.default_governor=ondemand" ];

    extraModulePackages = with config.boot.kernelPackages; [ gasket ];

    kernel.sysctl = {
      "net.core.rmem_max" = 2500000;
      "net.core.wmem_max" = 2500000;
    };
  };

  hardware.enableAllFirmware = true;

  users.users.consoledash = {
    isSystemUser = true;
    home = "/var/lib/consoledash";
    group = "consoledash";
    createHome = true;
    # Stole this from here:
    # https://github.com/mcdonc/.nixconfig/blob/66f427c029eb673c44bb7df919b78485ce3e8b01/videos/restricteduser/script.rst
    # shell =
    #   let
    #     rbash = pkgs.runCommandNoCC "rbash-${pkgs.bashInteractive.version}" { } ''
    #       mkdir -p $out/bin
    #       ln -s ${pkgs.bashInteractive}/bin/bash $out/bin/rbash
    #     '';

    #   in
    #   "${rbash}/bin/rbash";
    shell = "${pkgs.glances}/bin/glances";
    ignoreShellProgramCheck = true;
    hashedPassword = null;
  };
  users.groups.consoledash = { };

  programs = {
    bandwhich.enable = true;
    nix-ld = {
      enable = true;
      package = nix-ld-rs.packages.${pkgs.hostPlatform.system}.nix-ld-rs;
    };
  };

  services = {
    getty.autologinUser = "consoledash";
    openssh.enable = true;
    lvm = {
      enable = true;
    };
    prometheus.exporters = {
      node = {
        enable = true;
        enabledCollectors = [ "systemd" ];
      };
    };

    iperf3 = {
      enable = true;
      openFirewall = true;
    };

    sysstat = {
      enable = true;
      collect-frequency = "*:*:0";
    };
  };

  environment.systemPackages = with pkgs; [
    sysstat
  ];

  system.stateVersion = "24.05";
}
Run nixfmt 2024-02-05 11:46:52 +01:00			`{`
			`nixos-hardware,`
			`disko,`
			`nix-ld-rs,`
			`...`
			`}:`
Finish configuration for odin on NUC, update containers for Incus 2024-01-02 22:01:55 +01:00			`{ pkgs, config, ... }:`
Initial virtualisation server setup 2023-01-17 13:45:37 +01:00			`{`
			`imports = [`
			`nixos-hardware.nixosModules.common-cpu-intel`
			`nixos-hardware.nixosModules.common-pc-ssd`

			`disko.nixosModules.disko`

			`./storage.nix`
Finish configuration for odin on NUC, update containers for Incus 2024-01-02 22:01:55 +01:00			`./network.nix`
			`./virtualisation.nix`
odin: Enable prometheus node exporter and promtail 2024-04-26 11:58:54 +02:00			`./promtail`
Add users to odin 2023-01-17 14:09:13 +01:00			`../../users/erwin`
			`../../users/root`
Initial virtualisation server setup 2023-01-17 13:45:37 +01:00			`];`

			`eboskma = {`
			`users.erwin = {`
			`enable = true;`
Finish configuration for odin on NUC, update containers for Incus 2024-01-02 22:01:55 +01:00			`server = true;`
Initial virtualisation server setup 2023-01-17 13:45:37 +01:00			`};`

			`base = {`
			`plymouth.enable = true;`
			`};`

			`nix-common = {`
			`enable = true;`
			`remote-builders = true;`
			`};`

Finish configuration for odin on NUC, update containers for Incus 2024-01-02 22:01:55 +01:00			`# libvirtd.enable = true;`
Initial virtualisation server setup 2023-01-17 13:45:37 +01:00			`systemd.enable = true;`
Finish configuration for odin on NUC, update containers for Incus 2024-01-02 22:01:55 +01:00			`tailscale.enable = true;`
			`};`

			`security = {`
			`sudo-rs = {`
			`enable = true;`
			`};`
			`sudo.enable = false;`
odin: Enable apparmor 2024-07-30 12:10:31 +02:00			`apparmor = {`
odin: Disable apparmor for now 2024-07-30 12:31:59 +02:00			`enable = false;`
odin: Enable apparmor 2024-07-30 12:10:31 +02:00			`};`
Initial virtualisation server setup 2023-01-17 13:45:37 +01:00			`};`

			`boot = {`
			`loader = {`
			`systemd-boot = {`
			`enable = true;`
			`configurationLimit = 10;`
			`};`
			`efi.canTouchEfiVariables = true;`
			`};`

			`initrd = {`
Run nixfmt 2024-02-05 11:46:52 +01:00			`availableKernelModules = [`
			`"xhci_pci"`
			`"thunderbolt"`
			`"nvme"`
			`"ahci"`
			`"usb_storage"`
			`"usbhid"`
			`"sd_mod"`
			`"virtio_blk"`
			`"virtio_pci"`
			`];`
Finish configuration for odin on NUC, update containers for Incus 2024-01-02 22:01:55 +01:00			`kernelModules = [ "kvm-intel" ];`
Initial virtualisation server setup 2023-01-17 13:45:37 +01:00			`};`

Finish configuration for odin on NUC, update containers for Incus 2024-01-02 22:01:55 +01:00			`kernelPackages = pkgs.linuxPackages_latest;`
Run nixfmt 2024-02-05 11:46:52 +01:00			`kernelModules = [`
			`"kvm-intel"`
			`"dm-thin-pool"`
			`"dm-snapshot"`
			`];`
Finish configuration for odin on NUC, update containers for Incus 2024-01-02 22:01:55 +01:00			`# From PVE: ro quiet intel_iommu=on i915.enable_gvt=1 cpufreq.default_governor=ondemand`
			`# kernelParams = [ "intel_iommu=on" "i915.enable_gvt=1" "cpufreq.default_governor=ondemand" ];`

odin: gasket was fixed for kernels >= 6.8 2024-08-14 14:20:27 +02:00			`extraModulePackages = with config.boot.kernelPackages; [ gasket ];`
odin: Tweak kernel settings for caddy, open port 2024-01-17 09:40:26 +01:00
			`kernel.sysctl = {`
			`"net.core.rmem_max" = 2500000;`
			`"net.core.wmem_max" = 2500000;`
			`};`
Initial virtualisation server setup 2023-01-17 13:45:37 +01:00			`};`

			`hardware.enableAllFirmware = true;`

odin: Add consoledash user that starts glances 2024-06-12 21:42:31 +02:00			`users.users.consoledash = {`
			`isSystemUser = true;`
			`home = "/var/lib/consoledash";`
			`group = "consoledash";`
			`createHome = true;`
			`# Stole this from here:`
			`# https://github.com/mcdonc/.nixconfig/blob/66f427c029eb673c44bb7df919b78485ce3e8b01/videos/restricteduser/script.rst`
			`# shell =`
			`# let`
			`# rbash = pkgs.runCommandNoCC "rbash-${pkgs.bashInteractive.version}" { } ''`
			`# mkdir -p $out/bin`
			`# ln -s ${pkgs.bashInteractive}/bin/bash $out/bin/rbash`
			`# '';`

			`# in`
			`# "${rbash}/bin/rbash";`
			`shell = "${pkgs.glances}/bin/glances";`
			`ignoreShellProgramCheck = true;`
			`hashedPassword = null;`
			`};`
			`users.groups.consoledash = { };`

odin: add nix-ld, remove cockpit, add kmod to incus PATH 2024-01-10 21:54:54 +01:00			`programs = {`
odin: Add bandwhich 2024-09-18 16:59:40 +02:00			`bandwhich.enable = true;`
odin: add nix-ld, remove cockpit, add kmod to incus PATH 2024-01-10 21:54:54 +01:00			`nix-ld = {`
Finish configuration for odin on NUC, update containers for Incus 2024-01-02 22:01:55 +01:00			`enable = true;`
odin: add nix-ld, remove cockpit, add kmod to incus PATH 2024-01-10 21:54:54 +01:00			`package = nix-ld-rs.packages.${pkgs.hostPlatform.system}.nix-ld-rs;`
odin: enable libvirt and cockpit 2023-04-07 10:10:53 +02:00			`};`
odin: add nix-ld, remove cockpit, add kmod to incus PATH 2024-01-10 21:54:54 +01:00			`};`

			`services = {`
odin: Add consoledash user that starts glances 2024-06-12 21:42:31 +02:00			`getty.autologinUser = "consoledash";`
odin: add nix-ld, remove cockpit, add kmod to incus PATH 2024-01-10 21:54:54 +01:00			`openssh.enable = true;`
Finish configuration for odin on NUC, update containers for Incus 2024-01-02 22:01:55 +01:00			`lvm = {`
			`enable = true;`
			`};`
odin: Enable prometheus node exporter and promtail 2024-04-26 11:58:54 +02:00			`prometheus.exporters = {`
			`node = {`
			`enable = true;`
			`enabledCollectors = [ "systemd" ];`
			`};`
			`};`
odin: Add iperf3 2024-06-11 15:26:14 +02:00
			`iperf3 = {`
			`enable = true;`
			`openFirewall = true;`
			`};`
odin: Enable sysstat 2024-09-23 13:40:47 +02:00
odin: Run sysstat every minute 2024-09-24 15:07:40 +02:00			`sysstat = {`
			`enable = true;`
			`collect-frequency = "::0";`
			`};`
Initial virtualisation server setup 2023-01-17 13:45:37 +01:00			`};`
Enable LVM, make sure data partition is created last There are suggestions to add a way to set the order without the need to prefix attribute names. See https://github.com/nix-community/disko/issues/80 2023-01-17 15:53:06 +01:00
odin: Enable sysstat 2024-09-23 13:40:47 +02:00			`environment.systemPackages = with pkgs; [`
			`sysstat`
			`];`

Finish configuration for odin on NUC, update containers for Incus 2024-01-02 22:01:55 +01:00			`system.stateVersion = "24.05";`
Initial virtualisation server setup 2023-01-17 13:45:37 +01:00			`}`