blob: a8df522f2684b8646d81b4553f252278495abb96 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
<nixpkgs/nixos/modules/profiles/qemu-guest.nix>
../2configs/base.nix
../2configs/cgit-retiolum.nix
../2configs/graphite-standalone.nix
];
krebs.build.host = config.krebs.hosts.pnp;
krebs.build.user = config.krebs.users.makefu;
krebs.build.target = "root@pnp";
krebs.build.deps = {
nixpkgs = {
url = https://github.com/NixOS/nixpkgs;
rev = "4c01e6d91993b6de128795f4fbdd25f6227fb870";
};
secrets = {
url = "/home/makefu/secrets/${config.krebs.build.host.name}";
};
stockholm = {
url = toString ../..;
};
};
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "virtio_pci" "virtio_blk" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = true;
networking.firewall.allowedTCPPorts = [
# nginx runs on 80
80
# graphite-web runs on 8080, carbon cache runs on 2003 tcp and udp
8080 2003
];
networking.firewall.allowedUDPPorts = [ 2003 ];
networking.firewall.rejectPackets = true;
networking.firewall.allowPing = true;
fileSystems."/" =
{ device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
krebs.retiolum = {
enable = true;
hosts = ../../Zhosts;
connectTo = [
"gum"
"pigstarter"
"fastpoke"
];
};
# $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs; [
jq
];
}
|
