{ config, pkgs, ... }: { imports = [ ./infra.nix ]; # FIXME I suck. I didn't manage to configure a working ZFS rootfs with disko # It was 1 AM, and the server had to be up and running quickly, so I # partitioned the server manually fileSystems = { "/" = { device = "rpool/root"; fsType = "zfs"; }; "/boot1" = { device = "/dev/disk/by-uuid/F121-2F47"; fsType = "vfat"; options = [ "fmask=0077" "dmask=0077" ]; }; "/boot2" = { device = "/dev/disk/by-uuid/F167-8DD8"; fsType = "vfat"; options = [ "fmask=0077" "dmask=0077" ]; }; }; boot.zfs.extraPools = [ "data" ]; # We use Grub because systemd-boot does not seem to have a simple equivalent # of mirroredBoots boot.loader.grub = { enable = true; efiSupport = true; zfsSupport = true; # FIXME useless? mirroredBoots = [ { devices = [ "nodev" ]; path = "/boot1"; efiSysMountPoint = "/boot1"; } { devices = [ "nodev" ]; path = "/boot2"; efiSysMountPoint = "/boot2"; } ]; }; boot.loader.efi.canTouchEfiVariables = true; boot.initrd.kernelModules = [ ]; boot.initrd.availableKernelModules = [ "ahci" "ehci_pci" "megaraid_sas" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; systemd.network = { links = { "10-phy1" = { matchConfig.MACAddress = "18:66:da:75:da:04"; linkConfig.Name = "phy1"; }; "10-phy2" = { matchConfig.MACAddress = "18:66:da:75:da:05"; linkConfig.Name = "phy2"; }; }; netdevs = { "10-wan".netdevConfig = { Name = "wan"; Kind = "bridge"; }; "10-bond" = { netdevConfig = { Name = "bond"; Kind = "bond"; }; bondConfig.Mode = "802.3ad"; }; }; networks = { "10-phy1" = { matchConfig.Name = "phy1"; networkConfig.Bond = "bond"; }; "10-phy2" = { matchConfig.Name = "phy2"; networkConfig.Bond = "bond"; }; "10-bond" = { matchConfig.Name = "bond"; networkConfig.Bridge = "wan"; }; "10-wan" = { matchConfig.Name = "wan"; address = [ "193.54.193.161/28" ]; routes = [ { Gateway = "193.54.193.174"; } ]; }; }; }; age.secrets = { vogon-wg-infra-key = { file = ../secrets/vogon-wg-infra-key.age; owner = "root"; group = "root"; }; }; infra.hub = { privateKeyPath = config.age.secrets.vogon-wg-infra-key.path; }; }