forked from Fediversity/Fediversity
Kiara Grouwstra
aef414ffe8
- move import to match module classes - manually import sources to resolve infinite recursion closes #431. Reviewed-on: Fediversity/Fediversity#432 Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
70 lines
1.6 KiB
Nix
70 lines
1.6 KiB
Nix
{ lib, ... }:
|
|
|
|
let
|
|
inherit (lib) mkDefault mkForce;
|
|
in
|
|
|
|
{
|
|
_class = "nixops4Resource";
|
|
|
|
# NOTE: This needs an SSH config entry `forgejo-ci` to locate and access the
|
|
# machine. This is because different people access the machine in different
|
|
# way (eg. via a proxy vs. via Procolix's VPN). This might look like:
|
|
#
|
|
# Host forgejo-ci
|
|
# HostName 45.142.234.216
|
|
# HostKeyAlias forgejo-ci
|
|
#
|
|
# The `HostKeyAlias` statement is crucial. Without it, deployment will fail
|
|
# with the SSH error “Host key verification failed”.
|
|
ssh.host = mkForce "forgejo-ci";
|
|
|
|
fediversityVm = {
|
|
domain = "procolix.com";
|
|
|
|
ipv4 = {
|
|
interface = "enp1s0f0";
|
|
address = "192.168.201.65";
|
|
prefixLength = 24;
|
|
gateway = "192.168.201.1";
|
|
};
|
|
ipv6.enable = false;
|
|
};
|
|
|
|
nixos.module =
|
|
{ config, ... }:
|
|
{
|
|
_class = "nixos";
|
|
|
|
imports = [
|
|
./forgejo-actions-runner.nix
|
|
];
|
|
|
|
hardware.cpu.intel.updateMicrocode = mkDefault config.hardware.enableRedistributableFirmware;
|
|
|
|
networking = {
|
|
nftables.enable = mkForce false;
|
|
hostId = "1d6ea552";
|
|
};
|
|
|
|
## NOTE: This is a physical machine, so is not covered by disko
|
|
fileSystems."/" = lib.mkForce {
|
|
device = "rpool/root";
|
|
fsType = "zfs";
|
|
};
|
|
|
|
fileSystems."/home" = {
|
|
device = "rpool/home";
|
|
fsType = "zfs";
|
|
};
|
|
|
|
fileSystems."/boot" = lib.mkForce {
|
|
device = "/dev/disk/by-uuid/50B2-DD3F";
|
|
fsType = "vfat";
|
|
options = [
|
|
"fmask=0077"
|
|
"dmask=0077"
|
|
];
|
|
};
|
|
};
|
|
}
|