Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 3b0887397af5e3b93cffcab3e59c6dedb1a0b7eb / . / cluster / machines / bc01n05.hswaw.net.nix
blob: d2b4da0a95e9953b8c0082bd1ea815c9166646fe [file] [log] [blame]
Bartosz Stebel821b8392023-03-05 23:21:37 +0100[diff] [blame]1{ config, pkgs, lib, ... }:
Serge Bazanski712a5dc2023-02-28 01:15:40 +0000[diff] [blame]2
3with builtins;
Bartosz Stebel3b088732023-03-18 19:27:34 +0100[diff] [blame^]4let
5 postgresPkg = pkgs.postgresql_14;
6 numCPUs = 16;
Bartosz Stebel821b8392023-03-05 23:21:37 +0100[diff] [blame]7in rec {
Serge Bazanski712a5dc2023-02-28 01:15:40 +0000[diff] [blame]8 networking.hostName = "bc01n05";
9 # TODO: undefine fqdn and define domain after big nix change
10 hscloud.base.fqdn = "${networking.hostName}.hswaw.net";
11 #networking.domain = "hswaw.net";
12 system.stateVersion = "22.05";
Bartosz Stebel3b088732023-03-18 19:27:34 +0100[diff] [blame^]13 nix.maxJobs = numCPUs;
Serge Bazanski712a5dc2023-02-28 01:15:40 +0000[diff] [blame]14
Bartosz Stebel821b8392023-03-05 23:21:37 +0100[diff] [blame]15 ### zfs
16 # randomly generated
17 networking.hostId = "26dbfbcd";
18 boot.supportedFilesystems = [ "zfs" ];
19 boot.initrd.supportedFilesystems = [ "zfs" ];
20 services.zfs.trim.enable = true;
21
Serge Bazanski712a5dc2023-02-28 01:15:40 +0000[diff] [blame]22 boot.loader.grub.device = "/dev/sda";
Bartosz Stebel821b8392023-03-05 23:21:37 +0100[diff] [blame]23 fileSystems = {
24 "/" = {
25 device = "rpool/nixos/root";
26 fsType = lib.mkForce "zfs";
27 options = [ "X-mount.mkdir" ];
28 };
29 "/home" = {
30 device = "rpool/nixos/home";
31 fsType = "zfs";
32 options = [ "X-mount.mkdir" ];
33 };
34 "/var/lib/postgresql" = {
35 device = "rpool/postgres";
36 fsType = "zfs";
37 options = [ "X-mount.mkdir" ];
38 };
39 "/boot" = {
40 device = "/dev/disk/by-uuid/2a951c5d-0193-4ef3-9227-d8a5184cbd63";
41 fsType = "ext4";
42 };
Serge Bazanski712a5dc2023-02-28 01:15:40 +0000[diff] [blame]43 };
44
45 hscloud.base = {
46 mgmtIf = "eno1";
47 ipAddr = "185.236.240.37";
48 ipAddrBits = 28;
49 gw = "185.236.240.33";
50 };
Bartosz Stebel821b8392023-03-05 23:21:37 +0100[diff] [blame]51
52 environment.systemPackages = [postgresPkg];
53 services.postgresql = {
54 enable = true;
55 package = postgresPkg;
56 enableTCPIP = true;
57 initdbArgs = ["--encoding='UTF8'" "--lc-collate='C'" "--lc-ctype='C'"];
Bartosz Stebel3b088732023-03-18 19:27:34 +0100[diff] [blame^]58 settings = {
59 max_connections = 300;
60 shared_buffers = "4GB";
61 temp_buffers = "64MB";
62 work_mem = "64MB";
63 maintenance_work_mem = "258MB";
64 effective_io_concurrency = 10; # ssd, guess
65 maintenance_io_concurrency = 100; # ssd, guess
66 max_worker_processes = numCPUs;
67 max_parallel_workers = numCPUs;
68 max_parallel_maintenance_workers = 4;
69 wal_level = "logical";
70 wal_sync_method = "fsync"; # slightly faster (per pg_test_fsync) AND safer
71 full_page_writes = "off"; # partial writes impossible on zfs
72 wal_init_zero = "off"; # useless on CoW
73 wal_recycle = "off"; # same
74 random_page_cost = 2.0; # ssd, TODO maybe even lower?
75 };
Bartosz Stebel821b8392023-03-05 23:21:37 +0100[diff] [blame]76 ensureDatabases = ["synapse" "mediarepo"];
77 ensureUsers = [
78 {
79 name = "synapse";
80 ensurePermissions = {
81 "DATABASE synapse" = "ALL PRIVILEGES";
82 };
83 }
84 {
85 name = "mediarepo";
86 ensurePermissions = {
87 "DATABASE mediarepo" = "ALL PRIVILEGES";
88 };
89 }
90 ];
91 # TODO actually allow synapse to talk to us
92 # also adjust firewall
93 authentication = pkgs.lib.mkOverride 10 ''
94 local all all trust
95 host all all 127.0.0.1/32 trust
96 host all all ::1/128 trust
97 '';
98 };
Serge Bazanski712a5dc2023-02-28 01:15:40 +0000[diff] [blame]99}
100