Bartosz Stebel | 821b839 | 2023-03-05 23:21:37 +0100 | [diff] [blame] | 1 | { config, pkgs, lib, ... }: |
Serge Bazanski | 712a5dc | 2023-02-28 01:15:40 +0000 | [diff] [blame] | 2 | |
| 3 | with builtins; |
Bartosz Stebel | 3b08873 | 2023-03-18 19:27:34 +0100 | [diff] [blame] | 4 | let |
| 5 | postgresPkg = pkgs.postgresql_14; |
| 6 | numCPUs = 16; |
Bartosz Stebel | 821b839 | 2023-03-05 23:21:37 +0100 | [diff] [blame] | 7 | in rec { |
Serge Bazanski | 712a5dc | 2023-02-28 01:15:40 +0000 | [diff] [blame] | 8 | networking.hostName = "bc01n05"; |
| 9 | # TODO: undefine fqdn and define domain after big nix change |
| 10 | hscloud.base.fqdn = "${networking.hostName}.hswaw.net"; |
| 11 | #networking.domain = "hswaw.net"; |
| 12 | system.stateVersion = "22.05"; |
Bartosz Stebel | 3b08873 | 2023-03-18 19:27:34 +0100 | [diff] [blame] | 13 | nix.maxJobs = numCPUs; |
Serge Bazanski | 712a5dc | 2023-02-28 01:15:40 +0000 | [diff] [blame] | 14 | |
Bartosz Stebel | 821b839 | 2023-03-05 23:21:37 +0100 | [diff] [blame] | 15 | ### zfs |
| 16 | # randomly generated |
| 17 | networking.hostId = "26dbfbcd"; |
| 18 | boot.supportedFilesystems = [ "zfs" ]; |
| 19 | boot.initrd.supportedFilesystems = [ "zfs" ]; |
| 20 | services.zfs.trim.enable = true; |
| 21 | |
Serge Bazanski | 712a5dc | 2023-02-28 01:15:40 +0000 | [diff] [blame] | 22 | boot.loader.grub.device = "/dev/sda"; |
Bartosz Stebel | 821b839 | 2023-03-05 23:21:37 +0100 | [diff] [blame] | 23 | fileSystems = { |
| 24 | "/" = { |
| 25 | device = "rpool/nixos/root"; |
| 26 | fsType = lib.mkForce "zfs"; |
| 27 | options = [ "X-mount.mkdir" ]; |
| 28 | }; |
| 29 | "/home" = { |
| 30 | device = "rpool/nixos/home"; |
| 31 | fsType = "zfs"; |
| 32 | options = [ "X-mount.mkdir" ]; |
| 33 | }; |
| 34 | "/var/lib/postgresql" = { |
| 35 | device = "rpool/postgres"; |
| 36 | fsType = "zfs"; |
| 37 | options = [ "X-mount.mkdir" ]; |
| 38 | }; |
| 39 | "/boot" = { |
| 40 | device = "/dev/disk/by-uuid/2a951c5d-0193-4ef3-9227-d8a5184cbd63"; |
| 41 | fsType = "ext4"; |
| 42 | }; |
Serge Bazanski | 712a5dc | 2023-02-28 01:15:40 +0000 | [diff] [blame] | 43 | }; |
| 44 | |
| 45 | hscloud.base = { |
| 46 | mgmtIf = "eno1"; |
| 47 | ipAddr = "185.236.240.37"; |
| 48 | ipAddrBits = 28; |
| 49 | gw = "185.236.240.33"; |
| 50 | }; |
Bartosz Stebel | 821b839 | 2023-03-05 23:21:37 +0100 | [diff] [blame] | 51 | |
| 52 | environment.systemPackages = [postgresPkg]; |
| 53 | services.postgresql = { |
| 54 | enable = true; |
| 55 | package = postgresPkg; |
| 56 | enableTCPIP = true; |
| 57 | initdbArgs = ["--encoding='UTF8'" "--lc-collate='C'" "--lc-ctype='C'"]; |
Bartosz Stebel | 3b08873 | 2023-03-18 19:27:34 +0100 | [diff] [blame] | 58 | settings = { |
| 59 | max_connections = 300; |
| 60 | shared_buffers = "4GB"; |
| 61 | temp_buffers = "64MB"; |
| 62 | work_mem = "64MB"; |
| 63 | maintenance_work_mem = "258MB"; |
| 64 | effective_io_concurrency = 10; # ssd, guess |
| 65 | maintenance_io_concurrency = 100; # ssd, guess |
| 66 | max_worker_processes = numCPUs; |
| 67 | max_parallel_workers = numCPUs; |
| 68 | max_parallel_maintenance_workers = 4; |
| 69 | wal_level = "logical"; |
| 70 | wal_sync_method = "fsync"; # slightly faster (per pg_test_fsync) AND safer |
| 71 | full_page_writes = "off"; # partial writes impossible on zfs |
| 72 | wal_init_zero = "off"; # useless on CoW |
| 73 | wal_recycle = "off"; # same |
| 74 | random_page_cost = 2.0; # ssd, TODO maybe even lower? |
| 75 | }; |
Bartosz Stebel | 821b839 | 2023-03-05 23:21:37 +0100 | [diff] [blame] | 76 | ensureDatabases = ["synapse" "mediarepo"]; |
| 77 | ensureUsers = [ |
| 78 | { |
| 79 | name = "synapse"; |
| 80 | ensurePermissions = { |
| 81 | "DATABASE synapse" = "ALL PRIVILEGES"; |
| 82 | }; |
| 83 | } |
| 84 | { |
| 85 | name = "mediarepo"; |
| 86 | ensurePermissions = { |
| 87 | "DATABASE mediarepo" = "ALL PRIVILEGES"; |
| 88 | }; |
| 89 | } |
| 90 | ]; |
| 91 | # TODO actually allow synapse to talk to us |
| 92 | # also adjust firewall |
| 93 | authentication = pkgs.lib.mkOverride 10 '' |
| 94 | local all all trust |
| 95 | host all all 127.0.0.1/32 trust |
| 96 | host all all ::1/128 trust |
| 97 | ''; |
| 98 | }; |
Serge Bazanski | 712a5dc | 2023-02-28 01:15:40 +0000 | [diff] [blame] | 99 | } |
| 100 | |