Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / 779727b39ef6f3f7f28522ce21e02b7a8b344ed5 / . / cluster / machines / bc01n05.hswaw.net.nix
blob: 3155cc96a92c0ffcd8bcfacf3060aa7d13f857ca [file] [log] [blame]
Bartosz Stebel821b8392023-03-05 23:21:37 +0100[diff] [blame]1{ config, pkgs, lib, ... }:
Serge Bazanski712a5dc2023-02-28 01:15:40 +0000[diff] [blame]2
3with builtins;
Bartosz Stebel3b088732023-03-18 19:27:34 +0100[diff] [blame]4let
5 postgresPkg = pkgs.postgresql_14;
6 numCPUs = 16;
Bartosz Stebel821b8392023-03-05 23:21:37 +0100[diff] [blame]7in rec {
Serge Bazanski712a5dc2023-02-28 01:15:40 +0000[diff] [blame]8 networking.hostName = "bc01n05";
9 # TODO: undefine fqdn and define domain after big nix change
10 hscloud.base.fqdn = "${networking.hostName}.hswaw.net";
11 #networking.domain = "hswaw.net";
12 system.stateVersion = "22.05";
Bartosz Stebel3b088732023-03-18 19:27:34 +0100[diff] [blame]13 nix.maxJobs = numCPUs;
Serge Bazanski712a5dc2023-02-28 01:15:40 +0000[diff] [blame]14
Bartosz Stebel821b8392023-03-05 23:21:37 +0100[diff] [blame]15 ### zfs
16 # randomly generated
17 networking.hostId = "26dbfbcd";
18 boot.supportedFilesystems = [ "zfs" ];
19 boot.initrd.supportedFilesystems = [ "zfs" ];
20 services.zfs.trim.enable = true;
21
Serge Bazanski712a5dc2023-02-28 01:15:40 +0000[diff] [blame]22 boot.loader.grub.device = "/dev/sda";
Bartosz Stebel821b8392023-03-05 23:21:37 +0100[diff] [blame]23 fileSystems = {
24 "/" = {
25 device = "rpool/nixos/root";
26 fsType = lib.mkForce "zfs";
27 options = [ "X-mount.mkdir" ];
28 };
29 "/home" = {
30 device = "rpool/nixos/home";
31 fsType = "zfs";
32 options = [ "X-mount.mkdir" ];
33 };
34 "/var/lib/postgresql" = {
35 device = "rpool/postgres";
36 fsType = "zfs";
37 options = [ "X-mount.mkdir" ];
38 };
39 "/boot" = {
40 device = "/dev/disk/by-uuid/2a951c5d-0193-4ef3-9227-d8a5184cbd63";
41 fsType = "ext4";
42 };
Serge Bazanski712a5dc2023-02-28 01:15:40 +0000[diff] [blame]43 };
44
45 hscloud.base = {
46 mgmtIf = "eno1";
47 ipAddr = "185.236.240.37";
48 ipAddrBits = 28;
49 gw = "185.236.240.33";
50 };
Bartosz Stebel821b8392023-03-05 23:21:37 +0100[diff] [blame]51
Bartosz Stebel779727b2023-03-26 21:27:21 +0200[diff] [blame^]52 networking.firewall.allowedTCPPorts = [ config.services.postgresql.port ];
53
Bartosz Stebel821b8392023-03-05 23:21:37 +0100[diff] [blame]54 environment.systemPackages = [postgresPkg];
55 services.postgresql = {
56 enable = true;
57 package = postgresPkg;
58 enableTCPIP = true;
59 initdbArgs = ["--encoding='UTF8'" "--lc-collate='C'" "--lc-ctype='C'"];
Bartosz Stebel3b088732023-03-18 19:27:34 +0100[diff] [blame]60 settings = {
61 max_connections = 300;
Bartosz Stebel779727b2023-03-26 21:27:21 +0200[diff] [blame^]62 shared_buffers = "8GB";
63 temp_buffers = "128MB";
64 work_mem = "128MB";
Bartosz Stebel3b088732023-03-18 19:27:34 +0100[diff] [blame]65 maintenance_work_mem = "258MB";
66 effective_io_concurrency = 10; # ssd, guess
67 maintenance_io_concurrency = 100; # ssd, guess
68 max_worker_processes = numCPUs;
69 max_parallel_workers = numCPUs;
70 max_parallel_maintenance_workers = 4;
71 wal_level = "logical";
72 wal_sync_method = "fsync"; # slightly faster (per pg_test_fsync) AND safer
73 full_page_writes = "off"; # partial writes impossible on zfs
74 wal_init_zero = "off"; # useless on CoW
75 wal_recycle = "off"; # same
76 random_page_cost = 2.0; # ssd, TODO maybe even lower?
77 };
Bartosz Stebel821b8392023-03-05 23:21:37 +0100[diff] [blame]78 ensureDatabases = ["synapse" "mediarepo"];
79 ensureUsers = [
80 {
81 name = "synapse";
82 ensurePermissions = {
83 "DATABASE synapse" = "ALL PRIVILEGES";
84 };
85 }
86 {
87 name = "mediarepo";
88 ensurePermissions = {
89 "DATABASE mediarepo" = "ALL PRIVILEGES";
90 };
91 }
92 ];
Bartosz Stebel821b8392023-03-05 23:21:37 +0100[diff] [blame]93 authentication = pkgs.lib.mkOverride 10 ''
Bartosz Stebel779727b2023-03-26 21:27:21 +0200[diff] [blame^]94 local all all trust
95 host all all 127.0.0.1/32 trust
96 host all all ::1/128 trust
97 host synapse,mediarepo synapse,mediarepo 185.236.240.0/24 scram-sha-256
Bartosz Stebel821b8392023-03-05 23:21:37 +0100[diff] [blame]98 '';
99 };
Serge Bazanski712a5dc2023-02-28 01:15:40 +0000[diff] [blame]100}
101