forked from hswaw/hscloud
102 lines
2.9 KiB
Nix
102 lines
2.9 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
with builtins;
|
|
let
|
|
postgresPkg = pkgs.postgresql_14;
|
|
numCPUs = 16;
|
|
in rec {
|
|
networking.hostName = "bc01n05";
|
|
# TODO: undefine fqdn and define domain after big nix change
|
|
hscloud.base.fqdn = "${networking.hostName}.hswaw.net";
|
|
#networking.domain = "hswaw.net";
|
|
system.stateVersion = "22.05";
|
|
nix.maxJobs = numCPUs;
|
|
|
|
### zfs
|
|
# randomly generated
|
|
networking.hostId = "26dbfbcd";
|
|
boot.supportedFilesystems = [ "zfs" ];
|
|
boot.initrd.supportedFilesystems = [ "zfs" ];
|
|
services.zfs.trim.enable = true;
|
|
|
|
boot.loader.grub.device = "/dev/sda";
|
|
fileSystems = {
|
|
"/" = {
|
|
device = "rpool/nixos/root";
|
|
fsType = lib.mkForce "zfs";
|
|
options = [ "X-mount.mkdir" ];
|
|
};
|
|
"/home" = {
|
|
device = "rpool/nixos/home";
|
|
fsType = "zfs";
|
|
options = [ "X-mount.mkdir" ];
|
|
};
|
|
"/var/lib/postgresql" = {
|
|
device = "rpool/postgres";
|
|
fsType = "zfs";
|
|
options = [ "X-mount.mkdir" ];
|
|
};
|
|
"/boot" = {
|
|
device = "/dev/disk/by-uuid/2a951c5d-0193-4ef3-9227-d8a5184cbd63";
|
|
fsType = "ext4";
|
|
};
|
|
};
|
|
|
|
hscloud.base = {
|
|
mgmtIf = "eno1";
|
|
ipAddr = "185.236.240.37";
|
|
ipAddrBits = 28;
|
|
gw = "185.236.240.33";
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ config.services.postgresql.port ];
|
|
|
|
environment.systemPackages = [postgresPkg];
|
|
services.postgresql = {
|
|
enable = true;
|
|
package = postgresPkg;
|
|
enableTCPIP = true;
|
|
initdbArgs = ["--encoding='UTF8'" "--lc-collate='C'" "--lc-ctype='C'"];
|
|
settings = {
|
|
max_connections = 300;
|
|
shared_buffers = "8GB";
|
|
temp_buffers = "128MB";
|
|
work_mem = "128MB";
|
|
maintenance_work_mem = "258MB";
|
|
effective_io_concurrency = 10; # ssd, guess
|
|
maintenance_io_concurrency = 100; # ssd, guess
|
|
max_worker_processes = numCPUs;
|
|
max_parallel_workers = numCPUs;
|
|
max_parallel_maintenance_workers = 4;
|
|
wal_level = "logical";
|
|
wal_sync_method = "fsync"; # slightly faster (per pg_test_fsync) AND safer
|
|
full_page_writes = "off"; # partial writes impossible on zfs
|
|
wal_init_zero = "off"; # useless on CoW
|
|
wal_recycle = "off"; # same
|
|
random_page_cost = 2.0; # ssd, TODO maybe even lower?
|
|
};
|
|
ensureDatabases = ["synapse" "mediarepo"];
|
|
ensureUsers = [
|
|
{
|
|
name = "synapse";
|
|
ensurePermissions = {
|
|
"DATABASE synapse" = "ALL PRIVILEGES";
|
|
};
|
|
}
|
|
{
|
|
name = "mediarepo";
|
|
ensurePermissions = {
|
|
"DATABASE mediarepo" = "ALL PRIVILEGES";
|
|
};
|
|
}
|
|
];
|
|
authentication = pkgs.lib.mkOverride 10 ''
|
|
local all all trust
|
|
host all all 127.0.0.1/32 trust
|
|
host all all ::1/128 trust
|
|
host synapse,mediarepo synapse,mediarepo 185.236.240.0/24 scram-sha-256
|
|
'';
|
|
};
|
|
}
|
|
|