machines: Add back

Signed-off-by: Christoph Heiss <christoph@c8h4.io>

default.nix

@@ -15,8 +15,9 @@ let
     };
 
   machines = {
-    fort = { tags = [ "external" "vm" ]; };
-    serv = { tags = [ "homelab" "lxc" ]; };
+    back = { tags = [ "external" "server" "baremetal" ]; };
+    fort = { tags = [ "external" "server" "vm" ]; };
+    serv = { tags = [ "homelab" "server" "lxc" ]; };
     trek = { tags = [ "desktop" ]; };
     zero = { tags = [ "desktop" ]; };
   };

flake.nix

@@ -53,8 +53,9 @@
               switch -b bak
           '';
 
-        machines = [ "fort" "serv" "trek" "zero" ];
-        tags = [ "desktop" "external" "homelab" "lxc" "vm" ];
+        machines = [ "back" "fort" "serv" "trek" "zero" ];
+        tags =
+          [ "baremetal" "desktop" "external" "homelab" "lxc" "server" "vm" ];
       in {
         apps = (builtins.listToAttrs (map (name: {
           inherit name;

machines/back.nix

@@ -0,0 +1,83 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ../secrets/machines/back.nix
+    ../system/baremetal-server.nix
+    ../system/ucode-intel.nix
+  ];
+
+  system.stateVersion = "23.11";
+
+  boot.loader.systemd-boot.enable = false;
+  boot.loader.grub = {
+    enable = true;
+    copyKernels = true;
+    efiInstallAsRemovable = true;
+    efiSupport = true;
+    fsIdentifier = "uuid";
+    enableCryptodisk = true;
+    device = "nodev";
+  };
+
+  boot.initrd = {
+    availableKernelModules = [ "hpsa" "sd_mod" "aesni_intel" "cryptd" ];
+    kernelModules = [ "md_mod" "raid0" "raid1" ];
+    luks.devices.nixos-root.device = "/dev/md1";
+
+    # Manually start degraded arrays if needed, to still allow booting from them.
+    # See https://github.com/NixOS/nixpkgs/issues/72608
+    preLVMCommands = ''
+      for dev in /dev/md*; do
+        if [ -b "$dev" ]; then
+          mdadm --run "$dev"
+        fi
+      done
+    '';
+  };
+
+  boot.swraid = {
+    enable = true;
+    mdadmConf = ''
+      DEVICE partitions
+      ARRAY /dev/md0 level=raid1 num-devices=2 metadata=1.0 name=nixos:0 UUID=8b85ad8d:07770d93:de437327:626744b3
+      ARRAY /dev/md1 level=raid1 num-devices=2 metadata=1.2 name=nixos:1 UUID=fa799b6d:76859754:7bf68be4:d184553c
+      PROGRAM ${pkgs.toybox}/bin/true
+    '';
+  };
+
+  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+
+  fileSystems."/" = {
+    device = "/dev/mapper/nixos-root";
+    fsType = "btrfs";
+    options = [ "noatime" "subvol=@" ];
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/mapper/nixos-root";
+    fsType = "btrfs";
+    options = [ "subvol=@home" ];
+  };
+
+  fileSystems."/nix" = {
+    device = "/dev/mapper/nixos-root";
+    fsType = "btrfs";
+    options = [ "noatime" "subvol=@nix" ];
+  };
+
+  fileSystems."/var/log" = {
+    device = "/dev/mapper/nixos-root";
+    fsType = "btrfs";
+    options = [ "noatime" "compress=zstd" "subvol=@log" ];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/md0";
+    fsType = "vfat";
+  };
+
+  services.zfs.autoScrub.enable = true;
+  services.zfs.autoSnapshot.enable = true;
+  services.zfs.trim.enable = true;
+}

system/baremetal-server.nix

@@ -0,0 +1,16 @@
+{ lib, pkgs, ... }:
+
+{
+  imports = [ ../common ../services/openssh.nix ../system/headless.nix ];
+
+  boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+  boot.kernelParams = [ "panic=10" "mitigations=off" ];
+  boot.kernelModules = [ "kvm-intel" ];
+
+  environment.systemPackages = with pkgs; [
+    linuxPackages.cpupower
+    lm_sensors
+    powertop
+    smartmontools
+  ];
+}