{ pkgs, ... }: { imports = [ ../secrets/machines/back.nix ../system/baremetal-server.nix ../system/btrfs.nix ../system/ucode-intel.nix ../system/zfs.nix ]; system.stateVersion = "23.11"; boot.initrd = { availableKernelModules = [ "hpsa" "aesni_intel" "tg3" ]; luks.devices.nixos-root.device = "/dev/md1"; }; boot.swraid = { enable = true; mdadmConf = '' DEVICE partitions ARRAY /dev/md0 level=raid1 num-devices=2 metadata=1.0 name=nixos:0 UUID=8b85ad8d:07770d93:de437327:626744b3 ARRAY /dev/md1 level=raid1 num-devices=2 metadata=1.2 name=nixos:1 UUID=fa799b6d:76859754:7bf68be4:d184553c PROGRAM ${pkgs.toybox}/bin/true ''; }; boot.kernelParams = [ "zfs.zfs_arc_max=34359738368" ]; # 32 GiB fileSystems."/" = { device = "/dev/mapper/nixos-root"; fsType = "btrfs"; options = [ "noatime" "subvol=@" ]; }; fileSystems."/boot" = { device = "/dev/md0"; fsType = "vfat"; }; fileSystems."/home" = { device = "/dev/mapper/nixos-root"; fsType = "btrfs"; options = [ "subvol=@home" ]; }; fileSystems."/nix" = { device = "/dev/mapper/nixos-root"; fsType = "btrfs"; options = [ "noatime" "subvol=@nix" ]; }; fileSystems."/var/log" = { device = "/dev/mapper/nixos-root"; fsType = "btrfs"; options = [ "noatime" "compress=zstd" "subvol=@log" ]; }; services.btrfs.autoScrub.fileSystems = [ "/" ]; users.users.backup = { isNormalUser = true; uid = 2000; createHome = false; openssh.authorizedKeys.keys = let restrictCmd = ''command="${pkgs.rrsync}/bin/rrsync -wo -no-del /tank/",restrict''; in [ "${restrictCmd} ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAO9LOBcl04ddGijyDSuUXH47Qt6TZISUDwDr1wrm+Ou tank.c8h4.io" ]; }; services.openssh.settings.AllowUsers = [ "backup" ]; systemd.services.switch-mlx4-ports-to-eth = { serviceConfig.Type = "oneshot"; description = "switch Mellanox ConnectX-3 Pro ports to ethernet mode"; script = '' echo eth >/sys/bus/pci/devices/0000\:04\:00.0/mlx4_port1 echo eth >/sys/bus/pci/devices/0000\:04\:00.0/mlx4_port2 ''; wantedBy = [ "multi-user.target" ]; }; }