Upgrade to NixOS 23.05 and SSD boot
This commit is contained in:
parent
95a024a6e7
commit
110a98c3d4
24
README.org
24
README.org
|
@ -20,32 +20,34 @@
|
||||||
** Installation
|
** Installation
|
||||||
|
|
||||||
1. Download the sdcard image
|
1. Download the sdcard image
|
||||||
2. Connect a keyboard to the Raspberry Pi and set the password
|
2. Use initial config file
|
||||||
|
|
||||||
#+begin_src shell
|
#+begin_src shell
|
||||||
passwd
|
cp install.nix configuration.nix
|
||||||
sudo su
|
|
||||||
passwd
|
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
The default user is nixos
|
|
||||||
|
|
||||||
3. Move the repo to the server and the agenix key
|
3. Move the repo to the server and the agenix key
|
||||||
|
|
||||||
#+begin_src shell
|
#+begin_src shell
|
||||||
scp -R Projects/zion zion:/home/nixos/system
|
scp -r Projects/zion zion:/home/nixos/system
|
||||||
scp .ssh/zion root@zion:/etc/ssh/id_ed25519
|
scp .ssh/zion root@zion:/etc/ssh/id_ed25519
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
4. Rebuild the system using Flakes
|
4. Mount the firmware partition
|
||||||
|
|
||||||
|
#+begin_src shell
|
||||||
|
mount /dev/mmcblk1p1 /boot
|
||||||
|
#+end_src
|
||||||
|
|
||||||
|
5. Rebuild the system using Flakes
|
||||||
|
|
||||||
#+begin_src shell
|
#+begin_src shell
|
||||||
nix-shell -p git
|
nix-shell -p git
|
||||||
sudo nixos-rebuild switch --flake /home/nixos/system#zion --impure
|
sudo nixos-rebuild switch --flake /home/nixos/system#zion
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
5. Restore the SQL databases
|
6. Restore the SQL databases
|
||||||
|
|
||||||
#+begin_src shell
|
#+begin_src shell
|
||||||
psql -U postgres -f /vault/backups/zion/databases/all.sql
|
gunzip -c /vault/backups/zion/databases/all.sql.gz | psql -U postgres
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
|
@ -12,24 +12,20 @@ with pkgs;
|
||||||
inputs.agenix.packages.aarch64-linux.default
|
inputs.agenix.packages.aarch64-linux.default
|
||||||
];
|
];
|
||||||
|
|
||||||
# Add a swap file
|
|
||||||
swapDevices = [{
|
|
||||||
device = "/swapfile";
|
|
||||||
size = 4096;
|
|
||||||
}];
|
|
||||||
|
|
||||||
# Enable zswap
|
# Enable zswap
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
|
|
||||||
# Configure basic SSH access
|
# Configure basic SSH access
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
permitRootLogin = "yes";
|
settings = {
|
||||||
passwordAuthentication = false;
|
PermitRootLogin = "yes";
|
||||||
|
PasswordAuthentication = false;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Cleanup tmp on startup
|
# Cleanup tmp on startup
|
||||||
boot.cleanTmpDir = true;
|
boot.tmp.cleanOnBoot = true;
|
||||||
|
|
||||||
# Create coolneng user
|
# Create coolneng user
|
||||||
users.users.coolneng = {
|
users.users.coolneng = {
|
||||||
|
|
26
flake.lock
26
flake.lock
|
@ -106,11 +106,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1663958238,
|
"lastModified": 1683490239,
|
||||||
"narHash": "sha256-l4VrBCswq500YwsgjK7M8HUmnVWrHYY7DKZ7uZK5Abg=",
|
"narHash": "sha256-QKzpvl2XrqbobWq/I/smDa9hEniwctjJybXPVILHP0w=",
|
||||||
"owner": "coffeetables",
|
"owner": "coffeetables",
|
||||||
"repo": "nix-matrix-appservices",
|
"repo": "nix-matrix-appservices",
|
||||||
"rev": "efdc09f26e3b01801edaa3b0e2bdd46d9d133bba",
|
"rev": "e795d2fbc61da45d49802bb3e8f8d0c70ddc1e68",
|
||||||
"type": "gitlab"
|
"type": "gitlab"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -136,11 +136,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1674550793,
|
"lastModified": 1684899633,
|
||||||
"narHash": "sha256-ljJlIFQZwtBbzWqWTmmw2O5BFmQf1A/DspwMOQtGXHk=",
|
"narHash": "sha256-NtwerXX8UFsoNy6k+DukJMriWtEjQtMU/Urbff2O2Dg=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "b7ac0a56029e4f9e6743b9993037a5aaafd57103",
|
"rev": "4cc688ee711159b9bcb5a367be44007934e1a49d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -151,26 +151,26 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1684661732,
|
"lastModified": 1685865905,
|
||||||
"narHash": "sha256-2/Xo/UmUUoMXc0T5tzoUsYjMLLMjEfzRWDAQB0WwtW0=",
|
"narHash": "sha256-XJZ/o17eOd2sEsGif+/MQBnfa2DKmndWgJyc7CWajFc=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "b0671cbf1e5c443f7fbfd4941ee0f8a151435114",
|
"rev": "e7603eba51f2c7820c0a182c6bbb351181caa8e7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"id": "nixpkgs",
|
"id": "nixpkgs",
|
||||||
"ref": "nixos-22.11",
|
"ref": "nixos-23.05",
|
||||||
"type": "indirect"
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1679437018,
|
"lastModified": 1685931219,
|
||||||
"narHash": "sha256-vOuiDPLHSEo/7NkiWtxpHpHgoXoNmrm+wkXZ6a072Fc=",
|
"narHash": "sha256-8EWeOZ6LKQfgAjB/USffUSELPRjw88A+xTcXnOUvO5M=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "19cf008bb18e47b6e3b4e16e32a9a4bdd4b45f7e",
|
"rev": "7409480d5c8584a1a83c422530419efe4afb0d19",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
description = "System configuration for zion";
|
description = "System configuration for zion";
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "nixpkgs/nixos-22.11";
|
nixpkgs.url = "nixpkgs/nixos-23.05";
|
||||||
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
|
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
|
||||||
agenix = {
|
agenix = {
|
||||||
url = "github:ryantm/agenix";
|
url = "github:ryantm/agenix";
|
||||||
|
|
|
@ -11,17 +11,6 @@ let
|
||||||
conn_max_lifetime = -1;
|
conn_max_lifetime = -1;
|
||||||
};
|
};
|
||||||
|
|
||||||
latest-mautrix-signal = mautrix-signal.overrideAttrs (old: rec {
|
|
||||||
version = "0.4.2";
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "mautrix";
|
|
||||||
repo = "signal";
|
|
||||||
rev = "refs/tags/v${version}";
|
|
||||||
sha256 = "UbetU1n9zD/mVFaJc9FECDq/Zell1TI/aYPsGXGB8Js=";
|
|
||||||
};
|
|
||||||
|
|
||||||
});
|
|
||||||
|
|
||||||
in {
|
in {
|
||||||
# Matrix server configuration
|
# Matrix server configuration
|
||||||
services.dendrite = {
|
services.dendrite = {
|
||||||
|
@ -95,7 +84,7 @@ in {
|
||||||
signal = {
|
signal = {
|
||||||
port = 8338;
|
port = 8338;
|
||||||
format = "mautrix-python";
|
format = "mautrix-python";
|
||||||
package = latest-mautrix-signal;
|
package = mautrix-signal;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
StateDirectory = [ "matrix-as-signal" "signald" ];
|
StateDirectory = [ "matrix-as-signal" "signald" ];
|
||||||
JoinNamespaceOf = "signald.service";
|
JoinNamespaceOf = "signald.service";
|
||||||
|
|
|
@ -54,4 +54,10 @@
|
||||||
${podman}/bin/podman pod exists cgm-repo || ${podman}/bin/podman pod create -n cgm-repo -p '127.0.0.1:1337:1337'
|
${podman}/bin/podman pod exists cgm-repo || ${podman}/bin/podman pod create -n cgm-repo -p '127.0.0.1:1337:1337'
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Start services after ZFS mount
|
||||||
|
systemd.services.podman-mongodb.unitConfig.RequiresMountsFor =
|
||||||
|
[ "vault.mount" ];
|
||||||
|
systemd.services.podman-mqtt2prometheus.unitConfig.RequiresMountsFor =
|
||||||
|
[ "vault.mount" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -97,4 +97,10 @@
|
||||||
monthly = 12;
|
monthly = 12;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Start services after ZFS mount
|
||||||
|
systemd.services.syncthing.unitConfig.RequiresMountsFor =
|
||||||
|
[ "vault-syncthing.mount" ];
|
||||||
|
systemd.services.radicale.unitConfig.RequiresMountsFor =
|
||||||
|
[ "vault-radicale.mount" ];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,8 +18,7 @@ with pkgs;
|
||||||
boot.loader = {
|
boot.loader = {
|
||||||
grub.enable = false;
|
grub.enable = false;
|
||||||
generic-extlinux-compatible.enable = lib.mkForce false;
|
generic-extlinux-compatible.enable = lib.mkForce false;
|
||||||
};
|
raspberryPi = {
|
||||||
boot.loader.raspberryPi = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
version = 4;
|
version = 4;
|
||||||
firmwareConfig = ''
|
firmwareConfig = ''
|
||||||
|
@ -28,8 +27,10 @@ with pkgs;
|
||||||
dtoverlay=w1-gpio
|
dtoverlay=w1-gpio
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
boot.kernelModules = [ "pwm_bcm2835" "w1-gpio" "w1-therm" ];
|
boot.kernelModules = [ "pwm_bcm2835" "w1-gpio" "w1-therm" ];
|
||||||
|
|
||||||
# Load PWM hardware timers
|
# Load PWM hardware timers
|
||||||
hardware.raspberry-pi."4".pwm0.enable = true;
|
hardware.raspberry-pi."4".pwm0.enable = true;
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,7 @@
|
||||||
{ config, pkgs, pkgs-unstable, lib, ... }: {
|
{ config, pkgs, lib, ... }: {
|
||||||
# Set up Gitea with LFS support
|
# Set up Gitea with LFS support
|
||||||
services.gitea = {
|
services.gitea = {
|
||||||
enable = true;
|
enable = true;
|
||||||
domain = "git.coolneng.duckdns.org";
|
|
||||||
rootUrl = "https://git.coolneng.duckdns.org";
|
|
||||||
package = pkgs-unstable.gitea;
|
|
||||||
database = {
|
database = {
|
||||||
type = "postgres";
|
type = "postgres";
|
||||||
passwordFile = config.age.secrets.gitea.path;
|
passwordFile = config.age.secrets.gitea.path;
|
||||||
|
@ -16,10 +13,17 @@
|
||||||
contentDir = "${config.services.gitea.repositoryRoot}/data/lfs";
|
contentDir = "${config.services.gitea.repositoryRoot}/data/lfs";
|
||||||
};
|
};
|
||||||
settings = {
|
settings = {
|
||||||
|
server = {
|
||||||
|
DISABLE_SSH = true;
|
||||||
|
DOMAIN = "git.coolneng.duckdns.org";
|
||||||
|
ROOTURL = "https://git.coolneng.duckdns.org";
|
||||||
|
};
|
||||||
ui.DEFAULT_THEME = "arc-green";
|
ui.DEFAULT_THEME = "arc-green";
|
||||||
session.COOKIE_SECURE = true;
|
session.COOKIE_SECURE = true;
|
||||||
server.DISABLE_SSH = true;
|
|
||||||
actions.ENABLED = true;
|
actions.ENABLED = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Start services after ZFS mount
|
||||||
|
systemd.services.gitea.unitConfig.RequiresMountsFor = [ "vault-git.mount" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,18 +6,28 @@
|
||||||
{
|
{
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" ];
|
boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ ];
|
boot.kernelModules = [ ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" = {
|
fileSystems."/" = {
|
||||||
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
|
device = "sysion/root";
|
||||||
fsType = "ext4";
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nix" = {
|
||||||
|
device = "sysion/root/nix";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/home" = {
|
||||||
|
device = "sysion/home";
|
||||||
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
fileSystems."/boot" = {
|
||||||
device = "/dev/disk/by-uuid/2178-694E";
|
device = "/dev/disk/by-uuid/06AD-825C";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -102,7 +112,8 @@
|
||||||
options = [ "bind" ];
|
options = [ "bind" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices =
|
||||||
|
[{ device = "/dev/disk/by-uuid/835f9dd4-cc27-4443-b5e1-381c2f4b2afc"; }];
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
@ -110,7 +121,7 @@
|
||||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
networking.useDHCP = lib.mkDefault true;
|
networking.useDHCP = lib.mkDefault true;
|
||||||
# networking.interfaces.cni-podman0.useDHCP = lib.mkDefault true;
|
# networking.interfaces.cni-podman0.useDHCP = lib.mkDefault true;
|
||||||
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
|
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
|
||||||
# networking.interfaces.veth25ee5d84.useDHCP = lib.mkDefault true;
|
# networking.interfaces.veth25ee5d84.useDHCP = lib.mkDefault true;
|
||||||
# networking.interfaces.veth6e46f8d7.useDHCP = lib.mkDefault true;
|
# networking.interfaces.veth6e46f8d7.useDHCP = lib.mkDefault true;
|
||||||
# networking.interfaces.veth8506af14.useDHCP = lib.mkDefault true;
|
# networking.interfaces.veth8506af14.useDHCP = lib.mkDefault true;
|
||||||
|
|
|
@ -11,12 +11,12 @@ in {
|
||||||
useNetworkd = true;
|
useNetworkd = true;
|
||||||
dhcpcd.enable = false;
|
dhcpcd.enable = false;
|
||||||
};
|
};
|
||||||
systemd.services."systemd-networkd-wait-online".enable = false;
|
systemd.network.wait-online.enable = false;
|
||||||
|
|
||||||
# Assign a static IP
|
# Assign a static IP
|
||||||
systemd.network.networks."24-home" = {
|
systemd.network.networks."24-home" = {
|
||||||
name = "eth0";
|
name = "end0";
|
||||||
matchConfig.Name = "eth0";
|
matchConfig.Name = "end0";
|
||||||
address = [ "192.168.13.2/24" ];
|
address = [ "192.168.13.2/24" ];
|
||||||
gateway = [ "192.168.13.1" ];
|
gateway = [ "192.168.13.1" ];
|
||||||
dns = [ "192.168.13.2" ];
|
dns = [ "192.168.13.2" ];
|
||||||
|
@ -57,7 +57,9 @@ in {
|
||||||
53 # DNS
|
53 # DNS
|
||||||
];
|
];
|
||||||
extraCommands = ''
|
extraCommands = ''
|
||||||
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
|
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${
|
||||||
|
config.systemd.network.networks."24-home".name
|
||||||
|
} -j MASQUERADE
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -101,23 +103,22 @@ in {
|
||||||
# DNS server with ad-block
|
# DNS server with ad-block
|
||||||
services.dnsmasq = {
|
services.dnsmasq = {
|
||||||
enable = true;
|
enable = true;
|
||||||
servers = [ "51.158.108.203" "137.220.55.93" ];
|
settings = {
|
||||||
extraConfig = ''
|
domain-needed = true;
|
||||||
domain-needed
|
bogus-priv = true;
|
||||||
bogus-priv
|
no-resolv = true;
|
||||||
no-resolv
|
|
||||||
|
|
||||||
listen-address=127.0.0.1,192.168.13.2,10.8.0.1
|
listen-address = [ "127.0.0.1" "192.168.13.2" "10.8.0.1" ];
|
||||||
bind-interfaces
|
bind-interfaces = true;
|
||||||
|
server = [ "51.158.108.203" "137.220.55.93" ];
|
||||||
|
|
||||||
cache-size=10000
|
cache-size = 10000;
|
||||||
local-ttl=300
|
local-ttl = 300;
|
||||||
|
|
||||||
conf-file=/var/lib/dnsmasq/dnsmasq.blacklist.txt
|
conf-file = "/var/lib/dnsmasq/dnsmasq.blacklist.txt";
|
||||||
|
|
||||||
address=/coolneng.duckdns.org/192.168.13.2
|
address = "/coolneng.duckdns.org/192.168.13.2";
|
||||||
'';
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -14,6 +14,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
# Fetch hosts-blocklists daily
|
# Fetch hosts-blocklists daily
|
||||||
|
# FIXME Download the list if the file doesn't exist the first time
|
||||||
systemd.services.download-dns-blocklist = {
|
systemd.services.download-dns-blocklist = {
|
||||||
description = "Download hosts-blocklists";
|
description = "Download hosts-blocklists";
|
||||||
wantedBy = [ "default.target" ];
|
wantedBy = [ "default.target" ];
|
||||||
|
@ -25,16 +26,16 @@ in {
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig.Type = "oneshot";
|
||||||
postStop = ''
|
postStop = ''
|
||||||
chown -R dnsmasq ${stateDir}
|
chown -R dnsmasq ${stateDir}
|
||||||
systemctl restart dnsmasq
|
|
||||||
'';
|
'';
|
||||||
|
requiredBy = [ "dnsmasq.service" ];
|
||||||
after = [ "wireguard-wg0.service" ];
|
after = [ "wireguard-wg0.service" ];
|
||||||
startAt = "02:00:00";
|
startAt = "02:00:00";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable SATA HAT
|
# Enable SATA HAT fans
|
||||||
systemd.services.sata-hat = {
|
systemd.services.sata-hat = {
|
||||||
description = "Enable software support for SATA Hat";
|
description = "Enable software support for SATA Hat";
|
||||||
wantedBy = [ "zfs-import.target" ];
|
wantedBy = [ "default.target" ];
|
||||||
script = ''
|
script = ''
|
||||||
${pkgs.bash}/bin/bash -c "/home/coolneng/system/scripts/SATA-hat.sh on"
|
${pkgs.bash}/bin/bash -c "/home/coolneng/system/scripts/SATA-hat.sh on"
|
||||||
'';
|
'';
|
||||||
|
@ -45,30 +46,6 @@ in {
|
||||||
${pkgs.bash}/bin/bash -c "/home/coolneng/system/scripts/SATA-hat.sh off"
|
${pkgs.bash}/bin/bash -c "/home/coolneng/system/scripts/SATA-hat.sh off"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
before = [ "zfs-import.target" "zfs-import-vault.service" "umount.target" ];
|
|
||||||
requires = [ "systemd-udev-settle.service" ];
|
|
||||||
after = [ "systemd-udev-settle.service" ];
|
|
||||||
conflicts = [ "umount.target" ];
|
|
||||||
requiredBy = [ "syncthing.service" "radicale.service" "gitea.service" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
# HACK: restart services dependent on ZFS afer mount
|
|
||||||
systemd.services.restart-services-mount = {
|
|
||||||
description = "Restart services after the ZFS dataset is mounted";
|
|
||||||
wantedBy = [ "default.target" ];
|
|
||||||
script = ''
|
|
||||||
sleep 5
|
|
||||||
systemctl restart syncthing
|
|
||||||
systemctl restart radicale
|
|
||||||
systemctl restart gitea
|
|
||||||
systemctl restart podman-openbooks
|
|
||||||
systemctl restart podman-mqtt2prometheus
|
|
||||||
systemctl restart podman-mongodb
|
|
||||||
systemctl restart podman-nightscout
|
|
||||||
'';
|
|
||||||
serviceConfig.Type = "oneshot";
|
|
||||||
requires = [ "sata-hat.service" ];
|
|
||||||
after = [ "vault.mount" ];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Idle HDDs when not used
|
# Idle HDDs when not used
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
|
recommendedBrotliSettings = true;
|
||||||
clientMaxBodySize = "0";
|
clientMaxBodySize = "0";
|
||||||
sslCiphers =
|
sslCiphers =
|
||||||
"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!AES128";
|
"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!AES128";
|
||||||
|
@ -221,5 +222,8 @@
|
||||||
"dendrite.service"
|
"dendrite.service"
|
||||||
"phpfpm-wallabag.service"
|
"phpfpm-wallabag.service"
|
||||||
"systemd-tmpfiles-setup.service"
|
"systemd-tmpfiles-setup.service"
|
||||||
|
"podman-openbooks.service"
|
||||||
|
"podman-mqtt2prometheus.service"
|
||||||
|
"podman-nightscout.service"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,8 +5,6 @@ GPIO_PATH="$BASE_PATH"/gpio
|
||||||
PWM_PATH="$BASE_PATH"/pwm/pwmchip0
|
PWM_PATH="$BASE_PATH"/pwm/pwmchip0
|
||||||
|
|
||||||
# GPIO pins
|
# GPIO pins
|
||||||
SATA0=26
|
|
||||||
SATA1=25
|
|
||||||
CPU_FAN=12
|
CPU_FAN=12
|
||||||
|
|
||||||
# Values
|
# Values
|
||||||
|
@ -50,16 +48,11 @@ set_pwm() {
|
||||||
}
|
}
|
||||||
|
|
||||||
turn_on() {
|
turn_on() {
|
||||||
set_gpio $SATA0 $HIGH
|
|
||||||
sleep 1
|
|
||||||
set_gpio $SATA1 $HIGH
|
|
||||||
set_gpio $CPU_FAN $HIGH
|
set_gpio $CPU_FAN $HIGH
|
||||||
set_pwm
|
set_pwm
|
||||||
}
|
}
|
||||||
|
|
||||||
turn_off() {
|
turn_off() {
|
||||||
set_gpio $SATA0 $LOW clean
|
|
||||||
set_gpio $SATA1 $LOW clean
|
|
||||||
set_gpio $CPU_FAN $LOW clean
|
set_gpio $CPU_FAN $LOW clean
|
||||||
set_pwm clean
|
set_pwm clean
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue