# MANUAL: On client machines generate signing keys: # nix-store --generate-binary-cache-key some-name /persist/manual/nix/nix-cache-key.sec /persist/manual/nix/nix-cache-key.pub # # Trust other machines and add the substituters: # nix.binaryCachePublicKeys = [ "some-name:AzNW1MOlkNEsUAXS1jIFZ1QCFKXjV+Y/LrF37quAZ1A=" ]; # nix.binaryCaches = [ "https://test.example/nix-cache" ]; { config, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix ./vm_disk.nix ]; config = { networking = let interface = "enp0s2"; in { # Generate with `head -c4 /dev/urandom | od -A none -t x4` hostId = "769e1349"; hostName = "controller0"; # Define your hostname. interfaces = { "${interface}" = { ipv4.addresses = [ { address = "10.215.1.221"; prefixLength = 24; } ]; ipv6.addresses = [ { address = "2620:11f:7001:7:ffff:ffff:0ad7:01dd"; prefixLength = 64; } ]; }; }; defaultGateway = "10.215.1.1"; defaultGateway6 = { # address = "2620:11f:7001:7::1"; address = "2620:11f:7001:7:ffff:ffff:0ad7:0101"; inherit interface; }; nameservers = [ "10.215.1.1" ]; dhcpcd.enable = lib.mkForce false; useDHCP = lib.mkForce false; }; time.timeZone = "America/New_York"; i18n.defaultLocale = "en_US.UTF-8"; me.boot.enable = true; me.boot.secure = false; me.mountPersistence = true; boot.loader.timeout = lib.mkForce 0; # We can always generate a new ISO if we need to access other boot options. me.optimizations = { enable = true; arch = "znver4"; # build_arch = "x86-64-v3"; system_features = [ "gccarch-znver4" "gccarch-skylake" "gccarch-kabylake" # "gccarch-alderlake" missing WAITPKG "gccarch-x86-64-v3" "gccarch-x86-64-v4" "benchmark" "big-parallel" "kvm" "nixos-test" ]; }; # Mount tmpfs at /tmp boot.tmp.useTmpfs = true; # Enable TRIM # services.fstrim.enable = lib.mkDefault true; # nix.optimise.automatic = true; # nix.optimise.dates = [ "03:45" ]; # nix.optimise.persistent = true; environment.systemPackages = with pkgs; [ htop ]; # nix.sshServe.enable = true; # nix.sshServe.keys = [ "ssh-dss AAAAB3NzaC1k... bob@example.org" ]; me.etcd.cluster_name = "put-a-nix-on-it"; me.etcd.internal_ip = [ # "10.215.1.221" "[2620:11f:7001:7:ffff:ffff:0ad7:01dd]" ]; me.etcd.initial_cluster = [ # "controller0=https://10.215.1.221:2380" # 2620:11f:7001:7:ffff:ffff:0ad7:01dd # "controller1=https://10.215.1.222:2380" # 2620:11f:7001:7:ffff:ffff:0ad7:01de # "controller2=https://10.215.1.223:2380" # 2620:11f:7001:7:ffff:ffff:0ad7:01df "controller0=https://[2620:11f:7001:7:ffff:ffff:0ad7:01dd]:2380" # 10.215.1.221 "controller1=https://[2620:11f:7001:7:ffff:ffff:0ad7:01de]:2380" # 10.215.1.222 "controller2=https://[2620:11f:7001:7:ffff:ffff:0ad7:01df]:2380" # 10.215.1.223 ]; me.kube_apiserver.internal_ip = "2620:11f:7001:7:ffff:ffff:0ad7:01dd"; # me.kube_apiserver.external_ip = "74.80.180.138"; me.kube_apiserver.external_ip = "2620:11f:7001:7:ffff:ffff:0ad7:01dd"; me.kube_apiserver.etcd_services = [ "https://[2620:11f:7001:7:ffff:ffff:0ad7:01dd]:2379" # 10.215.1.221 "https://[2620:11f:7001:7:ffff:ffff:0ad7:01de]:2379" # 10.215.1.222 "https://[2620:11f:7001:7:ffff:ffff:0ad7:01df]:2379" # 10.215.1.223 ]; me.control_plane.enable = true; me.dont_use_substituters.enable = true; me.etcd.enable = true; me.minimal_base.enable = true; }; }