{ lib, ... }: let inherit (lib.my) net mkVLAN; inherit (lib.my.c) pubDomain; inherit (lib.my.c.home) domain vlans prefixes vips; in { nixos.systems.palace = { system = "x86_64-linux"; nixpkgs = "mine-stable"; home-manager = "mine-stable"; assignments = { hi = { inherit domain; ipv4 = { address = net.cidr.host 22 prefixes.hi.v4; mask = 22; gateway = vips.hi.v4; }; }; core = { inherit domain; name = "palace-core"; ipv4 = { address = net.cidr.host 20 prefixes.core.v4; gateway = null; }; }; }; configuration = { lib, pkgs, modulesPath, config, systems, assignments, allAssignments, ... }: let inherit (lib) mkForce mkMerge; inherit (lib.my) networkdAssignment; in { boot = { kernelModules = [ "kvm-amd" ]; kernelParams = [ "amd_iommu=on" ]; initrd = { availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; }; }; hardware = { enableRedistributableFirmware = true; cpu = { amd.updateMicrocode = true; }; }; fileSystems = { "/boot" = { device = "/dev/disk/by-partuuid/c06a8d24-2af9-4416-bf5e-cfe6defdbd47"; fsType = "vfat"; }; "/nix" = { device = "/dev/disk/by-partuuid/71695225-b306-41e6-83f8-c5cde57c06f7"; fsType = "ext4"; }; "/persist" = { device = "/dev/disk/by-partuuid/9991aec3-c062-41d1-971e-e056b63370f0"; fsType = "ext4"; neededForBoot = true; }; }; services = { smartd = { enable = true; autodetect = true; extraOptions = [ "-A /var/log/smartd/" "--interval=600" ]; }; }; environment.systemPackages = with pkgs; [ pciutils usbutils partclone lm_sensors linuxPackages.cpupower smartmontools mstflint ethtool ]; networking.domain = "h.${pubDomain}"; systemd = { tmpfiles.rules = [ "d /var/log/smartd 0755 root root" ]; services = { setup-mlx5-vfs = { description = "Enable 100G NIC VFs"; serviceConfig = { Type = "oneshot"; }; script = '' vfsFile=/sys/class/infiniband/mlx5_0/device/sriov_numvfs until [ -f "$vfsFile" ]; do sleep 0.2 done echo 3 > "$vfsFile" ''; wantedBy = [ "multi-user.target" ]; before = [ "network-pre.target" ]; }; }; network = { links = { "10-et1g0" = { matchConfig.MACAddress = "e0:d5:5e:68:0c:6e"; linkConfig.Name = "et1g0"; }; "10-lan-core" = { matchConfig.MACAddress = "e0:d5:5e:68:0c:70"; linkConfig.Name = "lan-core"; }; "10-et100g" = { matchConfig = { PermanentMACAddress = "24:8a:07:ac:59:c0"; Driver = "mlx5_core"; }; linkConfig = { Name = "et100g"; MTUBytes = "9000"; }; }; }; netdevs = mkMerge [ (mkVLAN "lan-hi" vlans.hi) ]; networks = { "50-lan-core" = mkMerge [ (networkdAssignment "lan-core" assignments.core) { matchConfig.Name = "lan-core"; networkConfig.IPv6AcceptRA = mkForce false; } ]; "50-et100g" = { matchConfig.Name = "et100g"; vlan = [ "lan-hi" ]; networkConfig.IPv6AcceptRA = false; }; "60-lan-hi" = mkMerge [ (networkdAssignment "lan-hi" assignments.hi) { matchConfig.Name = "lan-hi"; linkConfig.MTUBytes = "9000"; networkConfig.DNS = [ (allAssignments.stream.hi.ipv4.address) # (allAssignments.river.hi.ipv4.address) ]; } ]; }; }; }; my = { secrets = { key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzVJpoDz/AAYLJGzU8t6DgZ2sY3oehRqrlSO7C+GWiK"; }; server.enable = true; deploy.node.hostname = "192.168.68.22"; }; }; }; }