osmium: added

2024-11-24 17:26:49 +08:00 · 2024-11-24 17:26:49 +08:00 · ca8f27bafa
commit ca8f27bafa
parent 02636ac5a1
6 changed files with 271 additions and 6 deletions
--- a/machines/osmium/default.nix
+++ b/machines/osmium/default.nix
@ -0,0 +1,111 @@
+{
+  pkgs,
+  lib,
+  modulesPath,
+  ...
+}:
+{
+  imports = [
+    (modulesPath + "/installer/sd-card/sd-image.nix")
+    ./sd-image-aarch64-orangepi-r1plus.nix
+  ];
+
+  config = {
+    system.stateVersion = "24.05";
+
+    nixpkgs.system = "aarch64-linux";
+
+    boot.tmp.useTmpfs = false;
+    boot.kernelModules = [
+      "br_netfilter"
+      "bridge"
+    ];
+    boot.kernel.sysctl = {
+      "net.ipv4.ip_forward" = 1;
+      "net.ipv4.ip_nonlocal_bind" = 1;
+      "net.ipv6.conf.all.forwarding" = 1;
+      "net.ipv6.ip_nonlocal_bind" = 1;
+      "net.bridge.bridge-nf-call-ip6tables" = 1;
+      "net.bridge.bridge-nf-call-iptables" = 1;
+      "net.bridge.bridge-nf-call-arptables" = 1;
+      "fs.inotify.max_user_watches" = 524288;
+      "dev.i915.perf_stream_paranoid" = 0;
+      "net.ipv4.conf.all.rp_filter" = 0;
+      "vm.max_map_count" = 2000000;
+      "net.ipv4.conf.all.route_localnet" = 1;
+      "net.ipv4.conf.all.send_redirects" = 0;
+      "kernel.msgmnb" = 65536;
+      "kernel.msgmax" = 65536;
+      "net.ipv4.tcp_timestamps" = 0;
+      "net.ipv4.tcp_synack_retries" = 1;
+      "net.ipv4.tcp_syn_retries" = 1;
+      "net.ipv4.tcp_tw_recycle" = 1;
+      "net.ipv4.tcp_tw_reuse" = 1;
+      "net.ipv4.tcp_fin_timeout" = 15;
+      "net.ipv4.tcp_keepalive_time" = 1800;
+      "net.ipv4.tcp_keepalive_probes" = 3;
+      "net.ipv4.tcp_keepalive_intvl" = 15;
+      "net.ipv4.ip_local_port_range" = "2048 65535";
+      "fs.file-max" = 102400;
+      "net.ipv4.tcp_max_tw_buckets" = 180000;
+    };
+
+    commonSettings = {
+      nix.enableMirrors = true;
+      auth.enable = true;
+    };
+
+    documentation.enable = false;
+
+    time.timeZone = "Asia/Shanghai";
+    i18n = {
+      defaultLocale = "en_US.UTF-8";
+    };
+
+    environment.systemPackages = with pkgs; [
+      lsof
+      wget
+      curl
+      neovim
+      jq
+      iptables
+      ebtables
+      tcpdump
+      busybox
+      ethtool
+      socat
+      htop
+      iftop
+      lm_sensors
+    ];
+
+    programs.command-not-found.enable = false;
+
+    networking = {
+      useDHCP = false;
+      hostName = "osmium";
+    };
+
+    systemd.network = {
+      enable = true;
+      networks."lan" = {
+        matchConfig.Name = "enu1";
+        networkConfig.DHCP = "no";
+        linkConfig.RequiredForOnline = "no";
+      };
+      networks."wan" = {
+        matchConfig.Name = "end0";
+        networkConfig.DHCP = "yes";
+        linkConfig.RequiredForOnline = "yes";
+      };
+    };
+
+    services.dae = {
+      enable = true;
+      configFile = "/var/lib/dae/config.dae";
+    };
+
+    services.tailscale.enable = true;
+
+  };
+}