mochi/nixos/hosts/shadowfax/default.nix

210 lines
5 KiB
Nix
Raw Normal View History

2024-09-03 20:56:49 -05:00
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, inputs, pkgs, ... }:
2024-09-03 21:46:29 -05:00
let
sanoidConfig = import ./config/sanoid.nix { };
2024-09-07 05:40:58 -05:00
disks = import ./config/disks.nix;
smartdDevices = map (device: { inherit device; }) disks;
2024-09-03 21:46:29 -05:00
in
2024-09-03 20:56:49 -05:00
{
imports =
[
inputs.disko.nixosModules.disko
2024-09-03 22:33:45 -05:00
(import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda|/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E" ]; })
inputs.nix-minecraft.nixosModules.minecraft-servers
2024-09-03 20:56:49 -05:00
];
boot = {
initrd = {
kernelModules = [ "nfs" ];
supportedFilesystems = [ "nfs" ];
};
2024-09-04 22:09:43 -05:00
kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];
2024-09-03 20:56:49 -05:00
extraModulePackages = [ ];
2024-09-04 22:09:43 -05:00
kernelParams = [ "zfs.zfs_arc_max=107374182400" ]; # 100GB
2024-09-03 20:56:49 -05:00
};
2024-10-21 17:07:48 -05:00
swapDevices = [ ];
2024-11-21 17:05:29 -06:00
hardware = {
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nvidia.open = true;
2024-11-21 17:26:28 -06:00
# TODO: Swap these once I switch to 24.11
# graphics.enable = true;
opengl.enable = true;
2024-11-21 17:05:29 -06:00
nvidia-container-toolkit.enable = true;
};
2024-10-21 17:07:48 -05:00
2024-09-03 20:56:49 -05:00
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
];
2024-10-21 17:07:48 -05:00
# Network settings
networking = {
hostName = "shadowfax";
hostId = "a885fabe";
useDHCP = false; # needed for bridge
networkmanager.enable = true;
firewall.enable = false;
interfaces = {
"enp36s0f0".useDHCP = true;
"enp36s0f1".useDHCP = true;
2024-09-14 18:43:15 -05:00
};
2024-10-21 17:07:48 -05:00
};
2024-09-14 18:43:15 -05:00
2024-10-21 17:07:48 -05:00
sops = {
secrets = { };
2024-09-03 20:56:49 -05:00
};
# Home Manager
home-manager.users.jahanson = {
# Git settings
# TODO: Move to config module.
programs.git = {
enable = true;
userName = "Joseph Hanson";
userEmail = "joe@veri.dev";
extraConfig = {
core.autocrlf = "input";
init.defaultBranch = "main";
pull.rebase = true;
rebase.autoStash = true;
};
};
};
2024-10-21 17:07:48 -05:00
programs = {
# 1Password cli
_1password.enable = true;
2024-09-03 20:56:49 -05:00
2024-10-21 17:07:48 -05:00
# VSCode Compatibility Settings
nix-ld.enable = true;
2024-09-03 20:56:49 -05:00
};
services = {
2024-11-21 17:05:29 -06:00
xserver.videoDrivers = [ "nvidia" ];
2024-10-21 17:07:48 -05:00
# Minecraft
minecraft-servers = {
# Me cc858467-2744-4c22-8514-86568fefd03b
enable = true;
eula = true;
servers.eregion = {
enable = true;
package = pkgs.paper-server;
serverProperties = {
motd = "§6§lEregion§r §7- §6§lMinecraft§r";
};
};
};
# Smart daemon for monitoring disk health.
2024-09-07 06:14:26 -05:00
smartd = {
devices = smartdDevices;
# Short test every day at 2:00 AM and long test every Sunday at 4:00 AM.
defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
2024-09-03 20:56:49 -05:00
};
2024-10-21 17:07:48 -05:00
# Soft Serve - SSH git server
soft-serve = {
enable = true;
settings = import ./config/soft-serve.nix { };
};
# VSCode Compatibility Settings
vscode-server = {
enable = true;
};
2024-10-21 17:07:48 -05:00
# ZFS Exporter
prometheus.exporters.zfs.enable = true;
};
2024-11-07 17:01:21 -06:00
# sops
sops.secrets = {
"syncthing/publicCert" = {
sopsFile = ./secrets.sops.yaml;
owner = "jahanson";
2024-11-07 17:01:21 -06:00
mode = "400";
restartUnits = [ "syncthing.service" ];
};
"syncthing/privateKey" = {
sopsFile = ./secrets.sops.yaml;
owner = "jahanson";
2024-11-07 17:01:21 -06:00
mode = "400";
restartUnits = [ "syncthing.service" ];
};
};
2024-09-03 20:56:49 -05:00
# System settings and services.
mySystem = {
purpose = "Production";
2024-11-19 21:11:07 -06:00
# Containers
containers = {
2024-11-21 17:05:29 -06:00
plex.enable = true;
scrypted.enable = true;
jellyfin.enable = true;
2024-11-19 21:11:07 -06:00
};
# System
2024-09-03 20:56:49 -05:00
system = {
2024-09-12 12:21:05 -05:00
motd.networkInterfaces = [ "enp36s0f0" ];
2024-09-03 20:56:49 -05:00
# Incus
incus = {
enable = true;
preseed = import ./config/incus-preseed.nix { };
2024-09-03 20:56:49 -05:00
};
2024-09-03 21:46:29 -05:00
2024-09-03 20:56:49 -05:00
# ZFS
zfs.enable = true;
zfs.mountPoolsAtBoot = [
"nahar"
"moria"
];
2024-09-03 21:46:29 -05:00
2024-09-03 20:56:49 -05:00
# NFS
nfs.enable = true;
2024-09-03 21:46:29 -05:00
2024-09-03 20:56:49 -05:00
resticBackup = {
local.enable = false;
remote.enable = false;
local.noWarning = true;
remote.noWarning = true;
};
};
2024-09-03 21:46:29 -05:00
2024-11-19 21:11:07 -06:00
# Services
2024-09-03 20:56:49 -05:00
services = {
podman.enable = true;
libvirt-qemu.enable = true;
2024-11-07 17:01:21 -06:00
# Syncthing
syncthing = {
enable = true;
user = "jahanson";
2024-11-07 17:01:21 -06:00
publicCertPath = config.sops.secrets."syncthing/publicCert".path;
privateKeyPath = config.sops.secrets."syncthing/privateKey".path;
};
2024-09-07 05:40:58 -05:00
# Scrutiny
scrutiny = {
enable = true;
devices = disks;
extraCapabilities = [ "SYS_RAWIO" ];
containerVolumeLocation = "/nahar/containers/volumes/scrutiny";
port = 8585;
};
2024-09-03 20:56:49 -05:00
# Sanoid
sanoid = {
enable = true;
inherit (sanoidConfig.outputs) templates datasets;
};
};
};
}