mochi/nixos/hosts/varda/default.nix

{
  pkgs,
  config,
  ...
}: {
  imports = [./resources/prune-backup.nix];

  networking.hostId = "cdab8473";
  networking.hostName = "varda"; # Define your hostname.

  # Add required CIFS support
  environment.systemPackages = with pkgs; [
    cifs-utils
    minio-client
  ];

  fileSystems = {
    "/" = {
      device = "rpool/root";
      fsType = "zfs";
    };

    "/home" = {
      device = "rpool/home";
      fsType = "zfs";
    };

    "/boot" = {
      device = "/dev/disk/by-uuid/8091-E7F2";
      fsType = "vfat";
    };

    "/mnt/storagebox" = {
      device = "//u370253-sub2.your-storagebox.de/u370253-sub2";
      fsType = "cifs";

      options = let
        automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,vers=3";
      in [
        "${automount_opts},credentials=${config.sops.secrets.sambaCredentials.path},uid=994,gid=993" # evaluated and deployed from another machine
      ];
    };
  };

  swapDevices = [];

  # sops
  sops = {
    secrets = {
      "sambaCredentials" = {
        sopsFile = ./secrets.sops.yaml;
      };
      "security/acme/env" = {
        sopsFile = ./secrets.sops.yaml;
      };
    };
  };

  programs = {
    # Mosh
    mosh = {
      enable = true;
      openFirewall = true;
    };
  };

  services = {
    zfs = {
      # This helps a lot when upgrading
      expandOnBoot = "all";
      autoScrub.enable = true;
      trim.enable = true;
    };
  };

  # ACME (Let's Encrypt) Configuration
  security.acme = {
    acceptTerms = true;
    defaults.email = "admin@${config.networking.domain}";

    certs.${config.networking.domain} = {
      extraDomainNames = [
        "${config.networking.domain}"
        "*.${config.networking.domain}"
      ];
      dnsProvider = "dnsimple";
      dnsResolver = "1.1.1.1:53";
      credentialsFile = config.sops.secrets."security/acme/env".path;
    };
  };

  # System settings and services.
  mySystem = {
    purpose = "Production";
    system.motd.networkInterfaces = ["enp1s0"];
    services = {
      forgejo = {
        enable = true;
        package = pkgs.unstable.forgejo;
      };
      nginx.enable = true;
    };
  };
}
reformat 2024-12-27 21:30:25 -06:00			`{`
zfs auto expand, scrub, and trim 2025-02-23 20:25:19 -06:00			`pkgs,`
			`config,`
			`...`
			`}: {`
			`imports = [./resources/prune-backup.nix];`
Mochi init 2024-06-20 08:59:56 -05:00
			`networking.hostId = "cdab8473";`
			`networking.hostName = "varda"; # Define your hostname.`
add samba storagebox mount 2025-01-03 17:31:42 -06:00
			`# Add required CIFS support`
			`environment.systemPackages = with pkgs; [`
			`cifs-utils`
enable mosh on varda 2025-03-09 00:17:28 -06:00			`minio-client`
add samba storagebox mount 2025-01-03 17:31:42 -06:00			`];`

statix 2024-07-30 18:47:59 -05:00			`fileSystems = {`
			`"/" = {`
			`device = "rpool/root";`
			`fsType = "zfs";`
			`};`
Mochi init 2024-06-20 08:59:56 -05:00
statix 2024-07-30 18:47:59 -05:00			`"/home" = {`
			`device = "rpool/home";`
			`fsType = "zfs";`
			`};`
Mochi init 2024-06-20 08:59:56 -05:00
statix 2024-07-30 18:47:59 -05:00			`"/boot" = {`
			`device = "/dev/disk/by-uuid/8091-E7F2";`
			`fsType = "vfat";`
			`};`
add samba storagebox mount 2025-01-03 17:31:42 -06:00
			`"/mnt/storagebox" = {`
			`device = "//u370253-sub2.your-storagebox.de/u370253-sub2";`
			`fsType = "cifs";`

zfs auto expand, scrub, and trim 2025-02-23 20:25:19 -06:00			`options = let`
			`automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,vers=3";`
			`in [`
			`"${automount_opts},credentials=${config.sops.secrets.sambaCredentials.path},uid=994,gid=993" # evaluated and deployed from another machine`
			`];`
add samba storagebox mount 2025-01-03 17:31:42 -06:00			`};`
clean up 2024-06-22 08:49:32 -05:00			`};`
Mochi init 2024-06-20 08:59:56 -05:00
zfs auto expand, scrub, and trim 2025-02-23 20:25:19 -06:00			`swapDevices = [];`
Mochi init 2024-06-20 08:59:56 -05:00
add samba storagebox mount 2025-01-03 17:31:42 -06:00			`# sops`
			`sops = {`
			`secrets = {`
			`"sambaCredentials" = {`
			`sopsFile = ./secrets.sops.yaml;`
			`};`
clean up and move acme to each host 2025-03-09 12:53:38 -05:00			`"security/acme/env" = {`
			`sopsFile = ./secrets.sops.yaml;`
			`};`
add samba storagebox mount 2025-01-03 17:31:42 -06:00			`};`
			`};`

enable mosh on varda 2025-03-09 00:17:28 -06:00			`programs = {`
			`# Mosh`
			`mosh = {`
			`enable = true;`
			`openFirewall = true;`
			`};`
			`};`

zfs auto expand, scrub, and trim 2025-02-23 20:25:19 -06:00			`services = {`
			`zfs = {`
enable mosh on varda 2025-03-09 00:17:28 -06:00			`# This helps a lot when upgrading`
zfs auto expand, scrub, and trim 2025-02-23 20:25:19 -06:00			`expandOnBoot = "all";`
			`autoScrub.enable = true;`
			`trim.enable = true;`
			`};`
			`};`

clean up and move acme to each host 2025-03-09 12:53:38 -05:00			`# ACME (Let's Encrypt) Configuration`
			`security.acme = {`
			`acceptTerms = true;`
			`defaults.email = "admin@${config.networking.domain}";`

			`certs.${config.networking.domain} = {`
			`extraDomainNames = [`
			`"${config.networking.domain}"`
			`"*.${config.networking.domain}"`
			`];`
			`dnsProvider = "dnsimple";`
			`dnsResolver = "1.1.1.1:53";`
			`credentialsFile = config.sops.secrets."security/acme/env".path;`
			`};`
			`};`

Mochi init 2024-06-20 08:59:56 -05:00			`# System settings and services.`
			`mySystem = {`
Forgejo is in production. 2024-06-22 10:08:29 -05:00			`purpose = "Production";`
zfs auto expand, scrub, and trim 2025-02-23 20:25:19 -06:00			`system.motd.networkInterfaces = ["enp1s0"];`
Mochi init 2024-06-20 08:59:56 -05:00			`services = {`
upgrading forgejo to v8 2024-09-15 10:49:44 -05:00			`forgejo = {`
			`enable = true;`
			`package = pkgs.unstable.forgejo;`
			`};`
Mochi init 2024-06-20 08:59:56 -05:00			`nginx.enable = true;`
			`};`
			`};`
			`}`