mochi/nixos/hosts/shadowfax/default.nix

# Do not modify this file!  It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations.  Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, inputs, ... }:
let
  sanoidConfig = import ./config/sanoid.nix { };
  disks = import ./config/disks.nix;
  smartdDevices = map (device: { inherit device; }) disks;
in
{
  imports =
    [
      inputs.disko.nixosModules.disko
      (import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda|/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E" ]; })
    ];

  # Debug
  # boot.zfs.forceImportRoot = lib.mkForce true;

  boot = {
    initrd = {
      kernelModules = [ "nfs" ];
      supportedFilesystems = [ "nfs" ];
    };

    kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];
    extraModulePackages = [ ];
    kernelParams = [ "zfs.zfs_arc_max=107374182400" ]; # 100GB
  };

  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
  ];

  programs = {
    _1password.enable = true;
    # VSCode Compatibility Settings
    nix-ld.enable = true;
  };

  services = {
    # Soft Serve
    soft-serve = {
      enable = true;
      settings = import ./config/soft-serve.nix { };
    };

    # VSCode Compatibility Settings
    vscode-server = {
      enable = true;
    };
  };

  # Home Manager
  home-manager.users.jahanson = {
    # Git settings
    # TODO: Move to config module.
    programs.git = {
      enable = true;
      userName = "Joseph Hanson";
      userEmail = "joe@veri.dev";

      extraConfig = {
        core.autocrlf = "input";
        init.defaultBranch = "main";
        pull.rebase = true;
        rebase.autoStash = true;
      };
    };
  };

  # Network settings
  networking = {
    hostName = "shadowfax";
    hostId = "a885fabe";
    useDHCP = false; # needed for bridge
    networkmanager.enable = true;
    firewall.enable = false;
    interfaces = {
      "enp36s0f0".useDHCP = true;
      "enp36s0f1".useDHCP = true;
    };
  };

  swapDevices = [ ];

  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

  sops = {
    secrets = { };
  };

  services = {
    smartd = {
      devices = smartdDevices;
    };
  };

  # System settings and services.
  mySystem = {
    purpose = "Production";
    system = {
      motd.networkInterfaces = [ "enp36s0f0" ];
      # Incus
      incus = {
        enable = true;
        preseed = import ./config/incus-preseed.nix { };
      };

      # ZFS
      zfs.enable = true;
      zfs.mountPoolsAtBoot = [
        "nahar"
        "moria"
      ];

      # NFS
      nfs.enable = true;

      resticBackup = {
        local.enable = false;
        remote.enable = false;
        local.noWarning = true;
        remote.noWarning = true;
      };
    };

    services = {
      podman.enable = true;
      libvirt-qemu.enable = true;

      # Scrutiny
      scrutiny = {
        enable = true;
        devices = disks;
        extraCapabilities = [ "SYS_RAWIO" ];
        containerVolumeLocation = "/nahar/containers/volumes/scrutiny";
        port = 8585;
      };

      # Sanoid
      sanoid = {
        enable = true;
        inherit (sanoidConfig.outputs) templates datasets;
      };
    };
  };
}