flake.nix

@@ -1,5 +1,5 @@
 {
-  description = "laptop NixOS Flake";
+  description = "NixOS Homelab";
 
   # This is the standard format for flake.nix.
   # `inputs` are the dependencies of the flake,
@@ -29,12 +29,38 @@
           # Import the configuration.nix here, so that the
           # old configuration file can still take effect.
           # Note: configuration.nix itself is also a Nixpkgs Module,
-          ./nixos/configuration.nix
+          ./nixos/durincore/configuration.nix
           home-manager.nixosModules.home-manager
           {
             home-manager.useGlobalPkgs = true;
             home-manager.useUserPackages = true;
-            home-manager.users.jahanson = import ./home-manager/home.nix;
+            home-manager.users.jahanson = import ./home-manager/durincore.nix;
+          }
+        ];
+      };
+      "este" = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = inputs;
+        modules = [
+          ./nixos/este/configuration.nix
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+            home-manager.users.jahanson = import ./home-manager/este.nix;
+          }
+        ];
+      };
+      "gandalf" = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = inputs;
+        modules = [
+          ./nixos/gandalf/configuration.nix
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+            home-manager.users.jahanson = import ./home-manager/gandalf.nix;
           }
         ];
       };

home-manager/durincore.nix

@@ -115,7 +115,7 @@
     # it provides the command `nom` works just like `nix`
     # with more details log output
     nix-output-monitor
-    nixd
+    nixd # nix lsp server
 
     # productivity
     hugo # static site generator
@@ -137,6 +137,18 @@
     pciutils # lspci
     usbutils # lsusb
     rtx # rtx package manager
+
+    # Browsers
+    firefox
+    vivaldi
+    vivaldi-ffmpeg-codecs
+
+    # Email
+    thunderbird
+
+    # Dev
+    vscode
+    termius
   ];
 
   # starship - an customizable prompt for any shell

home-manager/este.nix

@@ -0,0 +1,152 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+
+  home = {
+    username = "jahanson";
+    homeDirectory = "/home/jahanson";
+  };
+
+    # basic configuration of git, please change to your own
+  programs.git = {
+    enable = true;
+    userName = "Joseph Hanson";
+    userEmail = "joe@veri.dev";
+  };
+
+
+  # exa replacement, ls replacement.
+  programs.lsd.enable = true;
+  
+  # Fish configuration
+  programs.fish = {
+    enable = true;
+    shellAliases = {
+      # lsd
+      ls = "lsd";
+      ll = "lsd -l";
+      la = "lsd -a";
+      lt = "lsd --tree";
+      lla = "lsd -la";
+
+      # other
+      df = "df -h";
+      du = "du -h";
+    };
+      # rtx hook-env | source
+      # rtx activate fish | source
+    shellInit = ''
+      direnv hook fish | source
+      set -gx PATH $PATH $HOME/.krew/bin
+    '';
+    functions = {
+      fish_greeting = {
+        description = "Set the fish greeting";
+        body = "neofetch";
+      };
+    };
+  };
+
+  # starship - an customizable prompt for any shell
+  programs.starship = {
+    enable = true;
+    # custom settings
+    settings = {
+      add_newline = false;
+      aws.disabled = true;
+      gcloud.disabled = true;
+      line_break.disabled = true;
+      username = {
+        disabled = false;
+        show_always = true;
+        format = "[$user]($style)@";
+      };
+      hostname ={ 
+        disabled = false;
+        ssh_only = false;
+        format = "[$hostname]($style) ";
+      };
+    };
+  };
+
+    # Packages that should be installed to the user profile.
+  home.packages = with pkgs; [
+    # here is some command line tools I use frequently
+    # feel free to add your own or remove some of them
+
+    neofetch
+    go-task
+    
+    # terminal file managers
+    nnn
+    ranger
+    yazi
+
+    # archives
+    zip
+    xz
+    unzip
+    p7zip
+
+    # utils
+    ripgrep # recursively searches directories for a regex pattern
+    jq # A lightweight and flexible command-line JSON processor
+    yq-go # yaml processer https://github.com/mikefarah/yq
+    fzf # A command-line fuzzy finder
+    age # sops-age encryption
+    sops 
+    direnv # shell environment management
+    pre-commit # Pre-commit tasks for git
+    minio-client # S3 management
+    shellcheck
+    envsubst
+
+    # networking tools
+    mtr # A network diagnostic tool
+    iperf3
+    dnsutils  # `dig` + `nslookup`
+    ldns # replacement of `dig`, it provide the command `drill`
+    aria2 # A lightweight multi-protocol & multi-source command-line download utility
+    socat # replacement of openbsd-netcat
+    nmap # A utility for network discovery and security auditing
+    ipcalc  # it is a calculator for the IPv4/v6 addresses
+
+    # misc
+    cowsay
+    file
+    which
+    tree
+    gnused
+    gnutar
+    gawk
+    zstd
+    gnupg
+
+    # nix related
+    #
+    # it provides the command `nom` works just like `nix`
+    # with more details log output
+    nix-output-monitor
+
+    btop  # replacement of htop/nmon
+    iotop # io monitoring
+    iftop # network monitoring
+
+    # system call monitoring
+    strace # system call monitoring
+    ltrace # library call monitoring
+    lsof # list open files
+
+    # system tools
+    sysstat
+    lm_sensors # for `sensors` command
+    ethtool
+    pciutils # lspci
+    usbutils # lsusb
+  ];
+
+  home.stateVersion = "23.11";
+  programs.home-manager.enable = true;
+}

home-manager/gandalf.nix

@@ -0,0 +1,130 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+
+  home = {
+    username = "jahanson";
+    homeDirectory = "/home/jahanson";
+  };
+
+    # basic configuration of git, please change to your own
+  programs.git = {
+    enable = true;
+    userName = "Joseph Hanson";
+    userEmail = "joe@veri.dev";
+  };
+
+
+  # exa replacement, ls replacement.
+  programs.lsd.enable = true;
+  
+  # Fish configuration
+  programs.fish = {
+    enable = true;
+    shellAliases = {
+      # lsd
+      ls = "lsd";
+      ll = "lsd -l";
+      la = "lsd -a";
+      lt = "lsd --tree";
+      lla = "lsd -la";
+
+      # other
+      df = "df -h";
+      du = "du -h";
+    };
+      # rtx hook-env | source
+      # rtx activate fish | source
+    shellInit = ''
+      direnv hook fish | source
+      set -gx PATH $PATH $HOME/.krew/bin
+    '';
+    functions = {
+      fish_greeting = {
+        description = "Set the fish greeting";
+        body = "neofetch";
+      };
+    };
+  };
+
+    # Packages that should be installed to the user profile.
+  home.packages = with pkgs; [
+    # here is some command line tools I use frequently
+    # feel free to add your own or remove some of them
+
+    neofetch
+    go-task
+    
+    # terminal file managers
+    nnn
+    ranger
+    yazi
+
+    # archives
+    zip
+    xz
+    unzip
+    p7zip
+
+    # utils
+    ripgrep # recursively searches directories for a regex pattern
+    jq # A lightweight and flexible command-line JSON processor
+    yq-go # yaml processer https://github.com/mikefarah/yq
+    fzf # A command-line fuzzy finder
+    age # sops-age encryption
+    sops 
+    direnv # shell environment management
+    pre-commit # Pre-commit tasks for git
+    minio-client # S3 management
+    shellcheck
+    envsubst
+
+    # networking tools
+    mtr # A network diagnostic tool
+    iperf3
+    dnsutils  # `dig` + `nslookup`
+    ldns # replacement of `dig`, it provide the command `drill`
+    aria2 # A lightweight multi-protocol & multi-source command-line download utility
+    socat # replacement of openbsd-netcat
+    nmap # A utility for network discovery and security auditing
+    ipcalc  # it is a calculator for the IPv4/v6 addresses
+
+    # misc
+    cowsay
+    file
+    which
+    tree
+    gnused
+    gnutar
+    gawk
+    zstd
+    gnupg
+
+    # nix related
+    #
+    # it provides the command `nom` works just like `nix`
+    # with more details log output
+    nix-output-monitor
+
+    btop  # replacement of htop/nmon
+    iotop # io monitoring
+    iftop # network monitoring
+
+    # system call monitoring
+    strace # system call monitoring
+    ltrace # library call monitoring
+    lsof # list open files
+
+    # system tools
+    sysstat
+    lm_sensors # for `sensors` command
+    ethtool
+    pciutils # lspci
+    usbutils # lsusb
+  ];
+
+  home.stateVersion = "23.11";
+  programs.home-manager.enable = true;
+}

nixos/common.nix

@@ -0,0 +1,92 @@
+{ config, lib, pkgs, ... }:
+{
+
+  # Bootloader.
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+    initrd = {
+      supportedFilesystems = [ "nfs" ];
+      kernelModules = [ "nfs" ];
+    };
+  };
+
+  fileSystems."/mnt/borg" = {
+    device = "10.1.1.13:/eru/borg";
+    fsType = "nfs";
+    options = [ "x-systemd.automount" "noauto" ];
+  };
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # Enable fish
+  programs.fish.enable = true;
+
+  # root ssh keys
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w"
+    "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH3VVFenoJfnu+IFUlD79uxl7L8SFoRup33J2HGny4WEdRgGR41s0MpFKDBmxXZHy4O9Nh8NMMnpy5VhUefnIKI="
+    "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPHFQ3hDjjrKsecn3jmSWYlRXy4IJCrepgU1HaIV5VcmB3mUFmIZ/pCZnPmIG/Gbuqf1PP2FQDmHMX5t0hTYG9A="
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETR70eQJiXaJuB+qpI1z+jFOPbEZoQNRcq4VXkojWfU"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAanHn3AWxWfHv51wgDmJwhQrJgsGd+LomJJZ5kXFTP3 jahanson@durincore"
+  ];
+
+  # Set up users
+  users.users.jahanson = {
+    isNormalUser = true;
+    description = "Joseph Hanson";
+    extraGroups = [ "networkmanager" "wheel" ];
+    shell = pkgs.fish;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w"
+      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH3VVFenoJfnu+IFUlD79uxl7L8SFoRup33J2HGny4WEdRgGR41s0MpFKDBmxXZHy4O9Nh8NMMnpy5VhUefnIKI="
+      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPHFQ3hDjjrKsecn3jmSWYlRXy4IJCrepgU1HaIV5VcmB3mUFmIZ/pCZnPmIG/Gbuqf1PP2FQDmHMX5t0hTYG9A="
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETR70eQJiXaJuB+qpI1z+jFOPbEZoQNRcq4VXkojWfU"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAanHn3AWxWfHv51wgDmJwhQrJgsGd+LomJJZ5kXFTP3 jahanson@durincore"
+    ];
+  };
+  
+  # Default editor
+  environment.variables.EDITOR = "vim";
+  # Time zone.
+  time.timeZone = "America/Chicago";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_US.UTF-8";
+    LC_IDENTIFICATION = "en_US.UTF-8";
+    LC_MEASUREMENT = "en_US.UTF-8";
+    LC_MONETARY = "en_US.UTF-8";
+    LC_NAME = "en_US.UTF-8";
+    LC_NUMERIC = "en_US.UTF-8";
+    LC_PAPER = "en_US.UTF-8";
+    LC_TELEPHONE = "en_US.UTF-8";
+    LC_TIME = "en_US.UTF-8";
+  };
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  environment.systemPackages = with pkgs; [
+  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    git
+    wget
+    curl
+    vim
+    lazygit
+    tailscale
+    python3
+    ansible
+    smartmontools
+    nfs-utils
+  ];
+
+  programs.mtr.enable = true;
+
+  # Enable/Start Tailscale service
+  services.tailscale.enable = true;
+
+}

nixos/durincore/configuration.nix

@@ -10,50 +10,10 @@
       ./hardware-configuration.nix
     ];
 
-  # Bootloader.
-  boot = {
-    loader = {
-      systemd-boot.enable = true;
-      efi.canTouchEfiVariables = true;
-    };
-    initrd = {
-      supportedFilesystems = [ "nfs" ];
-      kernelModules = [ "nfs" ];
-    };
-  };
-
-  fileSystems."/mnt/borg" = {
-    device = "10.1.1.13:/eru/borg";
-    fsType = "nfs";
-    options = [ "x-systemd.automount" "noauto" ];
-  };
-
-  programs.fish.enable = true;
-
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-
-  networking.hostName = "durincore"; # Define your hostname.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-
-  # Enable networking
-  networking.networkmanager.enable = true;
-
-  # Set your time zone.
-  time.timeZone = "America/Chicago";
-
-  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "en_US.UTF-8";
-    LC_IDENTIFICATION = "en_US.UTF-8";
-    LC_MEASUREMENT = "en_US.UTF-8";
-    LC_MONETARY = "en_US.UTF-8";
-    LC_NAME = "en_US.UTF-8";
-    LC_NUMERIC = "en_US.UTF-8";
-    LC_PAPER = "en_US.UTF-8";
-    LC_TELEPHONE = "en_US.UTF-8";
-    LC_TIME = "en_US.UTF-8";
+  # Network settings
+  networking = {
+    hostName = "durincore"; # Define your hostname.
+    networkmanager.enable = true;
   };
 
   # Enable the X11 windowing system.
@@ -96,46 +56,6 @@
   # Enable touchpad support (enabled default in most desktopManager).
   # services.xserver.libinput.enable = true;
 
-  # Define a user account. Don't forget to set a password with 'passwd'.
-  users.users.jahanson = {
-    isNormalUser = true;
-    description = "Joseph Hanson";
-    extraGroups = [ "networkmanager" "wheel" ];
-    shell = pkgs.fish;
-    packages = with pkgs; [
-      firefox
-      thunderbird
-      vscode
-      vivaldi
-      vivaldi-ffmpeg-codecs
-      termius
-    ];
-  };
-  environment.variables.EDITOR = "vim";
-
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-    git
-    wget
-    curl
-    vim
-    lazygit
-    fira-code-nerdfont
-    tailscale
-    appimage-run
-    python3
-    ansible
-    gparted
-    openlens
-    nfs-utils
-  ];
-  services.tailscale.enable = true;
-
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.
   programs.mtr.enable = true;

nixos/este/configuration.nix

@@ -0,0 +1,49 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running 'nixos-help').
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Network settings
+  networking = {
+    hostName = "este"; # Define your hostname.
+    networkmanager.enable = true;
+  };
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+  };
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.11"; # Did you read the comment?
+
+}

nixos/este/hardware-configuration.nix

@@ -0,0 +1,34 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "sr_mod" "xen_blkfront" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/1c14fc1e-525b-445b-ad2f-ac171c25633a";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/3D93-F935";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enX0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

nixos/gandalf/configuration.nix

@@ -0,0 +1,156 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot = {
+    supportedFilesystems = [ "zfs" ];
+    zfs.forceImportRoot = false;
+    kernelParams = [ "zfs.zfs_arc_max=107374182400" ];
+    zfs.extraPools = [ "eru" ];
+  };
+
+  # sudo zfs set sharenfs="rw=10.1.2.0/24:10.5.0.8/32,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/xen-backups
+  # sudo zfs set sharenfs="ro=10.1.2.0/24,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/borg
+  # sudo zfs set sharenfs="ro=10.1.2.0/24,rw=10.1.1.55/32,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/borg/nextcloud
+  # sudo zfs set sharenfs inherit eru/xen-backups
+
+  # Network settings
+  networking = {
+    hostName = "gandalf"; # Define your hostname.
+    networkmanager.enable = true;
+    hostId = "e2fc95cd";
+  };
+  
+  environment.systemPackages = with pkgs; [
+    podman-compose
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    # require public key authentication for better security
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+  };
+
+  # NFS
+  services.nfs.server.enable = true;
+
+  # SMB
+  services.samba-wsdd = {
+    # make shares visible for Windows clients
+    enable = true;
+    openFirewall = true;
+  };
+  services.samba = {
+    enable = true;
+    securityType = "user";
+    extraConfig = ''
+      workgroup = WORKGROUP
+      server string = gandalf
+      netbios name = gandalf
+      security = user 
+      # note: localhost is the ipv6 localhost ::1
+      hosts allow = 0.0.0.0/0
+      guest account = nobody
+      map to guest = bad user
+    '';
+    shares = {
+      xen = {
+        path = "/eru/xen-backups";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "no";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+        "force user" = "apps";
+        "force group" = "apps";
+      };
+    };
+  };
+
+  # Enable podman
+  virtualisation.podman = {
+    enable = true;
+
+    # `docker` alias for podman
+    dockerCompat = true;
+
+    # Required for podman-compose so pods can talk to each other.
+    defaultNetwork.settings.dns_enabled = true;
+
+  };
+
+  # TODO: Add xen-orchestra
+  # virtualisation.oci-containers = {
+  #   xen-orchestra = {
+  #     image = "xen-orchestra";
+  #     ports = [ "80:80" ];
+  #     volumes = [ "/eru/xen-backups:/backups" ];
+  #   };
+  # };
+  
+  # ZFS automated snapshots
+  services.sanoid = {
+    enable = true;
+    datasets = {
+      "eru/xen-backups" = {
+        recursive = true;
+        autoprune = true;
+        autosnap = true;
+        hourly =  24;
+        daily =  7;
+        monthly = 12;
+      };
+    };
+  };
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = false;
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "23.11"; # Did you read the comment?
+
+}

nixos/gandalf/hardware-configuration.nix

@@ -0,0 +1,41 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "isci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/d5e03c8a-9488-47f7-b911-339bdae36009";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/339D-40E5";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno4.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp130s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}