Serverraum-mit-Matratze/infra
2
0
Fork 0
Code Issues 3 Pull requests Projects 1 Releases Packages Wiki Activity Actions

Migrate mow0m to new Repo

Browse source
This commit is contained in:
Kaybee 2025-05-05 20:39:01 +02:00
parent 16b9bde60c
commit c6bc9fb3ac
Signed by: kb01
SSH key fingerprint: SHA256:gP6opHVPcRQWO2nBbCcsXmXLtGrxzdRbP+frT4AAJFs
10 changed files with 922 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

384
flake.lock generated Normal file
View file

@ -0,0 +1,384 @@
{
"nodes": {
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils_3"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1745256380,
"narHash": "sha256-hJH1S5Xy0K2J6eT22AMDIcQ07E8XYC1t7DnXUr2llEM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "22b326b42bf42973d5e4fe1044591fb459e6aeac",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1737234286,
"narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=",
"rev": "079528098f5998ba13c88821a2eca1005c1695de",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1742943028,
"narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=",
"rev": "868d97695bab9d21f6070b03957bcace249fbe3c",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/868d97695bab9d21f6070b03957bcace249fbe3c.tar.gz?rev=868d97695bab9d21f6070b03957bcace249fbe3c"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz"
}
},
"nix-minecraft": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1745114634,
"narHash": "sha256-gB63YTgfrX2zH2zFIruRrOrLltjSBoYm2L56yaGo5XM=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "92120cad3f2b7c1c326b6ca0b9beda171d6ee6a3",
"type": "github"
},
"original": {
"owner": "Infinidoge",
"repo": "nix-minecraft",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1736643958,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1742568034,
"narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1744633460,
"narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "9a049b4a421076d27fee3eec664a18b2066824cb",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1742669843,
"narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1e5b653dff12029333a6546c11e108ede13052eb",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1744932701,
"narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"lix-module": "lix-module",
"nix-minecraft": "nix-minecraft",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"snowfall-lib": "snowfall-lib",
"sops-nix": "sops-nix"
}
},
"snowfall-lib": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils-plus": "flake-utils-plus",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736130495,
"narHash": "sha256-4i9nAJEZFv7vZMmrE0YG55I3Ggrtfo5/T07JEpEZ/RM=",
"owner": "snowfallorg",
"repo": "lib",
"rev": "02d941739f98a09e81f3d2d9b3ab08918958beac",
"type": "github"
},
"original": {
"owner": "snowfallorg",
"repo": "lib",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1744669848,
"narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "61154300d945f0b147b30d24ddcafa159148026a",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

77
flake.nix Normal file
View file

@ -0,0 +1,77 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
snowfall-lib.url = "github:snowfallorg/lib";
snowfall-lib.inputs.nixpkgs.follows = "nixpkgs";
sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
nix-minecraft.inputs.nixpkgs.follows = "nixpkgs";
nixos-generators.url = "github:nix-community/nixos-generators";
nixos-generators.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = inputs: inputs.snowfall-lib.mkFlake {
inherit inputs;
src = ./.;
# Configure Nix
nix.gc = {
automatic = true;
options = "--delete-older-than 30d";
};
nix.optimise.automatic = true;
channels-config.allowUnfree = false;
# Configure Flake Utils Plus
supportedSystems = inputs.snowfall-lib.inputs.flake-utils-plus.lib.defaultSystems ++ ["i686-linux"];
# Configure Snowfall Lib
snowfall = {
meta.name = "kB01s System Configuration Flake";
meta.title = "kB01s System Configuration Flake";
namespace = "kb-one";
};
# Modules for Host HyperC
systems.hosts.HyperC.modules = with inputs; [
lix-module.nixosModules.default
];
# Modules for Host kb-game-01
systems.hosts.kb-game-01.modules = with inputs; [
lix-module.nixosModules.default
];
# Modules for Host LoyAdjo
systems.hosts.LoyAdjo.modules = with inputs; [
lix-module.nixosModules.default
];
# Modules for Host Rubtrm
systems.hosts.Rubtrm.modules = with inputs; [
# lix-module.nixosModules.default
];
# Modules that get imported to every NixOS system
systems.modules.nixos = with inputs; [
sops-nix.nixosModules.sops
];
outputs-builder = channels: { formatter = channels.nixpkgs.nixfmt-rfc-style; };
};
# outputs = { self, nixpkgs, ... }@inputs: {
# nixosConfigurations."Rubtrm" = nixpkgs.lib.nixosSystem {
# system = "i686-linux";
# modules = [ ./systems/i686-linux/Rubtrm/default.nix ];
# };
# };
}

35
modules/nixos/services/binary-cache/default.nix Normal file
View file

@ -0,0 +1,35 @@
{ inputs, config, lib, pkgs, ... }:
let
cfg = config.services.binary-cache;
in
{
imports = [
];
options.services.binary-cache = {
enable = lib.mkOption {
type = with lib.types; uniq bool;
default = false;
description = "Enable Preconfigured Binary-Cache";
};
};
config = lib.mkIf cfg.enable {
services.nix-serve = {
enable = true;
secretKeyFile = "/var/secrets/cache-game01-private-key.pem";
};
# Configure Reverse-Proxy
services.traefik.dynamicConfigOptions = {
http.services.nix-cache.loadBalancer.servers = [ { url = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}/"; } ];
http.routers.nix-cache.entrypoints = "websecure";
# http.routers.nix-cache.tls = true;
http.routers.nix-cache.tls.certresolver = "letsencrypt";
http.routers.nix-cache.rule = "Host(`cache.game01.kb-one.de`)";
http.routers.nix-cache.service = "nix-cache";
};
};
}

87
modules/nixos/services/forgejo-runner/default.nix Normal file
View file

@ -0,0 +1,87 @@
{ inputs, config, lib, pkgs, ... }:
let
cfg = config.services.forgejo-runner;
in
{
options.services.forgejo-runner = {
enable = lib.mkOption {
type = with lib.types; uniq bool;
default = false;
description = "Enable Forgejo Runners";
};
};
config = lib.mkIf (cfg.enable) {
# services.gitea-actions-runner.package = pkgs.forgejo-runner;
# services.gitea-actions-runner.instances."kb-one-runner@games-01" = {
# enable = true;
# name = "kb-one-runner@games-01";
# url = "https://git.kb-one.de/";
# tokenFile = "/opt/secrets/kb-one-runner@games-01_token";
# labels = [
# # provide a debian base with nodejs for actions
# "debian-latest:docker://node:18-bullseye"
# # fake the ubuntu name, because node provides no ubuntu builds
# "ubuntu-latest:docker://node:18-bullseye"
# # provide native execution on the host
# "native:host"
# ];
# hostPackages = with pkgs; [
# bash
# coreutils
# curl
# gawk
# gitMinimal
# gnused
# nodejs
# wget
# nix
# ];
# };
# systemd.services.forgejo-runner = {
# wantedBy = [ "multi-user.target" ];
# after = [ "docker.service" ];
# description = "";
# serviceConfig = {
# Type = "notify";
# User = "runner";
# WorkingDirectory = "/home/runner";
# ExecStart = ''${pkgs.forgejo-runner}/bin/forgejo-runner deamon'';
# ExecStop = ''/bin/kill -s HUP $MAINPID'';
# Restart = "on-failure";
# TimeoutSec = 0;
# RestartSec = 10;
# };
# };
# users.users.runner = {
# isNormalUser = true;
# };
# environment.systemPackages = [ pkgs.forgejo-runner ];
# virtualisation.podman.enable = true;
# virtualisation.podman.defaultNetwork.settings.dns_enabled = true;
# virtualisation.podman.dockerCompat = true;
virtualisation.docker.enable = true;
virtualisation.oci-containers.backend = "docker";
virtualisation.oci-containers.containers."docker-in-docker" = {
image = "docker:dind";
hostname = "docker";
extraOptions = [ "--privileged" "--network=kb-forgejo-runner" ];
cmd = [ "dockerd" "-H" "tcp://docker:42349" "--tls=false" ];
};
virtualisation.oci-containers.containers."forgejo-runner" = {
image = "code.forgejo.org/forgejo/runner:4.0.0";
hostname = "forgejo-runner";
extraOptions = [ "--network=kb-forgejo-runner" ];
environment.DOCKER_HOST = "tcp://docker:42349";
user = "1001:1001";
volumes = [ "forgejo-runner-data:/data" ];
cmd = [ "/bin/sh" "-c" "sleep 5; forgejo-runner daemon" ];
};
};
}

53
modules/nixos/services/traefik-proxy/default.nix Normal file
View file

@ -0,0 +1,53 @@
{ inputs, config, lib, pkgs, ... }:
let
cfg = config.services.traefik-proxy;
in
{
imports = [
];
options.services.traefik-proxy = {
enable = lib.mkOption {
type = with lib.types; uniq bool;
default = false;
description = "Enable Pre-Configured Traefik Proxy";
};
};
config = lib.mkIf (cfg.enable ||
config.services.binary-cache.enable ||
config.suites.nas.media.enable) {
services.traefik = {
enable = true;
staticConfigOptions = {
entryPoints = {
web = {
address = ":80";
asDefault = true;
http.redirections.entrypoint = {
to = "websecure";
scheme = "https";
};
};
websecure = {
address = ":443";
asDefault = true;
http.tls.certResolver = "letsencrypt";
};
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
# Configure Letsencrypt
services.traefik.staticConfigOptions = {
certificatesResolvers.letsencrypt.acme = {
email = "kb01@kb-one.de";
tlsChallenge = {};
storage = "/var/secrets/traefik/acme.json";
};
};
};
}

59
modules/nixos/suites/nas/default.nix Normal file
View file

@ -0,0 +1,59 @@
{
inputs,
config,
lib,
pkgs,
system,
...
}:
let
cfg = config.suites.nas;
in
{
imports = [
./jellyfin.nix
./kavita.nix
];
options.suites.nas.enable = lib.mkOption {
type = with lib.types; uniq bool;
default = false;
description = "Enable Preconfigured NAS Config";
};
options.suites.nas.domain = lib.mkOption {
type = with lib.types; string;
default = "localhost";
description = "NAS Reachable Domain Name";
};
options.suites.nas.media.enable = lib.mkOption {
type = with lib.types; uniq bool;
default = true;
description = "Enable Media Servers";
};
options.suites.nas.media.folder = lib.mkOption {
type = with lib.types; str;
default = "/home/media/media";
description = "Media Root Directory";
};
# Media Config
config = lib.mkIf (cfg.enable && cfg.media.enable) {
# Media Defaults
suites.nas.media.jellyfin.enable = true;
suites.nas.media.kavita.enable = false;
# Create Media User
users.groups.media = {};
users.users.media = {
isSystemUser = true;
createHome = true;
description = "Media User";
group = "media";
home = "/home/media";
};
};
}

41
modules/nixos/suites/nas/jellyfin.nix Normal file
View file

@ -0,0 +1,41 @@
{
inputs,
config,
lib,
pkgs,
system,
...
}:
let
cfg = config.suites.nas.media.jellyfin;
in
{
options.suites.nas.media.jellyfin.enable = lib.mkOption {
type = with lib.types; uniq bool;
default = false;
description = "Enable Preconfigured Jellyfin Config";
};
options.suites.nas.media.jellyfin.subdomain = lib.mkOption {
type = with lib.types; string;
default = "watch";
description = "Subdomain for Jellyfin Server";
};
config = lib.mkIf (cfg.enable) {
services.jellyfin.enable = true;
services.jellyfin.user = "media";
# Configure Reverse-Proxy
services.traefik.dynamicConfigOptions = {
http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ];
http.routers.jellyfin.entrypoints = "websecure";
http.routers.jellyfin.tls = true;
#http.routers.jellyfin.tls.certresolver = "letsencrypt";
http.routers.jellyfin.rule = "Host(`${cfg.subdomain}.${config.suites.nas.domain}`)";
http.routers.jellyfin.service = "jellyfin";
};
};
}

42
modules/nixos/suites/nas/kavita.nix Normal file
View file

@ -0,0 +1,42 @@
{
inputs,
config,
lib,
pkgs,
system,
...
}:
let
cfg = config.suites.nas.media.kavita;
in
{
options.suites.nas.media.kavita.enable = lib.mkOption {
type = with lib.types; uniq bool;
default = false;
description = "Enable Preconfigured kavita Config";
};
options.suites.nas.media.kavita.subdomain = lib.mkOption {
type = with lib.types; string;
default = "read";
description = "Kavita Subdomain";
};
config = lib.mkIf (cfg.enable) {
services.kavita.enable = true;
services.kavita.user = "media";
services.kavita.tokenKeyFile = "/home/media/secrets/kavita-secret";
# Configure Reverse-Proxy
services.traefik.dynamicConfigOptions = {
http.services.kavita.loadBalancer.servers = [ { url = "http://localhost:5000/"; } ];
http.routers.kavita.entrypoints = "websecure";
http.routers.kavita.tls = true;
#http.routers.kavita.tls.certresolver = "letsencrypt";
http.routers.kavita.rule = "Host(`${cfg.subdomain}.${config.suites.nas.domain}`)";
http.routers.kavita.service = "kavita";
};
};
}

61
systems/x86_64-linux/mow0m/default.nix Normal file
View file

@ -0,0 +1,61 @@
{ config, lib, pkgs, ... }:
{
imports = [
./hardware.nix
];
# Networking
networking.hostName = "mow0m";
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "de";
};
users.users.master = {
isNormalUser = true;
extraGroups = [ "wheel" ];
packages = with pkgs; [
tree
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+qnaWHrGk+DHz5I3L8wK5MPVzjck9LTuctnzK55WJs kb@LoyAdjo"
];
};
# programs.firefox.enable = true;
# System Packages: (search via $ nix search wget)
environment.systemPackages = with pkgs; [
vim
tree
wget
];
# SSH and Mosh
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
ports = [ 9553 ];
openFirewall = true;
};
programs.mosh.enable = true;
# Firewall
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
system.stateVersion = "24.11"; # NEVER CHANGE THIS!!!
}

83
systems/x86_64-linux/mow0m/hardware.nix Normal file
View file

@ -0,0 +1,83 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.kernelParams = [ "elevator=noop" "boot.shell_on_fail" "ip=dhcp" ];
boot.extraModulePackages = [ ];
boot.supportedFilesystems = [ "zfs" ];
networking.hostId = "c61a0c21";
networking.useDHCP = lib.mkDefault true;
# Bootloader
boot.loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot"; # use the same mount point here.
};
grub = {
enable = true;
version = 2;
copyKernels = true;
efiSupport = true;
mirroredBoots = [
{devices = [ "/dev/nvme0n1" ]; path = "/boot";}
{devices = [ "/dev/nvme1n1" ]; path = "/boot1";}
];
};
};
# Uncomment [on a working system] to ensure extra safeguards are active that zfs uses to protect zfs pools:
#boot.zfs.forceImportAll = false;
#boot.zfs.forceImportRoot = false;
# Remote Filesystem(s) unlocking
boot.initrd.network.enable = true;
boot.initrd.network.ssh = {
enable = true;
port = 2550;
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPKorzbCjRROOmFpiEfbH2mmLJ8qACUUt7pln87PgkA kb@LoyAdjo"
];
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
};
boot.initrd.network.postCommands = ''
zpool import -a
echo "zfs load-key -a; killall zfs" >> /root/.profile
'';
# Filesystems
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7C96-7E8A";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot1" = {
device = "/dev/disk/by-uuid/7C97-3483";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/" = {
device = "mow0m/root";
fsType = "zfs";
};
fileSystems."/nix" = {
device = "mow0m/root/nix";
fsType = "zfs";
};
fileSystems."/home" = {
device = "mow0m/root/home";
fsType = "zfs";
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}