diff --git a/flake.nix b/flake.nix index 5a2f90f..92910f7 100644 --- a/flake.nix +++ b/flake.nix @@ -69,6 +69,11 @@ # avalon chrysalis = mkSystem [ ./hosts/chrysalis ./hardware/location/YOW ]; + itsuki = mkSystem [ + ./hosts/itsuki + ./hardware/location/YOW + ]; + kos-mos = mkSystem [ ./hosts/kos-mos ./hardware/alrest @@ -128,6 +133,18 @@ }; }; + deploy.nodes.itsuki = { + hostname = "192.168.2.35"; + sshUser = "root"; + fastConnection = true; + + profiles.system = { + user = "root"; + path = deploy-rs.lib.x86_64-linux.activate.nixos + self.nixosConfigurations.itsuki; + }; + }; + deploy.nodes.logos = { hostname = "192.168.2.35"; sshUser = "root"; diff --git a/hosts/itsuki/default.nix b/hosts/itsuki/default.nix new file mode 100644 index 0000000..b190100 --- /dev/null +++ b/hosts/itsuki/default.nix @@ -0,0 +1,71 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = [ + ../../common + + ./hardware-configuration.nix + ./plex.nix + ./smb.nix + ./zrepl.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.supportedFilesystems = [ "zfs" ]; + boot.kernelParams = [ "nomodeset" ]; + + services.prometheus.exporters.node.enable = true; + + virtualisation.docker = { + enable = true; + storageDriver = "zfs"; + }; + systemd.services."docker" = { + path = [ pkgs.zfs ]; + }; + + virtualisation.libvirtd.enable = true; + services.nfs.server.enable = true; + services.nfs.server.exports = '' + /data 0.0.0.0/0(insecure,rw,sync,all_squash,anonuid=1000,anongid=996) + ''; + security.sudo.wheelNeedsPassword = false; + + networking.hostName = "itsuki"; # Define your hostname. + networking.hostId = "4d64f279"; + networking.useDHCP = false; + networking.interfaces.enp2s0.useDHCP = true; + networking.interfaces.wlp3s0.useDHCP = true; + services.openssh.enable = true; + networking.firewall.enable = false; + system.stateVersion = "21.05"; # Did you read the comment? + + environment.systemPackages = with pkgs; [ docker-compose ]; + + services.tailscale.enable = true; + + services.nginx = { + enable = true; + virtualHosts."itsuki.shark-harmonic.ts.net" = { + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:32400"; + proxyWebsockets = true; + }; + locations."/transmission" = { + proxyPass = "http://127.0.0.1:9091"; + proxyWebsockets = true; + }; + sslCertificate = "/srv/within/certs/itsuki.shark-harmonic.ts.net.crt"; + sslCertificateKey = "/srv/within/certs/itsuki.shark-harmonic.ts.net.key"; + }; + }; + + within.users.enableSystem = true; +} diff --git a/hosts/itsuki/hardware-configuration.nix b/hosts/itsuki/hardware-configuration.nix new file mode 100644 index 0000000..ff66213 --- /dev/null +++ b/hosts/itsuki/hardware-configuration.nix @@ -0,0 +1,43 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot.initrd.availableKernelModules = + [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/boot" = { + device = "/dev/disk/by-id/nvme-eui.e8238fa6bf530001001b448b48da3daa-part4"; + fsType = "vfat"; + }; + + fileSystems."/" = { + device = "rpool/safe/root"; + fsType = "zfs"; + }; + + fileSystems."/nix" = { + device = "rpool/local/nix"; + fsType = "zfs"; + }; + + fileSystems."/data" = { + device = "rpool/safe/data"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "rpool/safe/home"; + fsType = "zfs"; + }; + + swapDevices = [ ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; +} diff --git a/hosts/itsuki/plex.nix b/hosts/itsuki/plex.nix new file mode 100644 index 0000000..100b1e8 --- /dev/null +++ b/hosts/itsuki/plex.nix @@ -0,0 +1,11 @@ +{ config, pkgs, lib, ... }: + +{ + nixpkgs.config.allowUnfree = true; + + services.plex = { + dataDir = "/data/plex"; + user = "cadey"; + enable = true; + }; +} diff --git a/hosts/itsuki/smb.nix b/hosts/itsuki/smb.nix new file mode 100644 index 0000000..b78e950 --- /dev/null +++ b/hosts/itsuki/smb.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: + +{ + # https://nixos.wiki/wiki/Samba + services.samba = { + enable = true; + securityType = "user"; + extraConfig = '' + workgroup = WORKGROUP + server string = itsuki + netbios name = itsuki + security = user + use sendfile = yes + #max protocol = smb2 + hosts allow = 0.0.0.0/0 + hosts deny = 0.0.0.0/0 + guest account = nobody + map to guest = bad user + ''; + shares = { + data = { + path = "/data"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "cadey"; + "force group" = "within"; + }; + }; + }; +} diff --git a/hosts/itsuki/zrepl.nix b/hosts/itsuki/zrepl.nix new file mode 100644 index 0000000..1c33061 --- /dev/null +++ b/hosts/itsuki/zrepl.nix @@ -0,0 +1,35 @@ +{ config, pkgs, lib, ... }: + +{ + services.zrepl = { + enable = true; + settings = { + global = { + logging = [{ + type = "syslog"; + level = "info"; + format = "human"; + }]; + }; + + jobs = [{ + name = "backups"; + type = "sink"; + serve = { + type = "tcp"; + listen = "100.68.185.47:29491"; + clients = { + "100.103.44.76" = "lufta"; + "fda2:d982:1da2:a88b:6c8:3903:be65:3261" = "genza"; + "100.106.39.95" = "logos"; + "100.122.181.67" = "kos-mos"; + "100.126.232.35" = "logos"; + "100.103.116.84" = "ontos"; + "100.78.40.86" = "pneuma"; + }; + }; + root_fs = "rpool/backup"; + }]; + }; + }; +}