itsuki

Signed-off-by: Xe <me@christine.website>

flake.nix

@@ -69,6 +69,11 @@
         # avalon
         chrysalis = mkSystem [ ./hosts/chrysalis ./hardware/location/YOW ];
 
+        itsuki = mkSystem [
+          ./hosts/itsuki
+          ./hardware/location/YOW
+        ];
+
         kos-mos = mkSystem [
           ./hosts/kos-mos
           ./hardware/alrest
@@ -128,6 +133,18 @@
         };
       };
 
+      deploy.nodes.itsuki = {
+        hostname = "192.168.2.35";
+        sshUser = "root";
+        fastConnection = true;
+
+        profiles.system = {
+          user = "root";
+          path = deploy-rs.lib.x86_64-linux.activate.nixos
+            self.nixosConfigurations.itsuki;
+        };
+      };
+
       deploy.nodes.logos = {
         hostname = "192.168.2.35";
         sshUser = "root";

hosts/itsuki/default.nix

@@ -0,0 +1,71 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ../../common
+
+    ./hardware-configuration.nix
+    ./plex.nix
+    ./smb.nix
+    ./zrepl.nix
+  ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.supportedFilesystems = [ "zfs" ];
+  boot.kernelParams = [ "nomodeset" ];
+
+  services.prometheus.exporters.node.enable = true;
+
+  virtualisation.docker = {
+    enable = true;
+    storageDriver = "zfs";
+  };
+  systemd.services."docker" = {
+    path = [ pkgs.zfs ];
+  };
+
+  virtualisation.libvirtd.enable = true;
+  services.nfs.server.enable = true;
+  services.nfs.server.exports = ''
+    /data 0.0.0.0/0(insecure,rw,sync,all_squash,anonuid=1000,anongid=996)
+  '';
+  security.sudo.wheelNeedsPassword = false;
+
+  networking.hostName = "itsuki"; # Define your hostname.
+  networking.hostId = "4d64f279";
+  networking.useDHCP = false;
+  networking.interfaces.enp2s0.useDHCP = true;
+  networking.interfaces.wlp3s0.useDHCP = true;
+  services.openssh.enable = true;
+  networking.firewall.enable = false;
+  system.stateVersion = "21.05"; # Did you read the comment?
+
+  environment.systemPackages = with pkgs; [ docker-compose ];
+
+  services.tailscale.enable = true;
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."itsuki.shark-harmonic.ts.net" = {
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:32400";
+        proxyWebsockets = true;
+      };
+      locations."/transmission" = {
+        proxyPass = "http://127.0.0.1:9091";
+        proxyWebsockets = true;
+      };
+      sslCertificate = "/srv/within/certs/itsuki.shark-harmonic.ts.net.crt";
+      sslCertificateKey = "/srv/within/certs/itsuki.shark-harmonic.ts.net.key";
+    };
+  };
+
+  within.users.enableSystem = true;
+}

hosts/itsuki/hardware-configuration.nix

@@ -0,0 +1,43 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-id/nvme-eui.e8238fa6bf530001001b448b48da3daa-part4";
+    fsType = "vfat";
+  };
+
+  fileSystems."/" = {
+    device = "rpool/safe/root";
+    fsType = "zfs";
+  };
+
+  fileSystems."/nix" = {
+    device = "rpool/local/nix";
+    fsType = "zfs";
+  };
+
+  fileSystems."/data" = {
+    device = "rpool/safe/data";
+    fsType = "zfs";
+  };
+
+  fileSystems."/home" = {
+    device = "rpool/safe/home";
+    fsType = "zfs";
+  };
+
+  swapDevices = [ ];
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}

hosts/itsuki/plex.nix

@@ -0,0 +1,11 @@
+{ config, pkgs, lib, ... }:
+
+{
+  nixpkgs.config.allowUnfree = true;
+
+  services.plex = {
+    dataDir = "/data/plex";
+    user = "cadey";
+    enable = true;
+  };
+}

hosts/itsuki/smb.nix

@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+
+{
+  # https://nixos.wiki/wiki/Samba
+  services.samba = {
+    enable = true;
+    securityType = "user";
+    extraConfig = ''
+      workgroup = WORKGROUP
+      server string = itsuki
+      netbios name = itsuki
+      security = user 
+      use sendfile = yes
+      #max protocol = smb2
+      hosts allow = 0.0.0.0/0
+      hosts deny = 0.0.0.0/0
+      guest account = nobody
+      map to guest = bad user
+    '';
+    shares = {
+      data = {
+        path = "/data";
+        browseable = "yes";
+        "read only" = "no";
+        "guest ok" = "yes";
+        "create mask" = "0644";
+        "directory mask" = "0755";
+        "force user" = "cadey";
+        "force group" = "within";
+      };
+    };
+  };
+}

hosts/itsuki/zrepl.nix

@@ -0,0 +1,35 @@
+{ config, pkgs, lib, ... }:
+
+{
+  services.zrepl = {
+    enable = true;
+    settings = {
+      global = {
+        logging = [{
+          type = "syslog";
+          level = "info";
+          format = "human";
+        }];
+      };
+
+      jobs = [{
+        name = "backups";
+        type = "sink";
+        serve = {
+          type = "tcp";
+          listen = "100.68.185.47:29491";
+          clients = {
+            "100.103.44.76" = "lufta";
+            "fda2:d982:1da2:a88b:6c8:3903:be65:3261" = "genza";
+            "100.106.39.95" = "logos";
+            "100.122.181.67" = "kos-mos";
+            "100.126.232.35" = "logos";
+            "100.103.116.84" = "ontos";
+            "100.78.40.86" = "pneuma";
+          };
+        };
+        root_fs = "rpool/backup";
+      }];
+    };
+  };
+}