nekomimi.pet / nixcfg
my nix configs for my servers and desktop
fork atom
nixcfg / hosts / valefar / default.nix
at 5536af3b94a09275644ff4ad0e65addeda4026d2 8.2 kB view raw
1# hosts/valefar/configuration.nix (or default.nix) 2{ config, lib, pkgs, modulesPath, microvm, inputs, ... }: 3{ 4 # ============================================================================= 5 # IMPORTS 6 # ============================================================================= 7 imports = [ 8 # Host-specific hardware 9 ./hardware.nix 10 ./secrets.nix 11 ../../common/nvidia.nix 12 13 # Common secrets 14 ../../host-secrets.nix 15 16 # Common modules shared across hosts 17 ../../common/system.nix 18 ../../common/users.nix 19 ../../common/services.nix 20 ../../common/efi.nix 21 22 # Hardware-specific (commented out) 23 ../../common/nvidia.nix 24 ]; 25 26 # ============================================================================= 27 # SYSTEM CONFIGURATION 28 # ============================================================================= 29 system.stateVersion = "24.11"; 30 nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 31 32 hardware.cpu.amd.updateMicrocode = lib.mkDefault 33 config.hardware.enableRedistributableFirmware; 34 35 # ============================================================================= 36 # CUSTOM MODULES 37 # ============================================================================= 38 modules.garage.enable = true; 39 modules.forgejo.enable = true; 40 modules.immich.enable = true; 41 modules.github-runners.enable = true; 42 43 # ============================================================================= 44 # NETWORKING 45 # ============================================================================= 46 /*networking = { 47 hostName = "valefar"; 48 hostId = "2a07da90"; 49 firewall.enable = false; 50 firewall.trustedInterfaces = [ "tailscale0" ]; 51 nameservers = [ "10.0.0.210" "1.1.1.1" ]; 52 useDHCP = true; 53 firewall.allowedTCPPorts = [ 22 80 443 2049 2456 2457 9000 9001 9002 ]; 54 firewall.allowedUDPPorts = [ 2049 ]; 55 };*/ 56 networking.useNetworkd = true; 57 systemd.network.enable = true; 58 networking.hostName = "valefar"; 59 networking.hostId = "2a07da90"; 60 networking.firewall.enable = false; 61 62 systemd.network.networks."10-lan" = { 63 matchConfig.Name = ["enp6s0" "vm-*"]; 64 networkConfig = { 65 Bridge = "br0"; 66 }; 67 }; 68 systemd.network.netdevs."br0" = { 69 netdevConfig = { 70 Name = "br0"; 71 Kind = "bridge"; 72 }; 73 }; 74 75 systemd.network.networks."10-lan-bridge" = { 76 matchConfig.Name = "br0"; 77 networkConfig = { 78 Address = ["10.0.0.30/24" "2601:5c2:8400:26c0::30/64"]; 79 Gateway = "10.0.0.1"; 80 DNS = ["10.0.0.210" "1.1.1.1" "1.0.0.1"]; 81 IPv6AcceptRA = true; 82 }; 83 linkConfig.RequiredForOnline = "routable"; 84 }; 85 86 # DNS resolution 87 services.resolved = { 88 enable = true; 89 dnssec = "false"; 90 domains = [ "~." ]; 91 fallbackDns = [ "10.0.0.210" "1.1.1.1" ]; 92 dnsovertls = "false"; 93 }; 94 95 # ============================================================================= 96 # BOOT & FILESYSTEMS 97 # ============================================================================= 98 boot = { 99 supportedFilesystems = [ "zfs" ]; 100 kernelModules = [ "nct6775" "coretemp" ]; 101 102 zfs = { 103 extraPools = [ "garage" "storage" ]; 104 devNodes = "/dev/disk/by-id"; 105 forceImportAll = true; 106 }; 107 }; 108 109 # ============================================================================= 110 # ZFS CONFIGURATION 111 # ============================================================================= 112 # ZFS import services 113 systemd.services.zfs-import-cache.enable = false; 114 systemd.services.zfs-import-scan = { 115 enable = true; 116 after = [ "systemd-udev-settle.service" ]; 117 wants = [ "systemd-udev-settle.service" ]; 118 }; 119 120 # ZFS mount points 121 systemd.mounts = [ 122 { 123 what = "garage"; 124 where = "/garage"; 125 type = "zfs"; 126 after = [ "zfs-import-scan.service" ]; 127 wants = [ "zfs-import-scan.service" ]; 128 } 129 { 130 what = "storage"; 131 where = "/storage"; 132 type = "zfs"; 133 after = [ "zfs-import-scan.service" ]; 134 wants = [ "zfs-import-scan.service" ]; 135 } 136 ]; 137 138 # ZFS maintenance 139 services.zfs = { 140 autoScrub.enable = true; 141 trim.enable = true; 142 }; 143 144 # ============================================================================= 145 # DIRECTORY STRUCTURE 146 # ============================================================================= 147 systemd.tmpfiles.rules = [ 148 "d /storage/immich 0755 immich immich -" 149 "d /storage/immich/photos 0755 immich immich -" 150 "Z /storage/immich 0755 immich immich -" 151 "d /storage/tm_share 0755 regent users" 152 "Z /garage/ 0755 garage garage -" 153 ]; 154 155 # ============================================================================= 156 # NFS SERVER 157 # ============================================================================= 158 services.nfs.server = { 159 enable = true; 160 exports = '' 161 /storage *(rw,sync,no_subtree_check,no_root_squash) 162 ''; 163 }; 164 165 services.samba = { 166 enable = true; 167 settings = { 168 global = { 169 "workgroup" = "WORKGROUP"; 170 "server string" = "valefar"; 171 "netbios name" = "valefar"; 172 "security" = "user"; 173 174 "hosts allow" = "100.64.0.0/10 10.0.0.0/24 127.0.0.1 localhost"; 175 "hosts deny" = "0.0.0.0/0"; 176 "guest account" = "nobody"; 177 "map to guest" = "bad user"; 178 }; 179 180 "tm_share" = { 181 "path" = "/storage/tm_share"; 182 "valid users" = "regent"; 183 "public" = "yes"; 184 "writeable" = "yes"; 185 "force user" = "regent"; 186 "fruit:aapl" = "yes"; 187 "fruit:time machine" = "yes"; 188 "vfs objects" = "catia fruit streams_xattr"; 189 }; 190 }; 191 }; 192 193 services.netatalk = { 194 enable = true; 195 settings = { 196 time-machine = { 197 path = "/storage/timemachine"; 198 "valid users" = "regent"; 199 "time machine" = true; 200 }; 201 }; 202 }; 203 204 services.avahi = { 205 enable = true; 206 nssmdns = true; 207 publish = { 208 enable = true; 209 userServices = true; 210 }; 211 212 extraServiceFiles = { 213 timemachine = '' 214 <?xml version="1.0" standalone='no'?> 215 <!DOCTYPE service-group SYSTEM "avahi-service.dtd"> 216 <service-group> 217 <name replace-wildcards="yes">%h</name> 218 <service> 219 <type>_smb._tcp</type> 220 <port>445</port> 221 </service> 222 <service> 223 <type>_device-info._tcp</type> 224 <port>0</port> 225 <txt-record>model=TimeCapsule8,119</txt-record> 226 </service> 227 <service> 228 <type>_adisk._tcp</type> 229 <!-- 230 change tm_share to share name, if you changed it. 231 --> 232 <txt-record>dk0=adVN=tm_share,adVF=0x82</txt-record> 233 <txt-record>sys=waMa=0,adVF=0x100</txt-record> 234 </service> 235 </service-group> 236 ''; 237 }; 238 }; 239 240 # ============================================================================= 241 # SERVICES 242 # ============================================================================= 243 services.vscode-server = { 244 enable = true; 245 nodejsPackage = pkgs.nodejs_20; 246 }; 247 248 # ============================================================================= 249 # VIRTUALIZATION 250 # ============================================================================= 251 virtualisation.docker = { 252 enable = true; 253 enableOnBoot = true; 254 package = pkgs.docker.override { 255 buildGoModule = pkgs.buildGo123Module; 256 }; 257 }; 258 259 # ============================================================================= 260 # PACKAGES 261 # ============================================================================= 262 environment.systemPackages = with pkgs; [ 263 lm_sensors 264 code-server 265 inputs.agenix.packages.x86_64-linux.default 266 ]; 267 268 269 # ============================================================================= 270 # VIRTUAL MACHINES 271 # ============================================================================= 272 /*systemd.services."microvm@".after = [ "microvm-virtiofsd@%i.service" ]; 273 274 microvm.vms = { 275 gameservers = { 276 config = import ./gamevm.nix; 277 }; 278 }; 279 280 microvm.autostart = [ 281 "gameservers" 282 ];*/ 283}