From 9de2d294006c451633582ccc08751e28fbd58a19 Mon Sep 17 00:00:00 2001 From: Kabbone Date: Mon, 1 Apr 2024 15:45:28 +0200 Subject: [PATCH] hosts: add server_big prototype --- hosts/default.nix | 22 ++++ hosts/home.nix | 28 ++-- hosts/server_big/default.nix | 101 ++++++++++++++ hosts/server_big/hardware-configuration.nix | 138 ++++++++++++++++++++ hosts/server_big/home.nix | 39 ++++++ 5 files changed, 314 insertions(+), 14 deletions(-) create mode 100644 hosts/server_big/default.nix create mode 100644 hosts/server_big/hardware-configuration.nix create mode 100644 hosts/server_big/home.nix diff --git a/hosts/default.nix b/hosts/default.nix index 5b22f8a..790665a 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -138,6 +138,28 @@ in ]; }; + server_big = lib.nixosSystem { # Desktop profile + inherit system; + specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; }; + modules = [ + agenix.nixosModules.default + microvm.nixosModules.host + ./server + ./configuration_server.nix + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-pc-ssd + + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.extraSpecialArgs = { inherit user; }; + home-manager.users.${user} = { + imports = [(import ./home_server.nix)] ++ [(import ./server/home.nix)]; + }; + } + ]; + }; + nasbackup = lib.nixosSystem { # Desktop profile inherit system; specialArgs = { inherit inputs user location nixos-hardware nur agenix; }; diff --git a/hosts/home.nix b/hosts/home.nix index 7f136e0..d654e45 100644 --- a/hosts/home.nix +++ b/hosts/home.nix @@ -112,20 +112,20 @@ }; - gtk = { # Theming - enable = true; - theme = { - name = "Dracula"; - package = pkgs.dracula-theme; - }; - iconTheme = { - name = "Papirus-Dark"; - package = pkgs.papirus-icon-theme; - }; - font = { - name = "FiraCode Nerd Font"; # or FiraCode Nerd Font Mono Medium - }; # Cursor is declared under home.pointerCursor - }; +# gtk = { # Theming +# enable = true; +# theme = { +# name = "Dracula"; +# package = pkgs.dracula-theme; +# }; +# iconTheme = { +# name = "Papirus-Dark"; +# package = pkgs.papirus-icon-theme; +# }; +# font = { +# name = "FiraCode Nerd Font"; # or FiraCode Nerd Font Mono Medium +# }; # Cursor is declared under home.pointerCursor +# }; systemd.user.services.mpris-proxy = { Unit.Description = "Mpris proxy"; Unit.After = [ "network.target" "sound.target" ]; diff --git a/hosts/server_big/default.nix b/hosts/server_big/default.nix new file mode 100644 index 0000000..e64421a --- /dev/null +++ b/hosts/server_big/default.nix @@ -0,0 +1,101 @@ +# +# Specific system configuration settings for desktop +# +# flake.nix +# ├─ ./hosts +# │ └─ ./laptop +# │ ├─ default.nix * +# │ └─ hardware-configuration.nix +# └─ ./modules +# ├─ ./desktop +# │ └─ ./hyprland +# │ └─ hyprland.nix +# ├─ ./modules +# │ └─ ./programs +# │ └─ waybar.nix +# └─ ./hardware +# └─ default.nix +# + +{ config, pkgs, user, agenix, impermanence, ... }: + +{ + imports = # For now, if applying to other system, swap files + [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix + #[(import ../../modules/desktop/virtualisation/docker.nix)] ++ # Docker + (import ../../modules/services/server) ++ # Server Services + (import ../../modules/hardware); # Hardware devices + + boot = { # Boot options + kernelPackages = pkgs.linuxPackages_latest; + + loader = { # EFI Boot + grub = { + enable = true; + device = "/dev/sda"; + }; + timeout = 1; # Grub auto select time + }; + }; + + environment = { + etc = { + "fail2ban/filter.d/gitea.conf" = { + source = ../../modules/services/server/fail2ban/filter/gitea.conf; + mode = "0444"; + }; + "fail2ban/filter.d/nextcloud.conf" = { + source = ../../modules/services/server/fail2ban/filter/nextcloud.conf; + mode = "0444"; + }; + }; + }; + + programs = { # No xbacklight, this is the alterantive + zsh.enable = true; + ssh.startAgent = false; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + pinentryFlavor = "curses"; + }; + }; + + services = { + #auto-cpufreq.enable = true; + qemuGuest.enable = true; + avahi = { # Needed to find wireless printer + enable = true; + nssmdns = true; + publish = { # Needed for detecting the scanner + enable = true; + addresses = true; + userServices = true; + }; + }; + fail2ban = { + enable = true; + maxretry = 5; + jails.DEFAULT.settings = { + findtime = "15m"; + }; + jails = { + gitea = '' + enabled = true + filter = gitea + backend = systemd + action = iptables-allports + ''; + nextcloud = '' + backend = auto + enabled = true + filter = nextcloud + logpath = /var/lib/nextcloud/data/nextcloud.log + action = iptables-allports + ''; + }; + }; + + }; + +} diff --git a/hosts/server_big/hardware-configuration.nix b/hosts/server_big/hardware-configuration.nix new file mode 100644 index 0000000..754c390 --- /dev/null +++ b/hosts/server_big/hardware-configuration.nix @@ -0,0 +1,138 @@ +# +# Hardware settings for Teclast F5 10" Laptop +# NixOS @ sda2 +# +# flake.nix +# └─ ./hosts +# └─ ./laptop +# └─ hardware-configuration.nix * +# +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + boot.tmp.useTmpfs = false; + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + + services.btrfs.autoScrub = { + enable = true; + interval = "monthly"; + fileSystems = [ + "/" + ]; + }; + + services.btrbk = { + instances = { + hf = { + onCalendar = "hourly"; + settings = { + incremental = "yes"; + snapshot_create = "ondemand"; + snapshot_dir = "@snapshots"; + timestamp_format = "long"; + + snapshot_preserve = "2m 2w 5d 5h"; + snapshot_preserve_min = "latest"; + + volume = { + "/mnt/snapshots/root" = { + snapshot_create = "always"; + subvolume = { + "@" = {}; + "@home" = {}; + }; + }; + }; + }; + }; + }; + }; + + fileSystems."/" = + { device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ]; + }; + + fileSystems."/srv" = + { device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; + }; + + fileSystems."/swap" = + { device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ]; + }; + + fileSystems."/mnt/snapshots/root" = + { device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ]; + }; + + + #swapDevices = [ { device = "/swap/swapfile"; } ]; + swapDevices = [ ]; + + networking = { + useDHCP = false; # Deprecated + hostName = "kabtop"; + domain = "kabtop.de"; + networkmanager = { + enable = false; + }; + interfaces = { + ens18 = { + useDHCP = false; # For versatility sake, manually edit IP on nm-applet. + ipv4.addresses = [ { + address = "37.44.215.182"; + prefixLength = 24; + } ]; + ipv6.addresses = [ { + address = "2a13:7e80:0:ef::"; + prefixLength = 64; + } ]; + }; + }; + defaultGateway = "37.44.215.182"; + defaultGateway6 = { + address = "fe80::1"; + interface = "ens18"; + }; + + nameservers = [ "9.9.9.9" "2620:fe::fe" ]; + firewall = { + enable = true; + allowedUDPPorts = [ ]; + allowedTCPPorts = [ 80 443 ]; + }; + }; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/server_big/home.nix b/hosts/server_big/home.nix new file mode 100644 index 0000000..03d34bb --- /dev/null +++ b/hosts/server_big/home.nix @@ -0,0 +1,39 @@ +# +# Home-manager configuration for laptop +# +# flake.nix +# ├─ ./hosts +# │ └─ ./laptop +# │ └─ home.nix * +# └─ ./modules +# └─ ./desktop +# └─ ./hyprland +# └─ hyprland.nix +# + +{ pkgs, ... }: + +{ + imports = + [ + ../../modules/home.nix # Window Manager + ]; + + home = { # Specific packages for laptop + packages = with pkgs; [ + # Applications + + # Display + #light # xorg.xbacklight not supported. Other option is just use xrandr. + + # Power Management + #auto-cpufreq # Power management + #tlp # Power management + ]; + }; + + programs = { + alacritty.settings.font.size = 11; + }; + +}