shar to dendritic?

author: scouckel <james.krinsky@gmail.com> 2026-06-14 23:15:07 -0400
committer: scouckel <james.krinsky@gmail.com> 2026-06-14 23:15:07 -0400
commit: 029658ee78bdac2b933dc67c492f7f17358e2254 (patch)
tree: cc57432e2a3944a5c5eb931fe298418bf81d97e9 /modules/hosts/shar/shar.nix
parent: 5946be625dc90e2caadb9f7ce73885504033338b (diff)
1 files changed, 149 insertions, 0 deletions
diff --git a/modules/hosts/shar/shar.nix b/modules/hosts/shar/shar.nix
new file mode 100644
index 0000000..1562ad1
--- /dev/null
+++ b/modules/hosts/shar/shar.nix
@@ -0,0 +1,149 @@
+{
+  inputs,
+  self,
+  ...
+}: {
+  flake.nixosConfigurations.shar = inputs.nixpkgs.lib.nixosSystem {
+    modules = [
+      self.nixosModules.shar
+      self.nixosModules.sharHardware
+
+      self.nixosModules.createHost
+      self.nixosModules.hostOptions
+    ];
+  };
+
+  flake.nixosModules.shar = {pkgs, ...}: {
+    hostOptions = {
+      host.name = "shar";
+      user.name = "jck";
+      user.email = "jckrinsky@gmail.com";
+      server = {
+        dataPath = "/tank/data";
+        mediaPath = "/tank/media";
+        domain = "jckrinsky.net";
+        # sshKeys = [
+        #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBgQS9Y3yqztLL0Ss0JUCN04B6zgLXIETgY0jyvT6I98 jck@tiamat"
+        #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVbrjXliZECEFOLlgJ8vy+Qja1G+sY0LM+ijEgyP3HZ jck@vecna"
+        #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGuvWTpRTumIOlnUHRBx5ZqjFi5qfezvLrpLAzB97nq jck@balduran"
+        #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK3cFs4a3j77gJvoeU92Olj74wcLrVBv+2FUFqKOeoxb jck@dragotha"
+        # ];
+      };
+    };
+
+    users.users.jck.openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBgQS9Y3yqztLL0Ss0JUCN04B6zgLXIETgY0jyvT6I98 jck@tiamat"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVbrjXliZECEFOLlgJ8vy+Qja1G+sY0LM+ijEgyP3HZ jck@vecna"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGuvWTpRTumIOlnUHRBx5ZqjFi5qfezvLrpLAzB97nq jck@balduran"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK3cFs4a3j77gJvoeU92Olj74wcLrVBv+2FUFqKOeoxb jck@dragotha"
+    ];
+
+    hardware.graphics = {
+      enable = true;
+      enable32Bit = true;
+      extraPackages = with pkgs; [
+        intel-media-driver
+        vpl-gpu-rt
+        intel-compute-runtime
+      ];
+    };
+
+    boot.kernelParams = ["i915.enable_guc=3"];
+    environment.sessionVariables.LIBVA_DRIVER_NAME = "iHD";
+
+    services.openssh.settings.PasswordAuthentication = false;
+    services.openssh.settings.openFirewall = true;
+
+    hardware.cpu.intel.updateMicrocode = true;
+
+    networking = {
+      interfaces.eno1.ipv4.addresses = [
+        {
+          address = "173.66.162.54";
+          prefixLength = 28;
+        }
+      ];
+
+      hostId = "958b5d5d";
+      useDHCP = false;
+      defaultGateway = {
+        address = "173.66.162.1";
+        interface = "eno1";
+      };
+      nameservers = ["1.1.1.1" "9.9.9.9"];
+
+      nat = {
+        enable = true;
+        internalInterfaces = ["tailscale0"];
+        externalInterface = "mullvad";
+      };
+
+      wg-quick.interfaces.mullvad = {
+        autostart = true;
+        privateKey = "/home/jck/mullvad.key";
+        address = ["10.74.181.209/32"];
+        table = "off";
+
+        peers = [
+          {
+            publicKey = "qD3AH8vI8MhEVc9+0+2O8zV0Gx9FfKdy7ri3Bnpzo10=";
+            allowedIPs = ["0.0.0.0/0" "::/0"];
+            endpoint = "185.213.193.3:51820";
+            persistentKeepalive = 25;
+          }
+        ];
+
+        postUp = ''
+          ${pkgs.iproute2}/bin/ip route add default dev mullvad table 1234
+          ${pkgs.iproute2}/bin/ip rule add from 10.74.181.209 table 1234 priority 1000
+          ${pkgs.iproute2}/bin/ip rule add iif tailscale0 table 1234 priority 1010
+        '';
+
+        postDown = ''
+          ${pkgs.iproute2}/bin/ip rule del from 10.74.181.209 table 1234
+          ${pkgs.iproute2}/bin/ip rule del iif tailscale0 table 1234 priority 1010
+        '';
+      };
+    };
+
+    systemd.services.qbittorrent.serviceConfig = {
+      RestrictNetworkInterfaces = [
+        "lo"
+        "mullvad"
+        "tailscale0"
+      ];
+    };
+
+    fileSystems."/tank/data" = {
+      device = "shar0/data";
+      fsType = "zfs";
+      options = ["nofail"];
+    };
+
+    fileSystems."/tank/media" = {
+      device = "shar1/data";
+      fsType = "zfs";
+      options = ["nofail"];
+    };
+
+    fileSystems."/tank/backups" = {
+      device = "shar1/data";
+      fsType = "zfs";
+      options = ["nofail"];
+    };
+
+    services.zfs = {
+      autoScrub.enable = true;
+      autoSnapshot.enable = true;
+    };
+
+    services.nfs.server = {
+      enable = true;
+      exports = ''
+        /tank/media 100.64.0.0/10(rw,async,no_subtree_check)
+        /tank/data 100.64.0.0/10(rw,async,no_subtree_check)
+        /tank/backups 100.64.0.0/10(rw,async,no_subtree_check)
+      '';
+    };
+  };
+}
author	scouckel <james.krinsky@gmail.com>	2026-06-14 23:15:07 -0400
committer	scouckel <james.krinsky@gmail.com>	2026-06-14 23:15:07 -0400
commit	029658ee78bdac2b933dc67c492f7f17358e2254 (patch)
tree	cc57432e2a3944a5c5eb931fe298418bf81d97e9 /modules/hosts/shar/shar.nix
parent	5946be625dc90e2caadb9f7ce73885504033338b (diff)