diff options
| author | scouckel <james.krinsky@gmail.com> | 2026-06-14 23:15:07 -0400 |
|---|---|---|
| committer | scouckel <james.krinsky@gmail.com> | 2026-06-14 23:15:07 -0400 |
| commit | 029658ee78bdac2b933dc67c492f7f17358e2254 (patch) | |
| tree | cc57432e2a3944a5c5eb931fe298418bf81d97e9 /modules/hosts/shar | |
| parent | 5946be625dc90e2caadb9f7ce73885504033338b (diff) | |
shar to dendritic?
Diffstat (limited to 'modules/hosts/shar')
| -rw-r--r-- | modules/hosts/shar/hardware.nix | 47 | ||||
| -rw-r--r-- | modules/hosts/shar/shar.nix | 149 |
2 files changed, 196 insertions, 0 deletions
diff --git a/modules/hosts/shar/hardware.nix b/modules/hosts/shar/hardware.nix new file mode 100644 index 0000000..7431695 --- /dev/null +++ b/modules/hosts/shar/hardware.nix @@ -0,0 +1,47 @@ +{ + self, + inputs, + ... +}: { + flake.nixosModules.sharHardware = { + config, + lib, + pkgs, + modulesPath, + ... + }: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/737de4e0-554e-4175-a454-677cf03dbada"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/8201-A778"; + fsType = "vfat"; + options = ["fmask=0077" "dmask=0077"]; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/429ba137-6ea4-43ba-97ff-e2c2206f935b";} + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; +} diff --git a/modules/hosts/shar/shar.nix b/modules/hosts/shar/shar.nix new file mode 100644 index 0000000..1562ad1 --- /dev/null +++ b/modules/hosts/shar/shar.nix @@ -0,0 +1,149 @@ +{ + inputs, + self, + ... +}: { + flake.nixosConfigurations.shar = inputs.nixpkgs.lib.nixosSystem { + modules = [ + self.nixosModules.shar + self.nixosModules.sharHardware + + self.nixosModules.createHost + self.nixosModules.hostOptions + ]; + }; + + flake.nixosModules.shar = {pkgs, ...}: { + hostOptions = { + host.name = "shar"; + user.name = "jck"; + user.email = "jckrinsky@gmail.com"; + server = { + dataPath = "/tank/data"; + mediaPath = "/tank/media"; + domain = "jckrinsky.net"; + # sshKeys = [ + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBgQS9Y3yqztLL0Ss0JUCN04B6zgLXIETgY0jyvT6I98 jck@tiamat" + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVbrjXliZECEFOLlgJ8vy+Qja1G+sY0LM+ijEgyP3HZ jck@vecna" + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGuvWTpRTumIOlnUHRBx5ZqjFi5qfezvLrpLAzB97nq jck@balduran" + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK3cFs4a3j77gJvoeU92Olj74wcLrVBv+2FUFqKOeoxb jck@dragotha" + # ]; + }; + }; + + users.users.jck.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBgQS9Y3yqztLL0Ss0JUCN04B6zgLXIETgY0jyvT6I98 jck@tiamat" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVbrjXliZECEFOLlgJ8vy+Qja1G+sY0LM+ijEgyP3HZ jck@vecna" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGuvWTpRTumIOlnUHRBx5ZqjFi5qfezvLrpLAzB97nq jck@balduran" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK3cFs4a3j77gJvoeU92Olj74wcLrVBv+2FUFqKOeoxb jck@dragotha" + ]; + + hardware.graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + intel-media-driver + vpl-gpu-rt + intel-compute-runtime + ]; + }; + + boot.kernelParams = ["i915.enable_guc=3"]; + environment.sessionVariables.LIBVA_DRIVER_NAME = "iHD"; + + services.openssh.settings.PasswordAuthentication = false; + services.openssh.settings.openFirewall = true; + + hardware.cpu.intel.updateMicrocode = true; + + networking = { + interfaces.eno1.ipv4.addresses = [ + { + address = "173.66.162.54"; + prefixLength = 28; + } + ]; + + hostId = "958b5d5d"; + useDHCP = false; + defaultGateway = { + address = "173.66.162.1"; + interface = "eno1"; + }; + nameservers = ["1.1.1.1" "9.9.9.9"]; + + nat = { + enable = true; + internalInterfaces = ["tailscale0"]; + externalInterface = "mullvad"; + }; + + wg-quick.interfaces.mullvad = { + autostart = true; + privateKey = "/home/jck/mullvad.key"; + address = ["10.74.181.209/32"]; + table = "off"; + + peers = [ + { + publicKey = "qD3AH8vI8MhEVc9+0+2O8zV0Gx9FfKdy7ri3Bnpzo10="; + allowedIPs = ["0.0.0.0/0" "::/0"]; + endpoint = "185.213.193.3:51820"; + persistentKeepalive = 25; + } + ]; + + postUp = '' + ${pkgs.iproute2}/bin/ip route add default dev mullvad table 1234 + ${pkgs.iproute2}/bin/ip rule add from 10.74.181.209 table 1234 priority 1000 + ${pkgs.iproute2}/bin/ip rule add iif tailscale0 table 1234 priority 1010 + ''; + + postDown = '' + ${pkgs.iproute2}/bin/ip rule del from 10.74.181.209 table 1234 + ${pkgs.iproute2}/bin/ip rule del iif tailscale0 table 1234 priority 1010 + ''; + }; + }; + + systemd.services.qbittorrent.serviceConfig = { + RestrictNetworkInterfaces = [ + "lo" + "mullvad" + "tailscale0" + ]; + }; + + fileSystems."/tank/data" = { + device = "shar0/data"; + fsType = "zfs"; + options = ["nofail"]; + }; + + fileSystems."/tank/media" = { + device = "shar1/data"; + fsType = "zfs"; + options = ["nofail"]; + }; + + fileSystems."/tank/backups" = { + device = "shar1/data"; + fsType = "zfs"; + options = ["nofail"]; + }; + + services.zfs = { + autoScrub.enable = true; + autoSnapshot.enable = true; + }; + + services.nfs.server = { + enable = true; + exports = '' + /tank/media 100.64.0.0/10(rw,async,no_subtree_check) + /tank/data 100.64.0.0/10(rw,async,no_subtree_check) + /tank/backups 100.64.0.0/10(rw,async,no_subtree_check) + ''; + }; + }; +} |