{ inputs, self, ... }: { flake.nixosConfigurations.shar = inputs.nixpkgs.lib.nixosSystem { modules = [ self.nixosModules.shar self.nixosModules.sharHardware self.nixosModules.createHost self.nixosModules.hostOptions ]; }; flake.nixosModules.shar = {pkgs, ...}: { hostOptions = { host.name = "shar"; user.name = "jck"; user.email = "jckrinsky@gmail.com"; server = { dataPath = "/tank/data"; mediaPath = "/tank/media"; domain = "jckrinsky.net"; # sshKeys = [ # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBgQS9Y3yqztLL0Ss0JUCN04B6zgLXIETgY0jyvT6I98 jck@tiamat" # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVbrjXliZECEFOLlgJ8vy+Qja1G+sY0LM+ijEgyP3HZ jck@vecna" # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGuvWTpRTumIOlnUHRBx5ZqjFi5qfezvLrpLAzB97nq jck@balduran" # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK3cFs4a3j77gJvoeU92Olj74wcLrVBv+2FUFqKOeoxb jck@dragotha" # ]; }; }; users.users.jck.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBgQS9Y3yqztLL0Ss0JUCN04B6zgLXIETgY0jyvT6I98 jck@tiamat" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVbrjXliZECEFOLlgJ8vy+Qja1G+sY0LM+ijEgyP3HZ jck@vecna" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGuvWTpRTumIOlnUHRBx5ZqjFi5qfezvLrpLAzB97nq jck@balduran" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK3cFs4a3j77gJvoeU92Olj74wcLrVBv+2FUFqKOeoxb jck@dragotha" ]; hardware.graphics = { enable = true; enable32Bit = true; extraPackages = with pkgs; [ intel-media-driver vpl-gpu-rt intel-compute-runtime ]; }; boot.kernelParams = ["i915.enable_guc=3"]; environment.sessionVariables.LIBVA_DRIVER_NAME = "iHD"; services.openssh.settings.PasswordAuthentication = false; services.openssh.settings.openFirewall = true; hardware.cpu.intel.updateMicrocode = true; networking = { interfaces.eno1.ipv4.addresses = [ { address = "173.66.162.54"; prefixLength = 28; } ]; hostId = "958b5d5d"; useDHCP = false; defaultGateway = { address = "173.66.162.1"; interface = "eno1"; }; nameservers = ["1.1.1.1" "9.9.9.9"]; nat = { enable = true; internalInterfaces = ["tailscale0"]; externalInterface = "mullvad"; }; wg-quick.interfaces.mullvad = { autostart = true; privateKey = "/home/jck/mullvad.key"; address = ["10.74.181.209/32"]; table = "off"; peers = [ { publicKey = "qD3AH8vI8MhEVc9+0+2O8zV0Gx9FfKdy7ri3Bnpzo10="; allowedIPs = ["0.0.0.0/0" "::/0"]; endpoint = "185.213.193.3:51820"; persistentKeepalive = 25; } ]; postUp = '' ${pkgs.iproute2}/bin/ip route add default dev mullvad table 1234 ${pkgs.iproute2}/bin/ip rule add from 10.74.181.209 table 1234 priority 1000 ${pkgs.iproute2}/bin/ip rule add iif tailscale0 table 1234 priority 1010 ''; postDown = '' ${pkgs.iproute2}/bin/ip rule del from 10.74.181.209 table 1234 ${pkgs.iproute2}/bin/ip rule del iif tailscale0 table 1234 priority 1010 ''; }; }; systemd.services.qbittorrent.serviceConfig = { RestrictNetworkInterfaces = [ "lo" "mullvad" "tailscale0" ]; }; fileSystems."/tank/data" = { device = "shar0/data"; fsType = "zfs"; options = ["nofail"]; }; fileSystems."/tank/media" = { device = "shar1/data"; fsType = "zfs"; options = ["nofail"]; }; fileSystems."/tank/backups" = { device = "shar1/data"; fsType = "zfs"; options = ["nofail"]; }; services.zfs = { autoScrub.enable = true; autoSnapshot.enable = true; }; services.nfs.server = { enable = true; exports = '' /tank/media 100.64.0.0/10(rw,async,no_subtree_check) /tank/data 100.64.0.0/10(rw,async,no_subtree_check) /tank/backups 100.64.0.0/10(rw,async,no_subtree_check) ''; }; }; }