diff --git a/flake.nix b/flake.nix index e450a1f..d10fe56 100644 --- a/flake.nix +++ b/flake.nix @@ -71,6 +71,13 @@ }) ]; }; + + buer = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/buer + ] + } # Easy to add more hosts /*server2 = nixpkgs.lib.nixosSystem { diff --git a/hosts/buer/default.nix b/hosts/buer/default.nix new file mode 100644 index 0000000..8d6c580 --- /dev/null +++ b/hosts/buer/default.nix @@ -0,0 +1,68 @@ +# hosts/valefar/configuration.nix (or default.nix) +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + # Host-specific hardware + ./hardware.nix + ./secrets.nix + + # Common modules shared across hosts + ../../modules/common/system.nix + ../../modules/common/users.nix + ../../modules/common/services.nix + + # Services specific to this host + #../../services/garage.nix + #../../services/forgejo.nix + + # Common secrets + ../../host-secrets.nix + ]; + + # pin host platform & microcode + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault + config.hardware.enableRedistributableFirmware; + + networking.hostName = "buer"; + networking.hostId = "1418d29e"; + networking.useDHCP = false; + systemd.network.enable = true; + systemd.network.networks."10-wan" = { + matchConfig.Name = "ens3"; + address = [ + "103.251.165.107/24" + "2a04:52c0:0135:48d1::2/48" + ]; + gateway = [ + "103.251.165.1" + "2a04:52c0:0135::1" + ]; + dns = [ + "2a01:6340:1:20:4::10" + "2a04:52c0:130:2a5c::10" + "185.31.172.240" + "5.255.125.240" + ]; + }; + + #boot.supportedFilesystems = [ "zfs" ]; + #boot.kernelModules = [ "nct6775" "coretemp" ]; + + #services.zfs.autoScrub.enable = true; + #services.zfs.trim.enable = true; + + environment.systemPackages = with pkgs; [ + #lm_sensors + #code-server + ]; + + virtualisation.docker = { + enable = true; + enableOnBoot = true; + package = pkgs.docker.override { + buildGoModule = pkgs.buildGo123Module; + }; + }; +} diff --git a/hosts/buer/hardware.nix b/hosts/buer/hardware.nix new file mode 100644 index 0000000..8b1780e --- /dev/null +++ b/hosts/buer/hardware.nix @@ -0,0 +1,63 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "uas" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/17b399da-2210-4493-9ae3-c65b20b992a0"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/6340-211B"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + fileSystems."/garage" = { + device = "garage"; + fsType = "zfs"; + }; + + fileSystems."/storage" = { + device = "storage"; + fsType = "zfs"; + }; + + swapDevices = [ ]; + + # Fan Control + hardware.fancontrol = { + enable = true; + config = '' +INTERVAL=10 +DEVPATH=hwmon1=devices/platform/nct6775.2592 hwmon2=devices/platform/coretemp.0 +DEVNAME=hwmon1=nct6795 hwmon2=coretemp +FCTEMPS=hwmon1/pwm2=hwmon2/temp1_input hwmon1/pwm3=hwmon2/temp1_input +FCFANS=hwmon1/pwm2=hwmon1/fan2_input hwmon1/pwm3=hwmon1/fan3_input +MINTEMP=hwmon1/pwm2=20 hwmon1/pwm3=20 +MAXTEMP=hwmon1/pwm2=65 hwmon1/pwm3=60 +MINSTART=hwmon1/pwm2=38 hwmon1/pwm3=75 +MINSTOP=hwmon1/pwm2=28 hwmon1/pwm3=75 +MINPWM=hwmon1/pwm2=28 hwmon1/pwm3=75 +MAXPWM=hwmon1/pwm2=150 hwmon1/pwm3=105 + ''; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; +} diff --git a/hosts/buer/secrets.nix b/hosts/buer/secrets.nix new file mode 100644 index 0000000..077404a --- /dev/null +++ b/hosts/buer/secrets.nix @@ -0,0 +1,3 @@ +{ + +} \ No newline at end of file diff --git a/hosts/focalor/default.nix b/hosts/focalor/default.nix index 80350e0..99c93d6 100644 --- a/hosts/focalor/default.nix +++ b/hosts/focalor/default.nix @@ -33,6 +33,24 @@ networking.hostName = "focalor"; networking.hostId = "84bdc587"; + + networking = { + firewall.enable = false; + firewall.trustedInterfaces = [ + "tailscale0" + ]; + nameservers = [ "192.168.4.3" "1.1.1.1" ]; + useDHCP = true; + firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; + }; + + services.resolved = { + enable = true; + dnssec = "true"; + domains = [ "~." ]; + fallbackDns = [ "192.168.4.3" "1.0.0.1#one.one.one.one" ]; + dnsovertls = "true"; + }; #boot.supportedFilesystems = [ "zfs" ]; #boot.kernelModules = [ "nct6775" "coretemp" ]; diff --git a/hosts/valefar/default.nix b/hosts/valefar/default.nix index 299e3ca..ba90e87 100644 --- a/hosts/valefar/default.nix +++ b/hosts/valefar/default.nix @@ -27,6 +27,24 @@ networking.hostName = "valefar"; networking.hostId = "2a07da90"; + + networking = { + firewall.enable = false; + firewall.trustedInterfaces = [ + "tailscale0" + ]; + nameservers = [ "192.168.4.3" "1.1.1.1" ]; + useDHCP = true; + firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; + }; + + services.resolved = { + enable = true; + dnssec = "true"; + domains = [ "~." ]; + fallbackDns = [ "192.168.4.3" "1.0.0.1#one.one.one.one" ]; + dnsovertls = "true"; + }; boot.supportedFilesystems = [ "zfs" ]; boot.kernelModules = [ "nct6775" "coretemp" ]; diff --git a/modules/common/system.nix b/modules/common/system.nix index 4dbaeb8..ac77898 100644 --- a/modules/common/system.nix +++ b/modules/common/system.nix @@ -10,24 +10,6 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; - networking = { - firewall.enable = false; - firewall.trustedInterfaces = [ - "tailscale0" - ]; - nameservers = [ "192.168.4.3" "1.1.1.1" ]; - useDHCP = true; - firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; - }; - - services.resolved = { - enable = true; - dnssec = "true"; - domains = [ "~." ]; - fallbackDns = [ "192.168.4.3" "1.0.0.1#one.one.one.one" ]; - dnsovertls = "true"; - }; - environment.variables.EDITOR = "vim"; time.timeZone = "America/New_York"; diff --git a/modules/common/users.nix b/modules/common/users.nix index 3017ff9..5a40ade 100644 --- a/modules/common/users.nix +++ b/modules/common/users.nix @@ -4,6 +4,10 @@ isNormalUser = true; extraGroups = [ "docker" "wheel" ]; packages = with pkgs; [ tree ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTESAAAAIJ0pUS@lV9dSjkgYbdh9utZ5CDM2dPN70S5fBqN1m3Pb" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCS9VBRE13jojnqVjuUZWTcOK8GokDDlk2U0i61vEJizVzNowGnIAbwq0cOaFEBX4JBkOa4I8Ku2Pw7fODuoehSK/t7FrfXExk2PBT3k0mfzqQYxfq5bzae7AWr7n/sKUBTtvHSACfidxzQpV7VSgW68jqdOt6h7FHSeS2jac7wUNPobL0uCkFB4FiEQOnIqlRGSSabVemL7bC9H9lUyOODSTthiq9S3pPYknyHDRKUtSCSw4pfpasr4bxDVSW99h3GBcW0hZbpw5bwlxQlwbclxQDnn7XJhWpq6zL/2ScVGJgd94z7FshKoF5IFTk6e7a/Ouv4Ato4hRLxEe5u70CH ssh-key-2023-07-11" + ]; }; programs.git = {