add buer

2025-06-01 23:30:45 -04:00 · 2025-06-01 23:30:45 -04:00 · 4fc18ee08c
commit 4fc18ee08c
parent 44f6f390ff
8 changed files with 181 additions and 18 deletions
--- a/flake.nix
+++ b/flake.nix
@ -72,6 +72,13 @@
        ];
      };

+      buer = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          ./hosts/buer          
+        ]
+      }
+      
      # Easy to add more hosts
      /*server2 = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
--- a/hosts/buer/default.nix
+++ b/hosts/buer/default.nix
@ -0,0 +1,68 @@
+# hosts/valefar/configuration.nix (or default.nix)
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [
+    # Host-specific hardware
+    ./hardware.nix
+    ./secrets.nix
+    
+    # Common modules shared across hosts
+    ../../modules/common/system.nix
+    ../../modules/common/users.nix
+    ../../modules/common/services.nix
+    
+    # Services specific to this host
+    #../../services/garage.nix
+    #../../services/forgejo.nix
+
+    # Common secrets
+    ../../host-secrets.nix
+  ];
+
+  # pin host platform & microcode
+  nixpkgs.hostPlatform               = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault
+    config.hardware.enableRedistributableFirmware;
+
+  networking.hostName = "buer";
+  networking.hostId = "1418d29e";
+  networking.useDHCP = false;
+  systemd.network.enable = true;
+  systemd.network.networks."10-wan" = {
+    matchConfig.Name = "ens3";
+    address = [
+      "103.251.165.107/24"
+      "2a04:52c0:0135:48d1::2/48"
+    ];
+    gateway = [
+      "103.251.165.1"
+      "2a04:52c0:0135::1"
+    ];
+    dns = [
+      "2a01:6340:1:20:4::10"
+      "2a04:52c0:130:2a5c::10"
+      "185.31.172.240"
+      "5.255.125.240"
+    ];
+  };
+  
+  #boot.supportedFilesystems = [ "zfs" ];
+  #boot.kernelModules = [ "nct6775" "coretemp" ];
+
+  #services.zfs.autoScrub.enable = true;
+  #services.zfs.trim.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    #lm_sensors
+    #code-server
+  ];
+
+  virtualisation.docker = {
+    enable = true;
+    enableOnBoot = true;
+    package = pkgs.docker.override {
+      buildGoModule = pkgs.buildGo123Module;
+    };
+  };
+}
--- a/hosts/buer/hardware.nix
+++ b/hosts/buer/hardware.nix
@ -0,0 +1,63 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "uas" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/17b399da-2210-4493-9ae3-c65b20b992a0";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/6340-211B";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  fileSystems."/garage" = {
+    device = "garage";
+    fsType = "zfs";
+  };
+
+  fileSystems."/storage" = {
+    device = "storage";
+    fsType = "zfs";
+  };
+
+  swapDevices = [ ];
+
+  # Fan Control
+  hardware.fancontrol = {
+    enable = true;
+    config = ''
+INTERVAL=10
+DEVPATH=hwmon1=devices/platform/nct6775.2592 hwmon2=devices/platform/coretemp.0
+DEVNAME=hwmon1=nct6795 hwmon2=coretemp
+FCTEMPS=hwmon1/pwm2=hwmon2/temp1_input hwmon1/pwm3=hwmon2/temp1_input
+FCFANS=hwmon1/pwm2=hwmon1/fan2_input hwmon1/pwm3=hwmon1/fan3_input
+MINTEMP=hwmon1/pwm2=20 hwmon1/pwm3=20
+MAXTEMP=hwmon1/pwm2=65 hwmon1/pwm3=60
+MINSTART=hwmon1/pwm2=38 hwmon1/pwm3=75
+MINSTOP=hwmon1/pwm2=28 hwmon1/pwm3=75
+MINPWM=hwmon1/pwm2=28 hwmon1/pwm3=75
+MAXPWM=hwmon1/pwm2=150 hwmon1/pwm3=105
+    '';
+  };
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+}
--- a/hosts/buer/secrets.nix
+++ b/hosts/buer/secrets.nix
@ -0,0 +1,3 @@
+{
+  
+}
--- a/hosts/focalor/default.nix
+++ b/hosts/focalor/default.nix
@ -34,6 +34,24 @@
  networking.hostName = "focalor";
  networking.hostId = "84bdc587";

+  networking = {
+    firewall.enable = false;
+    firewall.trustedInterfaces = [
+	    "tailscale0"
+    ];
+    nameservers   = [ "192.168.4.3" "1.1.1.1" ];
+    useDHCP       = true;
+    firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 
+  };
+
+  services.resolved = {
+    enable      = true;
+    dnssec      = "true";
+    domains     = [ "~." ];
+    fallbackDns = [ "192.168.4.3" "1.0.0.1#one.one.one.one" ];
+    dnsovertls  = "true";
+  };
+  
  #boot.supportedFilesystems = [ "zfs" ];
  #boot.kernelModules = [ "nct6775" "coretemp" ];

--- a/hosts/valefar/default.nix
+++ b/hosts/valefar/default.nix
@ -28,6 +28,24 @@
  networking.hostName = "valefar";
  networking.hostId = "2a07da90";

+  networking = {
+    firewall.enable = false;
+    firewall.trustedInterfaces = [
+	    "tailscale0"
+    ];
+    nameservers   = [ "192.168.4.3" "1.1.1.1" ];
+    useDHCP       = true;
+    firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 
+  };
+
+  services.resolved = {
+    enable      = true;
+    dnssec      = "true";
+    domains     = [ "~." ];
+    fallbackDns = [ "192.168.4.3" "1.0.0.1#one.one.one.one" ];
+    dnsovertls  = "true";
+  };
+  
  boot.supportedFilesystems = [ "zfs" ];
  boot.kernelModules = [ "nct6775" "coretemp" ];

--- a/modules/common/system.nix
+++ b/modules/common/system.nix
@ -10,24 +10,6 @@

  nix.settings.experimental-features = [ "nix-command" "flakes" ];

-  networking = {
-    firewall.enable = false;
-    firewall.trustedInterfaces = [
-	    "tailscale0"
-    ];
-    nameservers   = [ "192.168.4.3" "1.1.1.1" ];
-    useDHCP       = true;
-    firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 
-  };
-
-  services.resolved = {
-    enable      = true;
-    dnssec      = "true";
-    domains     = [ "~." ];
-    fallbackDns = [ "192.168.4.3" "1.0.0.1#one.one.one.one" ];
-    dnsovertls  = "true";
-  };
-
  environment.variables.EDITOR = "vim";

  time.timeZone     = "America/New_York";
--- a/modules/common/users.nix
+++ b/modules/common/users.nix
@ -4,6 +4,10 @@
    isNormalUser    = true;
    extraGroups     = [ "docker" "wheel" ];
    packages        = with pkgs; [ tree ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTESAAAAIJ0pUS@lV9dSjkgYbdh9utZ5CDM2dPN70S5fBqN1m3Pb"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCS9VBRE13jojnqVjuUZWTcOK8GokDDlk2U0i61vEJizVzNowGnIAbwq0cOaFEBX4JBkOa4I8Ku2Pw7fODuoehSK/t7FrfXExk2PBT3k0mfzqQYxfq5bzae7AWr7n/sKUBTtvHSACfidxzQpV7VSgW68jqdOt6h7FHSeS2jac7wUNPobL0uCkFB4FiEQOnIqlRGSSabVemL7bC9H9lUyOODSTthiq9S3pPYknyHDRKUtSCSw4pfpasr4bxDVSW99h3GBcW0hZbpw5bwlxQlwbclxQDnn7XJhWpq6zL/2ScVGJgd94z7FshKoF5IFTk6e7a/Ouv4Ato4hRLxEe5u70CH ssh-key-2023-07-11"
+    ];
  };

  programs.git = {