From 7a31cdd170e8c47052ab0a20848ef3cbfd22e745 Mon Sep 17 00:00:00 2001 From: waveringana Date: Tue, 17 Jun 2025 19:34:05 -0400 Subject: [PATCH] organization --- hosts/buer/default.nix | 115 ++++++++++++-------- hosts/focalor/default.nix | 136 ++++++++++++++++-------- hosts/valefar/default.nix | 213 +++++++++++++++++++++++--------------- 3 files changed, 296 insertions(+), 168 deletions(-) diff --git a/hosts/buer/default.nix b/hosts/buer/default.nix index 2c9f80c..691f4e8 100755 --- a/hosts/buer/default.nix +++ b/hosts/buer/default.nix @@ -1,7 +1,9 @@ -# hosts/valefar/configuration.nix (or default.nix) +# hosts/buer/configuration.nix (or default.nix) { config, lib, pkgs, modulesPath, inputs, ... }: - { + # ============================================================================= + # IMPORTS + # ============================================================================= imports = [ # Host-specific hardware ./hardware.nix @@ -12,57 +14,68 @@ ../../common/users.nix ../../common/services.nix - # Common secrets ../../host-secrets.nix ]; + # ============================================================================= + # SYSTEM CONFIGURATION + # ============================================================================= system.stateVersion = "24.11"; - modules.garage.enable = true; - - # pin host platform & microcode - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + # Intel microcode updates hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/vda"; + # ============================================================================= + # CUSTOM MODULES + # ============================================================================= + modules.garage.enable = true; - networking.hostName = "buer"; - networking.hostId = "1418d29e"; - networking.firewall.enable = false; - networking.useDHCP = false; - systemd.network.enable = true; - systemd.network.networks."10-wan" = { - matchConfig.Name = "ens3"; - address = [ - "103.251.165.107/24" - "2a04:52c0:0135:48d1::2/48" - ]; - gateway = [ - "103.251.165.1" - "2a04:52c0:0135::1" - ]; - dns = [ - "2a01:6340:1:20:4::10" - "2a04:52c0:130:2a5c::10" - "185.31.172.240" - "5.255.125.240" - ]; + # ============================================================================= + # BOOT CONFIGURATION + # ============================================================================= + boot.loader.grub = { + enable = true; + device = "/dev/vda"; }; - - #boot.supportedFilesystems = [ "zfs" ]; - #boot.kernelModules = [ "nct6775" "coretemp" ]; - #services.zfs.autoScrub.enable = true; - #services.zfs.trim.enable = true; + # ============================================================================= + # NETWORKING + # ============================================================================= + networking = { + hostName = "buer"; + hostId = "1418d29e"; + firewall.enable = false; + useDHCP = false; + }; - environment.systemPackages = with pkgs; [ - #lm_sensors - #code-server - inputs.agenix.packages.x86_64-linux.default - ]; + # Static IP configuration via systemd-networkd + systemd.network = { + enable = true; + networks."10-wan" = { + matchConfig.Name = "ens3"; + address = [ + "103.251.165.107/24" + "2a04:52c0:0135:48d1::2/48" + ]; + gateway = [ + "103.251.165.1" + "2a04:52c0:0135::1" + ]; + dns = [ + "2a01:6340:1:20:4::10" + "2a04:52c0:130:2a5c::10" + "185.31.172.240" + "5.255.125.240" + ]; + }; + }; + # ============================================================================= + # VIRTUALIZATION + # ============================================================================= virtualisation.docker = { enable = true; enableOnBoot = true; @@ -70,4 +83,24 @@ buildGoModule = pkgs.buildGo123Module; }; }; -} + + # ============================================================================= + # PACKAGES + # ============================================================================= + environment.systemPackages = with pkgs; [ + inputs.agenix.packages.x86_64-linux.default + ]; + + # ============================================================================= + # COMMENTED OUT / DISABLED + # ============================================================================= + # ZFS support (not needed for this VPS) + # boot.supportedFilesystems = [ "zfs" ]; + # boot.kernelModules = [ "nct6775" "coretemp" ]; + # services.zfs.autoScrub.enable = true; + # services.zfs.trim.enable = true; + + # Additional packages (not needed) + # lm_sensors + # code-server +} \ No newline at end of file diff --git a/hosts/focalor/default.nix b/hosts/focalor/default.nix index af84830..482516c 100755 --- a/hosts/focalor/default.nix +++ b/hosts/focalor/default.nix @@ -1,7 +1,9 @@ -# hosts/valefar/configuration.nix (or default.nix) +# hosts/focalor/configuration.nix (or default.nix) { config, lib, system, pkgs, modulesPath, inputs, ... }: - { + # ============================================================================= + # IMPORTS + # ============================================================================= imports = [ # Host-specific hardware ./hardware.nix @@ -14,38 +16,51 @@ ../../common/services.nix ../../common/efi.nix ../../common/bluetooth.nix - + # Desktop modules ../../common/desktop/core.nix ../../common/desktop/sway.nix ../../common/desktop/vnc.nix - - # Nvidia + + # Hardware-specific ../../common/nvidia.nix - # Common secrets - #../../host-secrets.nix + # Common secrets (commented out) + # ../../host-secrets.nix ]; + # ============================================================================= + # SYSTEM CONFIGURATION + # ============================================================================= system.stateVersion = "25.05"; - - # pin host platform & microcode - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + # Cross-compilation support boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; nix.settings.extra-platforms = config.boot.binfmt.emulatedSystems; - networking.hostName = "focalor"; - networking.hostId = "84bdc587"; + # ============================================================================= + # NETWORKING + # ============================================================================= + networking = { + hostName = "focalor"; + hostId = "84bdc587"; + firewall.enable = false; + firewall.trustedInterfaces = [ "tailscale0" ]; + nameservers = [ "10.0.0.210" "1.1.1.1" ]; + }; + # Systemd networking with bridge systemd.network = { enable = true; + netdevs."br0" = { netdevConfig = { Name = "br0"; Kind = "bridge"; }; }; + networks = { "10-lan" = { matchConfig.Name = ["enp5s0" "vm-*"]; @@ -53,6 +68,7 @@ Bridge = "br0"; }; }; + "10-lan-bridge" = { matchConfig.Name = "br0"; networkConfig = { @@ -66,36 +82,38 @@ }; }; - programs.steam.enable = true; - - networking = { - firewall.enable = false; - firewall.trustedInterfaces = [ - "tailscale0" - ]; - nameservers = [ "10.0.0.210" "1.1.1.1" ]; - #useDHCP = true; - #firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; - }; - + # DNS resolution services.resolved = { - enable = true; - dnssec = "true"; - domains = [ "~." ]; + enable = true; + dnssec = "true"; + domains = [ "~." ]; fallbackDns = [ "10.0.0.210" "1.0.0.1#one.one.one.one" ]; - dnsovertls = "true"; + dnsovertls = "true"; }; + + # ============================================================================= + # FILESYSTEM & STORAGE + # ============================================================================= + boot.supportedFilesystems = [ "nfs" ]; - #boot.supportedFilesystems = [ "zfs" ]; - #boot.kernelModules = [ "nct6775" "coretemp" ]; + fileSystems."/mnt/storage" = { + device = "valefar:/storage"; + fsType = "nfs"; + }; - #services.zfs.autoScrub.enable = true; - #services.zfs.trim.enable = true; + # ============================================================================= + # SERVICES + # ============================================================================= + services.vscode-server = { + enable = true; + nodejsPackage = pkgs.nodejs_20; + }; + + # ============================================================================= + # PROGRAMS & APPLICATIONS + # ============================================================================= + programs.steam.enable = true; - services.vscode-server.enable = true; - services.vscode-server.nodejsPackage = pkgs.nodejs_20; - - programs.obs-studio = { enable = true; enableVirtualCamera = true; @@ -104,14 +122,9 @@ ]; }; - environment.systemPackages = with pkgs; [ - #lm_sensors - #code-server - inputs.agenix.packages.x86_64-linux.default - ]; - - environment.sessionVariables.WLR_RENDERER = "vulkan"; - + # ============================================================================= + # VIRTUALIZATION + # ============================================================================= virtualisation.docker = { enable = true; enableOnBoot = true; @@ -120,6 +133,13 @@ }; }; + # ============================================================================= + # DESKTOP ENVIRONMENT + # ============================================================================= + # Vulkan renderer for Wayland + environment.sessionVariables.WLR_RENDERER = "vulkan"; + + # XDG Portals xdg.portal = { enable = true; wlr.enable = true; @@ -128,4 +148,28 @@ xdg-desktop-portal-gnome ]; }; -} + + # ============================================================================= + # PACKAGES + # ============================================================================= + environment.systemPackages = with pkgs; [ + inputs.agenix.packages.x86_64-linux.default + ]; + + # ============================================================================= + # COMMENTED OUT / DISABLED + # ============================================================================= + # ZFS support (disabled for this host) + # boot.supportedFilesystems = [ "zfs" ]; + # boot.kernelModules = [ "nct6775" "coretemp" ]; + # services.zfs.autoScrub.enable = true; + # services.zfs.trim.enable = true; + + # Additional packages (commented out) + # lm_sensors + # code-server + + # DHCP (disabled in favor of systemd-networkd) + # useDHCP = true; + # firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; +} \ No newline at end of file diff --git a/hosts/valefar/default.nix b/hosts/valefar/default.nix index 7bd682b..71b7e3d 100755 --- a/hosts/valefar/default.nix +++ b/hosts/valefar/default.nix @@ -1,12 +1,13 @@ # hosts/valefar/configuration.nix (or default.nix) { config, lib, pkgs, modulesPath, inputs, ... }: - { + # ============================================================================= + # IMPORTS + # ============================================================================= imports = [ # Host-specific hardware ./hardware.nix ./secrets.nix - #../../common/nvidia.nix # Common modules shared across hosts ../../common/system.nix @@ -16,48 +17,112 @@ # Common secrets ../../host-secrets.nix + + # Hardware-specific (commented out) + # ../../common/nvidia.nix ]; - # Enable modules + # ============================================================================= + # SYSTEM CONFIGURATION + # ============================================================================= + system.stateVersion = "24.11"; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + # Intel microcode updates + hardware.cpu.intel.updateMicrocode = lib.mkDefault + config.hardware.enableRedistributableFirmware; + + # ============================================================================= + # CUSTOM MODULES + # ============================================================================= modules.garage.enable = true; modules.forgejo.enable = true; modules.immich.enable = true; - system.stateVersion = "24.11"; - - # pin host platform & microcorre - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault - config.hardware.enableRedistributableFirmware; - - networking.hostName = "valefar"; - networking.hostId = "2a07da90"; - + # ============================================================================= + # NETWORKING + # ============================================================================= networking = { + hostName = "valefar"; + hostId = "2a07da90"; firewall.enable = false; - firewall.trustedInterfaces = [ - "tailscale0" - ]; - nameservers = [ "10.0.0.210" "1.1.1.1" ]; - useDHCP = true; - firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; + firewall.trustedInterfaces = [ "tailscale0" ]; + nameservers = [ "10.0.0.210" "1.1.1.1" ]; + useDHCP = true; + firewall.allowedTCPPorts = [ 22 80 443 2049 2456 2457 9000 9001 9002 ]; + firewall.allowedUDPPorts = [ 2049 ]; }; + # DNS resolution services.resolved = { - enable = true; - dnssec = "false"; - domains = [ "~." ]; + enable = true; + dnssec = "false"; + domains = [ "~." ]; fallbackDns = [ "10.0.0.210" "1.1.1.1" ]; - dnsovertls = "false"; + dnsovertls = "false"; }; - - boot.supportedFilesystems = [ "zfs" ]; - boot.kernelModules = [ "nct6775" "coretemp" ]; - boot.zfs.extraPools = [ "garage" "storage" ]; - boot.zfs.devNodes = "/dev/disk/by-id"; - boot.zfs.forceImportAll = true; + # ============================================================================= + # BOOT & FILESYSTEMS + # ============================================================================= + boot = { + supportedFilesystems = [ "zfs" ]; + kernelModules = [ "nct6775" "coretemp" ]; + + zfs = { + extraPools = [ "garage" "storage" ]; + devNodes = "/dev/disk/by-id"; + forceImportAll = true; + }; + }; + # ============================================================================= + # ZFS CONFIGURATION + # ============================================================================= + # ZFS import services + systemd.services.zfs-import-cache.enable = false; + systemd.services.zfs-import-scan = { + enable = true; + after = [ "systemd-udev-settle.service" ]; + wants = [ "systemd-udev-settle.service" ]; + }; + + # ZFS mount points + systemd.mounts = [ + { + what = "garage"; + where = "/garage"; + type = "zfs"; + after = [ "zfs-import-scan.service" ]; + wants = [ "zfs-import-scan.service" ]; + } + { + what = "storage"; + where = "/storage"; + type = "zfs"; + after = [ "zfs-import-scan.service" ]; + wants = [ "zfs-import-scan.service" ]; + } + ]; + + # ZFS maintenance + services.zfs = { + autoScrub.enable = true; + trim.enable = true; + }; + + # ============================================================================= + # DIRECTORY STRUCTURE + # ============================================================================= + systemd.tmpfiles.rules = [ + "d /storage/immich 0755 immich immich -" + "d /storage/immich/photos 0755 immich immich -" + "Z /storage/immich 0755 immich immich -" # Recursively fix ownership of existing files + ]; + + # ============================================================================= + # NFS SERVER + # ============================================================================= services.nfs.server = { enable = true; exports = '' @@ -65,59 +130,17 @@ ''; }; - /*boot.kernelParams = [ "ip=dhcp" ]; - boot.initrd = { - availableKernelModules = [ "r8169" ]; - network = { - enable = true; - ssh = { - enable = true; - port = 22; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0pU82lV9dSjkgYbdh9utZ5CDM2dPN70S5fBqN1m3Pb" ]; - hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ]; - shell = "/bin/cryptsetup-askpass"; - }; - }; - };*/ - - systemd.services.zfs-import-cache.enable = false; - systemd.services.zfs-import-scan.enable = true; - - systemd.services.zfs-import-scan = { - after = [ "systemd-udev-settle.service" ]; - wants = [ "systemd-udev-settle.service" ]; + # ============================================================================= + # SERVICES + # ============================================================================= + services.vscode-server = { + enable = true; + nodejsPackage = pkgs.nodejs_20; }; - systemd.mounts = [{ - what = "garage"; - where = "/garage"; - type = "zfs"; - after = [ "zfs-import-scan.service" ]; - wants = [ "zfs-import-scan.service" ]; - } { - what = "storage"; - where = "/storage"; - type = "zfs"; - after = [ "zfs-import-scan.service" ]; - wants = [ "zfs-import-scan.service" ]; - }]; - - systemd.tmpfiles.rules = [ - "d /storage/immich 0755 immich immich -" - ]; - - services.zfs.autoScrub.enable = true; - services.zfs.trim.enable = true; - - services.vscode-server.enable = true; - services.vscode-server.nodejsPackage = pkgs.nodejs_20; - - environment.systemPackages = with pkgs; [ - lm_sensors - code-server - inputs.agenix.packages.x86_64-linux.default - ]; - + # ============================================================================= + # VIRTUALIZATION + # ============================================================================= virtualisation.docker = { enable = true; enableOnBoot = true; @@ -125,4 +148,32 @@ buildGoModule = pkgs.buildGo123Module; }; }; -} + + # ============================================================================= + # PACKAGES + # ============================================================================= + environment.systemPackages = with pkgs; [ + lm_sensors + code-server + inputs.agenix.packages.x86_64-linux.default + ]; + + # ============================================================================= + # COMMENTED OUT / DISABLED + # ============================================================================= + # Remote unlock via SSH (commented out) + # boot.kernelParams = [ "ip=dhcp" ]; + # boot.initrd = { + # availableKernelModules = [ "r8169" ]; + # network = { + # enable = true; + # ssh = { + # enable = true; + # port = 22; + # authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0pU82lV9dSjkgYbdh9utZ5CDM2dPN70S5fBqN1m3Pb" ]; + # hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ]; + # shell = "/bin/cryptsetup-askpass"; + # }; + # }; + # }; +} \ No newline at end of file