diff --git a/hosts/flame/default.nix b/hosts/flame/default.nix index a34ed4e..d449e54 100644 --- a/hosts/flame/default.nix +++ b/hosts/flame/default.nix @@ -3,6 +3,7 @@ # How to install: # https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/ +# These days, probably use nixos-anywhere instead. { inputs, globals, overlays, ... }: @@ -21,32 +22,38 @@ inputs.nixpkgs.lib.nixosSystem { server = true; networking.hostName = "flame"; + # Not sure what's necessary but too afraid to remove anything imports = [ (inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ]; boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ]; + # File systems must be declared in order to boot + + # This is the root filesystem containing NixOS + # I forgot to set a clean label for it fileSystems."/" = { device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3"; fsType = "ext4"; }; + # This is the boot filesystem for systemd-boot fileSystems."/boot" = { device = "/dev/disk/by-uuid/D5CA-237A"; fsType = "vfat"; }; # Theming - gui.enable = false; - theme = { colors = (import ../../colorscheme/gruvbox).dark; }; - # Disable passwords, only use SSH key - publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"; + # Server doesn't require GUI + gui.enable = false; + + # Still require colors for programs like Neovim, K9S + theme = { colors = (import ../../colorscheme/gruvbox).dark; }; # Programs and services cloudflare.enable = true; # Proxy traffic with Cloudflare dotfiles.enable = true; # Clone dotfiles neovim.enable = true; - + giteaRunner.enable = true; services.caddy.enable = true; services.grafana.enable = true; services.openssh.enable = true; @@ -55,6 +62,7 @@ inputs.nixpkgs.lib.nixosSystem { services.vaultwarden.enable = true; services.minecraft-server.enable = true; # Setup Minecraft server + # Allows private remote access over the internet cloudflareTunnel = { enable = true; id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2"; @@ -63,8 +71,6 @@ inputs.nixpkgs.lib.nixosSystem { "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org"; }; - giteaRunner.enable = true; - # Nextcloud backup config backup.s3 = { endpoint = "s3.us-west-002.backblazeb2.com"; @@ -72,8 +78,9 @@ inputs.nixpkgs.lib.nixosSystem { accessKeyId = "0026b0e73b2e2c80000000005"; }; - # # Grant access to Jellyfin directories from Nextcloud - # users.users.nextcloud.extraGroups = [ "jellyfin" ]; + # Disable passwords, only use SSH key + publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"; # # Wireguard config for Transmission # wireguard.enable = true; @@ -104,9 +111,6 @@ inputs.nixpkgs.lib.nixosSystem { # # VPN port forwarding # services.transmission.settings.peer-port = 57599; - # # Grant access to Transmission directories from Jellyfin - # users.users.jellyfin.extraGroups = [ "transmission" ]; - } ]; } diff --git a/hosts/swan/default.nix b/hosts/swan/default.nix index 4e07df9..0c28309 100644 --- a/hosts/swan/default.nix +++ b/hosts/swan/default.nix @@ -13,11 +13,14 @@ inputs.nixpkgs.lib.nixosSystem { ../../modules/common ../../modules/nixos { + nixpkgs.overlays = overlays; + # Hardware server = true; physical = true; networking.hostName = "swan"; + # Not sure what's necessary but too afraid to remove anything boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; @@ -30,29 +33,43 @@ inputs.nixpkgs.lib.nixosSystem { "amdgpu.cik_support=1" "amdgpu.dc=1" ]; + + # Required binary blobs to boot on this machine hardware.enableRedistributableFirmware = true; + # Prioritize efficiency over performance powerManagement.cpuFreqGovernor = "powersave"; + + # Allow firmware updates hardware.cpu.intel.updateMicrocode = true; # ZFS zfs.enable = true; # Generated with: head -c 8 /etc/machine-id networking.hostId = "600279f4"; # Random ID required for ZFS + + # Sets root ext4 filesystem instead of declaring it manually disko = { enableConfig = true; devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; }); }; + + # Automatically load the ZFS pool on boot boot.zfs.extraPools = [ "tank" ]; + # Theming + + # Server doesn't require GUI gui.enable = false; + + # Still require colors for programs like Neovim, K9S theme = { colors = (import ../../colorscheme/gruvbox).dark; }; - nixpkgs.overlays = overlays; + + # Programs and services neovim.enable = true; cloudflare.enable = true; dotfiles.enable = true; arrs.enable = true; - services.bind.enable = true; services.caddy.enable = true; services.jellyfin.enable = true; @@ -63,6 +80,7 @@ inputs.nixpkgs.lib.nixosSystem { services.vmagent.enable = true; services.samba.enable = true; + # Allows private remote access over the internet cloudflareTunnel = { enable = true; id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2"; @@ -71,6 +89,7 @@ inputs.nixpkgs.lib.nixosSystem { "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org"; }; + # Send regular backups and litestream for DBs to an S3-like bucket backup.s3 = { endpoint = "s3.us-west-002.backblazeb2.com"; bucket = "noahmasur-backup"; diff --git a/hosts/tempest/default.nix b/hosts/tempest/default.nix index 1a094bb..8c38d2f 100644 --- a/hosts/tempest/default.nix +++ b/hosts/tempest/default.nix @@ -17,14 +17,25 @@ inputs.nixpkgs.lib.nixosSystem { physical = true; networking.hostName = "tempest"; + # Not sure what's necessary but too afraid to remove anything boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + + # Graphics and VMs boot.initrd.kernelModules = [ "amdgpu" ]; boot.kernelModules = [ "kvm-amd" ]; services.xserver.videoDrivers = [ "amdgpu" ]; + + # Required binary blobs to boot on this machine hardware.enableRedistributableFirmware = true; + + # Prioritize performance over efficiency powerManagement.cpuFreqGovernor = "performance"; + + # Allow firmware updates hardware.cpu.amd.updateMicrocode = true; + + # Helps reduce GPU fan noise under idle loads hardware.fancontrol.enable = true; hardware.fancontrol.config = '' # Configuration file generated by pwmconfig, changes will be lost @@ -41,22 +52,31 @@ inputs.nixpkgs.lib.nixosSystem { MAXPWM=hwmon0/pwm1=240 ''; + # File systems must be declared in order to boot + + # This is the root filesystem containing NixOS fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; + # This is the boot filesystem for Grub fileSystems."/boot" = { device = "/dev/disk/by-label/boot"; fsType = "vfat"; }; - # Must be prepared ahead + # Secrets must be prepared ahead before deploying + # The SSH key will need to be added manually with: nix run .#loadkey identityFile = "/home/${globals.user}/.ssh/id_ed25519"; passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512; # Theming + + # Turn on all features related to desktop and graphical applications gui.enable = true; + + # Set the system-wide theme, also used for non-graphical programs theme = { colors = (import ../../colorscheme/gruvbox-dark).dark; dark = true; @@ -91,9 +111,12 @@ inputs.nixpkgs.lib.nixosSystem { leagueoflegends.enable = true; ryujinx.enable = true; }; - services.vmagent.enable = true; + # Services will require the identityFile to work + services.vmagent.enable = true; # Enables Prometheus metrics services.openssh.enable = true; # Required for Cloudflare tunnel + + # Allows private remote access over the internet cloudflareTunnel = { enable = true; id = "ac133a82-31fb-480c-942a-cdbcd4c58173"; @@ -103,6 +126,8 @@ inputs.nixpkgs.lib.nixosSystem { }; # Allows requests to force machine to wake up + # This network interface might change, needs to be set specifically for each machine. + # Or set usePredictableInterfaceNames = false networking.interfaces.enp5s0.wakeOnLan.enable = true; }