2023-03-08 15:26:07 +01:00
|
|
|
{ config, lib, secrets, modulesPath, ... }:
|
2022-03-07 16:01:52 +01:00
|
|
|
{
|
2022-06-21 01:47:36 +02:00
|
|
|
imports = [
|
2023-03-08 15:26:07 +01:00
|
|
|
(modulesPath + "/profiles/qemu-guest.nix")
|
2022-03-07 16:01:52 +01:00
|
|
|
|
2023-07-12 01:40:49 +02:00
|
|
|
./services/atuin.nix
|
|
|
|
./services/borg.nix
|
2022-06-21 01:47:36 +02:00
|
|
|
./services/gitea
|
2022-11-24 15:20:43 +01:00
|
|
|
./services/grafana
|
2023-01-16 17:16:07 +01:00
|
|
|
./services/headscale.nix
|
2023-07-12 02:30:00 +02:00
|
|
|
./services/hedgedoc
|
2022-06-21 01:47:36 +02:00
|
|
|
./services/hydra.nix
|
2023-05-08 01:51:02 +02:00
|
|
|
./services/invidious.nix
|
2022-11-05 22:49:54 +01:00
|
|
|
./services/jupyter.nix
|
2023-03-06 21:12:14 +01:00
|
|
|
./services/kanidm.nix
|
2022-06-22 20:16:57 +02:00
|
|
|
./services/matrix
|
2023-01-16 16:06:34 +01:00
|
|
|
./services/minecraft
|
2023-07-28 21:50:38 +02:00
|
|
|
./services/navidrome.nix
|
2022-10-13 23:58:48 +02:00
|
|
|
./services/nginx
|
2023-01-04 14:32:11 +01:00
|
|
|
./services/osuchan.nix
|
2023-05-08 02:12:43 +02:00
|
|
|
./services/pgadmin.nix
|
2022-06-21 01:47:36 +02:00
|
|
|
./services/plex.nix
|
2022-06-22 20:16:57 +02:00
|
|
|
./services/postgres.nix
|
2023-07-12 23:40:58 +02:00
|
|
|
./services/taskserver.nix
|
2023-07-12 01:45:05 +02:00
|
|
|
./services/vaultwarden.nix
|
2022-06-21 01:47:36 +02:00
|
|
|
./services/vscode-server.nix
|
2023-07-12 01:57:20 +02:00
|
|
|
|
|
|
|
./services/scrapers/nhk-easy-news/default.nix
|
2022-06-22 20:16:57 +02:00
|
|
|
];
|
2022-03-07 16:01:52 +01:00
|
|
|
|
2022-06-21 01:47:36 +02:00
|
|
|
machineVars = {
|
|
|
|
headless = true;
|
2023-01-03 22:59:30 +01:00
|
|
|
dataDrives = {
|
2022-06-22 20:16:57 +02:00
|
|
|
drives = {
|
2023-01-03 22:59:30 +01:00
|
|
|
backup = "/data2/backup";
|
|
|
|
momiji = "/data2/momiji";
|
|
|
|
cirno = "/data2/cirno";
|
|
|
|
media = "/data2/media";
|
|
|
|
postgres = "/data2/postgres";
|
|
|
|
home = "/data2/home";
|
2022-06-22 20:16:57 +02:00
|
|
|
};
|
2023-01-03 22:59:30 +01:00
|
|
|
default = "/data2/momiji";
|
2022-06-22 20:16:57 +02:00
|
|
|
};
|
2022-06-21 01:47:36 +02:00
|
|
|
};
|
|
|
|
|
2022-03-07 16:01:52 +01:00
|
|
|
systemd.targets = {
|
|
|
|
sleep.enable = false;
|
|
|
|
suspend.enable = false;
|
|
|
|
hibernate.enable = false;
|
|
|
|
hybrid-sleep.enable = false;
|
|
|
|
};
|
|
|
|
|
|
|
|
# security.pam.services.login.unixAuth = true;
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
hostName = "Tsuki";
|
|
|
|
networkmanager.enable = true;
|
|
|
|
interfaces.ens18.useDHCP = true;
|
|
|
|
firewall.enable=true;
|
|
|
|
};
|
|
|
|
|
2023-07-28 21:49:49 +02:00
|
|
|
services.openssh.enable = true;
|
|
|
|
|
|
|
|
systemd.services."sshd@".serviceConfig = {
|
|
|
|
Nice = -15;
|
|
|
|
IOSchedulingClass = "realtime";
|
2022-03-07 16:01:52 +01:00
|
|
|
};
|
|
|
|
|
2022-06-02 16:33:21 +02:00
|
|
|
users = {
|
2022-10-13 23:58:48 +02:00
|
|
|
users = {
|
|
|
|
media = {
|
|
|
|
description = "User responsible for owning all sorts of server media files";
|
|
|
|
isSystemUser = true;
|
|
|
|
group = "media";
|
|
|
|
};
|
|
|
|
nix-builder = {
|
|
|
|
description = "User for executing distributed builds via SSH";
|
|
|
|
isSystemUser = true;
|
|
|
|
group = "nix-builder";
|
|
|
|
openssh.authorizedKeys.keyFiles = [ secrets.keys.ssh.nixBuilders.tsuki.public ];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
groups = {
|
|
|
|
media = {};
|
2022-03-07 16:01:52 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-03-08 15:26:07 +01:00
|
|
|
sops.secrets."drives/cirno/credentials" = {};
|
|
|
|
|
|
|
|
fileSystems = let
|
|
|
|
nfsDrive = drivename: {
|
|
|
|
device = "10.0.0.36:/mnt/PoolsClosed/${drivename}";
|
|
|
|
fsType = "nfs";
|
|
|
|
options = [ "vers=3" "local_lock=all" ];
|
|
|
|
};
|
|
|
|
in {
|
|
|
|
"/" = {
|
|
|
|
device = "/dev/disk/by-uuid/54b9fd58-0df5-410c-ab87-766860967653";
|
|
|
|
fsType = "btrfs";
|
|
|
|
};
|
|
|
|
|
|
|
|
"/boot" = {
|
|
|
|
device = "/dev/disk/by-uuid/0A60-2885";
|
|
|
|
fsType = "vfat";
|
|
|
|
};
|
|
|
|
|
|
|
|
"/data2/backup" = nfsDrive "backup";
|
|
|
|
"/data2/momiji" = nfsDrive "momiji";
|
|
|
|
"/data2/media" = nfsDrive "media";
|
|
|
|
"/data2/postgres" = nfsDrive "postgres";
|
|
|
|
"/data2/home" = nfsDrive "home";
|
|
|
|
|
|
|
|
"/data2/cirno" = {
|
|
|
|
device = "//10.0.0.36/cirno";
|
|
|
|
fsType = "cifs";
|
|
|
|
options = [
|
|
|
|
"vers=3.0"
|
|
|
|
"cred=${config.sops.secrets."drives/cirno/credentials".path}"
|
|
|
|
"rw"
|
|
|
|
"uid=1000"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
swapDevices = [{ device = "/dev/disk/by-uuid/92a1a33f-89a8-45de-a45e-6c303172cd7f"; }];
|
|
|
|
|
2022-03-07 16:01:52 +01:00
|
|
|
virtualisation = {
|
|
|
|
docker.enable = true;
|
|
|
|
};
|
2023-03-08 15:26:07 +01:00
|
|
|
|
|
|
|
boot = {
|
|
|
|
initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
|
|
|
initrd.kernelModules = [ ];
|
|
|
|
kernelModules = [ ];
|
|
|
|
extraModulePackages = [ ];
|
|
|
|
loader = {
|
|
|
|
grub = {
|
|
|
|
enable = true;
|
|
|
|
efiSupport = true;
|
|
|
|
fsIdentifier = "label";
|
|
|
|
device = "nodev";
|
|
|
|
efiInstallAsRemovable = true;
|
|
|
|
};
|
|
|
|
# efi.efiSysMountPoint = "/boot/efi";
|
|
|
|
# efi.canTouchEfiVariables = true;
|
|
|
|
};
|
|
|
|
};
|
2022-03-07 16:01:52 +01:00
|
|
|
}
|