From 1854ee0f33d9b7c408cd79704d677debd7f6b634 Mon Sep 17 00:00:00 2001 From: Sam Date: Sun, 19 Jan 2025 14:57:00 +0000 Subject: [PATCH] MODIFY: merlin host setup --- flake.lock | 45 ++++----- flake.nix | 2 +- hosts/common/disks/btrfs/persist.nix | 1 - .../optional/arion-containers/syncthing.nix | 29 ++++++ .../optional/nixos-containers/docker.nix | 1 + hosts/merlin/default.nix | 95 +++++++++++++------ 6 files changed, 120 insertions(+), 53 deletions(-) create mode 100644 hosts/common/optional/arion-containers/syncthing.nix diff --git a/flake.lock b/flake.lock index 8faaf6e..2f5b89c 100644 --- a/flake.lock +++ b/flake.lock @@ -271,11 +271,11 @@ ] }, "locked": { - "lastModified": 1735882644, - "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", + "lastModified": 1737043064, + "narHash": "sha256-I/OuxGwXwRi5gnFPsyCvVR+IfFstA+QXEpHu1hvsgD8=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", + "rev": "94ee657f6032d913fe0ef49adaa743804635b0bb", "type": "github" }, "original": { @@ -501,15 +501,16 @@ ] }, "locked": { - "lastModified": 1736370755, - "narHash": "sha256-iWcjToBpx4PUd74uqvIGAfqqVfyrvRLRauC/SxEKIF0=", + "lastModified": 1736820923, + "narHash": "sha256-SDuKLOWAh8VJRXlNWQn9QE99bjeEUAAbYXqrKGbsiyk=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "57733bd1dc81900e13438e5b4439239f1b29db0e", + "rev": "944c2b181792ae7ae6b20c0df3f44879c11706c9", "type": "github" }, "original": { "owner": "lnl7", + "ref": "nix-darwin-24.11", "repo": "nix-darwin", "type": "github" } @@ -538,11 +539,11 @@ }, "nix-secrets": { "locked": { - "lastModified": 1737289135, - "narHash": "sha256-gyRNbWriRKU+2ISw0IU+IyN6tPLFVpKHlUMu9XJnlaA=", + "lastModified": 1737298189, + "narHash": "sha256-Slso8PDwsOgjxvYSujEY/EOLpSJOdNbQLSQsTMor364=", "ref": "refs/heads/master", - "rev": "66732e26abe33ba633c157837b24701635866199", - "revCount": 215, + "rev": "c2aca41f539e9aa03e3a6436530516a4d8dd23e6", + "revCount": 225, "type": "git", "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" }, @@ -632,11 +633,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1737255904, - "narHash": "sha256-r3fxHvh+M/mBgCZXOACzRFPsJdix2QSsKazb7VCXXo0=", + "lastModified": 1737295402, + "narHash": "sha256-sxkCkFzgC/y14AANc7G2RVAh6LzO9JWVTStm68XKFLY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "eacdab35066b0bb1c9413c96898e326b76398a81", + "rev": "e4cc9246ce2f16913ddfaf97316983d622a48f4a", "type": "github" }, "original": { @@ -677,11 +678,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1737141914, - "narHash": "sha256-Lq7PWAD+edeIpZKM7aresrwON+Tdo3OMu1S2YX8AjjM=", + "lastModified": 1737283156, + "narHash": "sha256-FyHmM6vvz+UxCrPZo/poIaZBZejLHVKkAH4cjtUxZDA=", "owner": "nix-community", "repo": "nixvim", - "rev": "c2ee71c814c9427d4991b9d58d412add9c5a1c56", + "rev": "abcbd250b8a2c7aab1f4b2b9e01598ee24b42337", "type": "github" }, "original": { @@ -698,11 +699,11 @@ "treefmt-nix": "treefmt-nix_3" }, "locked": { - "lastModified": 1737258869, - "narHash": "sha256-Ue2TumKTw+6VUSKdgHE93gViUTOJDmS2I0HjLbmrHls=", + "lastModified": 1737291670, + "narHash": "sha256-iA+SQO8w012sS6OW0knTpOc/UNh8Ca+/I2JC+NDpdlE=", "owner": "nix-community", "repo": "NUR", - "rev": "0b2b53ac3bd61384876cf8461d32e698064297ea", + "rev": "3d5cfb5c3d2832ec39c6565707bf30f9e8e42560", "type": "github" }, "original": { @@ -885,11 +886,11 @@ ] }, "locked": { - "lastModified": 1736154270, - "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", + "lastModified": 1737103437, + "narHash": "sha256-uPNWcYbhY2fjY3HOfRCR5jsfzdzemhfxLSxwjXYXqNc=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", + "rev": "d1ed3b385f8130e392870cfb1dbfaff8a63a1899", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index f16b7e3..7d0b500 100644 --- a/flake.nix +++ b/flake.nix @@ -118,7 +118,7 @@ merlin = nixpkgs.lib.nixosSystem { inherit specialArgs; modules = [ - ./hosts/nebula + ./hosts/merlin home-manager.nixosModules.home-manager { home-manager.extraSpecialArgs = specialArgs; diff --git a/hosts/common/disks/btrfs/persist.nix b/hosts/common/disks/btrfs/persist.nix index 13f72e7..7b6fa95 100644 --- a/hosts/common/disks/btrfs/persist.nix +++ b/hosts/common/disks/btrfs/persist.nix @@ -19,7 +19,6 @@ "/swap" = { mountOptions = [ "noatime" ]; mountpoint = "/.swapvol"; - swap.swapfile.size = "8192M"; }; }; } diff --git a/hosts/common/optional/arion-containers/syncthing.nix b/hosts/common/optional/arion-containers/syncthing.nix new file mode 100644 index 0000000..546f2f1 --- /dev/null +++ b/hosts/common/optional/arion-containers/syncthing.nix @@ -0,0 +1,29 @@ +{ + virtualisation.arion = { + backend = "podman-socket"; + projects.syncthing = { + settings = { + services.syncthing.service = { + ports = [ + "8384:8384" + "22000:22000/tcp" + "22000:22000/udp" + "21027:21027/udp" + ]; + container_name = "syncthing"; + image = "lscr.io/linuxserver/syncthing:latest"; + restart = "always"; + environment = { + PUID = "1000"; + GUID = "1000"; + + }; + volumes = [ + "/srv/docker/syncthing/appdata/config:/config" + "/srv/docker/syncthing/data:/data" + ]; + }; + }; + }; + }; +} diff --git a/hosts/common/optional/nixos-containers/docker.nix b/hosts/common/optional/nixos-containers/docker.nix index 7c4b5c2..1b4a228 100644 --- a/hosts/common/optional/nixos-containers/docker.nix +++ b/hosts/common/optional/nixos-containers/docker.nix @@ -140,6 +140,7 @@ in { ../arion-containers/arrstack.nix ../arion-containers/jellyfin.nix ../arion-containers/photoprism.nix + ../arion-containers/syncthing.nix ]; environment.systemPackages = [ diff --git a/hosts/merlin/default.nix b/hosts/merlin/default.nix index 9ceeadf..4d3192a 100644 --- a/hosts/merlin/default.nix +++ b/hosts/merlin/default.nix @@ -1,32 +1,50 @@ -{ inputs, ... }: -let +{ + inputs, + configVars, + lib, + ... +}: let # Disko setup fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence - dev = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00005"; + dev = "/dev/disk/by-id/wwn-0x5001b448b5f7cc7f"; encrypted = false; # currrently only applies to btrfs - impermanence = false; - user = "admin"; -in -{ - imports = - [ - # Create users for this host - ../common/users/${user} + btrfsMountDevice = + if encrypted + then "/dev/mapper/crypted" + else "/dev/root_vg/root"; - # Root disk configuration - inputs.disko.nixosModules.disko - (import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; }) + impermanence = true; - # Import core options - ./hardware-configuration.nix - ../common/core + pubKeys = lib.filesystem.listFilesRecursive ../common/users/keys; + piholeIp = configVars.networking.addresses.pihole.ip; + gatewayIp = configVars.networking.addresses.gateway.ip; + merlinIp = configVars.networking.addresses.merlin.ip; +in { + imports = [ + # Create users for this host - # Import optional options - ../common/optional/openssh.nix - ../common/optional/docker - ../common/optional/docker/postgres.nix + # Disk configuration + inputs.disko.nixosModules.disko + (import ../common/disks { + device = dev; + impermanence = impermanence; + fsType = fsType; + encrypted = encrypted; + }) - ]; + # Impermanence + (import ../common/disks/btrfs/impermanence.nix { + btrfsMountDevice = btrfsMountDevice; + lib = lib; + }) + + # Import core options + ./hardware-configuration.nix + ../common/core + + # Import optional options + ../common/optional/openssh.nix + ]; boot = { loader = { @@ -36,17 +54,36 @@ in }; }; - networking = { - hostName = "merlin"; - networkmanager.enable = true; - enableIPv6 = false; + users.users = { + root = { + openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); + }; }; - boot.supportedFilesystems = [ "zfs" ]; + networking = { + hostName = "merlin"; + nameservers = ["${piholeIp}" "${gatewayIp}" "8.8.8.8"]; + defaultGateway = "${gatewayIp}"; + useDHCP = false; + bridges = { + br0 = { + interfaces = ["eth0"]; + }; + }; + interfaces.br0 = { + ipv4.addresses = [ + { + "address" = "${merlinIp}"; + "prefixLength" = 24; + } + ]; + }; + }; + + boot.supportedFilesystems = ["zfs"]; boot.zfs.forceImportRoot = false; networking.hostId = "18aec5d7"; - boot.zfs.extraPools = [ "zspeed" ]; + boot.zfs.extraPools = ["deepzfs"]; services.libinput.enable = true; } -