MODIFY: merlin host setup

flake.lock

@@ -271,11 +271,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1735882644,
+        "lastModified": 1737043064,
-        "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=",
+        "narHash": "sha256-I/OuxGwXwRi5gnFPsyCvVR+IfFstA+QXEpHu1hvsgD8=",
         "owner": "cachix",
         "repo": "git-hooks.nix",
-        "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656",
+        "rev": "94ee657f6032d913fe0ef49adaa743804635b0bb",
         "type": "github"
       },
       "original": {
@@ -501,15 +501,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1736370755,
+        "lastModified": 1736820923,
-        "narHash": "sha256-iWcjToBpx4PUd74uqvIGAfqqVfyrvRLRauC/SxEKIF0=",
+        "narHash": "sha256-SDuKLOWAh8VJRXlNWQn9QE99bjeEUAAbYXqrKGbsiyk=",
         "owner": "lnl7",
         "repo": "nix-darwin",
-        "rev": "57733bd1dc81900e13438e5b4439239f1b29db0e",
+        "rev": "944c2b181792ae7ae6b20c0df3f44879c11706c9",
         "type": "github"
       },
       "original": {
         "owner": "lnl7",
+        "ref": "nix-darwin-24.11",
         "repo": "nix-darwin",
         "type": "github"
       }
@@ -538,11 +539,11 @@
     },
     "nix-secrets": {
       "locked": {
-        "lastModified": 1737289135,
+        "lastModified": 1737298189,
-        "narHash": "sha256-gyRNbWriRKU+2ISw0IU+IyN6tPLFVpKHlUMu9XJnlaA=",
+        "narHash": "sha256-Slso8PDwsOgjxvYSujEY/EOLpSJOdNbQLSQsTMor364=",
         "ref": "refs/heads/master",
-        "rev": "66732e26abe33ba633c157837b24701635866199",
+        "rev": "c2aca41f539e9aa03e3a6436530516a4d8dd23e6",
-        "revCount": 215,
+        "revCount": 225,
         "type": "git",
         "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
       },
@@ -632,11 +633,11 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1737255904,
+        "lastModified": 1737295402,
-        "narHash": "sha256-r3fxHvh+M/mBgCZXOACzRFPsJdix2QSsKazb7VCXXo0=",
+        "narHash": "sha256-sxkCkFzgC/y14AANc7G2RVAh6LzO9JWVTStm68XKFLY=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "eacdab35066b0bb1c9413c96898e326b76398a81",
+        "rev": "e4cc9246ce2f16913ddfaf97316983d622a48f4a",
         "type": "github"
       },
       "original": {
@@ -677,11 +678,11 @@
         "treefmt-nix": "treefmt-nix_2"
       },
       "locked": {
-        "lastModified": 1737141914,
+        "lastModified": 1737283156,
-        "narHash": "sha256-Lq7PWAD+edeIpZKM7aresrwON+Tdo3OMu1S2YX8AjjM=",
+        "narHash": "sha256-FyHmM6vvz+UxCrPZo/poIaZBZejLHVKkAH4cjtUxZDA=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "c2ee71c814c9427d4991b9d58d412add9c5a1c56",
+        "rev": "abcbd250b8a2c7aab1f4b2b9e01598ee24b42337",
         "type": "github"
       },
       "original": {
@@ -698,11 +699,11 @@
         "treefmt-nix": "treefmt-nix_3"
       },
       "locked": {
-        "lastModified": 1737258869,
+        "lastModified": 1737291670,
-        "narHash": "sha256-Ue2TumKTw+6VUSKdgHE93gViUTOJDmS2I0HjLbmrHls=",
+        "narHash": "sha256-iA+SQO8w012sS6OW0knTpOc/UNh8Ca+/I2JC+NDpdlE=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "0b2b53ac3bd61384876cf8461d32e698064297ea",
+        "rev": "3d5cfb5c3d2832ec39c6565707bf30f9e8e42560",
         "type": "github"
       },
       "original": {
@@ -885,11 +886,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1736154270,
+        "lastModified": 1737103437,
-        "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=",
+        "narHash": "sha256-uPNWcYbhY2fjY3HOfRCR5jsfzdzemhfxLSxwjXYXqNc=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b",
+        "rev": "d1ed3b385f8130e392870cfb1dbfaff8a63a1899",
         "type": "github"
       },
       "original": {

flake.nix

@@ -118,7 +118,7 @@
       merlin = nixpkgs.lib.nixosSystem {
         inherit specialArgs;
         modules = [
-          ./hosts/nebula
+          ./hosts/merlin
           home-manager.nixosModules.home-manager
           {
             home-manager.extraSpecialArgs = specialArgs;

hosts/common/disks/btrfs/persist.nix

@@ -19,7 +19,6 @@
       "/swap" = {
         mountOptions = [ "noatime" ];
         mountpoint = "/.swapvol";
-        swap.swapfile.size = "8192M";
       };
     };
 }

hosts/common/optional/arion-containers/syncthing.nix

@@ -0,0 +1,29 @@
+{
+  virtualisation.arion = {
+    backend = "podman-socket";
+    projects.syncthing = {
+      settings = {
+        services.syncthing.service = {
+          ports = [
+            "8384:8384"
+            "22000:22000/tcp"
+            "22000:22000/udp"
+            "21027:21027/udp"
+          ];
+          container_name = "syncthing";
+          image = "lscr.io/linuxserver/syncthing:latest";
+          restart = "always";
+          environment = {
+            PUID = "1000";
+            GUID = "1000";
+
+          };
+          volumes = [
+            "/srv/docker/syncthing/appdata/config:/config"
+            "/srv/docker/syncthing/data:/data"
+          ];
+        };
+      };
+    };
+  };
+}

hosts/common/optional/nixos-containers/docker.nix

@@ -140,6 +140,7 @@ in {
         ../arion-containers/arrstack.nix
         ../arion-containers/jellyfin.nix
         ../arion-containers/photoprism.nix
+        ../arion-containers/syncthing.nix
       ];
 
       environment.systemPackages = [

hosts/merlin/default.nix

@@ -1,21 +1,42 @@
-{ inputs, ... }:
+{
-let
+  inputs,
+  configVars,
+  lib,
+  ...
+}: let
   # Disko setup
   fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
-  dev = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00005";
+  dev = "/dev/disk/by-id/wwn-0x5001b448b5f7cc7f";
   encrypted = false; # currrently only applies to btrfs
-  impermanence = false;
+  btrfsMountDevice =
-  user = "admin";
+    if encrypted
-in
+    then "/dev/mapper/crypted"
-{
+    else "/dev/root_vg/root";
-  imports =
-    [
-      # Create users for this host
-      ../common/users/${user}
 
-      # Root disk configuration
+  impermanence = true;
+
+  pubKeys = lib.filesystem.listFilesRecursive ../common/users/keys;
+  piholeIp = configVars.networking.addresses.pihole.ip;
+  gatewayIp = configVars.networking.addresses.gateway.ip;
+  merlinIp = configVars.networking.addresses.merlin.ip;
+in {
+  imports = [
+    # Create users for this host
+
+    # Disk configuration
     inputs.disko.nixosModules.disko
-      (import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
+    (import ../common/disks {
+      device = dev;
+      impermanence = impermanence;
+      fsType = fsType;
+      encrypted = encrypted;
+    })
+
+    # Impermanence
+    (import ../common/disks/btrfs/impermanence.nix {
+      btrfsMountDevice = btrfsMountDevice;
+      lib = lib;
+    })
 
     # Import core options
     ./hardware-configuration.nix
@@ -23,9 +44,6 @@ in
 
     # Import optional options
     ../common/optional/openssh.nix
-      ../common/optional/docker
-      ../common/optional/docker/postgres.nix
-
   ];
 
   boot = {
@@ -36,17 +54,36 @@ in
     };
   };
 
+  users.users = {
+    root = {
+      openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
+    };
+  };
+
   networking = {
     hostName = "merlin";
-    networkmanager.enable = true;
+    nameservers = ["${piholeIp}" "${gatewayIp}" "8.8.8.8"];
-    enableIPv6 = false;
+    defaultGateway = "${gatewayIp}";
+    useDHCP = false;
+    bridges = {
+      br0 = {
+        interfaces = ["eth0"];
+      };
+    };
+    interfaces.br0 = {
+      ipv4.addresses = [
+        {
+          "address" = "${merlinIp}";
+          "prefixLength" = 24;
+        }
+      ];
+    };
   };
 
   boot.supportedFilesystems = ["zfs"];
   boot.zfs.forceImportRoot = false;
   networking.hostId = "18aec5d7";
-  boot.zfs.extraPools = [ "zspeed" ];
+  boot.zfs.extraPools = ["deepzfs"];
 
   services.libinput.enable = true;
 }
-