MODIFY: merlin host setup

This commit is contained in:
Sam 2025-01-19 14:57:00 +00:00
parent 1187131524
commit 1854ee0f33
6 changed files with 120 additions and 53 deletions

View File

@ -271,11 +271,11 @@
]
},
"locked": {
"lastModified": 1735882644,
"narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=",
"lastModified": 1737043064,
"narHash": "sha256-I/OuxGwXwRi5gnFPsyCvVR+IfFstA+QXEpHu1hvsgD8=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "a5a961387e75ae44cc20f0a57ae463da5e959656",
"rev": "94ee657f6032d913fe0ef49adaa743804635b0bb",
"type": "github"
},
"original": {
@ -501,15 +501,16 @@
]
},
"locked": {
"lastModified": 1736370755,
"narHash": "sha256-iWcjToBpx4PUd74uqvIGAfqqVfyrvRLRauC/SxEKIF0=",
"lastModified": 1736820923,
"narHash": "sha256-SDuKLOWAh8VJRXlNWQn9QE99bjeEUAAbYXqrKGbsiyk=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "57733bd1dc81900e13438e5b4439239f1b29db0e",
"rev": "944c2b181792ae7ae6b20c0df3f44879c11706c9",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "nix-darwin-24.11",
"repo": "nix-darwin",
"type": "github"
}
@ -538,11 +539,11 @@
},
"nix-secrets": {
"locked": {
"lastModified": 1737289135,
"narHash": "sha256-gyRNbWriRKU+2ISw0IU+IyN6tPLFVpKHlUMu9XJnlaA=",
"lastModified": 1737298189,
"narHash": "sha256-Slso8PDwsOgjxvYSujEY/EOLpSJOdNbQLSQsTMor364=",
"ref": "refs/heads/master",
"rev": "66732e26abe33ba633c157837b24701635866199",
"revCount": 215,
"rev": "c2aca41f539e9aa03e3a6436530516a4d8dd23e6",
"revCount": 225,
"type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
},
@ -632,11 +633,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1737255904,
"narHash": "sha256-r3fxHvh+M/mBgCZXOACzRFPsJdix2QSsKazb7VCXXo0=",
"lastModified": 1737295402,
"narHash": "sha256-sxkCkFzgC/y14AANc7G2RVAh6LzO9JWVTStm68XKFLY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "eacdab35066b0bb1c9413c96898e326b76398a81",
"rev": "e4cc9246ce2f16913ddfaf97316983d622a48f4a",
"type": "github"
},
"original": {
@ -677,11 +678,11 @@
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1737141914,
"narHash": "sha256-Lq7PWAD+edeIpZKM7aresrwON+Tdo3OMu1S2YX8AjjM=",
"lastModified": 1737283156,
"narHash": "sha256-FyHmM6vvz+UxCrPZo/poIaZBZejLHVKkAH4cjtUxZDA=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "c2ee71c814c9427d4991b9d58d412add9c5a1c56",
"rev": "abcbd250b8a2c7aab1f4b2b9e01598ee24b42337",
"type": "github"
},
"original": {
@ -698,11 +699,11 @@
"treefmt-nix": "treefmt-nix_3"
},
"locked": {
"lastModified": 1737258869,
"narHash": "sha256-Ue2TumKTw+6VUSKdgHE93gViUTOJDmS2I0HjLbmrHls=",
"lastModified": 1737291670,
"narHash": "sha256-iA+SQO8w012sS6OW0knTpOc/UNh8Ca+/I2JC+NDpdlE=",
"owner": "nix-community",
"repo": "NUR",
"rev": "0b2b53ac3bd61384876cf8461d32e698064297ea",
"rev": "3d5cfb5c3d2832ec39c6565707bf30f9e8e42560",
"type": "github"
},
"original": {
@ -885,11 +886,11 @@
]
},
"locked": {
"lastModified": 1736154270,
"narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=",
"lastModified": 1737103437,
"narHash": "sha256-uPNWcYbhY2fjY3HOfRCR5jsfzdzemhfxLSxwjXYXqNc=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b",
"rev": "d1ed3b385f8130e392870cfb1dbfaff8a63a1899",
"type": "github"
},
"original": {

View File

@ -118,7 +118,7 @@
merlin = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/nebula
./hosts/merlin
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;

View File

@ -19,7 +19,6 @@
"/swap" = {
mountOptions = [ "noatime" ];
mountpoint = "/.swapvol";
swap.swapfile.size = "8192M";
};
};
}

View File

@ -0,0 +1,29 @@
{
virtualisation.arion = {
backend = "podman-socket";
projects.syncthing = {
settings = {
services.syncthing.service = {
ports = [
"8384:8384"
"22000:22000/tcp"
"22000:22000/udp"
"21027:21027/udp"
];
container_name = "syncthing";
image = "lscr.io/linuxserver/syncthing:latest";
restart = "always";
environment = {
PUID = "1000";
GUID = "1000";
};
volumes = [
"/srv/docker/syncthing/appdata/config:/config"
"/srv/docker/syncthing/data:/data"
];
};
};
};
};
}

View File

@ -140,6 +140,7 @@ in {
../arion-containers/arrstack.nix
../arion-containers/jellyfin.nix
../arion-containers/photoprism.nix
../arion-containers/syncthing.nix
];
environment.systemPackages = [

View File

@ -1,21 +1,42 @@
{ inputs, ... }:
let
{
inputs,
configVars,
lib,
...
}: let
# Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00005";
dev = "/dev/disk/by-id/wwn-0x5001b448b5f7cc7f";
encrypted = false; # currrently only applies to btrfs
impermanence = false;
user = "admin";
in
{
imports =
[
# Create users for this host
../common/users/${user}
btrfsMountDevice =
if encrypted
then "/dev/mapper/crypted"
else "/dev/root_vg/root";
# Root disk configuration
impermanence = true;
pubKeys = lib.filesystem.listFilesRecursive ../common/users/keys;
piholeIp = configVars.networking.addresses.pihole.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
merlinIp = configVars.networking.addresses.merlin.ip;
in {
imports = [
# Create users for this host
# Disk configuration
inputs.disko.nixosModules.disko
(import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
(import ../common/disks {
device = dev;
impermanence = impermanence;
fsType = fsType;
encrypted = encrypted;
})
# Impermanence
(import ../common/disks/btrfs/impermanence.nix {
btrfsMountDevice = btrfsMountDevice;
lib = lib;
})
# Import core options
./hardware-configuration.nix
@ -23,9 +44,6 @@ in
# Import optional options
../common/optional/openssh.nix
../common/optional/docker
../common/optional/docker/postgres.nix
];
boot = {
@ -36,17 +54,36 @@ in
};
};
networking = {
hostName = "merlin";
networkmanager.enable = true;
enableIPv6 = false;
users.users = {
root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
};
boot.supportedFilesystems = [ "zfs" ];
networking = {
hostName = "merlin";
nameservers = ["${piholeIp}" "${gatewayIp}" "8.8.8.8"];
defaultGateway = "${gatewayIp}";
useDHCP = false;
bridges = {
br0 = {
interfaces = ["eth0"];
};
};
interfaces.br0 = {
ipv4.addresses = [
{
"address" = "${merlinIp}";
"prefixLength" = 24;
}
];
};
};
boot.supportedFilesystems = ["zfs"];
boot.zfs.forceImportRoot = false;
networking.hostId = "18aec5d7";
boot.zfs.extraPools = [ "zspeed" ];
boot.zfs.extraPools = ["deepzfs"];
services.libinput.enable = true;
}