Add prometheus

author: Mark Nipper <nipsy@bitgnome.net> 2026-05-21 15:31:08 -0700
committer: Mark Nipper <nipsy@bitgnome.net> 2026-05-21 15:31:08 -0700
commit: 7f73c9eee033fbc2febcdeb13d891439c8f792b8 (patch)
tree: 4cb4700e8b205aa34653f0704e3c8bcc671d8a84
parent: fe73a9bd84601a6d1850654b7b0190fbfa11031b (diff)
download: nix-7f73c9eee033fbc2febcdeb13d891439c8f792b8.tar
nix-7f73c9eee033fbc2febcdeb13d891439c8f792b8.tar.gz
nix-7f73c9eee033fbc2febcdeb13d891439c8f792b8.tar.bz2
nix-7f73c9eee033fbc2febcdeb13d891439c8f792b8.tar.lz
nix-7f73c9eee033fbc2febcdeb13d891439c8f792b8.tar.xz
nix-7f73c9eee033fbc2febcdeb13d891439c8f792b8.tar.zst
nix-7f73c9eee033fbc2febcdeb13d891439c8f792b8.zip
9 files changed, 399 insertions, 0 deletions
diff --git a/flake.nix b/flake.nix
index a2ed682..659469f 100644
--- a/flake.nix
+++ b/flake.nix
@@ -356,6 +356,21 @@
         ];
       };
 
+      prometheus = nixpkgs.lib.nixosSystem {
+        specialArgs = { inherit inputs outputs; };
+        modules = [
+          disko.nixosModules.disko
+          ./hosts/prometheus
+          home-manager.nixosModules.home-manager {
+            #home-manager.sharedModules = [ sops-nix.homeManagerModules.sops ];
+            home-manager.users.root = import ./home/root/prometheus.nix;
+            home-manager.users.nipsy = import ./home/nipsy/prometheus.nix;
+            home-manager.users.trent = import ./home/trent/prometheus.nix;
+          }
+          #sops-nix.nixosModules.sops
+        ];
+      };
+
       richese = nixpkgs.lib.nixosSystem rec {
         specialArgs = { inherit inputs outputs; };
         modules = [
diff --git a/home/nipsy/prometheus.nix b/home/nipsy/prometheus.nix
new file mode 100644
index 0000000..83c92cd
--- /dev/null
+++ b/home/nipsy/prometheus.nix
@@ -0,0 +1,6 @@
+{ inputs, lib, pkgs, config, outputs, ... }:
+{
+  imports = [
+    common/core
+  ];
+}
diff --git a/home/root/prometheus.nix b/home/root/prometheus.nix
new file mode 100644
index 0000000..83c92cd
--- /dev/null
+++ b/home/root/prometheus.nix
@@ -0,0 +1,6 @@
+{ inputs, lib, pkgs, config, outputs, ... }:
+{
+  imports = [
+    common/core
+  ];
+}
diff --git a/home/trent/prometheus.nix b/home/trent/prometheus.nix
new file mode 100644
index 0000000..591fdb4
--- /dev/null
+++ b/home/trent/prometheus.nix
@@ -0,0 +1,62 @@
+{ inputs, lib, pkgs, config, outputs, ... }:
+{
+  imports = [
+    common/core
+    common/optional/desktops
+    common/optional/desktops/i3
+    common/optional/desktops/services/xscreensaver.nix
+    #common/optional/desktops/sway
+    common/optional/desktops/xdg.nix
+    common/optional/secrets.nix
+    #inputs.sops-nix.homeManagerModules.sops
+  ];
+
+  home.file = {
+    ".mailcap".text = ''
+      #application/msword; antiword -rs '%s'; copiousoutput; description=Microsoft Word Document
+      application/pdf; pdftotext '%s' -; copiousoutput; description=Adobe Portable Document Format
+      #image/gif; asciiview -driver curses -dim -bold -reverse -normal -boldfont -extended -eight '%s'; description=GIF image
+      image/gif; sxiv '%s'; description=GIF image
+      #image/jpeg; asciiview -driver curses -dim -bold -reverse -normal -boldfont -extended -eight '%s'; description=JPEG image
+      image/jpeg; sxiv '%s'; description=JPEG image
+      image/png; sxiv '%s'; description=PNG image
+      text/html; elinks -dump %s; copiousoutput
+      #text/richtext; catdoc '%s'; copiousoutput; description=Microsoft Rich Text Format
+    '';
+    ".mutt/aliases".source = ./arrakis/mutt/aliases;
+    ".mutt/colors".source = ./arrakis/mutt/colors;
+    ".mutt/headers".source = ./arrakis/mutt/headers;
+    ".mutt/keys".source = ./arrakis/mutt/keys;
+    ".mutt/muttrc".source = ./arrakis/mutt/muttrc;
+    "bin/knock".source = ../common/scripts/knock;
+  };
+
+  programs.zsh = {
+    shellAliases = {
+      manage = "tmux new-window ssh -A root@arrakis\\; split-window -d ssh -A root@darkstar\\; split-window -d ssh root@king\\; new-window ssh root@black-sheep\\; split-window -d ssh root@fangorn\\; split-window -d ssh root@treebeard\\; new-window ssh root@casey\\; split-window -d ssh root@homer\\; new-window ssh root@lilnasx\\; split-window -d ssh root@trent";
+    };
+  };
+
+  sops = {
+    age.keyFile = "/home/nipsy/.config/sops/age/keys.txt";
+    defaultSopsFile = ./secrets/caladan.yaml;
+
+    secrets = {
+      "reaper_license" = {
+        path = "/home/nipsy/.config/REAPER/reaper-license.rk";
+      };
+      "ssh_config" = {
+        path = "/home/nipsy/.ssh/config";
+      };
+    };
+  };
+
+  xsession = {
+    initExtra = ''
+      xrandr --output DisplayPort-0 --primary --mode 2560x1440 --rate 170
+
+      # disable VRR because it causes the display to go to sleep on my GeForce 1080 (now 3070 Ti) sometimes; maybe monitor related?
+      #nvidia-settings -a AllowVRR=0
+    '';
+  };
+}
diff --git a/hosts/common/users/trent/default.nix b/hosts/common/users/trent/default.nix
new file mode 100644
index 0000000..0e94b1c
--- /dev/null
+++ b/hosts/common/users/trent/default.nix
@@ -0,0 +1,34 @@
+{ pkgs, inputs, config, ... }:
+let
+  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+  uid = 1001;
+in
+{
+  users.groups.trent.gid = uid;
+  users.users.trent = {
+    description = "Trent Guthrie";
+    extraGroups = [
+      "audio"
+      "video"
+      "wheel"
+    ] ++ ifTheyExist [
+      "adbusers"
+      "dialout"
+      "gamemode"
+      "networkmanager"
+      "vboxsf"
+      "vboxusers"
+    ];
+    group = "trent";
+    home = "/home/trent";
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      (builtins.readFile ./keys/id.pub)
+      #(builtins.readFile ./keys/id_other.pub)
+    ];
+
+    packages = [ pkgs.home-manager ];
+    shell = pkgs.zsh;
+    uid = uid;
+  };
+}
diff --git a/hosts/common/users/trent/keys/id.pub b/hosts/common/users/trent/keys/id.pub
new file mode 100644
index 0000000..64c40b2
--- /dev/null
+++ b/hosts/common/users/trent/keys/id.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgE6nQFzqn3dx9UHqn3HbMkFszgpxHMUF8fOWeRz6pS7jBdLP+as4Bb15l5EvfusuQCe63KVlcN1qsZNWXErjYzhrUrAZPzy6xy3BOOjflh3tBV7PqGZmxrJzbwBsYbvYCzjBer1lAOn0b45y+KzO33vYe+o7w/OgQ7jaGrK2dAksyZyjTW6ii5X8/bZVghFocJSKQJmwdXuhyolLAtYvltS3dFOuviQww3sGNJeXSeOtvWf8N1xuL17bOS8nfLWXUHiIHby66mdSrBSx0TsgqtgtvFVL7tg4x72HWKjzFeiw6CVBO+UB7rM5ViDXHHKXpQ/Ju0K4/+/C06DWUglDip/2VtXSnjPocg6G6hITgp9Y0EqhX+sLOKzUL+6VxIYRrSx66ibeXMLGS/kkmM4OSHHM3mPVFcNtAnNjORLv5RfmLVTywCMeMXjZUEzxgJ6qKrhSH34bfEYZfxzciQMaoMOx3z5O2ncc1G3qN7DLFxROuV93zXD+94u1n8waiBhmixc1ZlN/JiIhuI2OX8nA0OV8vg9bDmZVhu1wyk+2Xx5syrz7FQQbp1QQQzaFGG8WtMegq0nQBER0zvzdtp2qxpAUBF6Md7YB1dU2Y5mpYk7Pu8LeVC5sxUjd869yL3nK8f0CseCfoZFLXtKD6V80WixBn61rRiazG54fDPIeBZQ== tguth01@hotmail.com
diff --git a/hosts/prometheus/default.nix b/hosts/prometheus/default.nix
new file mode 100644
index 0000000..9ae39fa
--- /dev/null
+++ b/hosts/prometheus/default.nix
@@ -0,0 +1,133 @@
+{ config, inputs, outputs, pkgs, ... }: {
+  boot = {
+    initrd.kernelModules = [ "zfs" ];
+    kernel.sysctl = {
+      "kernel.hostname" = "prometheus.trentguthrie.net";
+      #"kernel.split_lock_mitigate" = 0; # https://lwn.net/Articles/911219/
+      #"net.ipv4.tcp_congestion_control" = "reno";
+    };
+    kernelPackages = pkgs.master.linuxPackages_7_0;
+    #kernelParams = [
+    #  "amdgpu.ppfeaturemask=0xfffd3fff"
+    #  "split_lock_detect=off"
+    #];
+    loader = {
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/efiboot/efi1";
+      };
+      systemd-boot = {
+        enable = true;
+        memtest86.enable = true;
+      };
+      timeout = 3;
+    };
+    supportedFilesystems = [ "zfs" ];
+    zfs = {
+      forceImportRoot = false;
+      package = pkgs.master.zfs_2_4;
+    };
+  };
+
+  environment.systemPackages = [
+    pkgs.linux-firmware
+    pkgs.master.linuxKernel.packages.linux_7_0.turbostat
+    pkgs.mailutils
+  ];
+
+  imports = [
+    ./disks.nix
+    ./hardware-configuration.nix
+    ../common/core
+    #../common/optional/db.nix
+    #../common/optional/dev.nix
+    #../common/optional/ebooks.nix
+    #../common/optional/games.nix
+    #../common/optional/google-authenticator.nix
+    #../common/optional/gui.nix
+    #../common/optional/misc.nix
+    #../common/optional/multimedia.nix
+    #../common/optional/pipewire.nix
+    #../common/optional/printer.nix
+    #../common/optional/sdr.nix
+    #../common/optional/services/chrony.nix
+    ../common/optional/services/openssh.nix
+    #../common/optional/services/wayland.nix
+    #../common/optional/services/xorg.nix
+    #../common/optional/sound.nix
+    #../common/optional/wdt.nix
+    ../common/optional/zfs.nix
+    ../common/users/nipsy
+    ../common/users/root
+    ../common/users/trent
+  ];
+
+  networking = {
+    defaultGateway = {
+      address = "10.0.1.1";
+      interface = "enp89s0";
+    };
+    hostId = "a227ce4d";
+    hostName = "prometheus";
+    interfaces = {
+      enp89s0 = {
+        ipv4.addresses = [
+          { address = "10.0.1.17"; prefixLength = 24; }
+        ];
+      };
+    };
+    nameservers = [ "10.0.1.1" ];
+    nftables.enable = true;
+    search = [
+      "trentguthrie.net"
+    ];
+    useDHCP = false;
+    #wireless = {
+    #  enable = true;
+    #  networks = {
+    #    "Crystal Palace" = {
+    #      pskRaw = "ext:psk_crystal_palace";
+    #    };
+    #  };
+    #  secretsFile = "${config.sops.secrets."wpa_supplicant".path}";
+    #};
+  };
+
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+    };
+    hostPlatform = "x86_64-linux";
+    overlays = [
+      inputs.nvidia-patch.overlays.default
+      outputs.overlays.additions
+      outputs.overlays.modifications
+      outputs.overlays.master-packages
+      #outputs.overlays.my-nixpkgs-packages
+      #outputs.overlays.pr495610-packages
+      outputs.overlays.stable-packages
+      #outputs.overlays.staging-packages
+      #outputs.overlays.wine9_22-packages
+    ];
+  };
+
+  services.openssh.settings.X11Forwarding = true;
+  #services.xserver.videoDrivers = [ "amdgpu" ];
+
+  #sops = {
+  #  age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  #  defaultSopsFile = ../secrets/caladan.yaml;
+
+  #  secrets = {
+  #    "nftables/ssh" = {};
+  #    "nix-access-token-github" = {};
+  #    "ssh_config".path = "/root/.ssh/config";
+  #    #"wpa_supplicant" = {
+  #    #  group = config.users.users.wpa_supplicant.group;
+  #    #  owner = config.users.users.wpa_supplicant.name;
+  #    #};
+  #  };
+  #};
+
+  system.stateVersion = "26.05";
+}
diff --git a/hosts/prometheus/disks.nix b/hosts/prometheus/disks.nix
new file mode 100644
index 0000000..c58effa
--- /dev/null
+++ b/hosts/prometheus/disks.nix
@@ -0,0 +1,101 @@
+{
+  disko.devices = {
+    disk = {
+      nvme0n1 = {
+        type = "disk";
+        device = "/dev/disk/by-id/nvme-SPCC_M.2_PCIe_SSD_WWDD241018006012188";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              size = "1G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/efiboot/efi1";
+                mountOptions = [ "X-mount.mkdir" "umask=0077" ];
+                extraArgs = [ "-nESP1" ];
+              };
+            };
+            swap = {
+              size = "16G";
+              type = "8200";
+              content = {
+                type = "swap";
+                extraArgs = [ "-L swap" ];
+              };
+            };
+            zfs = {
+              size = "100%";
+              content = {
+                type = "zfs";
+                pool = "rpool";
+              };
+            };
+          };
+        };
+      };
+    };
+    zpool = {
+      rpool = {
+        type = "zpool";
+        rootFsOptions = {
+          acltype = "posixacl";
+          canmount = "off";
+          compression = "on";
+          dnodesize = "auto";
+          relatime = "on";
+          xattr = "sa";
+        };
+        options = {
+          ashift = "12";
+          autotrim = "on";
+        };
+        datasets = {
+          "local" = {
+            type = "zfs_fs";
+            options.mountpoint = "none";
+          };
+          "local/root" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/";
+          };
+          "local/nix" = {
+            type = "zfs_fs";
+            options = {
+              atime = "off";
+              mountpoint = "legacy";
+            };
+            mountpoint = "/nix";
+          };
+          "user" = {
+            type = "zfs_fs";
+            options.mountpoint = "none";
+          };
+          "user/home" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/home";
+          };
+          "user/home/root" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/root";
+          };
+          "user/home/nipsy" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/home/nipsy";
+          };
+          "user/home/trent" = {
+            type = "zfs_fs";
+            options.mountpoint = "legacy";
+            mountpoint = "/home/trent";
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/hosts/prometheus/hardware-configuration.nix b/hosts/prometheus/hardware-configuration.nix
new file mode 100644
index 0000000..c0e8417
--- /dev/null
+++ b/hosts/prometheus/hardware-configuration.nix
@@ -0,0 +1,41 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ #(modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot = {
+    extraModulePackages = [ ];
+    initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+    initrd.kernelModules = [ ];
+    kernelModules = [ "kvm-intel" "ntsync" ];
+  };
+
+  #nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+  hardware = {
+    bluetooth.enable = true;
+    cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+    graphics = {
+      enable = true;
+      enable32Bit = true;
+      extraPackages = [ pkgs.nvidia-vaapi-driver ];
+      extraPackages32 = [ pkgs.pkgsi686Linux.nvidia-vaapi-driver ];
+    };
+
+    nvidia = let
+      betaPkg = config.boot.kernelPackages.nvidiaPackages.beta;
+      pkgAfterFbc = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.fbc then pkgs.nvidia-patch.patch-fbc betaPkg else betaPkg;
+      finalPkg = if builtins.hasAttr betaPkg.version pkgs.nvidia-patch-list.nvenc then pkgs.nvidia-patch.patch-nvenc pkgAfterFbc else pkgAfterFbc;
+    in {
+      modesetting.enable = true;
+      open = true;
+      package = if finalPkg == betaPkg then betaPkg else finalPkg;
+    };
+  };
+}
author	Mark Nipper <nipsy@bitgnome.net>	2026-05-21 15:31:08 -0700
committer	Mark Nipper <nipsy@bitgnome.net>	2026-05-21 15:31:08 -0700
commit	7f73c9eee033fbc2febcdeb13d891439c8f792b8 (patch)
tree	4cb4700e8b205aa34653f0704e3c8bcc671d8a84
parent	fe73a9bd84601a6d1850654b7b0190fbfa11031b (diff)
download	nix-7f73c9eee033fbc2febcdeb13d891439c8f792b8.tar nix-7f73c9eee033fbc2febcdeb13d891439c8f792b8.tar.gz nix-7f73c9eee033fbc2febcdeb13d891439c8f792b8.tar.bz2 nix-7f73c9eee033fbc2febcdeb13d891439c8f792b8.tar.lz nix-7f73c9eee033fbc2febcdeb13d891439c8f792b8.tar.xz nix-7f73c9eee033fbc2febcdeb13d891439c8f792b8.tar.zst nix-7f73c9eee033fbc2febcdeb13d891439c8f792b8.zip