aboutsummaryrefslogtreecommitdiffstats
path: root/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'hosts')
-rw-r--r--hosts/common/optional/services/nsd/bitgnome.net.zone8
-rw-r--r--hosts/common/optional/services/xorg.nix6
-rw-r--r--hosts/common/optional/sound.nix6
-rw-r--r--hosts/common/users/don/default.nix32
-rw-r--r--hosts/common/users/nipsy/default.nix4
-rw-r--r--hosts/fangorn/default.nix103
-rw-r--r--hosts/fangorn/disks.nix102
-rw-r--r--hosts/fangorn/hardware-configuration.nix33
8 files changed, 282 insertions, 12 deletions
diff --git a/hosts/common/optional/services/nsd/bitgnome.net.zone b/hosts/common/optional/services/nsd/bitgnome.net.zone
index 038a860..f5ff137 100644
--- a/hosts/common/optional/services/nsd/bitgnome.net.zone
+++ b/hosts/common/optional/services/nsd/bitgnome.net.zone
@@ -3,7 +3,7 @@ $ORIGIN bitgnome.net.
$TTL 1h
@ in soa ns.bitgnome.net. nipsy.bitgnome.net. (
- 2025033101 ; serial
+ 2025040901 ; serial
1d ; refresh
2h ; retry
4w ; expire
@@ -29,7 +29,7 @@ $TTL 1h
; name servers
ns in a 5.161.149.85
ns in aaaa 2a01:4ff:f0:e164::1
-ns2 in a 67.5.119.0
+ns2 in a 67.5.118.253
; srv records
_xmpp-client._tcp 5m in srv 0 0 5222 bitgnome.net.
@@ -67,10 +67,10 @@ mta-sts 5m in cname @
;royder in cname @
; external machines
-arrakis 1m in a 67.5.119.0
+arrakis 1m in a 67.5.118.253
;darkstar 1m in a 66.69.213.114
;nb 1m in a 67.10.209.108
;terraria 1m in a 128.83.27.4
;caladan 1m in a 104.130.129.241
;caladan 1m in aaaa 2001:4800:7818:101:be76:4eff:fe03:db44
-darkstar 1m in a 67.5.119.0
+darkstar 1m in a 67.5.118.253
diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix
index 7dccdd3..712886f 100644
--- a/hosts/common/optional/services/xorg.nix
+++ b/hosts/common/optional/services/xorg.nix
@@ -1,7 +1,5 @@
{ pkgs, ... }:
{
- #environment.systemPackages = builtins.attrValues {
- # inherit (pkgs)
environment.systemPackages = with pkgs; [
chafa
evince
@@ -14,6 +12,7 @@
google-chrome
gv
inkscape
+ kdePackages.okular
libreoffice
libva-utils
mesa-demos
@@ -38,9 +37,8 @@
xorg.xev
xscreensaver
xsnow
- xterm#;
+ xterm
];
- #};
programs.firefox = {
enable = true;
diff --git a/hosts/common/optional/sound.nix b/hosts/common/optional/sound.nix
index b07de35..d409196 100644
--- a/hosts/common/optional/sound.nix
+++ b/hosts/common/optional/sound.nix
@@ -41,11 +41,11 @@
wavpack
winetricks
wineWowPackages.stagingFull
- #master.yabridge
- #master.yabridgectl
+ master.yabridge
+ master.yabridgectl
yoshimi
zam-plugins
- #zynaddsubfx
+ master.zynaddsubfx
];
};
}
diff --git a/hosts/common/users/don/default.nix b/hosts/common/users/don/default.nix
new file mode 100644
index 0000000..9b958c6
--- /dev/null
+++ b/hosts/common/users/don/default.nix
@@ -0,0 +1,32 @@
+{ pkgs, inputs, config, ... }:
+let
+ ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+ uid = 1001;
+in
+{
+ users.groups.don.gid = uid;
+ users.users.don = {
+ description = "Don Arnold";
+ extraGroups = [
+ "audio"
+ "video"
+ "wheel"
+ ] ++ ifTheyExist [
+ "adbusers"
+ "networkmanager"
+ "vboxsf"
+ "vboxusers"
+ ];
+ group = "don";
+ home = "/home/don";
+ isNormalUser = true;
+ #openssh.authorizedKeys.keys = [
+ # (builtins.readFile ./keys/id_arrakis.pub)
+ # #(builtins.readFile ./keys/id_other.pub)
+ #];
+
+ packages = [ pkgs.home-manager ];
+ shell = pkgs.zsh;
+ uid = uid;
+ };
+}
diff --git a/hosts/common/users/nipsy/default.nix b/hosts/common/users/nipsy/default.nix
index 5eacd6f..9d5bfe6 100644
--- a/hosts/common/users/nipsy/default.nix
+++ b/hosts/common/users/nipsy/default.nix
@@ -1,9 +1,10 @@
{ pkgs, inputs, config, ... }:
let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+ uid = 1000;
in
{
- users.groups.nipsy.gid = 1000;
+ users.groups.nipsy.gid = uid;
users.users.nipsy = {
description = "Mark Nipper";
extraGroups = [
@@ -26,5 +27,6 @@ in
packages = [ pkgs.home-manager ];
shell = pkgs.zsh;
+ uid = uid;
};
}
diff --git a/hosts/fangorn/default.nix b/hosts/fangorn/default.nix
new file mode 100644
index 0000000..9194dae
--- /dev/null
+++ b/hosts/fangorn/default.nix
@@ -0,0 +1,103 @@
+{ config, inputs, outputs, pkgs, ... }: {
+ boot = {
+ kernelPackages = pkgs.linuxPackages_6_12;
+ loader = {
+ efi.canTouchEfiVariables = true;
+ systemd-boot.enable = true;
+ timeout = 3;
+ };
+ supportedFilesystems = [ "zfs" ];
+ zfs = {
+ devNodes = "/dev/disk/by-label";
+ package = pkgs.master.zfs;
+ };
+ };
+
+ environment.systemPackages = with pkgs; [
+ signal-desktop
+ #master.wsmancli
+ wpa_supplicant
+ ];
+
+ imports = [
+ ./disks.nix
+ ./hardware-configuration.nix
+ ../common/core
+ #../common/optional/db.nix
+ #../common/optional/dev.nix
+ #../common/optional/ebooks.nix
+ #../common/optional/games.nix
+ #../common/optional/misc.nix
+ #../common/optional/multimedia.nix
+ ../common/optional/pipewire.nix
+ ../common/optional/services/openssh.nix
+ #../common/optional/services/tlp.nix
+ #../common/optional/services/xorg.nix
+ #../common/optional/sound.nix
+ ../common/optional/wdt.nix
+ ../common/optional/zfs.nix
+ ../common/users/don
+ ../common/users/nipsy
+ ../common/users/root
+ ];
+
+ networking = {
+ hostId = "6f1faddc";
+ hostName = "fangorn";
+ networkmanager.enable = true;
+ nftables.enable = true;
+ };
+
+ nixpkgs = {
+ config.allowUnfree = true;
+ hostPlatform = "x86_64-linux";
+ overlays = [
+ outputs.overlays.additions
+ outputs.overlays.modifications
+ outputs.overlays.master-packages
+ outputs.overlays.stable-packages
+ ];
+ };
+
+ services.openssh.settings.X11Forwarding = true;
+ services.xserver.videoDrivers = [ "amdgpu" ];
+
+ #sops = {
+ # age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+ # defaultSopsFile = ../secrets/fangorn.yaml;
+
+ # secrets = {
+ # "nftables/ssh" = {};
+ # "nix-access-token-github" = {};
+ # "ssh_config".path = "/root/.ssh/config";
+ # };
+ #};
+
+ system.stateVersion = "23.11";
+
+ #systemd.services."nftables-extra" = let rules_script = ''
+ # ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path}
+ # ''; in {
+ # description = "nftables extra firewall rules";
+ # reload = rules_script;
+ # script = rules_script;
+ # serviceConfig = {
+ # RemainAfterExit = true;
+ # Type = "oneshot";
+ # };
+ # unitConfig = {
+ # ConditionPathExists = config.sops.secrets."nftables/ssh".path;
+ # ReloadPropagatedFrom = "nftables.service";
+ # };
+ # wantedBy = [ "multi-user.target" ];
+ # after = [ "nftables.service" ];
+ # partOf = [ "nftables.service" ];
+ #};
+
+ #systemd.paths."nftables-extra" = {
+ # pathConfig = {
+ # PathExists = config.sops.secrets."nftables/ssh".path;
+ # };
+ # wantedBy = [ "multi-user.target" ];
+ #};
+}
diff --git a/hosts/fangorn/disks.nix b/hosts/fangorn/disks.nix
new file mode 100644
index 0000000..fdef7cf
--- /dev/null
+++ b/hosts/fangorn/disks.nix
@@ -0,0 +1,102 @@
+{ lib, ... }:
+{
+ disko.devices = {
+ disk = {
+ nvme0n1 = {
+ type = "disk";
+ device = "/dev/nvme0n1";
+ content = {
+ type = "gpt";
+ partitions = {
+ ESP = {
+ size = "1G";
+ type = "EF00";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ mountOptions = [ "umask=0077" ];
+ extraArgs = [ "-nboot" ];
+ };
+ };
+ swap = {
+ size = "32G";
+ type = "8200";
+ content = {
+ type = "swap";
+ extraArgs = [ "-L swap" ];
+ };
+ };
+ rpool = {
+ size = "100%";
+ content = {
+ type = "zfs";
+ pool = "rpool";
+ };
+ };
+ };
+ };
+ };
+ };
+ zpool = {
+ rpool = {
+ type = "zpool";
+ rootFsOptions = {
+ acltype = "posixacl";
+ canmount = "off";
+ compression = "on";
+ dnodesize = "auto";
+ relatime = "on";
+ xattr = "sa";
+ };
+ options = {
+ ashift = "12";
+ autotrim = "on";
+ };
+ datasets = {
+ "local" = {
+ type = "zfs_fs";
+ options.mountpoint = "none";
+ };
+ "local/root" = {
+ type = "zfs_fs";
+ options.mountpoint = "legacy";
+ mountpoint = "/";
+ };
+ "local/nix" = {
+ type = "zfs_fs";
+ options = {
+ atime = "off";
+ mountpoint = "legacy";
+ };
+ mountpoint = "/nix";
+ };
+ "user" = {
+ type = "zfs_fs";
+ options.mountpoint = "none";
+ };
+ "user/home" = {
+ type = "zfs_fs";
+ options.mountpoint = "legacy";
+ mountpoint = "/home";
+ };
+ "user/home/root" = {
+ type = "zfs_fs";
+ options.mountpoint = "legacy";
+ mountpoint = "/root";
+ };
+ "user/home/don" = {
+ type = "zfs_fs";
+ options.mountpoint = "legacy";
+ mountpoint = "/home/don";
+ };
+ "user/home/nipsy" = {
+ type = "zfs_fs";
+ options.mountpoint = "legacy";
+ mountpoint = "/home/nipsy";
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/hosts/fangorn/hardware-configuration.nix b/hosts/fangorn/hardware-configuration.nix
new file mode 100644
index 0000000..17a6bc6
--- /dev/null
+++ b/hosts/fangorn/hardware-configuration.nix
@@ -0,0 +1,33 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports = [
+ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot = {
+ initrd = {
+ availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ];
+ kernelModules = [ ];
+ };
+ kernelModules = [ "kvm-amd" ];
+ extraModulePackages = [ ];
+ };
+
+ fileSystems."/boot" = {
+ device = lib.mkForce "/dev/disk/by-label/boot";
+ };
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ #networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+ # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+ hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-10 20:33:26 +0000