diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix index fccb0dd..f4fa26f 100644 --- a/hosts/architect/default.nix +++ b/hosts/architect/default.nix @@ -2,140 +2,141 @@ with import ./network.nix; let - pubkeys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230"]; - hostname = "architect"; -in - { - imports = - [ # Include the results of the hardware scan. - ./backup.nix - ./hardware.nix - ./firewall.nix - ./nginx.nix - ./gitea.nix - ./sonarr.nix - ./radarr.nix - ./bazarr.nix - ./nzbget.nix - ./nextcloud.nix - ./wireguard.nix - ./minio.nix - ./matrix.nix - ./fail2ban.nix - ./dns.nix - ./minecraft.nix - ./prowlarr.nix - ./plex.nix - ./transmission.nix - ./githubrunner.nix - ]; + pubkeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230" + ]; + hostname = "architect"; +in { + imports = [ # Include the results of the hardware scan. + ./backup.nix + ./hardware.nix + ./firewall.nix + ./nginx.nix + ./gitea.nix + ./sonarr.nix + ./radarr.nix + ./bazarr.nix + ./nzbget.nix + ./nextcloud.nix + ./wireguard.nix + ./minio.nix + ./matrix.nix + ./fail2ban.nix + ./dns.nix + ./minecraft.nix + ./prowlarr.nix + ./plex.nix + ./transmission.nix + ./githubrunner.nix + ]; - time.timeZone = "Europe/Rome"; - system.stateVersion = "21.05"; # Did you read the comment? - users.users.giulio.openssh.authorizedKeys.keys = pubkeys; + time.timeZone = "Europe/Rome"; + system.stateVersion = "21.05"; # Did you read the comment? + users.users.giulio.openssh.authorizedKeys.keys = pubkeys; - fileSystems."/tmp" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["size=20G"]; - }; + fileSystems."/tmp" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = [ "size=20G" ]; + }; - boot = { - kernelParams = ["ip=${architect-lan}::10.0.0.1:255.255.255.0::${wan-if}:off"]; - kernel.sysctl."net.ipv4.ip_forward" = 1; + boot = { + kernelParams = + [ "ip=${architect-lan}::10.0.0.1:255.255.255.0::${wan-if}:off" ]; + kernel.sysctl."net.ipv4.ip_forward" = 1; - initrd = { - availableKernelModules = ["igc" "r8169"]; - network = { + initrd = { + availableKernelModules = [ "igc" "r8169" ]; + network = { + enable = true; + ssh = { enable = true; - ssh = { - enable = true; - port = 22; - hostKeys = [/boot/ssh_host_rsa_key]; - authorizedKeys = pubkeys; - }; - - postCommands = '' - zpool import backedpool - zpool import zpool - - mkdir /mnt-root - echo "zfs load-key -ar; mount -t zfs zpool/nixos/root /mnt-root; zfs load-key -a; umount /mnt-root; rmdir /mnt-root; killall zfs" >> /root/.profile - ''; + port = 22; + hostKeys = [ /boot/ssh_host_rsa_key ]; + authorizedKeys = pubkeys; }; - }; - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; + postCommands = '' + zpool import backedpool + zpool import zpool - supportedFilesystems = ["zfs"]; - zfs.enableUnstable = true; - zfs.requestEncryptionCredentials = true; + mkdir /mnt-root + echo "zfs load-key -ar; mount -t zfs zpool/nixos/root /mnt-root; zfs load-key -a; umount /mnt-root; rmdir /mnt-root; killall zfs" >> /root/.profile + ''; + }; }; - networking = { - hostName = hostname; - hostId = "49350853"; - useDHCP = false; - defaultGateway = "10.0.0.1"; - interfaces = { - enp5s0.ipv4.addresses = [{ address = architect-lan; prefixLength = 24; }]; - enp6s0.useDHCP = false; - wlp4s0.useDHCP = false; - }; - extraHosts = '' - 127.0.0.1 ${hostname}.devs.giugl.io localhost - - # LAN - ${architect-lan} ${hostname}.devs.giugl.io - - ${dvr-lan} dvr.devs.giugl.io - ${nas-lan} nas.devs.giugl.io - ${giupi-lan} giupi.devs.giugl.io - - # Blacklist - 0.0.0.0 metrics.plex.tv - 0.0.0.0 analytics.plex.tv - 0.0.0.0 cdn.luckyorange.com - 0.0.0.0 w1.luckyorange.com - 0.0.0.0 browser.sentry-cdn.com - 0.0.0.0 analytics.facebook.com - 0.0.0.0 ads.facebook.com - 0.0.0.0 extmaps-api.yandex.net - 0.0.0.0 logservice.hicloud.com - 0.0.0.0 logbak.hicloud.com - 0.0.0.0 logservice1.hicloud.com - 0.0.0.0 samsung-com.112.2o7.net - 0.0.0.0 supportmetrics.apple.com - 0.0.0.0 analytics.oneplus.cn - 0.0.0.0 click.oneplus.cn - 0.0.0.0 analytics-api.samsunghealthcn.com - ''; + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; }; - environment.systemPackages = with pkgs; [ cudatoolkit ]; + supportedFilesystems = [ "zfs" ]; + zfs.enableUnstable = true; + zfs.requestEncryptionCredentials = true; + }; - hardware = { - cpu.amd.updateMicrocode = true; - opengl.enable = true; - opengl.extraPackages= with pkgs; [vaapiVdpau]; - opengl.driSupport = true; + networking = { + hostName = hostname; + hostId = "49350853"; + useDHCP = false; + defaultGateway = "10.0.0.1"; + interfaces = { + enp5s0.ipv4.addresses = [{ + address = architect-lan; + prefixLength = 24; + }]; + enp6s0.useDHCP = false; + wlp4s0.useDHCP = false; }; + extraHosts = '' + 127.0.0.1 ${hostname}.devs.giugl.io localhost + + # LAN + ${architect-lan} ${hostname}.devs.giugl.io + + ${dvr-lan} dvr.devs.giugl.io + ${nas-lan} nas.devs.giugl.io + ${giupi-lan} giupi.devs.giugl.io + + # Blacklist + 0.0.0.0 metrics.plex.tv + 0.0.0.0 analytics.plex.tv + 0.0.0.0 cdn.luckyorange.com + 0.0.0.0 w1.luckyorange.com + 0.0.0.0 browser.sentry-cdn.com + 0.0.0.0 analytics.facebook.com + 0.0.0.0 ads.facebook.com + 0.0.0.0 extmaps-api.yandex.net + 0.0.0.0 logservice.hicloud.com + 0.0.0.0 logbak.hicloud.com + 0.0.0.0 logservice1.hicloud.com + 0.0.0.0 samsung-com.112.2o7.net + 0.0.0.0 supportmetrics.apple.com + 0.0.0.0 analytics.oneplus.cn + 0.0.0.0 click.oneplus.cn + 0.0.0.0 analytics-api.samsunghealthcn.com + ''; + }; + + environment.systemPackages = with pkgs; [ cudatoolkit ]; + + hardware = { + cpu.amd.updateMicrocode = true; + opengl.enable = true; + opengl.extraPackages = with pkgs; [ vaapiVdpau ]; + opengl.driSupport = true; + }; boot.crashDump.enable = true; services.das_watchdog.enable = true; - services = { - zfs.autoScrub.enable = true; - xserver.videoDrivers = [ "nvidia" ]; - openssh.enable = true; - smartd.enable = true; - }; - - environment.variables = { - LIBVA_DRIVER_NAME="vdpau"; - }; - } + services = { + zfs.autoScrub.enable = true; + xserver.videoDrivers = [ "nvidia" ]; + openssh.enable = true; + smartd.enable = true; + }; + environment.variables = { LIBVA_DRIVER_NAME = "vdpau"; }; +}