config/hosts/fwminex/configuration.nix

{
  pkgs,
  config,
  myData,
  ...
}: {
  imports = [
    ../../modules/profiles/autorandr
  ];

  boot = {
    initrd.availableKernelModules = ["usb_storage" "sd_mod" "xhci_pci" "thunderbolt" "nvme" "usbhid"];
    loader.systemd-boot.enable = true;
    supportedFilesystems = ["zfs"];
    zfs = {
      forceImportRoot = false;
      devNodes = "/dev/disk/by-id/";
    };
  };

  fileSystems = {
    "/" = {
      device = "rpool/nixos/root";
      fsType = "zfs";
    };
    "/boot" = {
      device = "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_2TB_S6P1NS0TA01331A_1-part2";
      fsType = "vfat";
    };
    "/home" = {
      device = "rpool/nixos/home";
      fsType = "zfs";
    };
    "/nix" = {
      device = "rpool/nixos/nix";
      fsType = "zfs";
    };
    "/var/lib" = {
      device = "rpool/nixos/var/lib";
      fsType = "zfs";
    };
    "/var/log" = {
      device = "rpool/nixos/var/log";
      fsType = "zfs";
    };
  };

  hardware.cpu.intel.updateMicrocode = true;
  nixpkgs.hostPlatform = "x86_64-linux";

  boot.binfmt.emulatedSystems = ["aarch64-linux"];

  systemd.services.zfs-mount.enable = false;

  mj = {
    stateVersion = "23.05";
    timeZone = "Europe/Vilnius";
    username = "motiejus";

    base = {
      zfs.enable = true;
      users = {
        enable = true;
        devTools = true;
        root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
        user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
      };

      snapshot = {
        enable = true;
        mountpoints = ["/home" "/var/lib" "/var/log"];
      };

      unitstatus = {
        enable = true;
        email = "motiejus+alerts@jakstys.lt";
      };
    };

    services = {
      sshguard.enable = false;
      tailscale = {
        enable = true;
        verboseLogs = true;
      };

      node_exporter = {
        enable = true;
        extraSubnets = [myData.subnets.vno1.cidr];
      };

      deployerbot = {
        follower = {
          inherit (myData.hosts."vno1-oh2.servers.jakst") publicKey;

          enable = true;
          uidgid = myData.uidgid.updaterbot-deployee;
          sshAllowSubnets = with myData.subnets; [tailscale.sshPattern];
        };
      };

      postfix = {
        enable = true;
        saslPasswdPath = config.age.secrets.sasl-passwd.path;
      };

      syncthing = {
        enable = true;
        dataDir = "/home/motiejus/";
        user = "motiejus";
        group = "users";
      };

      remote-builder.client = let
        host = myData.hosts."fra1-a.servers.jakst";
      in {
        enable = true;
        inherit (host) system supportedFeatures;
        hostName = host.jakstIP;
        sshKey = "/etc/ssh/ssh_host_ed25519_key";
      };
    };
  };

  programs.mepo.enable = true;

  virtualisation.virtualbox.host.enable = true;
  users.extraGroups.vboxusers.members = ["motiejus"];

  environment.systemPackages = with pkgs; [
    tesseract
  ];

  networking = {
    hostId = "3a54afcd";
    hostName = "fwminex";
    domain = "motiejus.jakst";
    firewall.rejectPackets = true;
  };
}
add fwminex 2023-09-13 12:17:43 +03:00			`{`
Revert "fwminex: roll back to 6.1 for now" This reverts commit b8d50cb6dcfbf757d5cb33a79609e831d9c1a45a. 2024-03-02 09:43:42 +02:00			`pkgs,`
add fwminex 2023-09-13 12:17:43 +03:00			`config,`
			`myData,`
			`...`
autorandr: rm fwminex 2024-04-12 22:13:34 +03:00			`}: {`
			`imports = [`
			`../../modules/profiles/autorandr`
			`];`

fwminex: migrate to systemd-boot 2023-11-28 22:57:58 +02:00			`boot = {`
fwminex: newer kernel 2024-03-01 10:31:42 +02:00			`initrd.availableKernelModules = ["usb_storage" "sd_mod" "xhci_pci" "thunderbolt" "nvme" "usbhid"];`
fwminex: migrate to systemd-boot 2023-11-28 22:57:58 +02:00			`loader.systemd-boot.enable = true;`
			`supportedFilesystems = ["zfs"];`
			`zfs = {`
			`forceImportRoot = false;`
			`devNodes = "/dev/disk/by-id/";`
			`};`
			`};`

			`fileSystems = {`
			`"/" = {`
			`device = "rpool/nixos/root";`
			`fsType = "zfs";`
			`};`
			`"/boot" = {`
			`device = "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_2TB_S6P1NS0TA01331A_1-part2";`
			`fsType = "vfat";`
			`};`
			`"/home" = {`
			`device = "rpool/nixos/home";`
			`fsType = "zfs";`
			`};`
			`"/nix" = {`
			`device = "rpool/nixos/nix";`
			`fsType = "zfs";`
			`};`
			`"/var/lib" = {`
			`device = "rpool/nixos/var/lib";`
			`fsType = "zfs";`
			`};`
			`"/var/log" = {`
			`device = "rpool/nixos/var/log";`
			`fsType = "zfs";`
add fwminex 2023-09-13 12:17:43 +03:00			`};`
			`};`

fwminex: some hardware updates 2023-09-14 12:40:16 +03:00			`hardware.cpu.intel.updateMicrocode = true;`
			`nixpkgs.hostPlatform = "x86_64-linux";`

add fwminex 2023-09-13 12:17:43 +03:00			`boot.binfmt.emulatedSystems = ["aarch64-linux"];`

disable zfs-mount 2023-09-14 15:26:16 +03:00			`systemd.services.zfs-mount.enable = false;`

add fwminex 2023-09-13 12:17:43 +03:00			`mj = {`
			`stateVersion = "23.05";`
			`timeZone = "Europe/Vilnius";`
vm: fix user propagation, refactor base.users 2024-03-06 10:33:48 +02:00			`username = "motiejus";`
add fwminex 2023-09-13 12:17:43 +03:00
			`base = {`
			`zfs.enable = true;`
			`users = {`
bring back "vm" 2024-02-04 16:18:47 +02:00			`enable = true;`
hm: fullDesktop -> devTools 2024-02-04 22:05:44 +02:00			`devTools = true;`
vm: fix user propagation, refactor base.users 2024-03-06 10:33:48 +02:00			`root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;`
			`user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;`
add fwminex 2023-09-13 12:17:43 +03:00			`};`

			`snapshot = {`
			`enable = true;`
			`mountpoints = ["/home" "/var/lib" "/var/log"];`
			`};`

			`unitstatus = {`
			`enable = true;`
			`email = "motiejus+alerts@jakstys.lt";`
			`};`
			`};`

			`services = {`
tailscale: silence logs on some machines 2023-09-14 14:37:55 +03:00			`sshguard.enable = false;`
fwminex: tailscale verboseLogs 2023-11-15 00:29:22 +02:00			`tailscale = {`
			`enable = true;`
			`verboseLogs = true;`
			`};`
install iw and acpi; remove random latex 2023-09-20 21:28:15 +03:00
node_exporter: enable on vno1 subnet 2023-09-18 19:29:27 +03:00			`node_exporter = {`
			`enable = true;`
			`extraSubnets = [myData.subnets.vno1.cidr];`
			`};`
add fwminex 2023-09-13 12:17:43 +03:00
			`deployerbot = {`
			`follower = {`
statix: fix bugs with inherit now I know better what it does. 2023-10-01 23:26:01 +03:00			`inherit (myData.hosts."vno1-oh2.servers.jakst") publicKey;`
enable statx 2023-10-01 23:14:05 +03:00
add fwminex 2023-09-13 12:17:43 +03:00			`enable = true;`
			`uidgid = myData.uidgid.updaterbot-deployee;`
deployerbot: use vpn for actual deploying anyway 2023-09-20 14:43:04 +03:00			`sshAllowSubnets = with myData.subnets; [tailscale.sshPattern];`
add fwminex 2023-09-13 12:17:43 +03:00			`};`
			`};`

secrets for fwminex 2023-09-15 13:23:52 +03:00			`postfix = {`
			`enable = true;`
			`saslPasswdPath = config.age.secrets.sasl-passwd.path;`
			`};`
add fwminex 2023-09-13 12:17:43 +03:00
			`syncthing = {`
fwminex: start syncthing 2023-09-18 11:55:09 +03:00			`enable = true;`
add fwminex 2023-09-13 12:17:43 +03:00			`dataDir = "/home/motiejus/";`
			`user = "motiejus";`
			`group = "users";`
			`};`
add remote builder to vno1-oh2 2024-02-27 22:56:09 +02:00
			`remote-builder.client = let`
			`host = myData.hosts."fra1-a.servers.jakst";`
			`in {`
			`enable = true;`
			`inherit (host) system supportedFeatures;`
			`hostName = host.jakstIP;`
			`sshKey = "/etc/ssh/ssh_host_ed25519_key";`
			`};`
add fwminex 2023-09-13 12:17:43 +03:00			`};`
			`};`

fwminex: install mepo 2024-04-26 19:29:20 +03:00			`programs.mepo.enable = true;`

virtualbox 2024-02-16 18:09:59 +02:00			`virtualisation.virtualbox.host.enable = true;`
			`users.extraGroups.vboxusers.members = ["motiejus"];`

fwminex: tesseract 2024-04-10 01:49:31 +03:00			`environment.systemPackages = with pkgs; [`
			`tesseract`
			`];`

add fwminex 2023-09-13 12:17:43 +03:00			`networking = {`
fwminex: set hostid 2023-09-13 14:46:58 +03:00			`hostId = "3a54afcd";`
add fwminex 2023-09-13 12:17:43 +03:00			`hostName = "fwminex";`
			`domain = "motiejus.jakst";`
fwminex: fix firewall typo 2023-09-22 09:58:09 +03:00			`firewall.rejectPackets = true;`
add fwminex 2023-09-13 12:17:43 +03:00			`};`
			`}`