more renaming + some new software

2024-10-26 13:14:03 +02:00 · 2024-10-26 13:14:03 +02:00 · 02738e65ab
commit 02738e65ab
parent d94b4723d4
27 changed files with 42 additions and 16 deletions
--- a/hosts/machines/nixdesk/default.nix
+++ b/hosts/machines/nixdesk/default.nix
@ -0,0 +1,35 @@
+{lib, ...}: {
+  imports = [
+    ./hardware.nix
+    ./hibernate-boot.nix
+    ./testing.nix
+    ./samba-mount.nix
+  ];
+
+  networking.hostName = "nixdesk";
+
+  #swapDevices = lib.singleton {
+  #  device = "/dev/disk/by-uuid/1dcce4ab-71da-4928-83d5-62b20fd0fddf";
+  #};
+
+  #boot.resumeDevice = "/dev/disk/by-uuid/1dcce4ab-71da-4928-83d5-62b20fd0fddf";
+
+  #boot.kernelParams = [
+  #  "resume=UUID=1dcce4ab-71da-4928-83d5-62b20fd0fddf"
+  #  "resume_offset=3841492992" # fdisk -l
+  #];
+
+  nixpkgs.config = {
+    rocmSupport = true;
+    allowUnfreePredicate = pkg:
+      builtins.elem (lib.getName pkg) [
+        "steam"
+        "steam-original"
+        "apple_cursor" # bwuh this is NOT unfree!!
+      ];
+  };
+
+  networking.interfaces.eno1.wakeOnLan.enable = true;
+
+  system.stateVersion = "23.11";
+}
--- a/hosts/machines/nixdesk/hardware.nix
+++ b/hosts/machines/nixdesk/hardware.nix
@ -0,0 +1,95 @@
+{
+  inputs,
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  imports = [
+    inputs.hardware.nixosModules.common-cpu-amd
+    inputs.hardware.nixosModules.common-gpu-amd
+    inputs.hardware.nixosModules.common-pc-ssd
+    inputs.hardware.nixosModules.gigabyte-b550
+  ];
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    initrd = {
+      availableKernelModules = [
+        "nvme"
+        "xhci_pci"
+        "ahci"
+        "usb_storage"
+        "usbhid"
+        "sd_mod"
+      ];
+      kernelModules = ["amdgpu"];
+    };
+    kernelModules = ["kvm-amd"];
+    extraModulePackages = with config.boot.kernelPackages; [
+      rtl88xxau-aircrack # usb wifi card
+    ];
+    loader = {
+      timeout = 10;
+      systemd-boot = {
+        enable = true;
+        consoleMode = "max";
+        configurationLimit = 120;
+        editor = false;
+      };
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot";
+      };
+    };
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/d87276c0-ef9c-422e-b2de-effc1b47c654";
+      fsType = "btrfs";
+      options = ["subvol=root" "compress=zstd"];
+    };
+    "/home" = {
+      device = "/dev/disk/by-uuid/d87276c0-ef9c-422e-b2de-effc1b47c654";
+      fsType = "btrfs";
+      options = ["subvol=home" "compress=zstd"];
+    };
+    "/nix" = {
+      device = "/dev/disk/by-uuid/d87276c0-ef9c-422e-b2de-effc1b47c654";
+      fsType = "btrfs";
+      options = ["subvol=nix" "compress=zstd" "noatime"];
+    };
+    "/.swapvol" = {
+      device = "/dev/disk/by-uuid/d87276c0-ef9c-422e-b2de-effc1b47c654";
+      fsType = "btrfs";
+      options = ["subvol=swap" "noatime"];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/588B-CB97";
+      fsType = "vfat";
+    };
+  };
+
+  boot.resumeDevice = "/dev/disk/by-uuid/d87276c0-ef9c-422e-b2de-effc1b47c654";
+  # btrfs inspect-internal map-swapfile -r /.swapvol/swapfile
+  boot.kernelParams = ["resume_offset=76293376"];
+
+  swapDevices = lib.singleton {
+    device = "/.swapvol/swapfile";
+  };
+
+  hardware.enableRedistributableFirmware = true;
+
+  services.xserver.videoDrivers = [
+    "amdgpu"
+    #"nvidia"
+  ];
+  #hardware.nvidia = {
+  #  modesetting.enable = true;
+  #  package = config.boot.kernelPackages.nvidiaPackages.stable;
+  #};
+
+  nixpkgs.hostPlatform.system = "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = true;
+}
--- a/hosts/machines/nixdesk/hibernate-boot.nix
+++ b/hosts/machines/nixdesk/hibernate-boot.nix
@ -0,0 +1,28 @@
+{pkgs, ...}: {
+  # hibernate and reboot to firmware
+  # this allows me to save linux state and boot into another os (such as windows)
+  # make sure not to mount any filesystems from the other os or you risk losing data
+  environment.systemPackages = [
+    (pkgs.writeShellScriptBin "hib-boot" ''
+      set -e
+
+      if [ ! -v 1 ]; then
+        echo "no argument provided"
+        echo "please provide the id for the os you want to boot"
+        echo "these are the valid id's:"
+        echo ""
+        ${pkgs.efibootmgr}/bin/efibootmgr
+        exit
+      fi
+
+      if [ ! -w /sys/power/disk -o ! -w /sys/power/state ]; then
+        echo "you lack permission to write to /sys/power/{disk,state}, are you not running this script as root?"
+        exit
+      fi
+
+      ${pkgs.efibootmgr}/bin/efibootmgr -n "$1" >/dev/null
+      echo reboot >/sys/power/disk
+      echo disk >/sys/power/state
+    '')
+  ];
+}
--- a/hosts/machines/nixdesk/jellyfin.nix
+++ b/hosts/machines/nixdesk/jellyfin.nix
@ -0,0 +1,94 @@
+{config, ...}: {
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "xunuwu@gmail.com";
+      reloadServices = ["podman-caddy.service"];
+    };
+    certs = {
+      "xun.cam" = {
+        dnsProvider = "cloudflare";
+        credentialFiles = {
+          CF_DNS_API_TOKEN_FILE = config.sops.secrets.cloudflare.path;
+        };
+        extraDomainNames = ["jellyfin.desktop.xun.cam"];
+      };
+    };
+  };
+
+  virtualisation.podman = {
+    enable = true;
+    autoPrune.enable = true;
+    dockerSocket.enable = true;
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /media/config/caddy/data 0750 root root -"
+    "d /media/config/caddy/config 0750 root root -"
+    "d /media/config/jellyfin/config 0750 root root -"
+    "d /media/config/jellyfin/cache 0750 root root -"
+    "d /media/library 0750 root root -"
+  ];
+
+  virtualisation.oci-containers = {
+    backend = "podman";
+
+    containers = {
+      gluetun = {
+        image = "qmcgaw/gluetun:v3";
+        volumes = [
+          "${config.sops.secrets.wireguard.path}:/gluetun/wireguard/wg0.conf"
+        ];
+        ports = [
+          ## This bypasses the firewall
+          ## use 127.0.0.1:XXXX:XXXX if you only want it to be accessible locally
+          "8096:8096" # jellyfin local network
+          "60926:60926" # jellyfin
+        ];
+
+        environment = {
+          VPN_SERVICE_PROVIDER = "airvpn";
+          VPN_TYPE = "wireguard";
+          SERVER_COUNTRIES = "Netherlands";
+          FIREWALL_VPN_INPUT_PORTS = "60926";
+        };
+
+        extraOptions = [
+          "--cap-add=NET_ADMIN"
+          "--device=/dev/net/tun:/dev/net/tun"
+        ];
+      };
+      jellyfin = {
+        image = "jellyfin/jellyfin";
+        volumes = [
+          "/media/config/jellyfin/config:/config"
+          "/media/config/jellyfin/cache:/cache"
+          "/media/library:/library"
+        ];
+        dependsOn = ["gluetun"];
+        extraOptions = [
+          "--network=container:gluetun"
+          "--device=/dev/dri:/dev/dri"
+        ];
+      };
+      caddy = {
+        image = "caddy";
+        volumes = [
+          "${builtins.toFile "Caddyfile" ''
+            https://jellyfin.desktop.xun.cam:60926 {
+              tls /etc/ssl/certs/xun.cam/cert.pem /etc/ssl/certs/xun.cam/key.pem
+              reverse_proxy localhost:8096
+            }
+          ''}:/etc/caddy/Caddyfile"
+          "/var/lib/acme/xun.cam:/etc/ssl/certs/xun.cam"
+          "/media/config/caddy/data:/data"
+          "/media/config/caddy/config:/config"
+        ];
+        dependsOn = ["gluetun"];
+        extraOptions = [
+          "--network=container:gluetun"
+        ];
+      };
+    };
+  };
+}
--- a/hosts/machines/nixdesk/samba-mount.nix
+++ b/hosts/machines/nixdesk/samba-mount.nix
@ -0,0 +1,67 @@
+{config, ...}: {
+  systemd.mounts = [
+    {
+      description = "smb hopper transmission download directory";
+      what = "//192.168.50.97/transmission"; # hopper local ip
+      where = "/server/transmission";
+      type = "cifs";
+      options = builtins.readFile ./smbcreds;
+    }
+    {
+      description = "smb hopper vault";
+      what = "//192.168.50.97/vault"; # hopper local ip
+      where = "/server/vault";
+      type = "cifs";
+      options = "uid=xun,gid=users," + (builtins.readFile ./smbcreds);
+    }
+    {
+      description = "smb hopper library";
+      what = "//192.168.50.97/library"; # hopper local ip
+      where = "/server/library";
+      type = "cifs";
+      options = "uid=xun,gid=users," + (builtins.readFile ./smbcreds);
+    }
+    {
+      description = "smb hopper slskd files";
+      what = "//192.168.50.97/slskd"; # hopper local ip
+      where = "/server/slskd";
+      type = "cifs";
+      options = "uid=xun,gid=users," + (builtins.readFile ./smbcreds);
+    }
+  ];
+
+  systemd.automounts = [
+    {
+      requires = ["network-online.target"];
+      where = "/server/transmission";
+      wantedBy = ["multi-user.target"];
+      automountConfig = {
+        TimeoutIdleSec = "10min";
+      };
+    }
+    {
+      requires = ["network-online.target"];
+      where = "/server/vault";
+      wantedBy = ["multi-user.target"];
+      automountConfig = {
+        TimeoutIdleSec = "10min";
+      };
+    }
+    {
+      requires = ["network-online.target"];
+      where = "/server/library";
+      wantedBy = ["multi-user.target"];
+      automountConfig = {
+        TimeoutIdleSec = "10min";
+      };
+    }
+    {
+      requires = ["network-online.target"];
+      where = "/server/slskd";
+      wantedBy = ["multi-user.target"];
+      automountConfig = {
+        TimeoutIdleSec = "10min";
+      };
+    }
+  ];
+}
--- a/hosts/machines/nixdesk/testing.nix
+++ b/hosts/machines/nixdesk/testing.nix
@ -0,0 +1,17 @@
+{self, ...}: {
+  imports = [
+    self.nixosModules.xun
+  ];
+  xun.gaming = let
+    enabled = {enable = true;};
+  in {
+    enable = true;
+    steam = enabled;
+    gamescope = enabled;
+    gamemode = enabled;
+    sunshine = {
+      enable = true;
+      openFirewall = true;
+    };
+  };
+}