diff --git a/nixos/common/common.nix b/nixos/common/common.nix new file mode 100644 index 0000000..14b5755 --- /dev/null +++ b/nixos/common/common.nix @@ -0,0 +1,78 @@ +{ config, lib, pkgs, ... }: { + imports = [ + ./users + ./modules + ]; + + # Clean /tmp on boot. + boot.cleanTmpDir = true; + + # Set your time zone. + time.timeZone = lib.mkDefault "Europe/Amsterdam"; + + # Systemd OOMd + # Fedora enables these options by default. See the 10-oomd-* files here: + # https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255 + systemd.oomd = { + enableRootSlice = true; + enableUserServices = true; + }; + + # Nix Settings + nix = { + package = pkgs.nixUnstable; + settings = { + auto-optimise-store = true; + trusted-users = [ "root" "victor" ]; + substituters = [ + "https://cachix.cachix.org" + "https://nix-community.cachix.org" + "https://nixpkgs-review-bot.cachix.org" + "https://colmena.cachix.org" + "https://hyprland.cachix.org" + "https://cache.garnix.io" + "https://0x76-infra.cachix.org" + "https://webcord.cachix.org" + ]; + trusted-public-keys = [ + "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE=" + "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg=" + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "0x76-infra.cachix.org-1:dC1qp+VEN3jj5pdK4URlXR9hf3atT+MnpKGu6PZjMc8=" + "webcord.cachix.org-1:l555jqOZGHd2C9+vS8ccdh8FhqnGe8L78QrHNn+EFEs=" + ]; + }; + optimise = { + automatic = true; + dates = [ "weekly" ]; + }; + gc = { + automatic = true; + dates = "weekly"; + randomizedDelaySec = "3h"; + options = "--delete-older-than 7d"; + }; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + + nixpkgs.config.allowUnfree = true; + + # Limit the systemd journal to 100 MB of disk or the + # last 7 days of logs, whichever happens first. + services.journald.extraConfig = '' + SystemMaxUse=100M + MaxFileSec=7day + ''; + + # Enable SSH + services.openssh = { + enable = true; + passwordAuthentication = false; + permitRootLogin = lib.mkDefault "no"; + }; +} diff --git a/nixos/common/default.nix b/nixos/common/default.nix index b73da1f..5ba21f4 100644 --- a/nixos/common/default.nix +++ b/nixos/common/default.nix @@ -1,85 +1,14 @@ -{ config, lib, pkgs, inputs, ... }: { - imports = [ +{ inputs, lib, config, ... }: { + # This file deals with everything requiring `inputs`, the rest being delagated to `common.nix` + # this is because we can't import inputs from all contexts as that can lead to infinite recursion. + import = [ + ./common.nix inputs.vault-secrets.nixosModules.vault-secrets - ./users - ./modules ]; - # Clean /tmp on boot. - boot.cleanTmpDir = true; + nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; + nix.registry.nixpkgs.flake = inputs.nixpkgs; - # Set your time zone. - time.timeZone = lib.mkDefault "Europe/Amsterdam"; - - # Systemd OOMd - # Fedora enables these options by default. See the 10-oomd-* files here: - # https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255 - systemd.oomd = { - enableRootSlice = true; - enableUserServices = true; - }; - - # Nix Settings - nix = { - nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; - package = pkgs.nixUnstable; - registry.nixpkgs.flake = inputs.nixpkgs; - settings = { - auto-optimise-store = true; - trusted-users = [ "root" "victor" ]; - substituters = [ - "https://cachix.cachix.org" - "https://nix-community.cachix.org" - "https://nixpkgs-review-bot.cachix.org" - "https://colmena.cachix.org" - "https://hyprland.cachix.org" - "https://cache.garnix.io" - "https://0x76-infra.cachix.org" - "https://webcord.cachix.org" - ]; - trusted-public-keys = [ - "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE=" - "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg=" - "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - "0x76-infra.cachix.org-1:dC1qp+VEN3jj5pdK4URlXR9hf3atT+MnpKGu6PZjMc8=" - "webcord.cachix.org-1:l555jqOZGHd2C9+vS8ccdh8FhqnGe8L78QrHNn+EFEs=" - ]; - }; - optimise = { - automatic = true; - dates = [ "weekly" ]; - }; - gc = { - automatic = true; - dates = "weekly"; - randomizedDelaySec = "3h"; - options = "--delete-older-than 7d"; - }; - extraOptions = '' - experimental-features = nix-command flakes - ''; - }; - - nixpkgs.config.allowUnfree = true; - - # Limit the systemd journal to 100 MB of disk or the - # last 7 days of logs, whichever happens first. - services.journald.extraConfig = '' - SystemMaxUse=100M - MaxFileSec=7day - ''; - - # Enable SSH - services.openssh = { - enable = true; - passwordAuthentication = false; - permitRootLogin = "no"; - }; - - # Configure vault-secrets based on domain vault-secrets = let inherit (config.networking) domain hostName; server = if domain == "olympus" then "vault" else "vault-0"; @@ -88,4 +17,4 @@ vaultAddress = "http://${server}.${domain}:8200/"; approlePrefix = "${domain}-${hostName}"; }; -} +} \ No newline at end of file diff --git a/nixos/hosts/hades/bazarr/configuration.nix b/nixos/hosts/hades/bazarr/configuration.nix index c3fe8e4..7d68734 100644 --- a/nixos/hosts/hades/bazarr/configuration.nix +++ b/nixos/hosts/hades/bazarr/configuration.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: { - system.stateVersion = "21.05"; + system.stateVersion = "22.11"; networking.interfaces.eth0.useDHCP = true; fileSystems."/mnt/storage" = { diff --git a/nixos/hosts/hades/default.nix b/nixos/hosts/hades/default.nix index 887d579..94aca70 100644 --- a/nixos/hosts/hades/default.nix +++ b/nixos/hosts/hades/default.nix @@ -90,6 +90,11 @@ mac = "00:50:56:91:3b:03"; nix = false; } + { + hostname = "bazarr"; + ip = "192.168.0.119"; + mac = "DE:7C:32:7E:DD:A1"; + } { hostname = "radarr2"; ip = "192.168.0.120"; @@ -101,6 +106,7 @@ ip = "192.168.0.121"; mac = "4e:e7:64:b7:88:b8"; profile = "jackett"; + nix = false; # superseded by prowlarr } { hostname = "nginx"; diff --git a/nixos/hosts/thalassa/null/configuration.nix b/nixos/hosts/thalassa/null/configuration.nix index 56c0804..f56e060 100644 --- a/nixos/hosts/thalassa/null/configuration.nix +++ b/nixos/hosts/thalassa/null/configuration.nix @@ -30,7 +30,8 @@ let exec Hyprland ''; -in { +in +{ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix @@ -93,14 +94,14 @@ in { fileSystems."/nix".options = [ "compress=zstd" "noatime" ]; # Filesystem dedup - #services.beesd.filesystems = { + # services.beesd.filesystems = { # root = { # spec = "LABEL=nixos"; # hashTableSizeMB = 256; # verbosity = "crit"; # extraOptions = [ "--loadavg-target" "2.0" ]; # }; - #}; + # }; # Select internationalisation properties. i18n.defaultLocale = "en_GB.utf8"; diff --git a/nixos/lxc-template.nix b/nixos/lxc-template.nix index 974f7fb..290def2 100644 --- a/nixos/lxc-template.nix +++ b/nixos/lxc-template.nix @@ -1,19 +1,27 @@ { config, pkgs, lib, ... }: { - # Can't import common completely due to infinite recursion - imports = [ ./common/users ./common/generic-lxc.nix ]; + imports = [ ./common/common.nix ./common/generic-lxc.nix ]; + proxmoxLXC = { + manageNetwork = true; + manageHostName = true; + privileged = false; + }; + # Enable SSH services.openssh = { enable = true; passwordAuthentication = false; permitRootLogin = "yes"; + openFirewall = true; }; networking.hostName = "template"; time.timeZone = lib.mkDefault "Europe/Amsterdam"; - networking.interfaces.eth0.useDHCP = true; + networking.useDHCP = true; system.stateVersion = "22.11"; + + users.users.root.initialPassword = "toor"; }