adding rp host

2025-08-16 10:04:19 +02:00
parent b6baf2be86
commit 918215f25b
10 changed files with 472 additions and 47 deletions
--- a/hosts/ziggy/default.nix
+++ b/hosts/ziggy/default.nix
@@ -0,0 +1,69 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}: let
+  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+in {
+  users.users.cnst = {
+    isNormalUser = true;
+    shell = pkgs.fish;
+    extraGroups = ifTheyExist [
+      "wheel"
+      "networkmanager"
+      "audio"
+      "video"
+      "git"
+      "mysql"
+      "docker"
+      "libvirtd"
+      "qemu-libvirtd"
+      "kvm"
+      "network"
+      "gamemode"
+      "adbusers"
+      "rtkit"
+      "users"
+      "plocate"
+      "fuse"
+      "fail2ban"
+      "vaultwarden"
+      "qbittorrent"
+      "lidarr"
+      "prowlarr"
+      "bazarr"
+      "sonarr"
+      "radarr"
+      "media"
+      "share"
+    ];
+  };
+
+  imports = [
+    ./hardware-configuration.nix
+    ./modules.nix
+    ./settings.nix
+    ./server.nix
+  ];
+
+  boot.initrd.luks.devices."luks-47b35d4b-467a-4637-a5f9-45177da62897".device = "/dev/disk/by-uuid/47b35d4b-467a-4637-a5f9-45177da62897";
+
+  networking = {
+    hostName = "ziggy";
+  };
+
+  powerManagement.enable = false;
+
+  swapDevices = [
+    {
+      device = "/var/lib/swapfile";
+      size = 8 * 1024;
+    }
+  ];
+
+  environment.variables.NH_FLAKE = "/home/cnst/.nix-config";
+
+  #   # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+  system.stateVersion = lib.mkDefault "25.05";
+}
--- a/hosts/ziggy/hardware-configuration.nix
+++ b/hosts/ziggy/hardware-configuration.nix
@@ -0,0 +1,48 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = ["amdgpu"];
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/a0a3595f-e61c-475c-8f4e-bfbb05582c20";
+    fsType = "ext4";
+  };
+
+  boot.initrd.luks.devices."luks-4f289fde-55ed-4b05-a6ee-d396db2a887b".device = "/dev/disk/by-uuid/4f289fde-55ed-4b05-a6ee-d396db2a887b";
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/E03E-5458";
+    fsType = "vfat";
+    options = ["fmask=0077" "dmask=0077"];
+  };
+
+  swapDevices = [
+    {device = "/dev/disk/by-uuid/704e09db-c7dd-462b-9560-47bbf845905d";}
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/ziggy/modules.nix
+++ b/hosts/ziggy/modules.nix
@@ -0,0 +1,227 @@
+{
+  nixos = {
+    boot = {
+      kernel = {
+        variant = "latest";
+        hardware = [];
+        extraKernelParams = [];
+      };
+      loader = {
+        default = {
+          enable = true;
+        };
+        lanzaboote = {
+          enable = false;
+        };
+      };
+    };
+    hardware = {
+      bluetooth = {
+        enable = false;
+      };
+      graphics = {
+        enable = false;
+        vendors = [];
+      };
+      logitech = {
+        enable = false;
+      };
+      network = {
+        enable = true;
+        interfaces = {
+          "enp6s0" = {
+            allowedTCPPorts = [22 80 443 8090];
+            allowedUDPPorts = [58846 6881];
+          };
+        };
+      };
+    };
+    programs = {
+      android = {
+        enable = false;
+      };
+      beekeeper = {
+        enable = false;
+      };
+      blender = {
+        enable = false;
+        hip = {
+          enable = false;
+        };
+      };
+      corectrl = {
+        enable = false;
+      };
+      fish = {
+        enable = true;
+      };
+      gamemode = {
+        enable = false;
+        optimizeGpu = {
+          enable = false;
+        };
+      };
+      gamescope = {
+        enable = false;
+      };
+      gimp = {
+        enable = false;
+      };
+      gnome = {
+        enable = false;
+      };
+      hyprland = {
+        enable = false;
+      };
+      inkscape = {
+        enable = false;
+      };
+      lutris = {
+        enable = false;
+      };
+      microfetch = {
+        enable = true;
+      };
+      pkgs = {
+        enable = true;
+        desktop = {
+          enable = false;
+        };
+        common = {
+          enable = false;
+        };
+        laptop = {
+          enable = false;
+        };
+        server = {
+          enable = true;
+        };
+        dev = {
+          enable = false;
+        };
+      };
+      mysql-workbench = {
+        enable = false;
+      };
+      nh = {
+        enable = true;
+        clean = {
+          enable = true;
+          extraArgs = "--keep 9 --keep-since 51d";
+        };
+      };
+      npm = {
+        enable = false;
+      };
+      obsidian = {
+        enable = false;
+      };
+      steam = {
+        enable = false;
+      };
+      thunar = {
+        enable = false;
+      };
+      yubikey = {
+        enable = false;
+      };
+      zsh = {
+        enable = false;
+      };
+    };
+    services = {
+      agenix = {
+        enable = true;
+        sobotka = {
+          enable = true;
+        };
+      };
+      blueman = {
+        enable = false;
+      };
+      dbus = {
+        enable = true;
+      };
+      dconf = {
+        enable = true;
+      };
+      flatpak = {
+        enable = false;
+      };
+      fwupd = {
+        enable = true;
+      };
+      gnome-keyring = {
+        enable = false;
+      };
+      greetd = {
+        enable = false;
+        user = "cnst";
+      };
+      gvfs = {
+        enable = false;
+      };
+      kanata = {
+        enable = false;
+      };
+      locate = {
+        enable = true;
+      };
+      mullvad = {
+        enable = false;
+      };
+      nfs = {
+        enable = false;
+        server.enable = false;
+        client.enable = false;
+      };
+      nix-ld = {
+        enable = false;
+      };
+      openssh = {
+        enable = true;
+      };
+      pcscd = {
+        enable = false;
+      };
+      pipewire = {
+        enable = false;
+      };
+      polkit = {
+        enable = false;
+      };
+      powerd = {
+        enable = false;
+      };
+      samba = {
+        enable = false;
+      };
+      scx = {
+        enable = false;
+        scheduler = "scx_lavd";
+        flags = "--performance";
+      };
+      udisks = {
+        enable = true;
+      };
+      zram = {
+        enable = true;
+      };
+    };
+    system = {
+      fonts = {
+        enable = false;
+      };
+      locale = {
+        enable = true;
+        defaultLocale = "en_US.UTF-8";
+        extraLocale = "sv_SE.UTF-8";
+        timeZone = "Europe/Stockholm";
+      };
+      xdg = {
+        enable = false;
+        xdgOpenUsePortal = true;
+      };
+    };
+  };
+}
--- a/hosts/ziggy/server.nix
+++ b/hosts/ziggy/server.nix
@@ -0,0 +1,65 @@
+{config, ...}: {
+  server = {
+    enable = true;
+    email = "adam@cnst.dev";
+    domain = "cnix.dev";
+    user = "share";
+    group = "share";
+    uid = 974;
+    gid = 973;
+
+    unbound = {
+      enable = true;
+    };
+    caddy = {
+      enable = true;
+    };
+    homepage-dashboard = {
+      enable = false;
+    };
+    bazarr = {
+      enable = false;
+    };
+    prowlarr = {
+      enable = false;
+    };
+    lidarr = {
+      enable = false;
+    };
+    sonarr = {
+      enable = false;
+    };
+    radarr = {
+      enable = false;
+    };
+    jellyseerr = {
+      enable = false;
+    };
+    jellyfin = {
+      enable = false;
+    };
+    uptime-kuma = {
+      enable = false;
+    };
+    vaultwarden = {
+      enable = false;
+    };
+    fail2ban = {
+      enable = false;
+    };
+    podman = {
+      enable = true;
+      qbittorrent = {
+        enable = false;
+        port = 8080;
+      };
+      slskd = {
+        enable = false;
+      };
+      pihole = {
+        enable = true;
+        port = 8053;
+      };
+    };
+  };
+}
--- a/hosts/ziggy/settings.nix
+++ b/hosts/ziggy/settings.nix
@@ -0,0 +1,9 @@
+{
+  settings = {
+    accounts = {
+      username = "cnst";
+      mail = "adam@cnst.dev";
+      sshUser = "ziggy";
+    };
+  };
+}