{ inputs, self, pkgs, pkgs-unstable, config, ... }: { # System Info: # - Model: Custom # - CPU: AMD Ryzen 9 3900X (12C/24T, Passmark: 2703/32546) # - RAM: 128GB # - Storage: Yes networking.hostName = "blockhouse"; networking.hostId = "ed658529"; system.stateVersion = "23.11"; home-manager = { users."lauren_lagarde" = { home.stateVersion = "24.11"; imports = self.homeManagerModules."lauren_lagarde@tui.mlaga97.space"; }; extraSpecialArgs = { inherit self pkgs-unstable; }; }; time.timeZone = "America/Chicago"; sops.defaultSopsFile = ../../secrets.yaml; imports = [ inputs.sops-nix.nixosModules.sops inputs.lix-module.nixosModules.default inputs.home-manager.nixosModules.home-manager # Core Features ../../nixos/features/base.nix ../../nixos/features/tui-apps.nix ../../nixos/features/openssh-server.nix # Core Tweaks ../../nixos/tweaks/zram.nix ../../nixos/tweaks/enable_flakes.nix ../../nixos/tweaks/disable_nixos_user.nix ../../nixos/tweaks/systemd-resolved_nonsense.nix # Dotspace ../../dotspace/configuration.nix ../../nixos/features/stronghold-binary-cache.nix # Users ../../users/lauren_lagarde/configuration.nix ../../users/ashley_funkhouser/ashley_funkhouser.nix # Blockhouse Features ../../nixos/tweaks/aarch64-crosscompile.nix ../../nixos/features/gpu/nvidia.nix ../../nixos/features/virtualization/dockge.nix ../../nixos/features/virtualization/docker.nix ../../nixos/features/virtualization/libvirt-host.nix # Blockhouse ../../nixos/tweaks/zfs.nix ../../nixos/tweaks/disable_firewall.nix ]; ############################################################################## ############################################################################## ############################################################################## # Bootloader / Kernel boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { enable = true; zfsSupport = true; efiSupport = true; }; ############################################################################## ############################################################################## ############################################################################## # Local Filesystems boot.loader.grub.mirroredBoots = [ { devices = [ "nodev" ]; path = "/boot0"; } { devices = [ "nodev" ]; path = "/boot1"; } ]; fileSystems = { "/" = { device = "blockhouse-root/root"; fsType = "zfs"; }; "/exports/Archive" = { device = "Archive/Archive"; fsType = "zfs"; }; "/exports/Archive/Frigate" = { device = "Archive/Frigate"; fsType = "zfs"; }; "/exports/Archive/Restic" = { device = "Archive/Restic"; fsType = "zfs"; }; "/exports/Archive/Multimedia" = { device = "Archive/Multimedia"; fsType = "zfs"; }; "/boot0" = { device = "/dev/disk/by-uuid/DD98-25C2"; fsType = "vfat"; options = [ "nofail" ]; }; "/boot1" = { device = "/dev/disk/by-uuid/2F9C-F902"; fsType = "vfat"; options = [ "nofail" ]; }; }; ############################################################################## ############################################################################## ############################################################################## # Services services.samba = { enable = true; openFirewall = true; settings = { global = { "force user" = "nobody"; "force group" = "users"; }; Parlor = { path = "/exports/Parlor"; comment = "Fast Data Storage"; writable = "yes"; browseable = "yes"; "create mask" = "775"; "force create mode" = "775"; "security mask" = "775"; "force security mode" = "775"; "directory mask" = "2775"; "force directory mode" = "2775"; "directory security mask" = "2775"; "force directory security mode" = "2775"; }; Archive = { path = "/exports/Archive"; comment = "Vast Data Storage"; writable = "yes"; browseable = "yes"; "create mask" = "0775"; "force create mode" = "0664"; "directory mask" = "0775"; "force directory mode" = "0775"; }; Music = { path = "/exports/Music"; public = "yes"; writable = "no"; browseable = "yes"; "guest ok" = "yes"; }; }; }; services.apcupsd = { enable = true; configText = '' UPSTYPE net DEVICE bastion.mlaga97.space:3551 BATTERYLEVEL 50 MINUTES 10 ''; }; services.nix-serve = { enable = true; secretKeyFile = "/var/cache-priv-key.pem"; }; services.nginx = { enable = true; recommendedProxySettings = true; virtualHosts = { "nixos-cache.stronghold.mlaga97.space" = { locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; }; }; }; ############################################################################## ############################################################################## ############################################################################## # Users users.users = { # System Users blockhouse = { isNormalUser = true; extraGroups = [ "wheel" ]; # TODO: Secret passwords? }; dotspace = { isNormalUser = true; shell = pkgs.shadow; # TODO: Secret passwords? }; }; ############################################################################## ############################################################################## ############################################################################## # Networking # Disable IPv6? networking.enableIPv6 = false; boot.kernel.sysctl."net.ipv6.conf.all.disable_ipv6" = true; networking.useNetworkd = true; systemd.network = { enable = true; # Configure Physical Interfaces links."10-card0" = { linkConfig.Name = "card0"; matchConfig.PermanentMACAddress = "6c:92:bf:42:51:c6"; # 10Gb SFP+ NIC }; # Declare VLAN Interfaces netdevs."10-card0-vlan-wan" = { netdevConfig = { Kind = "vlan"; Name = "card0-wan"; }; vlanConfig.Id = 288; }; netdevs."10-card0-vlan-cams" = { netdevConfig = { Kind = "vlan"; Name = "card0-cams"; }; vlanConfig.Id = 100; }; # Declare Bridge Interfaces netdevs."10-br-lan".netdevConfig = { Kind = "bridge"; Name = "br-lan"; MACAddress = "96:9b:28:22:1f:fa"; }; netdevs."10-br-wan".netdevConfig = { Kind = "bridge"; Name = "br-wan"; }; netdevs."10-br-cams".netdevConfig = { Kind = "bridge"; Name = "br-cams"; }; # Add Bridge Members networks."20-eno0" = { matchConfig.Name = "eno0"; networkConfig.Bridge = "br-lan"; linkConfig.RequiredForOnline = "enslaved"; }; networks."20-card0" = { matchConfig.Name = "card0"; networkConfig = { VLAN = [ "card0-wan" "card0-cams" ]; Bridge = "br-lan"; }; linkConfig.RequiredForOnline = "enslaved"; }; networks."20-card0-wan" = { matchConfig.Name = "card0-wan"; networkConfig.Bridge = "br-wan"; }; networks."20-card0-cams" = { matchConfig.Name = "card0-cams"; networkConfig.Bridge = "br-cams"; }; # Actual Network Configs networks."30-br-lan" = { matchConfig.Name = "br-lan"; address = [ "192.168.2.50/24" ]; routes = [ { Gateway = "192.168.2.1"; } ]; networkConfig.IPv6AcceptRA = true; linkConfig.RequiredForOnline = "routable"; }; # VPNs and Overlays networks."90-tinc" = { matchConfig.Name = "tinc.dotspace"; address = [ "10.86.84.104/32" ]; routes = [ { Destination = "10.86.84.0/24"; } ]; }; }; services.tinc.networks.dotspace = { name = "blockhouse"; ed25519PrivateKeyFile = "/root/tinc/mlaga97space_ed25519_key.priv"; chroot = false; settings.ConnectTo = [ "fortress" "casemate" "vm_docker_0" "vm_docker_1" "vm_docker_2" ]; }; ############################################################################## ############################################################################## ############################################################################## # Periodic Tasks # TODO: Systemd services and timers, one day services.cron = { enable = true; mailto = ""; systemCronJobs = [ "* * * * * lauren_lagarde /home/lauren_lagarde/bin/DriveStats" "* * * * * lauren_lagarde /home/lauren_lagarde/bin/PublishStats" "0 */6 * * * lauren_lagarde /home/lauren_lagarde/bin/GetNWSMeteogram" "* * * * * lauren_lagarde /home/lauren_lagarde/bin/GetAllCameraImages" # Collate LongCam ]; }; }