diff --git a/flake.lock b/flake.lock index ea7ee75..b8e9a73 100644 --- a/flake.lock +++ b/flake.lock @@ -758,6 +758,21 @@ "type": "github" } }, + "nixlib": { + "locked": { + "lastModified": 1731805462, + "narHash": "sha256-yhEMW4MBi+IAyEJyiKbnFvY1uARyMKJpLUhkczI49wk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "b9f04e3cf71c23bea21d2768051e6b3068d44734", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixos-cosmic": { "inputs": { "flake-compat": "flake-compat_2", @@ -781,6 +796,27 @@ "type": "github" } }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1731892054, + "narHash": "sha256-BJtD9NGUWaBe4OZ1JO77w8qBP9yHDJJUjsxkG/milFc=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "15a87ccb45e06d24a9fd5f99a49782efe11b23f0", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1730919458, @@ -1014,6 +1050,7 @@ "hyprland": "hyprland", "nix-colors": "nix-colors", "nixos-cosmic": "nixos-cosmic", + "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixos-wsl": "nixos-wsl", "nixpkgs": "nixpkgs", diff --git a/flake.nix b/flake.nix index 6accae9..e544e47 100644 --- a/flake.nix +++ b/flake.nix @@ -11,6 +11,10 @@ url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; }; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; # secrets management agenix = { url = "github:ryantm/agenix"; @@ -60,7 +64,7 @@ }; outputs = { self, nur, nixpkgs, nixos-hardware, nixos-wsl, nixpkgs-unstable , agenix, home-manager, home-manager-unstable, nix-colors, nixos-cosmic - , nixvim, stylix, disko, flake-utils, ... }@inputs: + , nixvim, nixos-generators, stylix, disko, flake-utils, ... }@inputs: let inherit (self) outputs; system = "x86_64-linux"; @@ -73,6 +77,7 @@ nur.overlay ]; }; + defaultModules = [ ./modules agenix.nixosModules.default overlays ]; # helper function to create a machine mkHost = { modules, specialArgs ? { pkgsVersion = nixpkgs-unstable; @@ -82,7 +87,7 @@ in specialArgs.pkgsVersion.lib.nixosSystem { inherit system; modules = modules - ++ [ ./modules agenix.nixosModules.default overlays ] + ++ defaultModules ++ lib.lists.optionals (!minimal) [ specialArgs.home-manager-version.nixosModules.home-manager ] ++ lib.lists.optionals (!minimal && graphical) [ @@ -186,6 +191,27 @@ # build vm -> nixos-rebuild build-vm --flake .#vm "vm" = mkHost { modules = [ ./users/vm ./systems/vm/configuration.nix ]; }; + + "server-vm" = + mkHost { modules = [ ./users/anon ./systems/server-vm/configuration.nix ]; }; + }; + + packages.x86_64-linux = { + "server-vm" = nixos-generators.nixosGenerate { + format = "vmware"; + system = "x86_64-linux"; + #pkgs = nixpkgs-unstable.legacyPackages.x86_64-linux; + specialArgs = { + pkgsVersion = nixpkgs-unstable; + } // {inherit inputs outputs; }; + lib = nixpkgs-unstable.legacyPackages.x86_64-linux.lib; + modules = defaultModules ++ [ home-manager-unstable.nixosModules.home-manager ./users/anon ./systems/server-vm/configuration.nix { + # 100G disk; + virtualisation.diskSize = 100 * 1024; + } + ]; + + }; }; }; } diff --git a/systems/amd-server/configuration.nix b/systems/amd-server/configuration.nix index a792278..fd0982a 100644 --- a/systems/amd-server/configuration.nix +++ b/systems/amd-server/configuration.nix @@ -12,10 +12,9 @@ custom = { - tmpfs.enable = true; + #tmpfs.enable = true; nftables.enable = true; cli-tools.enable = true; - virt-manager.enable = true; nix = { index.enable = true; ld.enable = true; @@ -60,6 +59,8 @@ mainUser.layout = "de"; mainUser.variant = "us"; + virtualisation.vmware.host.enable = true; + # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/systems/amd-server/hardware-configuration.nix b/systems/amd-server/hardware-configuration.nix index 64954d3..f2bec97 100644 --- a/systems/amd-server/hardware-configuration.nix +++ b/systems/amd-server/hardware-configuration.nix @@ -4,25 +4,35 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = + [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/a3c34c9e-06be-49dc-a5d3-4156defa11e7"; - fsType = "btrfs"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/a3c34c9e-06be-49dc-a5d3-4156defa11e7"; + fsType = "btrfs"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/AE1C-16B9"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/AE1C-16B9"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + fileSystems."/data" = { + device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a"; + fsType = "btrfs"; + options = [ "compress=zstd" "noatime" "nofail" ]; + }; + fileSystems."/1tbssd" = { + device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892"; + fsType = "ext4"; + options = [ "defaults" "nofail" "noatime" ]; + }; swapDevices = [ ]; @@ -34,5 +44,6 @@ # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.amd.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/systems/server-vm/configuration.nix b/systems/server-vm/configuration.nix new file mode 100644 index 0000000..2c47d4f --- /dev/null +++ b/systems/server-vm/configuration.nix @@ -0,0 +1,137 @@ +{ config, pkgs, modulesPath, lib, ... }: + +{ + imports = [ # Include the results of the hardware scan. + #./hardware-configuration.nix + ../../modules/services/ssh.nix + ../../modules/services/step-ca.nix + ../../modules/fail2ban.nix + ../../modules/logging.nix + ../../modules/motd.nix + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot = { + kernelParams = [ "console=tty0" "console=ttyS0" ]; + loader.timeout = lib.mkForce 1; + + loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + }; + + mainUser.layout = "de"; + mainUser.variant = "us"; + custom = { + static-ip = { + enable = true; + ip = "192.168.0.21"; + interface = "eth0"; + #dns = "127.0.0.1"; + dns = "192.168.0.10"; + }; + user = { + name = "anon"; + layout = "de"; + variant = "us"; + }; + hardware = { + firmware.enable = true; + ssd.enable = true; + }; + misc = { + docker.enable = true; + #backup = let + # kavita = "/data/kavita"; + # gitolite = "/var/lib/gitolite"; + # syncthing = [ "/data/synced/default/" "/data/synced/work_drive/" ]; + # syncthingFull = syncthing + # ++ [ "/data/synced/fh/" "/data/synced/books/" ]; + # backupPathsSmall = [ "/home" gitolite ] ++ syncthing; + # backupPathsMedium = [ "/home" gitolite ] ++ syncthing; + # backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull; + #in { + # enable = true; + # small = backupPathsSmall; # goes to backblaze + # medium = backupPathsMedium; # goes to gdrive + # large = backupPathsFull; # goes to local storage medium + #}; + }; + services = { + acme.enable = true; + #gitolite.enable = true; + #github-runner.enable = true; + #caldav.enable = true; + #kop-monitor.enable = true; + kop-fileshare = { + basePath = "/stash"; + dataDir = "/1tbssd/kop-fileshare"; + enable = true; + }; + #nginx.enable = true; + #ente.enable = true; + #kavita = { + # enable = true; + # dir = "/data/kavita"; + #}; + #wireguard = { + # enable = true; + # ip = "192.168.2.1"; + #}; + #adguard.enable = true; + #syncthing = { + # enable = true; + # basePath = "/data/synced"; + #}; + }; + nftables.enable = true; + cli-tools.enable = true; + nix = { + index.enable = true; + ld.enable = true; + settings.enable = true; + }; + }; + + virtualisation.vmware.guest.enable = true; + services.xserver.videoDrivers = [ "vmware" ]; + + fileSystems."/data" = { + device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a"; + fsType = "btrfs"; + options = [ "compress=zstd" "noatime" "nofail" ]; + }; + fileSystems."/1tbssd" = { + device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892"; + fsType = "ext4"; + options = [ "defaults" "nofail" "noatime" ]; + }; + + networking.firewall.allowedTCPPorts = [ 25565 25566 ]; + networking.hostName = "server-vm"; # Define your hostname. + + # Set your time zone. + time.timeZone = "Europe/Vienna"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "de_AT.UTF-8"; + LC_IDENTIFICATION = "de_AT.UTF-8"; + LC_MEASUREMENT = "de_AT.UTF-8"; + LC_MONETARY = "de_AT.UTF-8"; + LC_NAME = "de_AT.UTF-8"; + LC_NUMERIC = "de_AT.UTF-8"; + LC_PAPER = "de_AT.UTF-8"; + LC_TELEPHONE = "de_AT.UTF-8"; + LC_TIME = "de_AT.UTF-8"; + }; + + # Configure console keymap + console.keyMap = "us"; + + system.stateVersion = "24.11"; # Did you read the comment? +}