swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-14 13:19:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
.dotfiles/hosts/nixos/x86_64-linux/summers/default.nix
Leon Schwarzäugl 04e3bcefc3
Some checks are pending
Build and Deploy / build (push) Waiting to run
Details
Build and Deploy / deploy (push) Blocked by required conditions
Details
Flake check / Check flake (push) Waiting to run
Details
feat: winters <> summers parity
2026-01-10 15:56:09 +01:00

138 lines
3.4 KiB
Nix
Raw Blame History

{ self, inputs, lib, minimal, ... }:
{
imports = [
./hardware-configuration.nix
./disk-config.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel
"${self}/modules/nixos/optional/systemd-networkd-server-home.nix"
"${self}/modules/nixos/optional/microvm-host.nix"
];
topology.self = {
interfaces = {
"lan" = { };
"bmc" = { };
};
};
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
hardware.enableRedistributableFirmware = true;
swarselsystems = {
info = "ASUS Z10PA-D8, 2* Intel Xeon E5-2650 v4, 128GB RAM";
flakePath = "/root/.dotfiles";
isImpermanence = true;
isSecureBoot = true;
isCrypted = true;
isBtrfs = true;
isLinux = true;
isNixos = true;
isSwap = false;
proxyHost = "twothreetunnel";
writeGlobalNetworks = false;
networkKernelModules = [ "igb" ];
rootDisk = "/dev/disk/by-id/ata-TS120GMTS420S_J024880123";
withMicroVMs = false;
localVLANs = [ "services" "home" ]; # devices is only provided on interface for bmc
initrdVLAN = "home";
server = {
wireguard.interfaces = {
wgProxy = {
isClient = true;
serverName = "twothreetunnel";
};
wgHome = {
isClient = true;
serverName = "hintbooth";
};
};
restic = {
bucketName = "SwarselWinters";
paths = [
"/Vault/data/paperless"
"/Vault/data/koillection"
"/Vault/data/postgresql"
"/Vault/data/firefly-iii"
"/Vault/data/radicale"
"/Vault/data/matrix-synapse"
"/Vault/Eternor/Paperless"
"/Vault/Eternor/Bilder"
"/Vault/Eternor/Immich"
];
};
};
};
} // lib.optionalAttrs (!minimal) {
swarselprofiles = {
server = true;
};
swarselmodules.server = {
wireguard = true;
nginx = true; # for php stuff
acme = false; # cert handled by proxy
nfs = true;
kavita = true;
restic = true;
jellyfin = true;
navidrome = true;
spotifyd = true;
mpd = true;
postgresql = true;
matrix = true;
nextcloud = true;
immich = true;
paperless = true;
transmission = true;
syncthing = true;
grafana = true;
freshrss = true;
kanidm = true;
firefly-iii = true;
koillection = true;
radicale = true;
atuin = true;
forgejo = true;
ankisync = true;
homebox = true;
opkssh = true;
};
# guests = lib.mkIf (!minimal && config.swarselsystems.withMicroVMs) (
# { }
# // confLib.mkMicrovm "kavita"
# // confLib.mkMicrovm "jellyfin"
# // confLib.mkMicrovm "audio"
# // confLib.mkMicrovm "postgresql"
# // confLib.mkMicrovm "matrix"
# // confLib.mkMicrovm "nextcloud"
# // confLib.mkMicrovm "immich"
# // confLib.mkMicrovm "paperless"
# // confLib.mkMicrovm "transmission"
# // confLib.mkMicrovm "storage"
# // confLib.mkMicrovm "monitoring"
# // confLib.mkMicrovm "freshrss"
# // confLib.mkMicrovm "kanidm"
# // confLib.mkMicrovm "firefly"
# // confLib.mkMicrovm "koillection"
# // confLib.mkMicrovm "radicale"
# // confLib.mkMicrovm "atuin"
# // confLib.mkMicrovm "forgejo"
# // confLib.mkMicrovm "ankisync"
# // confLib.mkMicrovm "homebox"
# );
networking.nftables.firewall.zones.untrusted.interfaces = [ "lan" "bmc" ];
}
Reference in a new issue View git blame Copy permalink