diff --git a/flake.nix b/flake.nix index cd9d564..76eb107 100644 --- a/flake.nix +++ b/flake.nix @@ -203,6 +203,31 @@ }; }; + heimdallConfig = { + nixosConfigurations = { + heimdall = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = commonModules ++ [ + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-pc-ssd + ./modules/nixos/server + + ./instances/heimdall/hardware-configuration.nix + ./instances/heimdall/configuration.nix + + ./modules/nixos/users/tiziano.nix + + ./modules/nixos/torrentbox.nix + ./modules/nixos/minio.nix + ./modules/nixos/nextcloud.nix + # ./modules/nixos/ntfy.nix + ] ++ homeManagerModules ++ [ + { home-manager.users.bertof = import ./instances/heimdall/hm.nix; } + ]; + }; + }; + }; + freyaConfig = { nixosConfigurations = { freya = nixpkgs.lib.nixosSystem { @@ -310,6 +335,7 @@ odinConfig freyaConfig baldurConfig + heimdallConfig lokiConfig deployments images diff --git a/hosts.nix b/hosts.nix index fc96bbd..566bd53 100644 --- a/hosts.nix +++ b/hosts.nix @@ -6,36 +6,40 @@ ipv4 = { "baldur.tsn" = "100.105.15.12"; "freya.tsn" = "100.127.35.70"; + "heimdall.tsn" = "100.80.122.7"; "loki.tsn" = "100.122.147.23"; "odin.tsn" = "100.76.178.8"; "thor.tsn" = "100.76.98.36"; }; ipv6 = { - "thor.tsn" = "fd7a:115c:a1e0::7ecc:6224"; "baldur.tsn" = "fd7a:115c:a1e0::7e9:f0c"; "freya.tsn" = "fd7a:115c:a1e0::f87f:2346"; + "heimdall.tsn" = "fd7a:115c:a1e0::4e01:7a07"; "loki.tsn" = "fd7a:115c:a1e0::383a:9317"; "odin.tsn" = "fd7a:115c:a1e0::4b4c:b208"; + "thor.tsn" = "fd7a:115c:a1e0::7ecc:6224"; }; }; zerotier = { ipv4 = { - "thor.zto" = "172.23.24.223"; "baldur.zto" = "172.23.171.70"; - "x3pro.zto" = "172.23.255.161"; - "odin.zto" = "172.23.219.133"; - "loki.zto" = "172.23.254.55"; - "tiziano.zto" = "172.23.110.109"; "freya.zto" = "172.23.18.147"; + "heimdall.zto" = "172.23.128.245"; + "loki.zto" = "172.23.254.55"; + "odin.zto" = "172.23.219.133"; + "thor.zto" = "172.23.24.223"; + "tiziano.zto" = "172.23.110.109"; + "x3pro.zto" = "172.23.255.161"; }; ipv6 = { - "thor.zto" = "fd80:56c2:e21c:f9c7:5399:9324:3c16:6499"; "baldur.zto" = "fd80:56c2:e21c:f9c7:5399:933b:abd2:a7c9"; - "x3pro.zto" = "fd80:56c2:e21c:f9c7:5399:9379:6b02:be97"; - "odin.zto" = "fd80:56c2:e21c:f9c7:5399:9379:ef39:0dd3"; - "loki.zto" = "fd80:56c2:e21c:f9c7:5399:93b3:aa75:fed1"; - "tiziano.zto" = "fd80:56c2:e21c:f9c7:5399:93f3:4bbb:8b38"; "freya.zto" = "fd80:56c2:e21c:f9c7:5399:93f3:ffbc:1355"; + "heimdall.zto" = "fd80:56c2:e21c:f9c7:5399:93b0:e66c:cda7"; + "loki.zto" = "fd80:56c2:e21c:f9c7:5399:93b3:aa75:fed1"; + "odin.zto" = "fd80:56c2:e21c:f9c7:5399:9379:ef39:0dd3"; + "thor.zto" = "fd80:56c2:e21c:f9c7:5399:9324:3c16:6499"; + "tiziano.zto" = "fd80:56c2:e21c:f9c7:5399:93f3:4bbb:8b38"; + "x3pro.zto" = "fd80:56c2:e21c:f9c7:5399:9379:6b02:be97"; }; }; } diff --git a/instances/heimdall/configuration.nix b/instances/heimdall/configuration.nix new file mode 100644 index 0000000..099772d --- /dev/null +++ b/instances/heimdall/configuration.nix @@ -0,0 +1,404 @@ +{ pkgs, ... }: { + # age.secrets = { + # ntfy-freya = { file = ../../secrets/ntfy-freya.age; owner = "bertof"; }; + # }; + + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + console = { font = "Lat2-Terminus16"; keyMap = "it"; }; + + environment = { + pathsToLink = [ "/share/zsh" ]; + systemPackages = builtins.attrValues { inherit (pkgs) helix tmux vim; }; + }; + + hardware = { + bluetooth = { + enable = true; + # package = pkgs.bluezFull; + }; + opengl = { enable = true; driSupport = true; }; + }; + + i18n.defaultLocale = "it_IT.UTF-8"; + + networking.hostName = "heimdall"; + networking.firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ + # 445 # SAMBA + # 139 # SAMBA + # 5357 # SAMBA-WSDD + # 8123 # HOME ASSISTANT + 8384 # SYNCTHING + # 8385 # SYNCTHING + ]; + allowedUDPPorts = [ + 137 # SYNCTHING + 138 # SYNCTHING + # 3702 # SAMBA-WSDD + ]; + # extraCommands = + # "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; + }; + + programs = { + dconf.enable = true; + gnupg.agent = { enable = true; enableSSHSupport = true; }; + zsh.enable = true; + }; + + security.sudo.extraConfig = '' + Defaults pwfeedback + ''; + + services = { + # avahi = { + # enable = true; + # openFirewall = true; + # nssmdns4 = true; + # publish = { + # enable = true; + # addresses = true; + # domain = true; + # userServices = true; + # workstation = true; + # }; + # extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; + # }; + # blueman.enable = true; + # dbus.packages = [ pkgs.dconf ]; + # gnome.gnome-keyring.enable = true; + openssh = { enable = true; openFirewall = true; }; + # # xserver = { + # # enable = true; + # # desktopManager.retroarch = { enable = true; package = pkgs.retroarchFull; }; + # # }; + # + # fail2ban = { enable = true; bantime-increment.enable = true; }; + # plex = { enable = true; openFirewall = true; group = "users"; }; + # # jellyfin = { enable = true; openFirewall = true; group = "users"; }; + # + # home-assistant = { + # enable = true; + # openFirewall = true; + # config = { + # default_config = { }; + # + # homeassistant = { + # name = "Casa"; + # latitude = "!secret home-latitude"; + # longitude = "!secret home-longitude"; + # country = "IT"; + # elevation = 24; + # unit_system = "metric"; + # time_zone = "Europe/Rome"; + # external_url = "https://hass.bertof.net"; + # allowlist_external_dirs = [ "/tmp" ]; + # }; + # + # http = { + # use_x_forwarded_for = true; + # trusted_proxies = [ + # # hosts.zerotier.ipv4."baldur.zto" + # hosts.tailscale.ipv4."baldur.tsn" + # "::1" + # "127.0.0.1" + # ]; + # }; + # + # automation = "!include automations.yaml"; + # scene = "!include scenes.yaml"; + # alert = "!include alerts.yaml"; + # + # # alarm_control_panel = { + # # platform = "manual"; + # # code = "!secret alarm_code"; + # # trigger_time = 60; + # # }; + # + # assist_pipeline = { }; + # # bluetooth = { }; + # camera = [ + # # { platform = "local_file"; file_path = "/tmp/doods_camera_camera_cancello.jpg"; name = "File DOODS2 Camera cancello"; } + # # { platform = "local_file"; file_path = "/tmp/doods_camera_camera_vialetto.jpg"; name = "File DOODS2 Camera vialetto"; } + # # { platform = "local_file"; file_path = "/tmp/doods_camera_camera_garage.jpg"; name = "File DOODS2 Camera garage"; } + # ]; + # cloud = { }; + # config = { }; + # # device_tracker = [{ + # # platform = "bluetooth_tracker"; + # # request_rssi = true; + # # }]; + # image_processing = [ + # # { + # # platform = "doods"; + # # url = "http://localhost:8080"; + # # detector = "default"; + # # source = [ + # # { entity_id = "camera.camera_camera_cancello"; name = "DOODS2 Camera cancello"; } + # # { entity_id = "camera.camera_camera_vialetto"; name = "DOODS2 Camera vialetto"; } + # # { entity_id = "camera.camera_camera_garage"; name = "DOODS2 Camera garage"; } + # # ]; + # # confidence = 60; + # # file_out = "/tmp/doods_{{ camera_entity.split('.')[1] }}.jpg"; + # # scan_interval = 5; + # # labels = [ "bicycle" "car" "cat" "dog" "person" "truck" ]; + # # } + # ]; + # # esphome = { }; + # frontend = { }; + # google_assistant = { + # project_id = "home-assistant-390217"; + # report_state = true; + # service_account = "!include google-service-account.json"; + # exposed_domains = [ + # "alarm_control_panel" + # "button" + # "camera" + # "climate" + # "cover" + # "fan" + # "group" + # "humidifier" + # "input_boolean" + # "input_button" + # "input_select" + # "light" + # "lock" + # "media_player" + # "scene" + # "script" + # "select" + # "sensor" + # "switch" + # "vacuum" + # ]; + # }; + # history = { }; + # logbook = { }; + # # logger.default = "debug"; + # logger.default = "info"; + # # "map" = { }; + # mobile_app = { }; + # notify = [ + # # { platform = "telegram"; name = "t_filippo"; chat_id = "!secret filippo_t_chat_id"; } + # # { platform = "telegram"; name = "t_famiglia"; chat_id = "!secret famiglia_t_chat_id"; } + # ]; + # recorder.purge_keep_days = 30; + # script = "!include scripts.yaml"; + # sensor = [ + # # { + # # platform = "systemmonitor"; + # # resources = [ + # # { type = "disk_use_percent"; } + # # { type = "disk_use"; } + # # { type = "disk_free"; } + # # { type = "memory_use_percent"; } + # # { type = "memory_use"; } + # # { type = "memory_free"; } + # # { type = "swap_use_percent"; } + # # { type = "swap_use"; } + # # { type = "swap_free"; } + # # { type = "load_1m"; } + # # { type = "load_5m"; } + # # { type = "load_15m"; } + # # { type = "network_in"; arg = "eno1"; } + # # { type = "network_out"; arg = "eno1"; } + # # { type = "throughput_network_in"; arg = "eno1"; } + # # { type = "throughput_network_out"; arg = "eno1"; } + # # { type = "packets_in"; arg = "eno1"; } + # # { type = "packets_out"; arg = "eno1"; } + # # { type = "ipv4_address"; arg = "eno1"; } + # # { type = "ipv6_address"; arg = "eno1"; } + # # { type = "network_in"; arg = "ztmjfdwjkp"; } + # # { type = "network_out"; arg = "ztmjfdwjkp"; } + # # { type = "throughput_network_in"; arg = "ztmjfdwjkp"; } + # # { type = "throughput_network_out"; arg = "ztmjfdwjkp"; } + # # { type = "packets_in"; arg = "ztmjfdwjkp"; } + # # { type = "packets_out"; arg = "ztmjfdwjkp"; } + # # { type = "ipv4_address"; arg = "ztmjfdwjkp"; } + # # { type = "ipv6_address"; arg = "ztmjfdwjkp"; } + # # { type = "processor_use"; } + # # { type = "processor_temperature"; } + # # # { type = "process"; arg = "octave-cli"; } + # # { type = "last_boot"; } + # # ]; + # # } + # ]; + # shopping_list = { }; + # sun = { }; + # system_health = { }; + # # telegram_bot = [{ + # # # platform = "polling"; + # # platform = "webhooks"; + # # api_key = "!secret telegram_api_key"; + # # allowed_chat_ids = [ + # # "!secret filippo_t_chat_id" + # # "!secret famiglia_t_chat_id" + # # ]; + # # }]; + # tts = [{ + # platform = "google_translate"; + # language = "it"; + # # tld = "it"; + # }]; + # }; + # configDir = "/var/lib/hass"; + # configWritable = true; + # extraPackages = ps: with ps; [ securetar ]; + # extraComponents = [ + # "default_config" + # + # # "accuweather" + # "alert" + # "analytics" + # "androidtv" + # "androidtv_remote" + # "bayesian" + # "binary_sensor" + # "blueprint" + # "bluetooth_le_tracker" + # # "bluetooth_tracker" + # "button" + # "camera" + # "cast" + # "caldav" + # "calendar" + # "citybikes" + # "configurator" + # # "coronavirus" + # "cover" + # "default_config" + # "derivative" + # "device_automation" + # "device_sun_light_trigger" + # "device_tracker" + # "dlib_face_detect" + # "dlib_face_identify" + # "dlna_dmr" + # "dlna_dms" + # "esphome" + # "flux" + # "gdacs" + # "google" + # "google_translate" + # "group" + # "hassio" + # "jellyfin" + # "local_file" + # "media_player" + # "met" + # "meteoalarm" + # "network" + # # "nextcloud" + # "nmap_tracker" + # "open_meteo" + # "notify" + # "ping" + # "plex" + # "proximity" + # "radarr" + # "radio_browser" + # "random" + # "scene" + # "schedule" + # "script" + # "sonarr" + # "speedtestdotnet" + # "spotify" + # "tcp" + # # "telegram" + # # "telegram_bot" + # "template" + # "threshold" + # "transmission" + # "tod" # times of the day + # "trend" + # # "tuya" + # "upnp" + # "wake_on_lan" + # "wled" + # "workday" + # "zha" + # "zoneminder" + # ]; + # }; + # + # prometheus = { + # enable = true; + # exporters = { + # node = { enable = true; enabledCollectors = [ "systemd" ]; }; + # process = { + # enable = true; + # settings.process_names = [ + # # Remove nix store path from process name + # { name = "{{.Matches.Wrapped}} {{ .Matches.Args }}"; cmdline = [ "^/nix/store[^ ]*/(?P[^ /]*) (?P.*)" ]; } + # ]; + # }; + # systemd.enable = true; + # }; + # globalConfig = { + # scrape_interval = "5s"; + # }; + # scrapeConfigs = [ + # { + # job_name = "node"; + # static_configs = [{ targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }]; + # } + # { + # job_name = "process"; + # static_configs = [{ targets = [ "localhost:${toString config.services.prometheus.exporters.process.port}" ]; }]; + # } + # { + # job_name = "systemd"; + # static_configs = [{ targets = [ "localhost:${toString config.services.prometheus.exporters.systemd.port}" ]; }]; + # } + # ]; + # retentionTime = "15d"; + # }; + # + # snapper.configs = + # let + # common = { TIMELINE_CREATE = true; TIMELINE_CLEANUP = true; }; + # in + # { + # bertof = lib.recursiveUpdate common { SUBVOLUME = "/mnt/raid/bertof/"; ALLOW_USERS = [ "bertof" ]; }; + # tiziano = lib.recursiveUpdate common { SUBVOLUME = "/mnt/raid/tiziano/"; ALLOW_USERS = [ "tiziano" ]; }; + # condiviso = lib.recursiveUpdate common { SUBVOLUME = "/mnt/raid/condiviso"; ALLOW_USERS = [ "bertof" "tiziano" ]; }; + # }; + }; + + + time.timeZone = "Europe/Rome"; + + users.users = { + bertof = { + isNormalUser = true; + extraGroups = [ + "audio" + "input" + "docker" + "libvirtd" + "network" + "networkmanager" + "usb" + "video" + "wheel" + ]; + shell = pkgs.zsh; + }; + }; + + zramSwap.enable = true; + + system = { + stateVersion = "24.05"; + autoUpgrade.allowReboot = true; + }; +} + diff --git a/instances/heimdall/hardware-configuration.nix b/instances/heimdall/hardware-configuration.nix new file mode 100644 index 0000000..4ea128b --- /dev/null +++ b/instances/heimdall/hardware-configuration.nix @@ -0,0 +1,43 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/24017c97-041e-460a-9d0e-3e494c91a03e"; + fsType = "btrfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/7F42-D513"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true; + # networking.interfaces.ztmjfdwjkp.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} + diff --git a/instances/heimdall/hm.nix b/instances/heimdall/hm.nix new file mode 100644 index 0000000..9776433 --- /dev/null +++ b/instances/heimdall/hm.nix @@ -0,0 +1,25 @@ +{ pkgs, ... }: { + home = { + language.base = "it_IT.UTF-8"; + keyboard = { + layout = "it"; + options = [ "terminate:ctrl_alt_bksp" "compose:rctrl" ]; + }; + packages = builtins.attrValues { + inherit (pkgs) + cava gallery-dl procps wireguard-tools httpie; + }; + }; + + imports = [ + ../../modules/hm/__basic.nix + + ../../modules/hm/cava.nix + ../../modules/hm/helix.nix + ../../modules/hm/kitty.nix + ../../modules/hm/syncthing.nix + ]; + + home.stateVersion = "22.11"; +} + diff --git a/modules/hm/__basic.nix b/modules/hm/__basic.nix index 90df2b1..2cf990a 100644 --- a/modules/hm/__basic.nix +++ b/modules/hm/__basic.nix @@ -27,7 +27,7 @@ ./keychain.nix ./lf.nix ./man.nix - ./ntfy.nix + # ./ntfy.nix ./shell_aliases.nix ./ssh.nix ./starship.nix