From 2f3624a6b8bbf8073077e6bfe8a373f04fb69769 Mon Sep 17 00:00:00 2001 From: Jordan Holt Date: Sun, 21 Jan 2024 01:21:11 +0000 Subject: [PATCH] Add library configuration --- flake.nix | 1 + hosts/library/README.md | 46 ++++++ hosts/library/default.nix | 170 +++++++++++++++++++++++ hosts/library/hardware-configuration.nix | 113 +++++++++++++++ 4 files changed, 330 insertions(+) create mode 100644 hosts/library/README.md create mode 100644 hosts/library/default.nix create mode 100644 hosts/library/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index 27f70c0..92abae5 100644 --- a/flake.nix +++ b/flake.nix @@ -77,6 +77,7 @@ eos = mkNixosSystem { system = "x86_64-linux"; name = "eos"; }; helios = mkNixosSystem { system = "x86_64-linux"; name = "helios"; }; hypnos = mkNixosSystem { system = "x86_64-linux"; name = "hypnos"; }; + library = mkNixosSystem { system = "x86_64-linux"; name = "library"; }; odyssey = mkNixosSystem { system = "x86_64-linux"; name = "odyssey"; }; pi = mkNixosSystem { system = "aarch64-linux"; name = "pi"; extraModules = [ nixos-hardware.nixosModules.raspberry-pi-4 ]; }; vps1 = mkNixosSystem { system = "x86_64-linux"; name = "vps1"; }; diff --git a/hosts/library/README.md b/hosts/library/README.md new file mode 100644 index 0000000..3a50fb1 --- /dev/null +++ b/hosts/library/README.md @@ -0,0 +1,46 @@ +# Library + +## Overview +Media and public file server. + +## Specs +* CPU - AMD Ryzen 5 5600G @ 3.90GHz +* Chipset - AMD B550 +* Memory - 64 GB DDR4 +* Motherboard - ASRock B550M Pro4 +* Case - Fractal Design Node 804 + +### Disks +Device | Partitions _(filesystem, size, usage)_ +--- | --- +Samsung 980 Evo | `/dev/nvme0n1p1` (EFI, 512 MiB, NixOS Boot)
`/dev/nvme0n1p2` (ZFS `rpool`, 200 GiB, NixOS Root) + +#### ZFS datasets +``` +rpool/ +├── local +│ ├── nix +│ └── tmp +├── system +│ ├── root +│ └── var +└── user + └── home + +library/ +├── books +├── fonts +├── movies +├── music +├── software +├── tv +├── videos +└── web +``` + +See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind the `rpool` datasets. + +### Networks +- DHCP on `10.0.1.0/24` subnet. +- Tailscale on `100.64.0.0/10` subnet. FQDN: `library.mesh.vimium.net`. + diff --git a/hosts/library/default.nix b/hosts/library/default.nix new file mode 100644 index 0000000..966720c --- /dev/null +++ b/hosts/library/default.nix @@ -0,0 +1,170 @@ +{ config, lib, pkgs, ... }: + +with lib.my; +{ + imports = [ + ./hardware-configuration.nix + ../server.nix + ]; + + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + }; + + networking = { + domain = "mesh.vimium.net"; + hostId = "d24ae953"; + firewall = { + enable = true; + allowedTCPPorts = [ + 22 # SSH + ]; + interfaces."podman+" = { + allowedUDPPorts = [ 53 ]; + allowedTCPPorts = [ 53 ]; + }; + }; + networkmanager.enable = true; + }; + + services.zfs = { + autoScrub = { + enable = true; + pools = [ "library" ]; + }; + autoSnapshot = { + enable = true; + flags = "-k -p --utc"; + frequent = 0; + hourly = 0; + daily = 7; + monthly = 1; + }; + }; + + services.prometheus = { + enable = true; + port = 9001; + exporters = { + node = { + enable = true; + enabledCollectors = [ "systemd" ]; + port = 9002; + }; + zfs = { + enable = true; + port = 9003; + }; + }; + scrapeConfigs = [ + { + job_name = "library"; + static_configs = [{ + targets = [ + "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" + "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" + ]; + }]; + } + ]; + }; + + systemd.services.vps1-tunnel = { + enable = true; + description = "vps1.mesh.vimium.net SSH tunnel"; + after = [ + "network-online.target" + "jellyfin.service" + ]; + wants = [ "network-online.target" ]; + serviceConfig = { + Type="simple"; + ExecStart=pkgs.lib.mkForce '' + ${pkgs.openssh}/bin/ssh \ + -NT \ + -o ExitOnForwardFailure=yes \ + -o ServerAliveInterval=60 \ + -o TCPKeepAlive=no \ + -i %h/.ssh/id_jellyfin \ + -R localhost:8000:localhost:8000 \ + jellyfin@vps1.mesh.vimium.net + ''; + Restart="always"; + RestartSec=20; + }; + wantedBy = [ "default.target" ]; + }; + + services.nginx = let + proxyConfig = '' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + in { + enable = true; + package = pkgs.openresty; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + clientMaxBodySize = "2G"; + virtualHosts = { + "library.mesh.vimium.net" = { + locations."/" = { + root = "/mnt/library"; + extraConfig = '' + autoindex on; + ''; + }; + }; + "jellyfin.vimium.com" = { + default = true; + listen = [ + { + addr = "127.0.0.1"; + port = 8000; + } + ]; + locations."/" = { + proxyPass = "http://localhost:8096"; + extraConfig = proxyConfig; + }; + locations."/metrics" = { + return = "404"; + }; + }; + }; + }; + + services.jellyfin.enable = true; + + modules = { + security = { + gpg.enable = true; + }; + shell = { + zsh.enable = true; + }; + services = { + borgmatic = { + enable = true; + directories = [ + "/home/jordan" + ]; + repoPath = "ssh://b61758r4@b61758r4.repo.borgbase.com/./repo"; + }; + }; + }; + + system.stateVersion = "22.11"; +} + diff --git a/hosts/library/hardware-configuration.nix b/hosts/library/hardware-configuration.nix new file mode 100644 index 0000000..1ac8b81 --- /dev/null +++ b/hosts/library/hardware-configuration.nix @@ -0,0 +1,113 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + }; + + fileSystems."/" = { + device = "rpool/system/root"; + fsType = "zfs"; + }; + + fileSystems."/var" = { + device = "rpool/system/var"; + fsType = "zfs"; + }; + + fileSystems."/var/log" = { + device = "rpool/system/var/log"; + fsType = "zfs"; + }; + + fileSystems."/var/tmp" = { + device = "rpool/system/var/tmp"; + fsType = "zfs"; + }; + + fileSystems."/var/lib/containers/storage" = { + device = "rpool/system/var/lib-containers-storage"; + fsType = "zfs"; + }; + + fileSystems."/nix" = { + device = "rpool/local/nix"; + fsType = "zfs"; + }; + + fileSystems."/tmp" = { + device = "rpool/local/tmp"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "rpool/user/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/F697-F1C0"; + fsType = "vfat"; + }; + + fileSystems."/mnt/library" = { + device = "library"; + fsType = "zfs"; + }; + + fileSystems."/mnt/library/books" = { + device = "library/books"; + fsType = "zfs"; + }; + + fileSystems."/mnt/library/fonts" = { + device = "library/fonts"; + fsType = "zfs"; + }; + + fileSystems."/mnt/library/movies" = { + device = "library/movies"; + fsType = "zfs"; + }; + + fileSystems."/mnt/library/music" = { + device = "library/music"; + fsType = "zfs"; + }; + + fileSystems."/mnt/library/software" = { + device = "library/software"; + fsType = "zfs"; + }; + + fileSystems."/mnt/library/tv" = { + device = "library/tv"; + fsType = "zfs"; + }; + + fileSystems."/mnt/library/videos" = { + device = "library/videos"; + fsType = "zfs"; + }; + + fileSystems."/mnt/library/web" = { + device = "library/web"; + fsType = "zfs"; + }; + + swapDevices = [ ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} +