Clean branch

linux/nebula/caddy.nix

@@ -0,0 +1,29 @@
+{ config, pkgs, ... }:
+
+{
+  services.caddy =
+    {
+      enable = true;
+      virtualHosts =
+        let
+          conduitCfg = config.services.matrix-conduit.settings.global;
+          forgejoCfg = config.services.gitea.settings.server;
+          dn = config.constants.domain;
+          lh = config.constants.localhost;
+        in
+        {
+          "forgejo.${dn}".extraConfig = ''
+            reverse_proxy ${forgejoCfg.HTTP_ADDR}:${toString forgejoCfg.HTTP_PORT}
+          '';
+          "jellyfin.${dn}".extraConfig = ''
+            reverse_proxy ${lh}:8096
+          '';
+          "matrix.${dn}".extraConfig = ''
+            reverse_proxy /_matrix/* ${conduitCfg.address}:${toString conduitCfg.port}
+            file_server {
+              root ${pkgs.cinny}
+            }
+          '';
+        };
+    };
+}

linux/nebula/conduit.nix

@@ -0,0 +1,11 @@
+{ config, ... }:
+
+{
+  services.matrix-conduit = {
+    enable = true;
+    settings.global = {
+      address = config.constants.localhost;
+      server_name = config.constants.domain;
+    };
+  };
+}

linux/nebula/configuration.nix

@@ -0,0 +1,33 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running `nixos-help`).
+
+{ ... }:
+
+{
+
+  # Configure boot loader
+  boot.loader.grub = {
+    enable = true;
+    device = "nodev";
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+    darkmatter-theme = {
+      enable = true;
+      style = "nixos";
+    };
+  };
+
+  # Set your time zone.
+  time.timeZone = "America/Los_Angeles";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+
+}
+

linux/nebula/default.nix

@@ -0,0 +1,22 @@
+{ inputs, ... }:
+
+{
+  imports = with inputs; [
+    darkmatter.nixosModule
+    disko.nixosModules.disko
+    hardware.nixosModules.common-cpu-amd
+    hardware.nixosModules.common-cpu-amd-pstate
+  ] ++ [
+    ./caddy.nix
+    ./conduit.nix
+    ./configuration.nix
+    ./disko.nix
+    ./forgejo.nix
+    ./hardware-configuration.nix
+    ./jellyfin.nix
+    ./network.nix
+    ./syncthing.nix
+    ./zfs.nix
+    ../../common
+  ];
+}

linux/nebula/disko.nix

@@ -0,0 +1,88 @@
+{ ... }: {
+  disko.devices = {
+    # Partition the physical disk
+    disk = {
+      storage = {
+        type = "disk";
+        device = "/dev/nvme0n1";
+        content = {
+          type = "table";
+          format = "gpt";
+          partitions = [
+            {
+              name = "esp";
+              start = "1MiB";
+              end = "1GiB";
+              fs-type = "fat32";
+              bootable = true;
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+              };
+            }
+            {
+              name = "zfs";
+              start = "1GiB";
+              end = "100%";
+              content = {
+                type = "zfs";
+                pool = "zroot";
+              };
+            }
+          ];
+        };
+      };
+    };
+
+    # Construct the primary zfs pool for this system.
+    zpool.zroot = {
+      type = "zpool";
+      options = {
+        ashift = "12";
+        autotrim = "on";
+        listsnapshots = "on";
+      };
+      rootFsOptions = {
+        acltype = "posix";
+        atime = "off";
+        compression = "zstd";
+        dnodesize = "auto";
+        mountpoint = "none";
+        normalization = "formD";
+        xattr = "sa";
+      };
+      datasets = {
+        # Encrypt main dataset
+        main = {
+          type = "zfs_fs";
+          options = {
+            encryption = "on";
+            keyformat = "passphrase";
+          };
+        };
+        # Create dataset for home
+        "main/home" = {
+          type = "zfs_fs";
+          mountpoint = "/home";
+        };
+        # Create dataset for nix store
+        "main/nix" = {
+          type = "zfs_fs";
+          mountpoint = "/nix";
+        };
+        # Create dataset for root
+        "main/root" = {
+          type = "zfs_fs";
+          mountpoint = "/";
+        };
+        # Reserve space for performance
+        reservation = {
+          type = "zfs_fs";
+          options.refreservation = "128G";
+        };
+      };
+    };
+  };
+
+}

linux/nebula/forgejo.nix

@@ -0,0 +1,18 @@
+{ config, pkgs, ... }:
+
+{
+  services.gitea = {
+    enable = true;
+    appName = "Forgejo";
+    package = pkgs.forgejo;
+    settings = {
+      server = let dn = config.constants.domain; in {
+        DOMAIN = dn;
+        HTTP_ADDR = config.constants.localhost;
+        ROOT_URL = "https://forgejo.${dn}";
+      };
+      service.DISABLE_REGISTRATION = true;
+      session.COOKIE_SECURE = true;
+    };
+  };
+}

linux/nebula/hardware-configuration.nix

@@ -0,0 +1,27 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "uas" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

linux/nebula/jellyfin.nix

@@ -0,0 +1,9 @@
+{ config, ... }:
+{
+  hardware.opengl.enable = true;
+
+  services.jellyfin = {
+    enable = true;
+    user = config.constants.userName;
+  };
+}

linux/nebula/network.nix

@@ -0,0 +1,43 @@
+{ config, ... }:
+
+let hn = "nebula"; in {
+  networking = {
+    domain = config.constants.domain;
+    firewall.allowedTCPPorts = [ 80 443 ];
+    hostId = "e6449321";
+    hostName = hn;
+    networkmanager = {
+      enable = true;
+      wifi.backend = "iwd";
+    };
+    nftables.enable = true;
+    tempAddresses = "disabled";
+    wireless.iwd.enable = true;
+  };
+
+  sops.secrets."cloudflare/${hn}" = { };
+
+  services.cloudflare-dyndns = {
+    enable = true;
+    apiTokenFile = config.sops.secrets."cloudflare/${hn}".path;
+    domains = builtins.attrNames config.services.caddy.virtualHosts;
+    ipv4 = false;
+    ipv6 = true;
+  };
+
+  services.openssh = {
+    enable = true;
+    hostKeys = [{
+      comment = "host@${hn}";
+      path = "/etc/ssh/host";
+      rounds = 100;
+      type = "ed25519";
+    }];
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+    };
+  };
+
+  services.resolved.enable = true;
+}

linux/nebula/syncthing.nix

@@ -0,0 +1,26 @@
+{ config, ... }:
+
+{
+  services.syncthing = {
+    enable = true;
+    dataDir = config.constants.homeDir;
+    openDefaultPorts = true;
+    overrideDevices = true;
+    overrideFolders = true;
+    settings = {
+      devices.blitzar = {
+        name = "blitzar";
+        id = "JQQYTRP-GEJITYH-NSHUZ2T-YWS5XDC-7R6E47Z-NUXON4D-4QR77VU-AE4Q3AR";
+      };
+      folders.music = {
+        enable = true;
+        devices = [ "blitzar" ];
+        id = "Music";
+        label = "Music";
+        path = "~/Music";
+        type = "receiveonly";
+      };
+    };
+    user = config.constants.userName;
+  };
+}

linux/nebula/zfs.nix

@@ -0,0 +1,15 @@
+{ config, ... }: {
+
+  boot = {
+    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+    loader.grub.zfsSupport = true;
+    zfs.enableUnstable = true;
+  };
+
+  services.zfs = {
+    autoScrub.enable = true;
+    trim.enable = true;
+  };
+
+}
+