diff --git a/home/toph/komodo/default.nix b/home/toph/komodo/default.nix new file mode 100644 index 0000000..a0a3456 --- /dev/null +++ b/home/toph/komodo/default.nix @@ -0,0 +1,24 @@ +{ + pkgs, + ... +}: +{ + imports = [ + ## Required Configs ## + ../common/core # required + + ## Host-specific Optional Configs ## + ]; + + # Useful for this host + home.file = { + Pool.source = config.lib.file.mkOutOfStoreSymlink "/pool"; + DockerStorage.source = config.lib.file.mkOutOfStoreSymlink "/mnt/DockerStorage"; + }; + + ## Packages with no needed configs ## + # home.packages = builtins.attrValues { + # inherit (pkgs) + # ; + # }; +} diff --git a/home/toph/nix/default.nix b/home/toph/nix/default.nix new file mode 100644 index 0000000..337d89c --- /dev/null +++ b/home/toph/nix/default.nix @@ -0,0 +1,23 @@ +{ + pkgs, + ... +}: +{ + imports = [ + ## Required Configs ## + ../common/core # required + + ## Host-specific Optional Configs ## + ../common/optional/vscode-server.nix + ]; + + ## Packages with no needed configs ## + home.packages = builtins.attrValues { + inherit (pkgs) + chafa + nodejs + pnpm + # x2goserver + ; + }; +} diff --git a/hosts/common/optional/containers/authentik/compose.yaml b/hosts/common/optional/containers/authentik/compose.yaml new file mode 100644 index 0000000..fd72dfa --- /dev/null +++ b/hosts/common/optional/containers/authentik/compose.yaml @@ -0,0 +1,83 @@ +name: authentik +services: + postgresql: + image: docker.io/library/postgres:16-alpine + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s + volumes: + - ./database:/var/lib/postgresql/data + environment: + POSTGRES_PASSWORD: ${PG_PASS} + POSTGRES_USER: ${PG_USER:-authentik} + POSTGRES_DB: ${PG_DB:-authentik} + env_file: + - .env + redis: + image: docker.io/library/redis:alpine + command: --save 60 1 --loglevel warning + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - ./redis:/data + server: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.12.2} + restart: unless-stopped + command: server + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + volumes: + - ./media:/media + - ./custom-templates:/templates + env_file: + - .env + ports: + - "${COMPOSE_PORT_HTTP:-9000}:9000" + - "${COMPOSE_PORT_HTTPS:-9443}:9443" + depends_on: + postgresql: + condition: service_healthy + redis: + condition: service_healthy + worker: + image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.12.2} + restart: unless-stopped + command: worker + environment: + AUTHENTIK_REDIS__HOST: redis + AUTHENTIK_POSTGRESQL__HOST: postgresql + AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik} + AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik} + AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS} + # `user: root` and the docker socket volume are optional. + # See more for the docker socket integration here: + # https://goauthentik.io/docs/outposts/integrations/docker + # Removing `user: root` also prevents the worker from fixing the permissions + # on the mounted folders, so when removing this make sure the folders have the correct UID/GID + # (1000:1000 by default) + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./media:/media + - ./certs:/certs + - ./templates:/templates + env_file: + - .env + depends_on: + postgresql: + condition: service_healthy + redis: + condition: service_healthy diff --git a/hosts/common/optional/containers/authentik/default.nix b/hosts/common/optional/containers/authentik/default.nix new file mode 100644 index 0000000..a92a8ff --- /dev/null +++ b/hosts/common/optional/containers/authentik/default.nix @@ -0,0 +1,210 @@ +# Auto-generated using compose2nix v0.3.1. +{ pkgs, lib, ... }: + +let + # Only available in the Komodo LXC + DockerStorage = "/mnt/DockerStorage/komodo/stacks/authentik"; +in +{ + # Containers + virtualisation.oci-containers.containers."authentik-postgresql" = { + image = "docker.io/library/postgres:16-alpine"; + environmentFiles = [ + ./authentik.env + ]; + volumes = [ + "${DockerStorage}/database:/var/lib/postgresql/data:rw" + ]; + log-driver = "journald"; + extraOptions = [ + "--health-cmd=pg_isready -d \${POSTGRES_DB} -U \${POSTGRES_USER}" + "--health-interval=30s" + "--health-retries=5" + "--health-start-period=20s" + "--health-timeout=5s" + "--network-alias=postgresql" + "--network=authentik_default" + ]; + }; + systemd.services."docker-authentik-postgresql" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-authentik_default.service" + ]; + requires = [ + "docker-network-authentik_default.service" + ]; + partOf = [ + "docker-compose-authentik-root.target" + ]; + wantedBy = [ + "docker-compose-authentik-root.target" + ]; + }; + virtualisation.oci-containers.containers."authentik-redis" = { + image = "docker.io/library/redis:alpine"; + environmentFiles = [ + ./authentik.env + ]; + volumes = [ + "${DockerStorage}/redis:/data:rw" + ]; + cmd = [ + "--save" + "60" + "1" + "--loglevel" + "warning" + ]; + log-driver = "journald"; + extraOptions = [ + "--health-cmd=redis-cli ping | grep PONG" + "--health-interval=30s" + "--health-retries=5" + "--health-start-period=20s" + "--health-timeout=3s" + "--network-alias=redis" + "--network=authentik_default" + ]; + }; + systemd.services."docker-authentik-redis" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-authentik_default.service" + ]; + requires = [ + "docker-network-authentik_default.service" + ]; + partOf = [ + "docker-compose-authentik-root.target" + ]; + wantedBy = [ + "docker-compose-authentik-root.target" + ]; + }; + virtualisation.oci-containers.containers."authentik-server" = { + image = "ghcr.io/goauthentik/server:2024.12.2"; + environmentFiles = [ + ./authentik.env + ]; + volumes = [ + "${DockerStorage}/custom-templates:/templates:rw" + "${DockerStorage}/media:/media:rw" + ]; + ports = [ + "9000:9000/tcp" + "9443:9443/tcp" + ]; + cmd = [ "server" ]; + dependsOn = [ + "authentik-postgresql" + "authentik-redis" + ]; + log-driver = "journald"; + extraOptions = [ + "--network-alias=server" + "--network=authentik_default" + ]; + }; + systemd.services."docker-authentik-server" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-authentik_default.service" + ]; + requires = [ + "docker-network-authentik_default.service" + ]; + partOf = [ + "docker-compose-authentik-root.target" + ]; + wantedBy = [ + "docker-compose-authentik-root.target" + ]; + }; + virtualisation.oci-containers.containers."authentik-worker" = { + image = "ghcr.io/goauthentik/server:2024.12.2"; + environmentFiles = [ + ./authentik.env + ]; + volumes = [ + "${DockerStorage}/certs:/certs:rw" + "${DockerStorage}/media:/media:rw" + "${DockerStorage}/templates:/templates:rw" + "/var/run/docker.sock:/var/run/docker.sock:rw" + ]; + cmd = [ "worker" ]; + dependsOn = [ + "authentik-postgresql" + "authentik-redis" + ]; + user = "root"; + log-driver = "journald"; + extraOptions = [ + "--network-alias=worker" + "--network=authentik_default" + ]; + }; + systemd.services."docker-authentik-worker" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-authentik_default.service" + ]; + requires = [ + "docker-network-authentik_default.service" + ]; + partOf = [ + "docker-compose-authentik-root.target" + ]; + wantedBy = [ + "docker-compose-authentik-root.target" + "docker-compose-komodo-root.target" + ]; + }; + + # Networks + systemd.services."docker-network-authentik_default" = { + path = [ pkgs.docker ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "docker network rm -f authentik_default"; + }; + script = '' + docker network inspect authentik_default || docker network create authentik_default + ''; + partOf = [ "docker-compose-authentik-root.target" ]; + wantedBy = [ "docker-compose-authentik-root.target" ]; + }; + + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + systemd.targets."docker-compose-authentik-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + wantedBy = [ + "multi-user.target" + ]; + }; +} diff --git a/hosts/common/optional/containers/komodo/compose.yaml b/hosts/common/optional/containers/komodo/compose.yaml new file mode 100644 index 0000000..612dff8 --- /dev/null +++ b/hosts/common/optional/containers/komodo/compose.yaml @@ -0,0 +1,102 @@ +################################ +# 🦎 KOMODO COMPOSE - MONGO 🦎 # +################################ + +## This compose file will deploy: +## 1. MongoDB +## 2. Komodo Core +## 3. Komodo Periphery +name: komodo +services: + mongo: + image: mongo + labels: + komodo.skip: # Prevent Komodo from stopping with StopAllContainers + command: --quiet --wiredTigerCacheSizeGB 0.25 + restart: unless-stopped + logging: + driver: ${COMPOSE_LOGGING_DRIVER:-local} + networks: + - default + # ports: + # - 27017:27017 + volumes: + - /mnt/DockerStorage/komodo/mongo/data:/data/db:rw + - /mnt/DockerStorage/komodo/mongo/config:/data/configdb:rw + environment: + MONGO_INITDB_ROOT_USERNAME: ${DB_USERNAME} + MONGO_INITDB_ROOT_PASSWORD: ${DB_PASSWORD} + + core: + image: ghcr.io/mbecker20/komodo:${COMPOSE_KOMODO_IMAGE_TAG:-latest} + labels: + komodo.skip: # Prevent Komodo from stopping with StopAllContainers + restart: unless-stopped + depends_on: + - mongo + logging: + driver: ${COMPOSE_LOGGING_DRIVER:-local} + networks: + - default + ports: + - 9120:9120 + env_file: ./komodo.env + environment: + KOMODO_DATABASE_ADDRESS: mongo:27017 + KOMODO_DATABASE_USERNAME: ${DB_USERNAME} + KOMODO_DATABASE_PASSWORD: ${DB_PASSWORD} + volumes: + ## Core cache for repos for latest commit hash / contents + - /mnt/DockerStorage/komodo/cache:/repo-cache:rw + ## Store sync files on server + - /mnt/DockerStorage/komodo/syncs:/syncs + ## Optionally mount a custom core.config.toml + - /mnt/DockerStorage/komodo/core.config.toml:/config/config.toml + ## Allows for systemd Periphery connection at + ## "http://host.docker.internal:8120" + # extra_hosts: + # - host.docker.internal:host-gateway + + ## Deploy Periphery container using this block, + ## or deploy the Periphery binary with systemd using + ## https://github.com/mbecker20/komodo/tree/main/scripts + periphery: + image: ghcr.io/mbecker20/periphery:${COMPOSE_KOMODO_IMAGE_TAG:-latest} + labels: + komodo.skip: # Prevent Komodo from stopping with StopAllContainers + restart: unless-stopped + logging: + driver: ${COMPOSE_LOGGING_DRIVER:-local} + networks: + - default + env_file: ./komodo.env + volumes: + ## Mount external docker socket + - /var/run/docker.sock:/var/run/docker.sock + ## Allow Periphery to see processes outside of container + - /proc:/proc + ## use self signed certs in docker volume, + ## or mount your own signed certs. + - /mnt/DockerStorage/komodo/ssl:/etc/komodo/ssl:rw + ## manage repos in a docker volume, + ## or change it to an accessible host directory. + - /mnt/DockerStorage/komodo/repos:/etc/komodo/repos:rw + ## manage stack files in a docker volume, + ## or change it to an accessible host directory. + - /mnt/DockerStorage/komodo/stacks:/etc/komodo/stacks:rw + ## Optionally mount a path to store compose files + # - /path/to/compose:/host/compose + +volumes: + # Mongo + mongo-data: + mongo-config: + # Core + repo-cache: + # Periphery + ssl-certs: + repos: + stacks: + +networks: + default: {} diff --git a/hosts/common/optional/containers/komodo/default.nix b/hosts/common/optional/containers/komodo/default.nix new file mode 100644 index 0000000..8ae0448 --- /dev/null +++ b/hosts/common/optional/containers/komodo/default.nix @@ -0,0 +1,191 @@ +# Auto-generated using compose2nix v0.3.1. +{ + pkgs, + lib, + admin, + ... +}: +let + # Only available in the Komodo LXC + DockerStorage = "/mnt/DockerStorage/komodo"; +in +{ + # Containers + virtualisation.oci-containers.containers."komodo-core" = { + image = "ghcr.io/moghtech/komodo-core:latest"; + environmentFiles = [ + ./komodo.env + ]; + volumes = [ + "${DockerStorage}/cache:/repo-cache:rw" + ]; + ports = [ + "9120:9120/tcp" + ]; + labels = { + "komodo.skip" = ""; + }; + dependsOn = [ + "komodo-mongo" + ]; + log-driver = "local"; + extraOptions = [ + "--network-alias=core" + "--network=komodo_default" + "--pull=always" + ]; + }; + + systemd.services."docker-komodo-core" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-komodo_default.service" + # "docker-volume-komodo_repo-cache.service" + ]; + requires = [ + "docker-network-komodo_default.service" + # "docker-volume-komodo_repo-cache.service" + ]; + partOf = [ + "docker-compose-komodo-root.target" + ]; + wantedBy = [ + "docker-compose-komodo-root.target" + ]; + }; + + virtualisation.oci-containers.containers."komodo-mongo" = { + image = "mongo"; + environmentFiles = [ + ./komodo.env + ]; + volumes = [ + "${DockerStorage}/mongo/config:/data/configdb:rw" + "${DockerStorage}/mongo/data:/data/db:rw" + ]; + cmd = [ + "--quiet" + "--wiredTigerCacheSizeGB" + "0.25" + ]; + labels = { + "komodo.skip" = ""; + }; + log-driver = "local"; + extraOptions = [ + "--network-alias=mongo" + "--network=komodo_default" + ]; + }; + + systemd.services."docker-komodo-mongo" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-komodo_default.service" + # "docker-volume-komodo_mongo-config.service" + # "docker-volume-komodo_mongo-data.service" + ]; + requires = [ + "docker-network-komodo_default.service" + # "docker-volume-komodo_mongo-config.service" + # "docker-volume-komodo_mongo-data.service" + ]; + partOf = [ + "docker-compose-komodo-root.target" + ]; + wantedBy = [ + "docker-compose-komodo-root.target" + ]; + }; + + virtualisation.oci-containers.containers."komodo-periphery" = { + image = "ghcr.io/moghtech/komodo-periphery:latest"; + environmentFiles = [ + ./komodo.env + ]; + volumes = [ + "/proc:/proc:rw" + "/var/run/docker.sock:/var/run/docker.sock:rw" + "${DockerStorage}/repos:/etc/komodo/repos:rw" + "${DockerStorage}/ssl:/etc/komodo/ssl:rw" + "${DockerStorage}/stacks:${DockerStorage}/stacks:rw" + ]; + labels = { + "komodo.skip" = ""; + }; + log-driver = "local"; + extraOptions = [ + "--network-alias=periphery" + "--network=komodo_default" + "--pull=always" + ]; + }; + + systemd.services."docker-komodo-periphery" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + after = [ + "docker-network-komodo_default.service" + # "docker-volume-komodo_repos.service" + # "docker-volume-komodo_ssl-certs.service" + # "docker-volume-komodo_stacks.service" + ]; + requires = [ + "docker-network-komodo_default.service" + # "docker-volume-komodo_repos.service" + # "docker-volume-komodo_ssl-certs.service" + # "docker-volume-komodo_stacks.service" + ]; + partOf = [ + "docker-compose-komodo-root.target" + ]; + wantedBy = [ + "docker-compose-komodo-root.target" + ]; + }; + + # Networks + systemd.services."docker-network-komodo_default" = { + path = [ pkgs.docker ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "docker network rm -f komodo_default"; + }; + script = '' + docker network inspect komodo_default || docker network create komodo_default + ''; + partOf = [ "docker-compose-komodo-root.target" ]; + wantedBy = [ "docker-compose-komodo-root.target" ]; + }; + + # Root service + # When started, this will automatically create all resources and start + # the containers. When stopped, this will teardown all resources. + systemd.targets."docker-compose-komodo-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + after = [ + "docker-authentik-worker.service" + ]; + requires = [ + "docker-authentik-worker.service" + ]; + wantedBy = [ "multi-user.target" ]; + }; +} diff --git a/hosts/nixos/cloud/default.nix b/hosts/nixos/cloud/default.nix new file mode 100644 index 0000000..ed9d1a6 --- /dev/null +++ b/hosts/nixos/cloud/default.nix @@ -0,0 +1,74 @@ +############################################################### +# +# Prozy - LXC Container +# NixOS container, Ryzen 5 5600G (3 Cores), 2GB/2GB RAM/SWAP +# +############################################################### + +{ + inputs, + lib, + config, + pkgs, + ... +}: +let + username = "toph"; +in +{ + imports = lib.flatten [ + ## Hardware ## + ./hardware.nix + + (map lib.custom.relativeToRoot [ + ## Required Configs ## + "hosts/common/core" + + ## Optional Configs ## + "hosts/common/optional/acme" + "hosts/common/optional/caddy" + "hosts/common/optional/docker.nix" + "hosts/common/optional/containers/cloudflared.nix" + + ## Cloud Specific ## + "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯ + ]) + ]; + + ## Host Specifications ## + hostSpec = { + hostName = "cloud"; + username = username; + handle = "tophC7"; + password = "[REDACTED]"; + [REDACTED]; + email = "[REDACTED]"; + userFullName = "[REDACTED]"; + isARM = false; + }; + + networking = { + enableIPv6 = false; + # Container Ports + [REDACTED] + 80 # Caddy + 443 # Caddy + [REDACTED] + ]; + }; + + ## System-wide packages ## + programs.nix-ld.enable = true; + environment.systemPackages = with pkgs; [ + lazydocker + ]; + + environment.etc = { + "cloudflared/.keep" = { + text = "This directory is used to store cloudflared configuration files."; + }; + }; + + # https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion + system.stateVersion = "24.11"; +} diff --git a/hosts/nixos/cloud/hardware.nix b/hosts/nixos/cloud/hardware.nix new file mode 100644 index 0000000..f0e401e --- /dev/null +++ b/hosts/nixos/cloud/hardware.nix @@ -0,0 +1,12 @@ +{ + lib, + ... +}: +{ + imports = lib.flatten [ + (map lib.custom.relativeToRoot [ + "hosts/common/optional/system/lxc.nix" + "hosts/common/optional/system/pool.nix" + ]) + ]; +} diff --git a/hosts/nixos/komodo/default.nix b/hosts/nixos/komodo/default.nix new file mode 100644 index 0000000..4f3d1e0 --- /dev/null +++ b/hosts/nixos/komodo/default.nix @@ -0,0 +1,102 @@ +############################################################### +# +# Komodo - LXC Container +# NixOS container, Ryzen 5 5600G (12 Cores), 30GB/2GB RAM/SWAP +# +############################################################### + +{ + inputs, + lib, + config, + pkgs, + ... +}: +let + username = "toph"; +in +{ + imports = lib.flatten [ + ## Hardware ## + ./hardware.nix + + (map lib.custom.relativeToRoot [ + ## Required Configs ## + "hosts/common/core" + + ## Optional Configs ## + "hosts/common/optional/acme" + "hosts/common/optional/caddy" + "hosts/common/optional/docker.nix" + "hosts/common/containers/authentik" + "hosts/common/containers/komodo" + + ## Komodo Specific ## + "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯ + ]) + ]; + + ## Host Specifications ## + hostSpec = { + hostName = "komodo"; + username = username; + handle = "tophC7"; + password = "[REDACTED]"; + [REDACTED]; + email = "[REDACTED]"; + userFullName = "[REDACTED]"; + isARM = false; + }; + + networking = { + enableIPv6 = false; + # Container Ports + firewall = { + allowedTCPPorts = [ + [REDACTED] + [REDACTED] + [REDACTED] + 222 # Forgejo SSH + [REDACTED] + [REDACTED] + [REDACTED] + [REDACTED] + [REDACTED] + 8080 # File Browser + [REDACTED] + [REDACTED] + [REDACTED] + [REDACTED] + [REDACTED] + ]; + + # Game Server Ports + allowedTCPPortRanges = [ + { + [REDACTED] + [REDACTED] + } + ]; + + allowedUDPPorts = [ + 8089 # Grafana + ]; + }; + }; + + ## System-wide packages ## + programs.nix-ld.enable = true; + environment.systemPackages = with pkgs; [ + lazydocker + compose2nix + ]; + + # environment.etc = { + # "cloudflared/.keep" = { + # text = "This directory is used to store cloudflared configuration files."; + # }; + # }; + + # https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion + system.stateVersion = "24.11"; +} diff --git a/hosts/nixos/komodo/hardware.nix b/hosts/nixos/komodo/hardware.nix new file mode 100644 index 0000000..f0e401e --- /dev/null +++ b/hosts/nixos/komodo/hardware.nix @@ -0,0 +1,12 @@ +{ + lib, + ... +}: +{ + imports = lib.flatten [ + (map lib.custom.relativeToRoot [ + "hosts/common/optional/system/lxc.nix" + "hosts/common/optional/system/pool.nix" + ]) + ]; +} diff --git a/hosts/nixos/nix/default.nix b/hosts/nixos/nix/default.nix new file mode 100644 index 0000000..9ad1087 --- /dev/null +++ b/hosts/nixos/nix/default.nix @@ -0,0 +1,65 @@ +############################################################### +# +# Nix - LXC Container +# NixOS container, Ryzen 5 5600G (10 Cores), 12GB/6GB RAM/SWAP +# +############################################################### + +# TODO: x2go server for remote access + +{ + inputs, + lib, + config, + pkgs, + ... +}: +let + username = "toph"; +in +{ + imports = lib.flatten [ + ## Hardware ## + ./hardware.nix + + (map lib.custom.relativeToRoot [ + ## Required Configs ## + "hosts/common/core" + + ## Optional Configs ## + + ## Nix Specific ## + "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯ + ]) + ]; + + ## Host Specifications ## + hostSpec = { + hostName = "nix"; + username = username; + handle = "tophC7"; + password = "[REDACTED]"; + [REDACTED]; + email = "[REDACTED]"; + userFullName = "[REDACTED]"; + isARM = false; + }; + + networking = { + enableIPv6 = false; + }; + + ## System-wide packages ## + programs.nix-ld.enable = true; + # environment.systemPackages = with pkgs; [ + # ]; + + # environment.etc = { + # "cloudflared/.keep" = { + # text = "This directory is used to store cloudflared configuration files."; + # }; + # }; + + # https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion + system.stateVersion = "24.11"; +} diff --git a/hosts/nixos/nix/hardware.nix b/hosts/nixos/nix/hardware.nix new file mode 100644 index 0000000..f0e401e --- /dev/null +++ b/hosts/nixos/nix/hardware.nix @@ -0,0 +1,12 @@ +{ + lib, + ... +}: +{ + imports = lib.flatten [ + (map lib.custom.relativeToRoot [ + "hosts/common/optional/system/lxc.nix" + "hosts/common/optional/system/pool.nix" + ]) + ]; +}