nixcfg/hosts/mauville/default.nix

# Custom desktop with AMD Ryzen 5 2600, 16GB RAM, AMD Rx 6700, and 1TB SSD + 2TB HDD.
{
  config,
  lib,
  self,
  ...
}: let
  archiveDirectory = "/mnt/Archive";
  domain = "raffauflabs.com";
  mediaDirectory = "/mnt/Media";
in {
  imports = [
    ./disko.nix
    ./home.nix
    ./secrets.nix
    ./stylix.nix
    self.inputs.nixhw.nixosModules.common-amd-cpu
    self.inputs.nixhw.nixosModules.common-amd-gpu
    self.inputs.nixhw.nixosModules.common-bluetooth
    self.inputs.nixhw.nixosModules.common-ssd
    self.inputs.raffauflabs.nixosModules.raffauflabs
    self.nixosModules.common-auto-upgrade
    self.nixosModules.common-base
    self.nixosModules.common-locale
    self.nixosModules.common-nix
    self.nixosModules.common-overlays
    self.nixosModules.common-pkgs
    self.nixosModules.common-tailscale
    self.nixosModules.common-wifi-profiles
  ];

  boot = {
    initrd = {
      availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "r8169"];
      systemd.enable = true;
    };

    lanzaboote = {
      enable = true;
      pkiBundle = "/etc/secureboot";
    };

    loader = {
      efi.canTouchEfiVariables = true;
      systemd-boot.enable = lib.mkForce false;
    };
  };

  hardware.enableAllFirmware = true;
  networking.hostName = "mauville";

  services = {
    forgejo.settings.service.DISABLE_REGISTRATION = lib.mkForce true;

    samba = {
      enable = true;
      openFirewall = true;
      securityType = "user";

      extraConfig = ''
        read raw = Yes
        write raw = Yes
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072
        min receivefile size = 16384
        use sendfile = true
        aio read size = 16384
        aio write size = 16384
      '';

      shares = {
        Media = {
          browseable = "yes";
          comment = "Media @ ${config.networking.hostName}";
          path = mediaDirectory;
          "read only" = "no";
          "guest ok" = "yes";
          "create mask" = "0755";
          "directory mask" = "0755";
        };

        Archive = {
          browseable = "yes";
          comment = "Archive @ ${config.networking.hostName}";
          path = archiveDirectory;
          "create mask" = "0755";
          "directory mask" = "0755";
          "guest ok" = "yes";
          "read only" = "no";
        };
      };
    };

    samba-wsdd = {
      enable = true;
      openFirewall = true;
    };

    transmission = {
      enable = true;
      credentialsFile = config.age.secrets.transmission.path;
      openFirewall = true;
      openRPCPort = true;

      settings = {
        download-dir = mediaDirectory;
        peer-port = 51413;
        rpc-bind-address = "0.0.0.0";
        rpc-port = 9091;
      };
    };
  };

  environment.variables.GDK_SCALE = "1.25";
  system.stateVersion = "24.05";
  zramSwap.memoryPercent = 100;

  ar = {
    apps = {
      firefox.enable = true;
      nicotine-plus.enable = true;
      podman.enable = true;
      steam.enable = true;
      virt-manager.enable = true;
    };

    desktop = {
      greetd = {
        enable = true;
        autologin = "aly";
        session = lib.getExe config.programs.sway.package;
      };

      steam.enable = true;
      sway.enable = true;
    };

    users = {
      aly = {
        enable = true;
        password = "$y$j9T$SHPShqI2IpRE101Ey2ry/0$0mhW1f9LbVY02ifhJlP9XVImge9HOpf23s9i1JFLIt9";

        syncthing = {
          enable = true;
          certFile = config.age.secrets.syncthingCert.path;
          keyFile = config.age.secrets.syncthingKey.path;
          musicPath = "${mediaDirectory}/Music";
        };
      };

      dustin = {
        enable = true;
        password = "$y$j9T$3mMCBnUQ.xjuPIbSof7w0.$fPtRGblPRSwRLj7TFqk1nzuNQk2oVlgvb/bE47sghl.";
      };
    };
  };

  raffauflabs = {
    inherit domain;
    enable = true;

    containers.oci.freshRSS.enable = true;

    services = {
      audiobookshelf.enable = true;

      ddclient = {
        enable = true;
        passwordFile = config.age.secrets.cloudflare.path;
        protocol = "cloudflare";
      };

      forgejo.enable = true;

      navidrome = {
        enable = true;

        lastfm = {
          idFile = config.age.secrets.lastfmId.path;
          secretFile = config.age.secrets.lastfmSecret.path;
        };

        spotify = {
          idFile = config.age.secrets.spotifyId.path;
          secretFile = config.age.secrets.spotifySecret.path;
        };
      };

      plexMediaServer.enable = true;
    };
  };
}
specified host specs in comments 2024-03-12 22:14:08 -04:00			`# Custom desktop with AMD Ryzen 5 2600, 16GB RAM, AMD Rx 6700, and 1TB SSD + 2TB HDD.`
added initial placeholders for mauville host 2024-03-03 21:42:59 -05:00			`{`
reformatted with alejandra 2024-04-07 22:16:33 -04:00			`config,`
			`lib,`
restructure flake (#14) * initial commit * simplify output structure * don't pull wallpaper from flake, use fetchGit * swap nixvim for neovim * fetch wallpaper correctly * move nixvim to aly home config 2024-07-09 19:17:53 -04:00			`self,`
reformatted with alejandra 2024-04-07 22:16:33 -04:00			`...`
mauville: add variables to adjust host settings 2024-04-22 20:34:02 -04:00			`}: let`
move raffauflabsModules to separate git repo (#12) * remove from flake + delete files * README: add raffauflabs modules link 2024-07-05 20:58:05 -04:00			`archiveDirectory = "/mnt/Archive";`
mauville: add variables to adjust host settings 2024-04-22 20:34:02 -04:00			`domain = "raffauflabs.com";`
			`mediaDirectory = "/mnt/Media";`
			`in {`
refactor flake.nix for multiarch support flake: simplify nixos hosts with nixpkgs.lib.genAttrs 2024-05-24 09:37:37 -04:00			`imports = [`
mauville: migrate to disko (#43) * mauville: move to disko with btrfs on /dev/nvme0n1 * mauville: add media and archive disks with btrfs * mauville: run ssh in initrd to type luks password mauville: force system.autoUpgrade.allowReboot to false mauville: bump stateVersion no public secrets, autogen initrd ssh on activation 2024-07-16 21:13:30 -04:00			`./disko.nix`
refactor flake.nix for multiarch support flake: simplify nixos hosts with nixpkgs.lib.genAttrs 2024-05-24 09:37:37 -04:00			`./home.nix`
hosts: add secrets.nix 2024-07-22 19:56:56 -04:00			`./secrets.nix`
migrate to stylix (#90) * flake: add stylix modules * yank enough to make hosts build with stylix enabled * add initial common stylix theme * waybar: remove custom colors * rofi: reimplement theme * rofi: transparency fix * rofi: remove old theme * swayosd: use stylix colors * remove theme.colors * remove remaining theme config outside icons + gtk settings * remove darkMode toggle * restore fuzzel module * randomWallpaper: disable * configs in sway * randomWallpaper: disable hyprpaper stylix config * swaylock: restore non-theme settings * hosts: fix wallpaper * waybar: restore colors * rofi: restore theme * rofi: use proper border color * harmonize font sizes * rofi: use borderRadius setting * tmux: remove theming * hosts: add preliminary stylix configs * randomWallpaper: force hyprpaper off * fallarbor: set correct wallpaper * rofi: fix transparency issues on hyprland * sway: override stylix indicator colors 2024-08-15 15:55:39 -04:00			`./stylix.nix`
restructure flake (#14) * initial commit * simplify output structure * don't pull wallpaper from flake, use fetchGit * swap nixvim for neovim * fetch wallpaper correctly * move nixvim to aly home config 2024-07-09 19:17:53 -04:00			`self.inputs.nixhw.nixosModules.common-amd-cpu`
			`self.inputs.nixhw.nixosModules.common-amd-gpu`
			`self.inputs.nixhw.nixosModules.common-bluetooth`
			`self.inputs.nixhw.nixosModules.common-ssd`
			`self.inputs.raffauflabs.nixosModules.raffauflabs`
flake: reorg common modules as flake outputs (#95) * initial committ * move plymouth and printing to desktop modules * rename commonModules -> common * rename commonModules -> common * move nix settings base -> common/nix * nix fmt * move baseModules to common/base 2024-08-22 07:46:19 -04:00			`self.nixosModules.common-auto-upgrade`
			`self.nixosModules.common-base`
hosts: re-add locale 2024-08-22 09:09:30 -04:00			`self.nixosModules.common-locale`
flake: reorg common modules as flake outputs (#95) * initial committ * move plymouth and printing to desktop modules * rename commonModules -> common * rename commonModules -> common * move nix settings base -> common/nix * nix fmt * move baseModules to common/base 2024-08-22 07:46:19 -04:00			`self.nixosModules.common-nix`
			`self.nixosModules.common-overlays`
			`self.nixosModules.common-pkgs`
			`self.nixosModules.common-tailscale`
			`self.nixosModules.common-wifi-profiles`
refactor flake.nix for multiarch support flake: simplify nixos hosts with nixpkgs.lib.genAttrs 2024-05-24 09:37:37 -04:00			`];`
added initial placeholders for mauville host 2024-03-03 21:42:59 -05:00
move nixos/base to baseModules 2024-07-07 19:17:35 -04:00			`boot = {`
mauville: migrate to disko (#43) * mauville: move to disko with btrfs on /dev/nvme0n1 * mauville: add media and archive disks with btrfs * mauville: run ssh in initrd to type luks password mauville: force system.autoUpgrade.allowReboot to false mauville: bump stateVersion no public secrets, autogen initrd ssh on activation 2024-07-16 21:13:30 -04:00			`initrd = {`
			`availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "r8169"];`
hosts: enable secureboot and tpm luks unlocking (#99) * flake: add secureboot * petalburg: enable lanzaboote * lavaridge: enable lanzaboote * flake: auto import lanzaboote * mauville: enable secureboot and auto luks unlocking * lavaridge,petalburg: disable autologin * README.md: add lanzaboote * hosts/README.md: add secure boot setup docs 2024-08-24 15:25:41 -04:00			`systemd.enable = true;`
			`};`
mauville: migrate to disko (#43) * mauville: move to disko with btrfs on /dev/nvme0n1 * mauville: add media and archive disks with btrfs * mauville: run ssh in initrd to type luks password mauville: force system.autoUpgrade.allowReboot to false mauville: bump stateVersion no public secrets, autogen initrd ssh on activation 2024-07-16 21:13:30 -04:00
hosts: enable secureboot and tpm luks unlocking (#99) * flake: add secureboot * petalburg: enable lanzaboote * lavaridge: enable lanzaboote * flake: auto import lanzaboote * mauville: enable secureboot and auto luks unlocking * lavaridge,petalburg: disable autologin * README.md: add lanzaboote * hosts/README.md: add secure boot setup docs 2024-08-24 15:25:41 -04:00			`lanzaboote = {`
			`enable = true;`
			`pkiBundle = "/etc/secureboot";`
mauville: migrate to disko (#43) * mauville: move to disko with btrfs on /dev/nvme0n1 * mauville: add media and archive disks with btrfs * mauville: run ssh in initrd to type luks password mauville: force system.autoUpgrade.allowReboot to false mauville: bump stateVersion no public secrets, autogen initrd ssh on activation 2024-07-16 21:13:30 -04:00			`};`
move nixos/base to baseModules 2024-07-07 19:17:35 -04:00
			`loader = {`
			`efi.canTouchEfiVariables = true;`
hosts: enable secureboot and tpm luks unlocking (#99) * flake: add secureboot * petalburg: enable lanzaboote * lavaridge: enable lanzaboote * flake: auto import lanzaboote * mauville: enable secureboot and auto luks unlocking * lavaridge,petalburg: disable autologin * README.md: add lanzaboote * hosts/README.md: add secure boot setup docs 2024-08-24 15:25:41 -04:00			`systemd-boot.enable = lib.mkForce false;`
move nixos/base to baseModules 2024-07-07 19:17:35 -04:00			`};`
move raffauflabsModules to separate git repo (#12) * remove from flake + delete files * README: add raffauflabs modules link 2024-07-05 20:58:05 -04:00			`};`
nixosModules: simplify options 2024-06-28 21:07:20 -04:00
move nixos/base to baseModules 2024-07-07 19:17:35 -04:00			`hardware.enableAllFirmware = true;`
move raffauflabsModules to separate git repo (#12) * remove from flake + delete files * README: add raffauflabs modules link 2024-07-05 20:58:05 -04:00			`networking.hostName = "mauville";`
nixosModules: remove ollama module 2024-06-30 23:01:57 -04:00
move raffauflabsModules to separate git repo (#12) * remove from flake + delete files * README: add raffauflabs modules link 2024-07-05 20:58:05 -04:00			`services = {`
mauville: disable forgejo registration 2024-07-11 21:06:45 -04:00			`forgejo.settings.service.DISABLE_REGISTRATION = lib.mkForce true;`

dissolved homeLab module in favor of separate container and services modules 2024-04-22 20:18:47 -04:00			`samba = {`
			`enable = true;`
			`openFirewall = true;`
simplified module options and host configs after dropping nixos-hardware input 2024-06-22 12:10:36 -04:00			`securityType = "user";`

mauville: set samba extraConfig for speed 2024-08-09 21:00:32 -04:00			`extraConfig = ''`
			`read raw = Yes`
			`write raw = Yes`
			`socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072`
			`min receivefile size = 16384`
			`use sendfile = true`
			`aio read size = 16384`
			`aio write size = 16384`
			`'';`

dissolved homeLab module in favor of separate container and services modules 2024-04-22 20:18:47 -04:00			`shares = {`
			`Media = {`
mauville: code cleanup and reorg 2024-06-07 13:14:34 -04:00			`browseable = "yes";`
move raffauflabsModules to separate git repo (#12) * remove from flake + delete files * README: add raffauflabs modules link 2024-07-05 20:58:05 -04:00			`comment = "Media @ ${config.networking.hostName}";`
mauville: add variables to adjust host settings 2024-04-22 20:34:02 -04:00			`path = mediaDirectory;`
dissolved homeLab module in favor of separate container and services modules 2024-04-22 20:18:47 -04:00			`"read only" = "no";`
			`"guest ok" = "yes";`
			`"create mask" = "0755";`
			`"directory mask" = "0755";`
			`};`
simplified module options and host configs after dropping nixos-hardware input 2024-06-22 12:10:36 -04:00
dissolved homeLab module in favor of separate container and services modules 2024-04-22 20:18:47 -04:00			`Archive = {`
mauville: code cleanup and reorg 2024-06-07 13:14:34 -04:00			`browseable = "yes";`
move raffauflabsModules to separate git repo (#12) * remove from flake + delete files * README: add raffauflabs modules link 2024-07-05 20:58:05 -04:00			`comment = "Archive @ ${config.networking.hostName}";`
mauville: add variables to adjust host settings 2024-04-22 20:34:02 -04:00			`path = archiveDirectory;`
dissolved homeLab module in favor of separate container and services modules 2024-04-22 20:18:47 -04:00			`"create mask" = "0755";`
			`"directory mask" = "0755";`
mauville: code cleanup and reorg 2024-06-07 13:14:34 -04:00			`"guest ok" = "yes";`
			`"read only" = "no";`
dissolved homeLab module in favor of separate container and services modules 2024-04-22 20:18:47 -04:00			`};`
			`};`
			`};`
simplified module options and host configs after dropping nixos-hardware input 2024-06-22 12:10:36 -04:00
dissolved homeLab module in favor of separate container and services modules 2024-04-22 20:18:47 -04:00			`samba-wsdd = {`
			`enable = true;`
			`openFirewall = true;`
add systemConfig.zramSwap.size option and set new defaults 2024-03-30 21:14:13 -04:00			`};`
secrets: add transmission secret mauville: add transmission credentialswith agenix secrets/transmission: update secres/transmission: require auth secres/transmission: require auth 2024-07-17 00:24:59 -04:00
mauville/transmission: disable reverse proxy, lan access only 2024-07-17 21:12:52 -04:00			`transmission = {`
			`enable = true;`
			`credentialsFile = config.age.secrets.transmission.path;`
			`openFirewall = true;`
mauville/transmission: allow lan access 2024-07-17 21:51:14 -04:00			`openRPCPort = true;`
mauville/transmission: disable reverse proxy, lan access only 2024-07-17 21:12:52 -04:00
			`settings = {`
			`download-dir = mediaDirectory;`
mauville/transmission: update peer port 2024-07-18 19:45:16 -04:00			`peer-port = 51413;`
mauville/transmission: allow lan access 2024-07-17 21:51:14 -04:00			`rpc-bind-address = "0.0.0.0";`
mauville/transmission: disable reverse proxy, lan access only 2024-07-17 21:12:52 -04:00			`rpc-port = 9091;`
			`};`
			`};`
programs -> apps to avoid collisions with nixpkgs 2024-03-28 16:36:10 -04:00			`};`

declare GDK_SCALE in host cfg 2024-07-07 22:23:19 -04:00			`environment.variables.GDK_SCALE = "1.25";`
mauville: remove initrd ssh activation script 2024-08-24 17:03:40 -04:00			`system.stateVersion = "24.05";`
nixos: move zramswap to base and delete module options 2024-07-07 17:17:51 -04:00			`zramSwap.memoryPercent = 100;`

move duplicated hardware configuration to config.ar.hardware module 2024-06-26 22:13:02 -04:00			`ar = {`
simplified module options and host configs after dropping nixos-hardware input 2024-06-22 12:10:36 -04:00			`apps = {`
nixosModules: simplify options 2024-06-28 21:07:20 -04:00			`firefox.enable = true;`
simplified module options and host configs after dropping nixos-hardware input 2024-06-22 12:10:36 -04:00			`nicotine-plus.enable = true;`
			`podman.enable = true;`
			`steam.enable = true;`
			`virt-manager.enable = true;`
			`};`

			`desktop = {`
			`greetd = {`
			`enable = true;`
nixosmodules/greetd: simplify autologin options 2024-07-10 20:30:11 -04:00			`autologin = "aly";`
mauville: sway by default 2024-08-11 20:40:29 -04:00			`session = lib.getExe config.programs.sway.package;`
simplified module options and host configs after dropping nixos-hardware input 2024-06-22 12:10:36 -04:00			`};`

mauville: enable steam gamescope session 2024-06-22 12:22:31 -04:00			`steam.enable = true;`
mauville: sway by default 2024-08-11 20:40:29 -04:00			`sway.enable = true;`
simplified module options and host configs after dropping nixos-hardware input 2024-06-22 12:10:36 -04:00			`};`
move duplicated hardware configuration to config.ar.hardware module 2024-06-26 22:13:02 -04:00
simplified module options and host configs after dropping nixos-hardware input 2024-06-22 12:10:36 -04:00			`users = {`
			`aly = {`
			`enable = true;`
			`password = "$y$j9T$SHPShqI2IpRE101Ey2ry/0$0mhW1f9LbVY02ifhJlP9XVImge9HOpf23s9i1JFLIt9";`
move syncthing from nixosModules to userModules/aly 2024-07-08 00:58:52 -04:00
			`syncthing = {`
			`enable = true;`
userModules/aly/syncthing: handle secrets 2024-07-08 01:29:09 -04:00			`certFile = config.age.secrets.syncthingCert.path;`
			`keyFile = config.age.secrets.syncthingKey.path;`
move syncthing from nixosModules to userModules/aly 2024-07-08 00:58:52 -04:00			`musicPath = "${mediaDirectory}/Music";`
			`};`
simplified module options and host configs after dropping nixos-hardware input 2024-06-22 12:10:36 -04:00			`};`

			`dustin = {`
			`enable = true;`
			`password = "$y$j9T$3mMCBnUQ.xjuPIbSof7w0.$fPtRGblPRSwRLj7TFqk1nzuNQk2oVlgvb/bE47sghl.";`
			`};`
			`};`
			`};`
move raffauflabsModules to separate git repo (#12) * remove from flake + delete files * README: add raffauflabs modules link 2024-07-05 20:58:05 -04:00
			`raffauflabs = {`
			`inherit domain;`
			`enable = true;`

mauville: move ot native nix abs and plex services 2024-07-16 23:23:22 -04:00			`containers.oci.freshRSS.enable = true;`
move raffauflabsModules to separate git repo (#12) * remove from flake + delete files * README: add raffauflabs modules link 2024-07-05 20:58:05 -04:00
			`services = {`
mauville: move ot native nix abs and plex services 2024-07-16 23:23:22 -04:00			`audiobookshelf.enable = true;`

move raffauflabsModules to separate git repo (#12) * remove from flake + delete files * README: add raffauflabs modules link 2024-07-05 20:58:05 -04:00			`ddclient = {`
			`enable = true;`
			`passwordFile = config.age.secrets.cloudflare.path;`
			`protocol = "cloudflare";`
			`};`

			`forgejo.enable = true;`
mauville: move ot native nix abs and plex services 2024-07-16 23:23:22 -04:00
move raffauflabsModules to separate git repo (#12) * remove from flake + delete files * README: add raffauflabs modules link 2024-07-05 20:58:05 -04:00			`navidrome = {`
			`enable = true;`
hosts: code cleanup 2024-07-10 21:21:14 -04:00
move raffauflabsModules to separate git repo (#12) * remove from flake + delete files * README: add raffauflabs modules link 2024-07-05 20:58:05 -04:00			`lastfm = {`
			`idFile = config.age.secrets.lastfmId.path;`
			`secretFile = config.age.secrets.lastfmSecret.path;`
			`};`
hosts: code cleanup 2024-07-10 21:21:14 -04:00
move raffauflabsModules to separate git repo (#12) * remove from flake + delete files * README: add raffauflabs modules link 2024-07-05 20:58:05 -04:00			`spotify = {`
			`idFile = config.age.secrets.spotifyId.path;`
			`secretFile = config.age.secrets.spotifySecret.path;`
			`};`
			`};`
mauville: move ot native nix abs and plex services 2024-07-16 23:23:22 -04:00
			`plexMediaServer.enable = true;`
move raffauflabsModules to separate git repo (#12) * remove from flake + delete files * README: add raffauflabs modules link 2024-07-05 20:58:05 -04:00			`};`
			`};`
added initial placeholders for mauville host 2024-03-03 21:42:59 -05:00			`}`