Jafner/Jafner.net
1
0
Fork 0
Code Issues 16 Pull Requests Actions Packages Projects Releases Wiki Activity

WIP: Init fighter system configuration.

Browse Source
This commit is contained in:
Joey Hafner 2025-01-30 14:51:01 -08:00
parent e6000fad82
commit 09c2066504
Signed by: Jafner
GPG Key ID: 6D9A24EF2F389E55
6 changed files with 329 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
dotfiles/systems/fighter/configuration.nix Normal file
View File

@ -0,0 +1,9 @@
{ ... }: {
imports = [
./server.nix
./docker.nix
./network-shares.nix
./stacks.nix
./terminal-environment.nix
];
}

9
dotfiles/systems/fighter/docker.nix Normal file
View File

@ -0,0 +1,9 @@
{ pkgs, sys }: {
virtualisation.docker = {
enable = true;
rootless.enable = true;
rootless.setSocketVariable = true;
};
users.users.${sys.username}.extraGroups = [ "docker" ];
environment.systemPackages = [ pkgs.docker-compose ];
}

134
dotfiles/systems/fighter/network-shares.nix Normal file
View File

@ -0,0 +1,134 @@
{ pkgs }: let
iqn = "iqn.2020-03.net.jafner:fighter";
portals = {
barbarian = {
ip = "192.168.1.10";
port = "3260";
};
paladin = {
ip = "192.168.1.12";
port = "3260";
};
};
in {
services.openiscsi = {
enable = true;
discoverPortals = portals;
targets = [ iqn ];
};
systemd.services = {
iscsi-autoconnect-paladin = {
description = "Log into iSCSI target ${iqn} on paladin";
after = [ "network.target" "iscsid.service" ];
wants = [ "iscsid.service" ];
serviceConfig = {
ExecStartPre = "${pkgs.openiscsi}/bin/iscsiadm -m discovery -t sendtargets -p ${portals.paladin.ip}:${portals.paladin.port}";
ExecStart = "${pkgs.openiscsi}/bin/iscsiadm -m node -T ${iqn} -p ${portals.paladin.ip}:${portals.paladin.port} --login";
ExecStop = "${pkgs.openiscsi}/bin/iscsiadm -m node -T ${iqn} -p ${portals.paladin.ip}:${portals.paladin.port} --logout";
Restart = "on-failure";
RemainAfterExit = true;
};
};
iscsi-autoconnect-barbarian = {
description = "Log into iSCSI target ${iqn} on barbarian";
after = [ "network.target" "iscsid.service" ];
wants = [ "iscsid.service" ];
serviceConfig = {
ExecStartPre = "${pkgs.openiscsi}/bin/iscsiadm -m discovery -t sendtargets -p ${portals.barbarian.ip}:${portals.barbarian.port}";
ExecStart = "${pkgs.openiscsi}/bin/iscsiadm -m node -T ${iqn} -p ${portals.barbarian.ip}:${portals.barbarian.port} --login";
ExecStop = "${pkgs.openiscsi}/bin/iscsiadm -m node -T ${iqn} -p ${portals.barbarian.ip}:${portals.barbarian.port} --logout";
Restart = "on-failure";
RemainAfterExit = true;
};
};
};
environment.systemPackages = with pkgs; [ cifs-utils ];
fileSystems =
let
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
permissions_opts = "credentials=/etc/nixos/smb-secrets,uid=1000,gid=1000";
in {
# Pool Media on Paladin
"/mnt/smb/paladin/Media/AV" = {
device = "//192.168.1.12/AV";
fsType = "cifs";
options = ["${automount_opts},${permissions_opts}"];
};
"/mnt/smb/paladin/Media/3DPrinting" = {
device = "//192.168.1.12/3DPrinting";
fsType = "cifs";
options = ["${automount_opts},${permissions_opts}"];
};
"/mnt/smb/paladin/Media/Movies" = {
device = "//192.168.1.12/Movies";
fsType = "cifs";
options = ["${automount_opts},${permissions_opts}"];
};
"/mnt/smb/paladin/Media/Music" = {
device = "//192.168.1.12/Music";
fsType = "cifs";
options = ["${automount_opts},${permissions_opts}"];
};
"/mnt/smb/paladin/Media/Shows" = {
device = "//192.168.1.12/Shows";
fsType = "cifs";
options = ["${automount_opts},${permissions_opts}"];
};
"/mnt/smb/paladin/Media/Text" = {
device = "//192.168.1.12/Text";
fsType = "cifs";
options = ["${automount_opts},${permissions_opts}"];
};
# Pool Tank on Paladin
"/mnt/smb/paladin/Tank/AppData" = {
device = "//192.168.1.12/AppData";
fsType = "cifs";
options = ["${automount_opts},${permissions_opts}"];
};
"/mnt/smb/paladin/Tank/Archive" = {
device = "//192.168.1.12/Archive";
fsType = "cifs";
options = ["${automount_opts},${permissions_opts}"];
};
"/mnt/smb/paladin/Tank/HomeVideos" = {
device = "//192.168.1.12/HomeVideos";
fsType = "cifs";
options = ["${automount_opts},${permissions_opts}"];
};
"/mnt/smb/paladin/Tank/Images" = {
device = "//192.168.1.12/Images";
fsType = "cifs";
options = ["${automount_opts},${permissions_opts}"];
};
"/mnt/smb/paladin/Tank/Recordings" = {
device = "//192.168.1.12/Recordings";
fsType = "cifs";
options = ["${automount_opts},${permissions_opts}"];
};
"/mnt/smb/paladin/Tank/Software" = {
device = "//192.168.1.12/Software";
fsType = "cifs";
options = ["${automount_opts},${permissions_opts}"];
};
"/mnt/smb/paladin/Tank/Torrenting" = {
device = "//192.168.1.12/Torrenting";
fsType = "cifs";
options = ["${automount_opts},${permissions_opts}"];
};
# iSCSI devices
# "/mnt/iscsi/paladin" = {
# device = "/dev/disk/by-uuid/...";
# fsType = "ext4";
# options = [ "nofail" "_netdev" "auto" "exec" "defaults"];
# };
# "/mnt/iscsi/barbarian" = {
# device = "/dev/disk/by-uuid/...";
# fsType = "ext4";
# options = [ "nofail" "_netdev" "auto" "exec" "defaults"];
# };
};
}

30
dotfiles/systems/fighter/server.nix Normal file
View File

@ -0,0 +1,30 @@
{ pkgs, sys }: {
system.stateVersion = "24.11";
environment.systemPackages = with pkgs; [
git
];
users.users."${sys.username}" = {
isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" ];
description = "${sys.username}";
openssh.authorizedKeys.keys = sys.authorizedKeys;
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
security.sudo = {
enable = true;
extraRules = [{
commands = [
{
command = "ALL";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}];
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
}

6
dotfiles/systems/fighter/stacks.nix Normal file
View File

@ -0,0 +1,6 @@
{ ... }: {
imports = let stacksPath = ../../../homelab/stacks; in [
"${stacksPath}/traefik/stack.nix"
"${stacksPath}/send/stack.nix"
];
}

141
dotfiles/systems/fighter/terminal-environment.nix Normal file
View File

@ -0,0 +1,141 @@
{ sys, pkgs }: {
users.users."${sys.username}".shell = pkgs.${sys.shellPackage};
programs."${sys.shellPackage}".enable = true;
home-manager.users."${sys.username}" = {
home.packages = with pkgs; [
bat
fd
fastfetch
fzf
jq
tree
nethogs
pinentry-all
] ++ [
( writeShellApplication {
name = "nixos";
runtimeInputs = [
libnotify
jq
git
];
text = ''
#!/bin/bash
# shellcheck disable=SC2088
FLAKE_URI="git+https://gitea.jafner.tools/Jafner/Jafner.net?dir=dotfiles#fighter"
rebuild() {
notify-send "Nixos: Beginning rebuild"
sudo nixos-rebuild switch \
--flake "$FLAKE_URI" \
--impure \
--show-trace &&\
notify-send "Nixos: Rebuilt successfully"
}
garbageCollect() {
notify-send "Nixos: Collecting garbage" "Deleting generations older than 7 days."
nix-env --delete-generations 7d &&\
nix-store --gc --print-dead
notify-send "Nixos: Garbage collection complete"
}
listGenerations() {
nixos-rebuild list-generations | less
}
where() {
tree "$(realpath "$(which "$1")" | cut -d'/' -f-4)"
}
finish() {
mkdir -p "$HOME/.nixos"
nixos-rebuild list-generations --json > "$HOME/.nixos/nixos-generations.json"
}
error() {
notify-send "Nixos Script Error" "$@"
exit 1
}
case "$1" in
rebuild) rebuild && finish;;
clean) garbageCollect && finish;;
ls) listGenerations;;
where) where "$2";;
*) error "Unrecognized subcommand $1";;
esac
'';
} )
];
programs.btop = {
enable = true;
package = pkgs.btop-rocm;
settings = {
color_theme = "stylix";
theme_background = true;
update_ms = 500;
};
};
programs.tmux = {
enable = true;
newSession = true;
baseIndex = 1;
disableConfirmationPrompt = true;
mouse = true;
prefix = "C-b";
resizeAmount = 2;
plugins = with pkgs; [
{ plugin = tmuxPlugins.resurrect; }
{ plugin = tmuxPlugins.tmux-fzf; }
];
shell = "${pkgs.${sys.shellPackage}.shellPath}";
# TODO: Declare tmux session presets
# - 'sysmon' session
# - 'sysmon' window
# - '1' pane: btop
# - '2' pane: ssh -o RequestTTY=true admin@192.168.1.23 btop
# - '3' pane: ssh -o RequestTTY=true admin@143.110.151.123 btop --utf-force
# - 'disks' window
# - '1' pane: watch 'df -h -xcifs'
# - '2' pane: ssh -o RequestTTY=true admin@192.168.1.23 watch 'df -h -xcifs -xiscsi'
# - '3' pane: ssh -o RequestTTY=true admin@143.110.151.123 watch 'df -h'
# - '4' pane: ssh -o RequestTTY=true admin@192.168.1.10 watch 'df -h'
# - '5' pane: ssh -o RequestTTY=true admin@192.168.1.12 watch 'df -h'
# - 'gpus' window
# - '1' pane: amdgpu_top
# - '2' pane: ssh -o RequestTTY=true admin@192.168.1.23 nvtop
# - 'ssh' session
# - 'fighter' window: ssh admin@192.168.1.23
# - 'wizard' window: ssh vyos@192.168.1.1
# - 'druid' window: ssh admin@143.110.151.123
# - 'paladin' window: ssh admin@192.168.1.12
# - 'barbarian' window: ssh admin@192.168.1.10
# - 'local' session
# - 'jafner.net' window
};
programs.vim = {
enable = true;
defaultEditor = true;
settings = {
copyindent = true;
relativenumber = true;
expandtab = true;
tabstop = 2;
};
extraConfig = ''
set nocompatible
filetype on
filetype plugin on
filetype indent on
syntax on
set cursorline
set wildmenu
set wildmode=list:longest
'';
};
};
}