diff --git a/dotfiles/systems/fighter/configuration.nix b/dotfiles/systems/fighter/configuration.nix new file mode 100644 index 00000000..803b6b4d --- /dev/null +++ b/dotfiles/systems/fighter/configuration.nix @@ -0,0 +1,9 @@ +{ ... }: { + imports = [ + ./server.nix + ./docker.nix + ./network-shares.nix + ./stacks.nix + ./terminal-environment.nix + ]; +} \ No newline at end of file diff --git a/dotfiles/systems/fighter/docker.nix b/dotfiles/systems/fighter/docker.nix new file mode 100644 index 00000000..38ee562b --- /dev/null +++ b/dotfiles/systems/fighter/docker.nix @@ -0,0 +1,9 @@ +{ pkgs, sys }: { + virtualisation.docker = { + enable = true; + rootless.enable = true; + rootless.setSocketVariable = true; + }; + users.users.${sys.username}.extraGroups = [ "docker" ]; + environment.systemPackages = [ pkgs.docker-compose ]; +} \ No newline at end of file diff --git a/dotfiles/systems/fighter/network-shares.nix b/dotfiles/systems/fighter/network-shares.nix new file mode 100644 index 00000000..af062515 --- /dev/null +++ b/dotfiles/systems/fighter/network-shares.nix @@ -0,0 +1,134 @@ +{ pkgs }: let + iqn = "iqn.2020-03.net.jafner:fighter"; + portals = { + barbarian = { + ip = "192.168.1.10"; + port = "3260"; + }; + paladin = { + ip = "192.168.1.12"; + port = "3260"; + }; + }; +in { + services.openiscsi = { + enable = true; + discoverPortals = portals; + targets = [ iqn ]; + }; + + systemd.services = { + iscsi-autoconnect-paladin = { + description = "Log into iSCSI target ${iqn} on paladin"; + after = [ "network.target" "iscsid.service" ]; + wants = [ "iscsid.service" ]; + serviceConfig = { + ExecStartPre = "${pkgs.openiscsi}/bin/iscsiadm -m discovery -t sendtargets -p ${portals.paladin.ip}:${portals.paladin.port}"; + ExecStart = "${pkgs.openiscsi}/bin/iscsiadm -m node -T ${iqn} -p ${portals.paladin.ip}:${portals.paladin.port} --login"; + ExecStop = "${pkgs.openiscsi}/bin/iscsiadm -m node -T ${iqn} -p ${portals.paladin.ip}:${portals.paladin.port} --logout"; + Restart = "on-failure"; + RemainAfterExit = true; + }; + }; + iscsi-autoconnect-barbarian = { + description = "Log into iSCSI target ${iqn} on barbarian"; + after = [ "network.target" "iscsid.service" ]; + wants = [ "iscsid.service" ]; + serviceConfig = { + ExecStartPre = "${pkgs.openiscsi}/bin/iscsiadm -m discovery -t sendtargets -p ${portals.barbarian.ip}:${portals.barbarian.port}"; + ExecStart = "${pkgs.openiscsi}/bin/iscsiadm -m node -T ${iqn} -p ${portals.barbarian.ip}:${portals.barbarian.port} --login"; + ExecStop = "${pkgs.openiscsi}/bin/iscsiadm -m node -T ${iqn} -p ${portals.barbarian.ip}:${portals.barbarian.port} --logout"; + Restart = "on-failure"; + RemainAfterExit = true; + }; + }; + }; + + environment.systemPackages = with pkgs; [ cifs-utils ]; + fileSystems = + let + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + permissions_opts = "credentials=/etc/nixos/smb-secrets,uid=1000,gid=1000"; + in { + # Pool Media on Paladin + "/mnt/smb/paladin/Media/AV" = { + device = "//192.168.1.12/AV"; + fsType = "cifs"; + options = ["${automount_opts},${permissions_opts}"]; + }; + "/mnt/smb/paladin/Media/3DPrinting" = { + device = "//192.168.1.12/3DPrinting"; + fsType = "cifs"; + options = ["${automount_opts},${permissions_opts}"]; + }; + "/mnt/smb/paladin/Media/Movies" = { + device = "//192.168.1.12/Movies"; + fsType = "cifs"; + options = ["${automount_opts},${permissions_opts}"]; + }; + "/mnt/smb/paladin/Media/Music" = { + device = "//192.168.1.12/Music"; + fsType = "cifs"; + options = ["${automount_opts},${permissions_opts}"]; + }; + "/mnt/smb/paladin/Media/Shows" = { + device = "//192.168.1.12/Shows"; + fsType = "cifs"; + options = ["${automount_opts},${permissions_opts}"]; + }; + "/mnt/smb/paladin/Media/Text" = { + device = "//192.168.1.12/Text"; + fsType = "cifs"; + options = ["${automount_opts},${permissions_opts}"]; + }; + + # Pool Tank on Paladin + "/mnt/smb/paladin/Tank/AppData" = { + device = "//192.168.1.12/AppData"; + fsType = "cifs"; + options = ["${automount_opts},${permissions_opts}"]; + }; + "/mnt/smb/paladin/Tank/Archive" = { + device = "//192.168.1.12/Archive"; + fsType = "cifs"; + options = ["${automount_opts},${permissions_opts}"]; + }; + "/mnt/smb/paladin/Tank/HomeVideos" = { + device = "//192.168.1.12/HomeVideos"; + fsType = "cifs"; + options = ["${automount_opts},${permissions_opts}"]; + }; + "/mnt/smb/paladin/Tank/Images" = { + device = "//192.168.1.12/Images"; + fsType = "cifs"; + options = ["${automount_opts},${permissions_opts}"]; + }; + "/mnt/smb/paladin/Tank/Recordings" = { + device = "//192.168.1.12/Recordings"; + fsType = "cifs"; + options = ["${automount_opts},${permissions_opts}"]; + }; + "/mnt/smb/paladin/Tank/Software" = { + device = "//192.168.1.12/Software"; + fsType = "cifs"; + options = ["${automount_opts},${permissions_opts}"]; + }; + "/mnt/smb/paladin/Tank/Torrenting" = { + device = "//192.168.1.12/Torrenting"; + fsType = "cifs"; + options = ["${automount_opts},${permissions_opts}"]; + }; + + # iSCSI devices + # "/mnt/iscsi/paladin" = { + # device = "/dev/disk/by-uuid/..."; + # fsType = "ext4"; + # options = [ "nofail" "_netdev" "auto" "exec" "defaults"]; + # }; + # "/mnt/iscsi/barbarian" = { + # device = "/dev/disk/by-uuid/..."; + # fsType = "ext4"; + # options = [ "nofail" "_netdev" "auto" "exec" "defaults"]; + # }; + }; +} diff --git a/dotfiles/systems/fighter/server.nix b/dotfiles/systems/fighter/server.nix new file mode 100644 index 00000000..529e3229 --- /dev/null +++ b/dotfiles/systems/fighter/server.nix @@ -0,0 +1,30 @@ +{ pkgs, sys }: { + system.stateVersion = "24.11"; + environment.systemPackages = with pkgs; [ + git + ]; + users.users."${sys.username}" = { + isNormalUser = true; + extraGroups = [ "networkmanager" "wheel" ]; + description = "${sys.username}"; + openssh.authorizedKeys.keys = sys.authorizedKeys; + }; + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + }; + security.sudo = { + enable = true; + extraRules = [{ + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; + groups = [ "wheel" ]; + }]; + }; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; +} \ No newline at end of file diff --git a/dotfiles/systems/fighter/stacks.nix b/dotfiles/systems/fighter/stacks.nix new file mode 100644 index 00000000..f9bc92b0 --- /dev/null +++ b/dotfiles/systems/fighter/stacks.nix @@ -0,0 +1,6 @@ +{ ... }: { + imports = let stacksPath = ../../../homelab/stacks; in [ + "${stacksPath}/traefik/stack.nix" + "${stacksPath}/send/stack.nix" + ]; +} \ No newline at end of file diff --git a/dotfiles/systems/fighter/terminal-environment.nix b/dotfiles/systems/fighter/terminal-environment.nix new file mode 100644 index 00000000..c5a67544 --- /dev/null +++ b/dotfiles/systems/fighter/terminal-environment.nix @@ -0,0 +1,141 @@ +{ sys, pkgs }: { + users.users."${sys.username}".shell = pkgs.${sys.shellPackage}; + programs."${sys.shellPackage}".enable = true; + home-manager.users."${sys.username}" = { + home.packages = with pkgs; [ + bat + fd + fastfetch + fzf + jq + tree + nethogs + pinentry-all + ] ++ [ + ( writeShellApplication { + name = "nixos"; + runtimeInputs = [ + libnotify + jq + git + ]; + text = '' + #!/bin/bash + # shellcheck disable=SC2088 + FLAKE_URI="git+https://gitea.jafner.tools/Jafner/Jafner.net?dir=dotfiles#fighter" + + rebuild() { + notify-send "Nixos: Beginning rebuild" + sudo nixos-rebuild switch \ + --flake "$FLAKE_URI" \ + --impure \ + --show-trace &&\ + notify-send "Nixos: Rebuilt successfully" + } + + garbageCollect() { + notify-send "Nixos: Collecting garbage" "Deleting generations older than 7 days." + nix-env --delete-generations 7d &&\ + nix-store --gc --print-dead + notify-send "Nixos: Garbage collection complete" + } + + listGenerations() { + nixos-rebuild list-generations | less + } + + where() { + tree "$(realpath "$(which "$1")" | cut -d'/' -f-4)" + } + + finish() { + mkdir -p "$HOME/.nixos" + nixos-rebuild list-generations --json > "$HOME/.nixos/nixos-generations.json" + } + + error() { + notify-send "Nixos Script Error" "$@" + exit 1 + } + + case "$1" in + rebuild) rebuild && finish;; + clean) garbageCollect && finish;; + ls) listGenerations;; + where) where "$2";; + *) error "Unrecognized subcommand $1";; + esac + ''; + } ) + ]; + + programs.btop = { + enable = true; + package = pkgs.btop-rocm; + settings = { + color_theme = "stylix"; + theme_background = true; + update_ms = 500; + }; + }; + + programs.tmux = { + enable = true; + newSession = true; + baseIndex = 1; + disableConfirmationPrompt = true; + mouse = true; + prefix = "C-b"; + resizeAmount = 2; + plugins = with pkgs; [ + { plugin = tmuxPlugins.resurrect; } + { plugin = tmuxPlugins.tmux-fzf; } + ]; + shell = "${pkgs.${sys.shellPackage}.shellPath}"; + # TODO: Declare tmux session presets + # - 'sysmon' session + # - 'sysmon' window + # - '1' pane: btop + # - '2' pane: ssh -o RequestTTY=true admin@192.168.1.23 btop + # - '3' pane: ssh -o RequestTTY=true admin@143.110.151.123 btop --utf-force + # - 'disks' window + # - '1' pane: watch 'df -h -xcifs' + # - '2' pane: ssh -o RequestTTY=true admin@192.168.1.23 watch 'df -h -xcifs -xiscsi' + # - '3' pane: ssh -o RequestTTY=true admin@143.110.151.123 watch 'df -h' + # - '4' pane: ssh -o RequestTTY=true admin@192.168.1.10 watch 'df -h' + # - '5' pane: ssh -o RequestTTY=true admin@192.168.1.12 watch 'df -h' + # - 'gpus' window + # - '1' pane: amdgpu_top + # - '2' pane: ssh -o RequestTTY=true admin@192.168.1.23 nvtop + # - 'ssh' session + # - 'fighter' window: ssh admin@192.168.1.23 + # - 'wizard' window: ssh vyos@192.168.1.1 + # - 'druid' window: ssh admin@143.110.151.123 + # - 'paladin' window: ssh admin@192.168.1.12 + # - 'barbarian' window: ssh admin@192.168.1.10 + # - 'local' session + # - 'jafner.net' window + }; + + programs.vim = { + enable = true; + defaultEditor = true; + settings = { + copyindent = true; + relativenumber = true; + expandtab = true; + tabstop = 2; + }; + extraConfig = '' + set nocompatible + filetype on + filetype plugin on + filetype indent on + syntax on + set cursorline + set wildmenu + set wildmode=list:longest + ''; + }; + }; +}