WIP: Init fighter system configuration.

dotfiles/systems/fighter/configuration.nix

@@ -0,0 +1,9 @@
+{ ... }: {
+  imports = [
+    ./server.nix
+    ./docker.nix
+    ./network-shares.nix
+    ./stacks.nix
+    ./terminal-environment.nix
+  ];
+}

dotfiles/systems/fighter/docker.nix

@@ -0,0 +1,9 @@
+{ pkgs, sys }: {
+  virtualisation.docker = {
+    enable = true;
+    rootless.enable = true;
+    rootless.setSocketVariable = true;
+  };
+  users.users.${sys.username}.extraGroups = [ "docker" ];
+  environment.systemPackages = [ pkgs.docker-compose ];
+}

dotfiles/systems/fighter/network-shares.nix

@@ -0,0 +1,134 @@
+{ pkgs }: let
+  iqn = "iqn.2020-03.net.jafner:fighter";
+  portals = { 
+    barbarian = {
+      ip = "192.168.1.10";
+      port = "3260";
+    };
+    paladin = {
+      ip = "192.168.1.12";
+      port = "3260";
+    };
+  };
+in {
+  services.openiscsi = {
+    enable = true;
+    discoverPortals = portals;
+    targets = [ iqn ];
+  };
+
+  systemd.services = {
+    iscsi-autoconnect-paladin = {
+      description = "Log into iSCSI target ${iqn} on paladin";
+      after = [ "network.target" "iscsid.service" ];
+      wants = [ "iscsid.service" ];
+      serviceConfig = {
+        ExecStartPre = "${pkgs.openiscsi}/bin/iscsiadm -m discovery -t sendtargets -p ${portals.paladin.ip}:${portals.paladin.port}";
+        ExecStart = "${pkgs.openiscsi}/bin/iscsiadm -m node -T ${iqn} -p ${portals.paladin.ip}:${portals.paladin.port} --login";
+        ExecStop = "${pkgs.openiscsi}/bin/iscsiadm -m node -T ${iqn} -p ${portals.paladin.ip}:${portals.paladin.port} --logout";
+        Restart = "on-failure";
+        RemainAfterExit = true;
+      };
+    };
+    iscsi-autoconnect-barbarian = {
+      description = "Log into iSCSI target ${iqn} on barbarian";
+      after = [ "network.target" "iscsid.service" ];
+      wants = [ "iscsid.service" ];
+      serviceConfig = {
+        ExecStartPre = "${pkgs.openiscsi}/bin/iscsiadm -m discovery -t sendtargets -p ${portals.barbarian.ip}:${portals.barbarian.port}";
+        ExecStart = "${pkgs.openiscsi}/bin/iscsiadm -m node -T ${iqn} -p ${portals.barbarian.ip}:${portals.barbarian.port} --login";
+        ExecStop = "${pkgs.openiscsi}/bin/iscsiadm -m node -T ${iqn} -p ${portals.barbarian.ip}:${portals.barbarian.port} --logout";
+        Restart = "on-failure";
+        RemainAfterExit = true;
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs; [ cifs-utils ];
+  fileSystems =
+    let
+        automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+        permissions_opts = "credentials=/etc/nixos/smb-secrets,uid=1000,gid=1000";
+    in {
+    # Pool Media on Paladin
+    "/mnt/smb/paladin/Media/AV" = {
+      device = "//192.168.1.12/AV";
+      fsType = "cifs";
+      options = ["${automount_opts},${permissions_opts}"];
+    };
+    "/mnt/smb/paladin/Media/3DPrinting" = {
+      device = "//192.168.1.12/3DPrinting";
+      fsType = "cifs";
+      options = ["${automount_opts},${permissions_opts}"];
+    };
+    "/mnt/smb/paladin/Media/Movies" = {
+      device = "//192.168.1.12/Movies";
+      fsType = "cifs";
+      options = ["${automount_opts},${permissions_opts}"];
+    };
+    "/mnt/smb/paladin/Media/Music" = {
+      device = "//192.168.1.12/Music";
+      fsType = "cifs";
+      options = ["${automount_opts},${permissions_opts}"];
+    };
+    "/mnt/smb/paladin/Media/Shows" = {
+      device = "//192.168.1.12/Shows";
+      fsType = "cifs";
+      options = ["${automount_opts},${permissions_opts}"];
+    };
+    "/mnt/smb/paladin/Media/Text" = {
+      device = "//192.168.1.12/Text";
+      fsType = "cifs";
+      options = ["${automount_opts},${permissions_opts}"];
+    };
+
+    # Pool Tank on Paladin
+    "/mnt/smb/paladin/Tank/AppData" = {
+      device = "//192.168.1.12/AppData";
+      fsType = "cifs";
+      options = ["${automount_opts},${permissions_opts}"];
+    };
+    "/mnt/smb/paladin/Tank/Archive" = {
+      device = "//192.168.1.12/Archive";
+      fsType = "cifs";
+      options = ["${automount_opts},${permissions_opts}"];
+    };
+    "/mnt/smb/paladin/Tank/HomeVideos" = {
+      device = "//192.168.1.12/HomeVideos";
+      fsType = "cifs";
+      options = ["${automount_opts},${permissions_opts}"];
+    };
+    "/mnt/smb/paladin/Tank/Images" = {
+      device = "//192.168.1.12/Images";
+      fsType = "cifs";
+      options = ["${automount_opts},${permissions_opts}"];
+    };
+    "/mnt/smb/paladin/Tank/Recordings" = {
+      device = "//192.168.1.12/Recordings";
+      fsType = "cifs";
+      options = ["${automount_opts},${permissions_opts}"];
+    };
+    "/mnt/smb/paladin/Tank/Software" = {
+      device = "//192.168.1.12/Software";
+      fsType = "cifs";
+      options = ["${automount_opts},${permissions_opts}"];
+    };
+    "/mnt/smb/paladin/Tank/Torrenting" = {
+      device = "//192.168.1.12/Torrenting";
+      fsType = "cifs";
+      options = ["${automount_opts},${permissions_opts}"];
+    };
+
+    # iSCSI devices
+    # "/mnt/iscsi/paladin" = {
+    #   device = "/dev/disk/by-uuid/...";
+    #   fsType = "ext4";
+    #   options = [ "nofail" "_netdev" "auto" "exec" "defaults"];
+    # };
+    # "/mnt/iscsi/barbarian" = {
+    #   device = "/dev/disk/by-uuid/...";
+    #   fsType = "ext4";
+    #   options = [ "nofail" "_netdev" "auto" "exec" "defaults"];
+    # };
+  };
+}

dotfiles/systems/fighter/server.nix

@@ -0,0 +1,30 @@
+{ pkgs, sys }: {
+  system.stateVersion = "24.11";
+  environment.systemPackages = with pkgs; [
+    git
+  ];
+  users.users."${sys.username}" = {
+    isNormalUser = true;
+    extraGroups = [ "networkmanager" "wheel" ];
+    description = "${sys.username}";
+    openssh.authorizedKeys.keys = sys.authorizedKeys;
+  };
+  services.openssh = {
+    enable = true;
+    settings.PasswordAuthentication = false;
+    settings.KbdInteractiveAuthentication = false;
+  };
+  security.sudo = {
+    enable = true;
+    extraRules = [{
+      commands = [
+        {
+          command = "ALL";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+      groups = [ "wheel" ];
+    }];
+  };
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+}

dotfiles/systems/fighter/stacks.nix

@@ -0,0 +1,6 @@
+{ ... }: {
+  imports = let stacksPath = ../../../homelab/stacks; in [
+    "${stacksPath}/traefik/stack.nix"
+    "${stacksPath}/send/stack.nix"
+  ];
+}

dotfiles/systems/fighter/terminal-environment.nix

@@ -0,0 +1,141 @@
+{ sys, pkgs }: {
+  users.users."${sys.username}".shell = pkgs.${sys.shellPackage};
+  programs."${sys.shellPackage}".enable = true;
+  home-manager.users."${sys.username}" = {
+    home.packages = with pkgs; [
+      bat
+      fd
+      fastfetch
+      fzf
+      jq
+      tree
+      nethogs
+      pinentry-all
+    ] ++ [
+      ( writeShellApplication {
+        name = "nixos";
+        runtimeInputs = [
+            libnotify
+            jq
+            git
+        ];
+        text = ''
+            #!/bin/bash
+            # shellcheck disable=SC2088
+            FLAKE_URI="git+https://gitea.jafner.tools/Jafner/Jafner.net?dir=dotfiles#fighter"
+
+            rebuild() {
+              notify-send "Nixos: Beginning rebuild"
+              sudo nixos-rebuild switch \
+                  --flake "$FLAKE_URI" \
+                  --impure \
+                  --show-trace &&\
+              notify-send "Nixos: Rebuilt successfully"
+            }
+
+            garbageCollect() {
+              notify-send "Nixos: Collecting garbage" "Deleting generations older than 7 days."
+              nix-env --delete-generations 7d &&\
+              nix-store --gc --print-dead
+              notify-send "Nixos: Garbage collection complete"
+            }
+
+            listGenerations() {
+              nixos-rebuild list-generations | less
+            }
+
+            where() {
+              tree "$(realpath "$(which "$1")" | cut -d'/' -f-4)"
+            }
+
+            finish() {
+              mkdir -p "$HOME/.nixos"
+              nixos-rebuild list-generations --json > "$HOME/.nixos/nixos-generations.json"
+            }
+
+            error() {
+              notify-send "Nixos Script Error" "$@"
+              exit 1
+            }
+
+            case "$1" in
+            rebuild) rebuild && finish;;
+            clean) garbageCollect && finish;;
+            ls) listGenerations;;
+            where) where "$2";;
+            *) error "Unrecognized subcommand $1";;
+            esac
+        '';
+      } )
+    ];
+
+    programs.btop = {
+      enable = true;
+      package = pkgs.btop-rocm;
+      settings = {
+        color_theme = "stylix";
+        theme_background = true;
+        update_ms = 500;
+      };
+    };
+
+    programs.tmux = {
+      enable = true;
+      newSession = true;
+      baseIndex = 1;
+      disableConfirmationPrompt = true;
+      mouse = true;
+      prefix = "C-b";
+      resizeAmount = 2;
+      plugins = with pkgs; [
+        { plugin = tmuxPlugins.resurrect; }
+        { plugin = tmuxPlugins.tmux-fzf; }
+      ];
+      shell = "${pkgs.${sys.shellPackage}.shellPath}";
+      # TODO: Declare tmux session presets
+      # - 'sysmon' session
+      #   - 'sysmon' window
+      #     - '1' pane: btop
+      #     - '2' pane: ssh -o RequestTTY=true admin@192.168.1.23 btop
+      #     - '3' pane: ssh -o RequestTTY=true admin@143.110.151.123 btop --utf-force
+      #   - 'disks' window
+      #     - '1' pane: watch 'df -h -xcifs'
+      #     - '2' pane: ssh -o RequestTTY=true admin@192.168.1.23 watch 'df -h -xcifs -xiscsi'
+      #     - '3' pane: ssh -o RequestTTY=true admin@143.110.151.123 watch 'df -h'
+      #     - '4' pane: ssh -o RequestTTY=true admin@192.168.1.10 watch 'df -h'
+      #     - '5' pane: ssh -o RequestTTY=true admin@192.168.1.12 watch 'df -h'
+      #   - 'gpus' window
+      #     - '1' pane: amdgpu_top
+      #     - '2' pane: ssh -o RequestTTY=true admin@192.168.1.23 nvtop
+      # - 'ssh' session
+      #   - 'fighter' window: ssh admin@192.168.1.23
+      #   - 'wizard' window: ssh vyos@192.168.1.1
+      #   - 'druid' window: ssh admin@143.110.151.123
+      #   - 'paladin' window: ssh admin@192.168.1.12
+      #   - 'barbarian' window: ssh admin@192.168.1.10
+      # - 'local' session
+      #   - 'jafner.net' window
+    };
+
+    programs.vim = {
+      enable = true;
+      defaultEditor = true;
+      settings = {
+        copyindent = true;
+        relativenumber = true;
+        expandtab = true;
+        tabstop = 2;
+      };
+      extraConfig = ''
+        set nocompatible
+        filetype on
+        filetype plugin on
+        filetype indent on
+        syntax on
+        set cursorline
+        set wildmenu
+        set wildmode=list:longest
+      '';
+    };
+  };
+}