nix-config/hosts/franz/default.nix

{
  inputs,
  outputs,
  lib,
  config,
  pkgs,
  ...
}: let
  vars = import ../../vars.nix;
in {
  imports = [
    inputs.hardware.nixosModules.common-pc-ssd
    inputs.disko.nixosModules.default

    ./hardware-configuration.nix
    (import ../../disko/btrfs-swap.nix {device = "/dev/nvme0n1";})
    ./disko/zfs.nix

    ../common/global

    ../common/optional/systemd-boot.nix
    ../common/optional/gnome-keyring.nix
    ../common/optional/docker.nix
    ./sops.nix
    ./restic.nix
    ./arion
    # ./hydra.nix
    ./samba.nix
  ];

  # Enable ZFS
  boot.supportedFilesystems = ["zfs"];
  networking.hostId = "f014fc43";
  services.zfs.autoScrub.enable = true;

  # Prevent server from getting stuck in emergency mode and non-connectable via SSH
  systemd.enableEmergencyMode = false;

  # Fix rebuild being stuck when Pihole is down due to docker restart
  systemd.services.NetworkManager-wait-online.enable = false;

  # Prevent zfs from being automounted by fstab auto discovery & zfs
  fileSystems."/storage/dataset".options = ["noauto"];
  fileSystems."/storage".options = ["noauto"];

  fileSystems."/home/ghoscht/.zfs" = {
    device = "/dev/disk/by-label/SECRET_KEYS";
    fsType = "vfat";
  };

  users.mutableUsers = true;
  users.users.${vars.user} = {
    password = "changeme";
    openssh.authorizedKeys.keys = [
      #Desktop
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJd6Gut34abkwlZ4tZVBO4Qt7CkIpPm/Z8R6JCisjnYy openpgp:0xBD0CFCA0"

      #Convertible
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlRsnLqm6Ap3yKEEhtFiWavo72df/X5Il1ZCmENUqev openpgp:0xDE189CA5"
    ];
  };
  security.pam.enableSSHAgentAuth = true;

  nixpkgs = {
    overlays = [
      outputs.overlays.additions
      outputs.overlays.modifications
      outputs.overlays.unstable-packages
    ];
    config = {
      allowUnfree = true;
    };
  };

  networking.hostName = "franz";

  programs = {
    dconf.enable = true;
  };

  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
  };

  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
  system.stateVersion = "23.11";
}
Add franz configuration 2024-03-02 17:17:52 +01:00			`{`
			`inputs,`
			`outputs,`
			`lib,`
			`config,`
			`pkgs,`
			`...`
Add default user login 2024-03-02 17:48:50 +01:00			`}: let`
			`vars = import ../../vars.nix;`
			`in {`
Add franz configuration 2024-03-02 17:17:52 +01:00			`imports = [`
			`inputs.hardware.nixosModules.common-pc-ssd`
			`inputs.disko.nixosModules.default`

			`./hardware-configuration.nix`
Make disko config universal 2024-03-03 12:15:40 +01:00			`(import ../../disko/btrfs-swap.nix {device = "/dev/nvme0n1";})`
Add zfs cluster 2024-03-31 22:04:31 +02:00			`./disko/zfs.nix`
Add franz configuration 2024-03-02 17:17:52 +01:00
			`../common/global`

			`../common/optional/systemd-boot.nix`
			`../common/optional/gnome-keyring.nix`
			`../common/optional/docker.nix`
Add basic docker config 2024-03-03 20:04:13 +01:00			`./sops.nix`
Add restic backups 2024-03-31 22:04:51 +02:00			`./restic.nix`
Begin transfer of docker-compose.yml to arion 2024-03-05 20:59:17 +01:00			`./arion`
Franz: Disable hydra 2024-08-24 10:14:31 +02:00			`# ./hydra.nix`
Add initial native smb share doesn't really work yet from windows side, but linux works 2024-06-13 23:29:40 +02:00			`./samba.nix`
Add franz configuration 2024-03-02 17:17:52 +01:00			`];`

Add zfs cluster 2024-03-31 22:04:31 +02:00			`# Enable ZFS`
			`boot.supportedFilesystems = ["zfs"];`
			`networking.hostId = "f014fc43";`
Enable zfs autoscrub 2024-07-28 00:35:01 +02:00			`services.zfs.autoScrub.enable = true;`
Add zfs cluster 2024-03-31 22:04:31 +02:00
Franz: Disable network monitor online check 2024-08-24 10:14:23 +02:00			`# Prevent server from getting stuck in emergency mode and non-connectable via SSH`
Add zfs cluster 2024-03-31 22:04:31 +02:00			`systemd.enableEmergencyMode = false;`
Franz: Disable network monitor online check 2024-08-24 10:14:23 +02:00
			`# Fix rebuild being stuck when Pihole is down due to docker restart`
			`systemd.services.NetworkManager-wait-online.enable = false;`
Add zfs cluster 2024-03-31 22:04:31 +02:00
			`# Prevent zfs from being automounted by fstab auto discovery & zfs`
			`fileSystems."/storage/dataset".options = ["noauto"];`
			`fileSystems."/storage".options = ["noauto"];`

Mount zfs keyfile store 2024-08-09 17:58:45 +02:00			`fileSystems."/home/ghoscht/.zfs" = {`
			`device = "/dev/disk/by-label/SECRET_KEYS";`
			`fsType = "vfat";`
			`};`

Add default user login 2024-03-02 17:48:50 +01:00			`users.mutableUsers = true;`
Adapt franz to real installation 2024-03-17 15:18:23 +01:00			`users.users.${vars.user} = {`
			`password = "changeme";`
			`openssh.authorizedKeys.keys = [`
			`#Desktop`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJd6Gut34abkwlZ4tZVBO4Qt7CkIpPm/Z8R6JCisjnYy openpgp:0xBD0CFCA0"`
Add default user login 2024-03-02 17:48:50 +01:00
Adapt franz to real installation 2024-03-17 15:18:23 +01:00			`#Convertible`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlRsnLqm6Ap3yKEEhtFiWavo72df/X5Il1ZCmENUqev openpgp:0xDE189CA5"`
			`];`
			`};`
			`security.pam.enableSSHAgentAuth = true;`

Add franz configuration 2024-03-02 17:17:52 +01:00			`nixpkgs = {`
			`overlays = [`
			`outputs.overlays.additions`
			`outputs.overlays.modifications`
			`outputs.overlays.unstable-packages`
			`];`
			`config = {`
			`allowUnfree = true;`
			`};`
			`};`

			`networking.hostName = "franz";`

			`programs = {`
			`dconf.enable = true;`
			`};`

Enable ssh server 2024-03-02 17:41:16 +01:00			`services.openssh = {`
			`enable = true;`
Disable openssh password auth 2024-03-03 13:08:46 +01:00			`settings.PasswordAuthentication = false;`
Enable ssh server 2024-03-02 17:41:16 +01:00			`};`

Add franz configuration 2024-03-02 17:17:52 +01:00			`# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion`
			`system.stateVersion = "23.11";`
			`}`