Servapp nixos

.github/workflows/push-check.yaml

@@ -58,7 +58,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        machine: ["appaquet@deskapp"]
+        machine: ["appaquet@deskapp", "appaquet@servapp"]
     steps:
     - uses: actions/checkout@v4
     - uses: DeterminateSystems/nix-installer-action@main

.github/workflows/updater.yaml

@@ -87,7 +87,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        machine: ["appaquet@deskapp"]
+        machine: ["appaquet@deskapp", "appaquet@servapp"]
     steps:
       - uses: actions/checkout@v4
 
@@ -107,7 +107,7 @@ jobs:
       - name: Building NixOS baseline
         run: |
           set -xe
-          MACHINE_KEY="appaquet@deskapp" ./x nixos build
+          MACHINE_KEY="${{ matrix.machine }}" ./x nixos build
           nix-collect-garbage # free up intermediary, since we're low on disk on gha
           mv result result-before
 
@@ -119,7 +119,7 @@ jobs:
       - name: Building NixOS new
         run: |
           set -xe
-          MACHINE_KEY="appaquet@deskapp" ./x nixos build
+          MACHINE_KEY="${{ matrix.machine }}" ./x nixos build
           mv result result-after
 
       - name: Diffing...

flake.nix

@@ -135,8 +135,11 @@
                   extraSpecialArgs.secrets.commonHome
                 ] ++ commonHomeModules;
                 extraSpecialArgs = {
-                  inherit inputs unstablePkgs cfg;
+                  inherit inputs unstablePkgs;
                   secrets = secrets.init "linux";
+                  cfg = cfg // {
+                    isNixos = true;
+                  };
                 };
               };
 
@@ -191,6 +194,18 @@
             ./nixos/deskapp/configuration.nix
           ];
         };
+
+        servapp = nixpkgs.lib.nixosSystem {
+          specialArgs = {
+            inherit (self) common;
+            inherit inputs;
+            secrets = secrets.init "linux";
+          };
+          modules = [
+            nixosOverlaysModule
+            ./nixos/servapp/configuration.nix
+          ];
+        };
       };
     };
 }

home-manager/servapp.nix

@@ -10,5 +10,5 @@
 
   home.username = "appaquet";
   home.homeDirectory = "/home/appaquet";
-  home.stateVersion = "23.11";
+  home.stateVersion = "24.11";
 }

nixos/deskapp/configuration.nix

@@ -53,6 +53,7 @@
   networking.hosts = {
     "100.109.193.77" = [ "localhost.humanfirst.ai" ];
   };
+  networking.firewall.enable = false;
 
   # NasAPP mounts
   nasapp = {
@@ -88,12 +89,6 @@
   services.printing.enable = false;
   services.openssh.enable = true;
 
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  networking.firewall.enable = false;
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

nixos/servapp/configuration.nix

@@ -0,0 +1,90 @@
+{ pkgs, secrets, ... }:
+
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./virt
+    ../common.nix
+    ../dev.nix
+    ../docker.nix
+    ../network-bridge.nix
+    ../ups.nix
+    ../nasapp.nix
+  ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.kernelParams = [ ];
+
+  networking.hostName = "servapp";
+
+  # Drives
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 16 * 1024; # 16GB
+    }
+  ];
+
+  # Networking
+  # networking.networkmanager.enable = true;
+  # networking.myBridge = {
+  #   enable = true;
+  #   interface = "enp1s0"; # TODO: probably wrong
+  #   lanIp = "192.168.0.13";
+  # };
+  networking.firewall.enable = false;
+
+  # NasAPP mounts
+  nasapp = {
+    enable = true;
+    credentials = secrets.servapp.nasappCifs;
+    uid = "appaquet";
+    gid = "users";
+    shares = [
+      {
+        share = "backup_servapp"; # TODO: move to backup
+        mount = "/mnt/backup_servapp";
+      }
+      {
+        share = "video";
+        mount = "/mnt/video";
+      }
+    ];
+  };
+
+  # Display
+  services.xserver.enable = true;
+  services.xserver.displayManager.lightdm.enable = true;
+  services.xserver.desktopManager.xfce.enable = true;
+  services.xserver = {
+    xkb.layout = "us";
+    xkb.variant = "";
+  };
+  services.displayManager.autoLogin.enable = true;
+  services.displayManager.autoLogin.user = "appaquet";
+
+  # Enable sound with pipewire.
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+
+  # Programs & services
+  programs.firefox.enable = true;
+  services.printing.enable = false;
+  services.openssh.enable = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.11";
+}

nixos/servapp/hardware-configuration.nix

@@ -0,0 +1,53 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "nvme"
+    "xhci_pci"
+    "ahci"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/141971f9-e5ed-4eec-b306-a7b3db3d005d";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/8A5E-82A3";
+    fsType = "vfat";
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  networking.interfaces.eno1.useDHCP = false;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

nixos/servapp/virt/default.nix

@@ -0,0 +1,33 @@
+{
+  inputs,
+  ...
+}:
+
+{
+  imports = [
+    ../../virt.nix
+    inputs.nixvirt.nixosModules.default
+  ];
+
+  virtualisation = {
+    libvirt.enable = true;
+    libvirt.connections = {
+      "qemu:///system" = {
+        domains = [
+          {
+            definition = ./domains/homeassistant.xml;
+          }
+          {
+            definition = ./domains/pihole.xml;
+          }
+        ];
+        pools = [
+          {
+            definition = ./pools/download.xml;
+            active = true;
+          }
+        ];
+      };
+    };
+  };
+}