meow

2025-11-24 09:33:42 +01:00 · 2025-11-24 09:33:42 +01:00 · 0eb6953b0d
commit 0eb6953b0d
parent 83de52d5db
212 changed files with 1006 additions and 13525 deletions
--- a/instances/ds9/hardware-configuration.nix
+++ b/instances/ds9/hardware-configuration.nix
@ -1,59 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports = [ "${modulesPath}/installer/scan/not-detected.nix" ];
-
-  boot.lanzaboote = {
-    enable = true;
-    pkiBundle = "/var/lib/sbctl";
-  };
-  boot.loader.systemd-boot.enable = lib.mkForce false;
-
-
-
-  boot.initrd.availableKernelModules = [ "r8169" "ahci" "vfio-pci" "xhci_pci" "ehci_pci" "nvme" "usbhid" "sd_mod" "sr_mod" ];
-  boot.kernelModules = [ "kvm-amd" ];
-  nix.settings.max-jobs = lib.mkDefault 12;
-  powerManagement.powertop.enable = true;
-  powerManagement.cpuFreqGovernor = "powersave";
-  powerManagement.scsiLinkPolicy = "min_power";
-
-  services.zfs.autoScrub.enable = true;
-
-  services.sanoid.datasets."rpool/content/safe/data/media" = { };
-  services.sanoid.enable = true;
-  services.sanoid.interval = "0/8:00:00";
-
-  swapDevices = [{ device = "/dev/disk/by-id/nvme-eui.000000000000000100a075202c247839-part1"; randomEncryption = true; }];
-  fileSystems."/boot".device = "/dev/disk/by-uuid/149F-23AA";
-
-
-  fileSystems."/" = {
-    device = "spool/safe/persist";
-    fsType = "zfs";
-  };
-  fileSystems."/nix" = {
-    device = "spool/local/nix";
-    fsType = "zfs";
-  };
-  fileSystems."/var/log" = {
-    device = "spool/local/journal";
-    fsType = "zfs";
-  };
-  fileSystems."/data" = {
-    device = "rpool/content/safe/data";
-    fsType = "zfs";
-  };
-  fileSystems."/data/media" = {
-    device = "rpool/content/safe/data/media";
-    fsType = "zfs";
-  };
-  fileSystems."/backups" = {
-    device = "rpool/content/local/backups";
-    fsType = "zfs";
-  };
-
-}
--- a/instances/nemesis/configuration.nix
+++ b/instances/nemesis/configuration.nix
@ -17,7 +17,7 @@

  ];
  time.timeZone = "Europe/Berlin";
-  networking.hostId = "7b4c2337";
+  networking.hostId = "7b4c2932";

  containers.ds9 = {
    autoStart = true;
@ -33,7 +33,9 @@
    ];
    hostAddress = "192.168.100.10";
    localAddress = "192.168.100.11";
-    config = inputs.old-conf.nixosConfigurations.ds9.config;
+
+    path = inputs.oldConf.nixosConfigurations.ds9.config.system.build.toplevel;
+    
    bindMounts = {
      "/data" = {
        hostPath = "/data";
@ -44,20 +46,20 @@
        isReadOnly = false;
      };
      "/persistent" = {
-        hostPath = "/persistent";
+        hostPath = "/oldds9/persistent";
        isReadOnly = false;
      };
    };
  };
  networking.nat.enable = true;
  networking.nat.internalInterfaces = [ "ve-+" ];
-  networking.nat.externalInterface = "eth0"; # TODO: changeme
+  networking.nat.externalInterface = "enp1s0f1"; # TODO: changeme

  xyno.services.traefik = {
    enable = true;
    simpleProxy.oldds9 = {
      host = "*.hailsatan.eu";
-      internal = "https://192.168.100.11:443";
+      internal = "http://192.168.100.11";
    };
  };

--- a/instances/nemesis/default.nix
+++ b/instances/nemesis/default.nix
@ -6,6 +6,6 @@
  };
  # xyno.services.wireguard.pubKey = "aZvSeAhKG3B5I2My5IqQoSlntMzbCHM6OU92WEScohc=";
  deployment = {
-    targetHost = "ds9.xyno.systems";
+    targetHost = "nemesis.xyno.systems";
  };
 }
--- a/instances/nemesis/hardware-configuration.nix
+++ b/instances/nemesis/hardware-configuration.nix
@ -0,0 +1,145 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [ "${modulesPath}/installer/scan/not-detected.nix" ];
+
+  # boot.lanzaboote = {
+  #   enable = true;
+  #   pkiBundle = "/var/lib/sbctl";
+  # };
+  # boot.loader.systemd-boot.enable = lib.mkForce false;
+  boot.loader.systemd-boot.enable = true;
+
+  boot.initrd.availableKernelModules = [
+    "r8169"
+    "ahci"
+    "vfio-pci"
+    "xhci_pci"
+    "ehci_pci"
+    "nvme"
+    "usbhid"
+    "sd_mod"
+    "sr_mod"
+  ];
+  boot.kernelModules = [ "kvm-amd" ];
+  nix.settings.max-jobs = lib.mkDefault 12;
+  powerManagement.powertop.enable = true;
+  powerManagement.cpuFreqGovernor = "powersave";
+  powerManagement.scsiLinkPolicy = "min_power";
+
+  services.zfs.autoScrub.enable = true;
+
+  services.sanoid.datasets."rpool/content/safe/data/media" = { };
+  services.sanoid.datasets."rpool/content/safe/data" = { };
+  services.sanoid.datasets."spool/nemesis/persistent" = { };
+  services.sanoid.enable = true;
+  services.sanoid.interval = "0/8:00:00";
+
+  # boot.initrd.systemd = {
+  #   enable = true;
+  # };
+  boot.initrd.network = {
+    enable = true;
+    postCommands = ''
+      zpool import rpool
+      zpool import spool
+      echo "zfs load-key -a; killall zfs" >> /root/.profile
+    '';
+    ssh = {
+      enable = true;
+      port = 2222;
+      hostKeys = [
+        "/persistent/initrd/ssh_host_rsa_key"
+        "/persistent/initrd/ssh_host_ed25519_key"
+      ];
+      authorizedKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID/oMAi5jyQsNohfhcSH2ItisTpBGB0WtYTVxJYKKqhj" # TODO
+      ];
+
+    };
+
+  };
+
+  # swapDevices = [
+  #   {
+  #     device = "/dev/disk/by-id/nvme-eui.000000000000000100a075202c247839-part1";
+  #     randomEncryption = true;
+  #   }
+  # ];
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/149F-23AA";
+    fsType = "vfat";
+    options = [
+      "noauto"
+      "x-systemd.automount"
+    ];
+  };
+
+  zramSwap.enable = true;
+  zramSwap.writebackDevice = "/dev/zvol/spool/nemesis/zswap";
+
+  fileSystems."/persistent/var/lib/postgres" = {
+    # has things of https://wiki.archlinux.org/title/ZFS#Databases set
+    device = "spool/nemesis/postgres";
+    fsType = "zfs";
+    neededForBoot = true;
+  };
+  fileSystems."/persistent" = {
+    device = "spool/nemesis/persistent";
+    fsType = "zfs";
+    neededForBoot = true;
+  };
+  fileSystems."/var/log" = {
+    device = "spool/nemesis/varlog";
+    fsType = "zfs";
+    neededForBoot = true;
+  };
+  fileSystems."/nix" = {
+    device = "spool/local/nix";
+    fsType = "zfs";
+    neededForBoot = true;
+  };
+
+  fileSystems."/data" = {
+    device = "rpool/content/safe/data";
+    fsType = "zfs";
+    neededForBoot = true;
+  };
+  fileSystems."/data/media" = {
+    device = "rpool/content/safe/data/media";
+    fsType = "zfs";
+    neededForBoot = true;
+  };
+  fileSystems."/backups" = {
+    device = "rpool/content/local/backups";
+    fsType = "zfs";
+    neededForBoot = true;
+  };
+
+  fileSystems."/oldds9/persistent" = {
+    device = "spool/safe/persist";
+    fsType = "zfs";
+    neededForBoot = true;
+  };
+  fileSystems."/oldds9/varlog" = {
+    device = "spool/local/journal";
+    fsType = "zfs";
+    neededForBoot = true;
+  };
+  fileSystems."/" = {
+    device = "none";
+    fsType = "tmpfs";
+    options = [ "size=8G" ];
+    neededForBoot = true;
+  };
+
+}
--- a/instances/nemesis/secrets/atticd.yaml
+++ b/instances/nemesis/secrets/atticd.yaml
--- a/instances/nemesis/secrets/authentik.yaml
+++ b/instances/nemesis/secrets/authentik.yaml
--- a/instances/nemesis/secrets/wg.yaml
+++ b/instances/nemesis/secrets/wg.yaml
--- a/instances/nemesis/secrets/woodpecker.yaml
+++ b/instances/nemesis/secrets/woodpecker.yaml
--- a/instances/nemesis/services/attic.nix
+++ b/instances/nemesis/services/attic.nix
--- a/instances/nemesis/services/immich.nix
+++ b/instances/nemesis/services/immich.nix
--- a/instances/nemesis/services/jellyfin.nix
+++ b/instances/nemesis/services/jellyfin.nix
--- a/instances/nemesis/services/paperless.nix
+++ b/instances/nemesis/services/paperless.nix
--- a/instances/nemesis/services/woodpecker.nix
+++ b/instances/nemesis/services/woodpecker.nix
--- a/instances/nemesis/services/ytdl-sub.nix
+++ b/instances/nemesis/services/ytdl-sub.nix