246 lines
6.0 KiB
Nix
246 lines
6.0 KiB
Nix
{
|
|
description = "Flake for server muffin";
|
|
|
|
inputs = {
|
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
|
|
|
|
lanzaboote = {
|
|
url = "github:nix-community/lanzaboote";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
|
|
|
nix-minecraft = {
|
|
url = "github:Infinidoge/nix-minecraft";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
vpn-confinement.url = "github:Maroka-chan/VPN-Confinement";
|
|
|
|
home-manager = {
|
|
url = "github:nix-community/home-manager/release-25.05";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
disko = {
|
|
url = "github:nix-community/disko";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
llamacpp = {
|
|
url = "github:ggml-org/llama.cpp";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
srvos = {
|
|
url = "github:nix-community/srvos";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
|
|
deploy-rs = {
|
|
url = "github:serokell/deploy-rs";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
};
|
|
|
|
outputs =
|
|
{
|
|
self,
|
|
nixpkgs,
|
|
nix-minecraft,
|
|
nixos-hardware,
|
|
vpn-confinement,
|
|
home-manager,
|
|
lanzaboote,
|
|
disko,
|
|
srvos,
|
|
deploy-rs,
|
|
...
|
|
}@inputs:
|
|
let
|
|
username = "primary";
|
|
hostname = "muffin";
|
|
eth_interface = "enp4s0";
|
|
system = "x86_64-linux";
|
|
|
|
service_configs = rec {
|
|
zpool_ssds = "tank";
|
|
zpool_hdds = "hdds";
|
|
torrents_path = "/torrents";
|
|
services_dir = "/${zpool_ssds}/services";
|
|
music_dir = "/${zpool_ssds}/music";
|
|
torrent_group = "media";
|
|
|
|
ports = {
|
|
https = 443;
|
|
jellyfin = 8096; # no services.jellyfin option for this
|
|
torrent = 6011;
|
|
bitmagnet = 3333;
|
|
owntracks = 3825;
|
|
gitea = 2283;
|
|
immich = 2284;
|
|
soulseek_web = 5030;
|
|
soulseek_listen = 50300;
|
|
llama_cpp = 8991;
|
|
};
|
|
|
|
https = {
|
|
certs = services_dir + "/http_certs";
|
|
# TODO! generate website from repo directly using hugo
|
|
data_dir = services_dir + "/http";
|
|
domain = "gardling.com";
|
|
wg_ip = "192.168.15.1";
|
|
matrix_hostname = "matrix.${service_configs.https.domain}";
|
|
};
|
|
|
|
gitea = {
|
|
dir = services_dir + "/gitea";
|
|
domain = "git.${https.domain}";
|
|
};
|
|
|
|
postgres = {
|
|
socket = "/run/postgresql";
|
|
dataDir = services_dir + "/sql";
|
|
};
|
|
|
|
immich = {
|
|
dir = services_dir + "/immich";
|
|
};
|
|
|
|
minecraft = {
|
|
parent_dir = services_dir + "/minecraft";
|
|
server_name = "main";
|
|
};
|
|
|
|
torrent = {
|
|
SavePath = torrents_path;
|
|
TempPath = torrents_path + "/incomplete";
|
|
};
|
|
|
|
jellyfin = {
|
|
dataDir = services_dir + "/jellyfin";
|
|
cacheDir = services_dir + "/jellyfin_cache";
|
|
};
|
|
|
|
owntracks = {
|
|
data_dir = services_dir + "/owntracks";
|
|
};
|
|
|
|
slskd = rec {
|
|
base = "/var/lib/slskd";
|
|
downloads = base + "/downloads";
|
|
incomplete = base + "/incomplete";
|
|
};
|
|
};
|
|
|
|
pkgs = import nixpkgs {
|
|
inherit system;
|
|
hostPlatform = system;
|
|
buildPlatform = builtins.currentSystem;
|
|
};
|
|
lib = import ./lib.nix { inherit inputs pkgs; };
|
|
in
|
|
{
|
|
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
|
|
nixosConfigurations.${hostname} = nixpkgs.lib.nixosSystem {
|
|
inherit system;
|
|
specialArgs = rec {
|
|
inherit
|
|
username
|
|
hostname
|
|
eth_interface
|
|
service_configs
|
|
inputs
|
|
lib
|
|
;
|
|
};
|
|
modules = [
|
|
# SAFETY! make sure no ports collide
|
|
(
|
|
{ lib, ... }:
|
|
{
|
|
config.assertions = [
|
|
{
|
|
assertion =
|
|
let
|
|
ports = lib.attrValues service_configs.ports;
|
|
uniquePorts = lib.unique ports;
|
|
in
|
|
(lib.length ports) == (lib.length uniquePorts);
|
|
message = "Duplicate ports detected in 'ports' configuration";
|
|
}
|
|
];
|
|
}
|
|
)
|
|
|
|
# sets up things like the watchdog
|
|
srvos.nixosModules.server
|
|
|
|
# diff terminal support
|
|
srvos.nixosModules.mixins-terminfo
|
|
|
|
./disk-config.nix
|
|
disko.nixosModules.disko
|
|
./configuration.nix
|
|
|
|
vpn-confinement.nixosModules.default
|
|
|
|
# get nix-minecraft working!
|
|
nix-minecraft.nixosModules.minecraft-servers
|
|
{
|
|
nixpkgs.overlays = [ nix-minecraft.overlay ];
|
|
}
|
|
|
|
lanzaboote.nixosModules.lanzaboote
|
|
|
|
home-manager.nixosModules.home-manager
|
|
(
|
|
{
|
|
home-manager,
|
|
...
|
|
}:
|
|
{
|
|
home-manager.users.${username} = import ./home.nix;
|
|
}
|
|
)
|
|
]
|
|
++ (with nixos-hardware.nixosModules; [
|
|
common-cpu-amd-pstate
|
|
common-cpu-amd-zenpower
|
|
common-pc-ssd
|
|
common-gpu-intel
|
|
]);
|
|
};
|
|
|
|
deploy.nodes.muffin = {
|
|
hostname = "server-public";
|
|
profiles.system = {
|
|
sshUser = "root";
|
|
user = "root";
|
|
path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.muffin;
|
|
};
|
|
};
|
|
|
|
packages.${system} =
|
|
let
|
|
testSuite = import ./tests/tests.nix {
|
|
inherit pkgs lib;
|
|
config = self.nixosConfigurations.muffin.config;
|
|
};
|
|
in
|
|
{
|
|
tests = pkgs.linkFarm "all-tests" (
|
|
pkgs.lib.mapAttrsToList (name: test: {
|
|
name = name;
|
|
path = test;
|
|
}) testSuite
|
|
);
|
|
}
|
|
// (pkgs.lib.mapAttrs' (name: test: {
|
|
name = "test-${name}";
|
|
value = test;
|
|
}) testSuite);
|
|
};
|
|
}
|