From 8367b0330458c95326abb396f662c76d940be6f5 Mon Sep 17 00:00:00 2001 From: Daniel Patterson Date: Mon, 25 Aug 2025 01:18:32 +0100 Subject: [PATCH] Add leviathan --- flake.lock | 122 +++++++---- flake.nix | 12 ++ hosts/common/default.nix | 2 +- hosts/leviathan/configuration.nix | 190 ++++++++++++++++++ hosts/leviathan/hardware-configuration.nix | 67 ++++++ modules/default.nix | 2 + users/configs/desktop/default.nix | 2 + users/configs/desktop/fuzzel/default.nix | 3 +- users/configs/desktop/niri/default.nix | 3 +- users/daniel/default.nix | 2 - .../host-specific/leviathan/default.nix | 21 ++ 11 files changed, 378 insertions(+), 48 deletions(-) create mode 100644 hosts/leviathan/configuration.nix create mode 100644 hosts/leviathan/hardware-configuration.nix create mode 100644 users/daniel/host-specific/leviathan/default.nix diff --git a/flake.lock b/flake.lock index cccc7db..4a187de 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1760836749, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a", "type": "github" }, "original": { @@ -41,11 +41,11 @@ ] }, "locked": { - "lastModified": 1748883665, - "narHash": "sha256-R0W7uAg+BLoHjMRMQ8+oiSbTq8nkGz5RDpQ+ZfxxP3A=", + "lastModified": 1752264895, + "narHash": "sha256-1zBPE/PNAkPNUsOWFET4J0cjlvziH8DOekesDmjND+w=", "owner": "cachix", "repo": "cachix", - "rev": "f707778d902af4d62d8dd92c269f8e70de09acbe", + "rev": "47053aef762f452e816e44eb9a23fbc3827b241a", "type": "github" }, "original": { @@ -55,6 +55,27 @@ "type": "github" } }, + "copyparty": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1761420116, + "narHash": "sha256-k8v/AvYeJmiKMjDd4xw6oG8idyXYYxKEsObB+Dkv6N4=", + "owner": "9001", + "repo": "copyparty", + "rev": "4fcd2c41932d731b052bf1be6879b4310f4d3e10", + "type": "github" + }, + "original": { + "owner": "9001", + "repo": "copyparty", + "type": "github" + } + }, "darwin": { "inputs": { "nixpkgs": [ @@ -81,6 +102,7 @@ "inputs": { "cachix": "cachix", "flake-compat": "flake-compat", + "flake-parts": "flake-parts", "git-hooks": "git-hooks", "nix": "nix", "nixpkgs": [ @@ -88,11 +110,11 @@ ] }, "locked": { - "lastModified": 1754158015, - "narHash": "sha256-B/o0XiDj06Knm7t/9KmLKnkrpI9s5O13qU+SNL/4Gp8=", + "lastModified": 1761427990, + "narHash": "sha256-MnrJFwdkwt0FHvRj6vbVfCBWoAPW9O9+HOldMM1yeR8=", "owner": "cachix", "repo": "devenv", - "rev": "062f3f42de2f6bb7382f88f6dbcbbbaa118a3791", + "rev": "7419c04fc798d5d5918413d4cb6c8629f9d4e8a3", "type": "github" }, "original": { @@ -137,16 +159,15 @@ "inputs": { "nixpkgs-lib": [ "devenv", - "nix", "nixpkgs" ] }, "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -156,6 +177,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "locked": { "lastModified": 1649676176, "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", @@ -170,7 +206,7 @@ "type": "github" } }, - "flake-utils_2": { + "flake-utils_3": { "inputs": { "systems": "systems_3" }, @@ -188,7 +224,7 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_4": { "inputs": { "systems": "systems_4" }, @@ -219,11 +255,11 @@ ] }, "locked": { - "lastModified": 1750779888, - "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "lastModified": 1758108966, + "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", "type": "github" }, "original": { @@ -262,11 +298,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1754074888, - "narHash": "sha256-trRykvG3vaprmxyI4IMN/zUYzeyaoHvJ/rb1btB+vME=", + "lastModified": 1760925941, + "narHash": "sha256-M+EJsr6z05heKk6iuh3RWZS+9gAMBwG9IyryACVpOy0=", "owner": "tailscale", "repo": "golink", - "rev": "491e52901739bdc284fc969c25aef08687ead4bc", + "rev": "42765dea97afa9f9f5ea167fb0df6f5372d78481", "type": "github" }, "original": { @@ -303,11 +339,11 @@ ] }, "locked": { - "lastModified": 1754225444, - "narHash": "sha256-mv01SQtqlhBMavc1dgNjgqJw4WfZxy+w3xBgwJU3YmU=", + "lastModified": 1761468550, + "narHash": "sha256-nY4vyN1QdHhC5Gj3545fI2Y7FSr/gs8ID4gPmF8HPww=", "owner": "nix-community", "repo": "home-manager", - "rev": "0de18bd5c6681280d7ae017fa34ffd91bdcf0557", + "rev": "1830716059bfee7cbcfbfcc38d7be98e482a5762", "type": "github" }, "original": { @@ -340,7 +376,7 @@ }, "i3utils": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" ] @@ -366,7 +402,10 @@ "devenv", "flake-compat" ], - "flake-parts": "flake-parts", + "flake-parts": [ + "devenv", + "flake-parts" + ], "git-hooks-nix": [ "devenv", "git-hooks" @@ -383,23 +422,23 @@ ] }, "locked": { - "lastModified": 1752773918, - "narHash": "sha256-dOi/M6yNeuJlj88exI+7k154z+hAhFcuB8tZktiW7rg=", + "lastModified": 1758763079, + "narHash": "sha256-Bx1A+lShhOWwMuy3uDzZQvYiBKBFcKwy6G6NEohhv6A=", "owner": "cachix", "repo": "nix", - "rev": "031c3cf42d2e9391eee373507d8c12e0f9606779", + "rev": "6f0140527c2b0346df4afad7497baa08decb929f", "type": "github" }, "original": { "owner": "cachix", - "ref": "devenv-2.30", + "ref": "devenv-2.30.5", "repo": "nix", "type": "github" } }, "nixgl": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -420,11 +459,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1753939845, - "narHash": "sha256-K2ViRJfdVGE8tpJejs8Qpvvejks1+A4GQej/lBk5y7I=", + "lastModified": 1761373498, + "narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "94def634a20494ee057c76998843c015909d6311", + "rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce", "type": "github" }, "original": { @@ -468,6 +507,7 @@ "root": { "inputs": { "agenix": "agenix", + "copyparty": "copyparty", "devenv": "devenv", "golink": "golink", "home-manager": "home-manager_2", @@ -547,11 +587,11 @@ ] }, "locked": { - "lastModified": 1754193284, - "narHash": "sha256-ZGLXnpXy7vcTDLC1yLQSJOclsilvK+RNFVVEeO0ei/0=", + "lastModified": 1761471016, + "narHash": "sha256-sCiTEdvR5bnsAKmm0BcR6DLN4YKSUa43xLopA0VHYww=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "ac2b25e76f5bfe1e30ae39409dfa450c5c1bc945", + "rev": "9876658e1abf52bafa06bec7b0c2ba7e03931b0e", "type": "github" }, "original": { @@ -563,15 +603,15 @@ "zig": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_4", "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1753963984, - "narHash": "sha256-JPiCLZHuNk11XYYCqoLoKYIgdUu2WpNccTzl4ljycTQ=", + "lastModified": 1760747435, + "narHash": "sha256-wNB/W3x+or4mdNxFPNOH5/WFckNpKgFRZk7OnOsLtm0=", "owner": "mitchellh", "repo": "zig-overlay", - "rev": "45772b76cdb103bd300abac4a85a34518dee65a0", + "rev": "d0f239b887b1ac736c0f3dde91bf5bf2ecf3a420", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 63070fb..b475706 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,9 @@ agenix.url = "github:ryantm/agenix"; agenix.inputs.nixpkgs.follows = "nixpkgs"; + copyparty.url = "github:9001/copyparty"; + copyparty.inputs.nixpkgs.follows = "nixpkgs"; + devenv.url = "github:cachix/devenv"; devenv.inputs.nixpkgs.follows = "nixpkgs"; @@ -34,6 +37,7 @@ nixpkgs, nixpkgs-stable, agenix, + copyparty, devenv, golink, home-manager, @@ -46,6 +50,7 @@ system = "x86_64-linux"; overlays = [ + copyparty.overlays.default golink.overlays.default nixgl.overlay zig.overlays.default @@ -101,6 +106,8 @@ agenix.nixosModules.default + copyparty.nixosModules.default + golink.nixosModules.default home-manager.nixosModules.home-manager @@ -159,6 +166,11 @@ headless = false; np = nixpkgs; }; + leviathan = hostSystem { + hostname = "leviathan"; + headless = true; + np = nixpkgs; + }; }; homeConfigurations = { "deck" = deckSystem { diff --git a/hosts/common/default.nix b/hosts/common/default.nix index 589dd3c..3dc4eea 100644 --- a/hosts/common/default.nix +++ b/hosts/common/default.nix @@ -11,7 +11,7 @@ isNormalUser = true; home = "/home/${userName}"; initialPassword = "password"; - extraGroups = ["wheel" "networkmanager" "docker" "video" "syncthing"]; + extraGroups = ["wheel" "networkmanager" "docker" "video" "syncthing" "audio" "media"]; uid = uid; group = "users"; shell = pkgs.zsh; diff --git a/hosts/leviathan/configuration.nix b/hosts/leviathan/configuration.nix new file mode 100644 index 0000000..71dccb4 --- /dev/null +++ b/hosts/leviathan/configuration.nix @@ -0,0 +1,190 @@ +{ + config, + lib, + pkgs, + ... +}: let + zfsCompatibleKernelPackages = + lib.filterAttrs ( + name: kernelPackages: + (builtins.match "linux_[0-9]+_[0-9]+" name) + != null + && (builtins.tryEval kernelPackages).success + && (!kernelPackages.${config.boot.zfs.package.kernelModuleAttribute}.meta.broken) + ) + pkgs.linuxKernel.packages; + latestKernelPackage = lib.last ( + lib.sort (a: b: (lib.versionOlder a.kernel.version b.kernel.version)) ( + builtins.attrValues zfsCompatibleKernelPackages + ) + ); +in { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + + ../common + (import ../../modules).leviathan + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.kernelPackages = lib.mkForce latestKernelPackage; + boot.supportedFilesystems = ["zfs"]; + + networking = { + useDHCP = false; + hostName = "leviathan"; + hostId = "abcd1234"; + interfaces.enp1s0.useDHCP = true; + interfaces.br0.useDHCP = true; + nameservers = [ + "1.1.1.1" + ]; + + firewall.allowedTCPPorts = [8000 8123 8095]; + + bridges.br0.interfaces = ["enp1s0"]; + # interfaces.br0 = { + # useDHCP = false; + # ipv4.addresses = [{ + # address = "192.168.1.200"; + # prefixLength = 24; + # }]; + # }; + }; + + environment.systemPackages = with pkgs; [ + helix + kitty # For terminfo + lazygit + ]; + + containers.radarr = { + autoStart = true; + bindMounts = { + "/data" = { + hostPath = "/store/media"; + mountPoint = "/store/media"; + isReadOnly = false; + }; + }; + config = { + config, + pkgs, + lib, + ... + }: { + services.radarr = { + enable = true; + user = "root"; + group = "root"; + }; + system.stateVersion = "24.11"; + }; + }; + + services.openssh.settings.PermitRootLogin = "yes"; + + security.rtkit.enable = true; + + users.groups."media".name = "media"; + + services = { + copyparty = { + enable = true; + settings = { + i = "100.64.214.3"; + }; + accounts = { + }; + volumes = { + "/" = { + path = "/srv/copyparty"; + access = { + rw = "*"; + }; + }; + }; + }; + + jellyfin = { + enable = true; + group = "media"; + }; + + music-assistant = { + enable = true; + providers = [ + "builtin_player" + "chromecast" + "hass" + "hass_players" + "soundcloud" + "spotify" + "spotify_connect" + "ytmusic" + ]; + }; + + pipewire = { + enable = true; + pulse.enable = true; + alsa.enable = true; + alsa.support32Bit = true; + wireplumber.enable = true; + }; + }; + + programs.virt-manager.enable = true; + + virtualisation = { + libvirtd = { + enable = true; + allowedBridges = ["br0"]; + }; + + oci-containers = { + backend = "podman"; + containers.homeassistant = { + volumes = ["home-assistant:/config"]; + environment.TZ = "Europe/Berlin"; + image = "ghcr.io/home-assistant/home-assistant:2025.10.2"; + extraOptions = [ + # Use the host network namespace for all sockets + "--network=host" + # Pass devices into the container, so Home Assistant can discover and make use of them + "--device=/dev/ttyUSB0:/dev/ttyUSB0" + ]; + }; + }; + }; + + # systemd.services.libvirt-default-network = { + # description = "Start libvirt bridge network"; + # after = ["libvirtd.service"]; + # wantedBy = ["multi-user.target"]; + # serviceConfig = { + # Type = "oneshot"; + # RemainAfterExit = true; + # ExecStart = "${pkgs.libvirt}/bin/virsh net-start bridged-network"; + # ExecStop = "${pkgs.libvirt}/bin/virsh net-destroy bridged-network"; + # User = "root"; + # }; + # }; + + # systemd.services.libvirt-home-assistant = { + # description = "Start home assistant VM"; + # after = ["libvirt-default-network.service"]; + # wantedBy = ["multi-user.target"]; + # serviceConfig = { + # Type = "oneshot"; + # RemainAfterExit = true; + # ExecStart = "${pkgs.libvirt}/bin/virsh start hass"; + # ExecStop = "${pkgs.libvirt}/bin/virsh destroy hass"; + # User = "root"; + # }; + # }; + + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/hosts/leviathan/hardware-configuration.nix b/hosts/leviathan/hardware-configuration.nix new file mode 100644 index 0000000..74b28f3 --- /dev/null +++ b/hosts/leviathan/hardware-configuration.nix @@ -0,0 +1,67 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "zpool/root"; + fsType = "zfs"; + options = ["zfsutil"]; + }; + + fileSystems."/nix" = { + device = "zpool/nix"; + fsType = "zfs"; + options = ["zfsutil"]; + }; + + fileSystems."/var" = { + device = "zpool/var"; + fsType = "zfs"; + options = ["zfsutil"]; + }; + + fileSystems."/home" = { + device = "zpool/home"; + fsType = "zfs"; + options = ["zfsutil"]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/95BF-1B15"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + + swapDevices = [ + { + device = "/dev/disk/by-partuuid/db6bcd05-29fb-470a-aeba-f9f2648564af"; + randomEncryption = true; + } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/default.nix b/modules/default.nix index f6e1229..7f6f2a5 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -31,4 +31,6 @@ ./gitea ]; }; + + leviathan = {}; } diff --git a/users/configs/desktop/default.nix b/users/configs/desktop/default.nix index 09018a2..a182e18 100644 --- a/users/configs/desktop/default.nix +++ b/users/configs/desktop/default.nix @@ -10,4 +10,6 @@ ./tofi ./waybar ]; + + zen-browser.enable = true; } diff --git a/users/configs/desktop/fuzzel/default.nix b/users/configs/desktop/fuzzel/default.nix index 33663b4..b39d1d3 100644 --- a/users/configs/desktop/fuzzel/default.nix +++ b/users/configs/desktop/fuzzel/default.nix @@ -1,5 +1,4 @@ -{pkgs, ...}: -{ +{pkgs, ...}: { programs.fuzzel = { enable = true; settings = { diff --git a/users/configs/desktop/niri/default.nix b/users/configs/desktop/niri/default.nix index 6d4362b..4102d31 100644 --- a/users/configs/desktop/niri/default.nix +++ b/users/configs/desktop/niri/default.nix @@ -1,5 +1,4 @@ -{...}: -{ +{...}: { home.file = { ".config/niri/config.kdl".source = ./config.kdl; }; diff --git a/users/daniel/default.nix b/users/daniel/default.nix index 435661b..17abaa7 100644 --- a/users/daniel/default.nix +++ b/users/daniel/default.nix @@ -187,8 +187,6 @@ in { vscode.enable = true; - zen-browser.enable = true; - zsh = { enable = true; autosuggestion.enable = true; diff --git a/users/daniel/host-specific/leviathan/default.nix b/users/daniel/host-specific/leviathan/default.nix new file mode 100644 index 0000000..353b0fb --- /dev/null +++ b/users/daniel/host-specific/leviathan/default.nix @@ -0,0 +1,21 @@ +{pkgs, ...}: let + # librespot = pkgs.callPackage ../../../../packages/librespot.nix { + # withPulseAudio = true; + # withRodio = true; + # }; +in { + services.librespot = { + enable = true; + + # package = librespot; + + settings = { + # "zeroconf-port" = 12345; + # "verbose" = true; + "name" = "Ships Comms"; + # "bitrate" = "320"; + # "format" = "S32"; + "disable-credential-cache" = true; + }; + }; +}