nixfiles/hosts/koi/configuration.nix

{ pkgs
, abs
, inputs
, ...
}:

{
  imports = [
    (abs "hosts/nixos-common.nix")
    (abs "users/teidesu/server.nix")
    (abs "lib/desu")
    ./hardware-configuration.nix

    ./partials/fde.nix
    ./partials/docker.nix
    ./partials/avahi.nix

    ./services/coredns.nix
    ./services/sing-box.nix
    ./services/nginx.nix
    ./services/phpfront.nix
    ./services/postgresql.nix
    ./services/landing
    ./services/geesefs.nix
    ./services/actions-runner

    ./containers/torrent.nix
    ./containers/soulseek
    ./containers/vaultwarden.nix
    ./containers/sftpgo
    ./containers/verdaccio
    ./containers/pds
    ./containers/navidrome
    ./containers/conduwuit
    ./containers/zond
    ./containers/zitadel
    ./containers/siyuan
    ./containers/memos
    ./containers/wakapi
    ./containers/outline
    ./containers/teisu.nix
    ./containers/bots/pcre-sub-bot.nix
    ./containers/bots/channel-logger-bot.nix
    ./containers/bots/bsky-crossposter
    ./vms/hass.nix
    ./vms/bnuuy.nix
    # ./vms/windows.nix
  ];

  networking = {
    hostName = "koi";
    # nftables.enable = true;

    useDHCP = false;
    interfaces = {
      br0 = {
        ipv4.addresses = [{
          address = "10.42.0.2";
          prefixLength = 16;
        }];
      };
    };

    bridges = {
      br0 = {
        interfaces = [ "enp2s0" ];
      };
    };

    nat = {
      enable = true;
      internalInterfaces = [ "ve-+" "vb-+" "veth+" ];
      externalInterface = "br0";
    };

    defaultGateway = {
      address = "10.42.0.1";
      interface = "br0";
    };
    nameservers = [
      "127.0.0.1"
      "8.8.8.8"
      "8.8.4.4"
    ];

    firewall.logRefusedConnections = false;
  };

  virtualisation.libvirtd = {
    enable = true;
    qemu.ovmf.enable = true;
    allowedBridges = [ "br0" ];
  };

  boot.extraModprobeConfig = ''
    options kvm_amd avic=1 nested=0
    options kvm ignore_msrs=N report_ignored_msrs=Y
  '';

  hardware.bluetooth.enable = true;
  security.pam.loginLimits = [{
    domain = "*";
    type = "soft";
    item = "nofile";
    value = "8192";
  }];

  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
  boot.kernelParams = [ "panic=5" "panic_on_oops=1" "mitigations=off" ];
  boot.kernelPackages = pkgs.linuxPackages_latest;

  services.desu-deploy = {
    enable = true;
    key = builtins.readFile (abs "ssh/desu-deploy.pub");
  };
}
initial commit 2024-01-08 07:49:51 +03:00			`{ pkgs`
			`, abs`
			`, inputs`
			`, ...`
			`}:`

			`{`
			`imports = [`
			`(abs "hosts/nixos-common.nix")`
initial darwin 2024-03-03 06:32:03 +03:00			`(abs "users/teidesu/server.nix")`
refactor: avoid importing libs 2024-11-23 16:37:34 +03:00			`(abs "lib/desu")`
initial commit 2024-01-08 07:49:51 +03:00			`./hardware-configuration.nix`

			`./partials/fde.nix`
chore(koi): initial migration to shared postgres - postgres on the host - improved docker networking - sharkey: moved from docker-compose to nix-managed containers 2024-08-05 10:26:36 +03:00			`./partials/docker.nix`
feat(koi): local access to webdav share 2024-09-19 15:05:13 +03:00			`./partials/avahi.nix`
initial commit 2024-01-08 07:49:51 +03:00
			`./services/coredns.nix`
chore: shadowsocks-rust -> sing-box 2024-05-11 07:16:10 +03:00			`./services/sing-box.nix`
initial commit 2024-01-08 07:49:51 +03:00			`./services/nginx.nix`
chore(koi): migrated phpfront from desu-arm 2024-06-06 15:14:49 +03:00			`./services/phpfront.nix`
chore(koi): initial migration to shared postgres - postgres on the host - improved docker networking - sharkey: moved from docker-compose to nix-managed containers 2024-08-05 10:26:36 +03:00			`./services/postgresql.nix`
feat(koi): stupid.fish landing 2024-04-15 11:58:54 +03:00			`./services/landing`
feat(koi): s3-backed encrypted mount for navidrome 2024-11-30 20:11:32 +03:00			`./services/geesefs.nix`
feat(koi): forgejo runners 2024-12-11 08:59:22 +03:00			`./services/actions-runner`
initial commit 2024-01-08 07:49:51 +03:00
			`./containers/torrent.nix`
chore(koi): sharkey is no more 2024-12-02 05:53:58 +03:00			`./containers/soulseek`
chore: initial migration off desu-arm 2024-06-06 13:10:13 +03:00			`./containers/vaultwarden.nix`
chore(koi): moved sftpgo to a docker container 2024-09-18 01:04:59 +03:00			`./containers/sftpgo`
feat(koi): verdaccio instance 2024-07-16 22:57:04 +03:00			`./containers/verdaccio`
feat(koi): bluesky pds 2024-05-28 13:10:22 +03:00			`./containers/pds`
feat(koi): s3-backed encrypted mount for navidrome 2024-11-30 20:11:32 +03:00			`./containers/navidrome`
feat(koi): conduwuit 2024-08-29 23:15:50 +03:00			`./containers/conduwuit`
chore: initial migration off desu-arm 2024-06-06 13:10:13 +03:00			`./containers/zond`
chore(koi): kanidm -> zitadel 2024-12-26 11:25:39 +03:00			`./containers/zitadel`
feat(koi): hosted siyuan instance 2024-09-19 17:39:18 +03:00			`./containers/siyuan`
feat(koi): memos 2024-10-26 23:35:48 +03:00			`./containers/memos`
feat(koi): added wakapi 2024-11-13 22:56:10 +03:00			`./containers/wakapi`
chore(koi): kanidm -> zitadel 2024-12-26 11:25:39 +03:00			`./containers/outline`
feat(koi): tei.su deployment 2024-08-03 09:36:05 +03:00			`./containers/teisu.nix`
feat(koi): pcre-sub-bot hosted 2024-07-17 01:09:32 +03:00			`./containers/bots/pcre-sub-bot.nix`
feat: channel-logger-bot initial 2024-08-07 19:40:47 +03:00			`./containers/bots/channel-logger-bot.nix`
chore(koi): kanidm -> zitadel 2024-12-26 11:25:39 +03:00			`./containers/bots/bsky-crossposter`
initial commit 2024-01-08 07:49:51 +03:00			`./vms/hass.nix`
chore: initial migration off desu-arm 2024-06-06 13:10:13 +03:00			`./vms/bnuuy.nix`
initial commit 2024-01-08 07:49:51 +03:00			`# ./vms/windows.nix`
			`];`

			`networking = {`
			`hostName = "koi";`
			`# nftables.enable = true;`

			`useDHCP = false;`
			`interfaces = {`
			`br0 = {`
			`ipv4.addresses = [{`
			`address = "10.42.0.2";`
			`prefixLength = 16;`
			`}];`
			`};`
			`};`

			`bridges = {`
			`br0 = {`
			`interfaces = [ "enp2s0" ];`
			`};`
			`};`

			`nat = {`
			`enable = true;`
			`internalInterfaces = [ "ve-+" "vb-+" "veth+" ];`
			`externalInterface = "br0";`
			`};`

			`defaultGateway = {`
			`address = "10.42.0.1";`
			`interface = "br0";`
			`};`
			`nameservers = [`
			`"127.0.0.1"`
			`"8.8.8.8"`
			`"8.8.4.4"`
			`];`
chore(koi): kanidm -> zitadel 2024-12-26 11:25:39 +03:00
			`firewall.logRefusedConnections = false;`
initial commit 2024-01-08 07:49:51 +03:00			`};`

			`virtualisation.libvirtd = {`
			`enable = true;`
			`qemu.ovmf.enable = true;`
			`allowedBridges = [ "br0" ];`
			`};`
chore: initial migration off desu-arm 2024-06-06 13:10:13 +03:00
initial commit 2024-01-08 07:49:51 +03:00			`boot.extraModprobeConfig = ''`
			`options kvm_amd avic=1 nested=0`
			`options kvm ignore_msrs=N report_ignored_msrs=Y`
			`'';`

			`hardware.bluetooth.enable = true;`
fix(koi): increase fd limit 2024-04-23 13:24:56 +03:00			`security.pam.loginLimits = [{`
			`domain = "*";`
			`type = "soft";`
			`item = "nofile";`
			`value = "8192";`
			`}];`
feat(koi): desu-deploy setup 2024-08-04 02:24:50 +03:00
feat(koi): conduwuit 2024-08-29 23:15:50 +03:00			`boot.binfmt.emulatedSystems = [ "aarch64-linux" ];`
chore(koi): kanidm -> zitadel 2024-12-26 11:25:39 +03:00			`boot.kernelParams = [ "panic=5" "panic_on_oops=1" "mitigations=off" ];`
chore(koi): bumped nixos and kernel 2024-11-14 22:07:56 +03:00			`boot.kernelPackages = pkgs.linuxPackages_latest;`
feat(koi): conduwuit 2024-08-29 23:15:50 +03:00
feat(koi): desu-deploy setup 2024-08-04 02:24:50 +03:00			`services.desu-deploy = {`
			`enable = true;`
			`key = builtins.readFile (abs "ssh/desu-deploy.pub");`
			`};`
initial commit 2024-01-08 07:49:51 +03:00			`}`