feat(servers): add nos machine config

common/nix-on-droid.nix

@@ -57,18 +57,15 @@
           # Desktop
           pc = "ssh -t matt@100.64.0.6 'tmux -2u new -At phone'";
 
-          # Misc Nix servers
+          # NAS
+          nos = "ssh -t matt@100.64.0.4 'tmux -2u new -At phone'";
+
+          # Experimenting server
           servivi = "ssh -t matt@100.64.0.7 'tmux -2u new -At phone'";
 
           # Cluster nodes
           thingone = "ssh -t matt@100.64.0.8 'tmux -2u new -At phone'";
           thingtwo = "ssh -t matt@100.64.0.9 'tmux -2u new -At phone'";
-
-          # Proxmox
-          pve = "ssh -t matt@100.64.0.4 'tmux -2u new -At phone'";
-
-          # Proxmox LXC instances
-          jelly = "mosh matt@100.64.0.4 -- ssh -t matt@10.0.0.123 'tmux -2u new -At phone'";
         };
       }
     ];

devices/cluster/modules/caddy.nix

@@ -8,8 +8,6 @@
   inherit (config.sops) secrets;
 
   caddy = caddy-plugins.packages.${pkgs.system}.default;
-
-  clusterIP = config.services.pcsd.virtualIps.caddy-vip.ip;
 in {
   imports = [caddy-plugins.nixosModules.default];
 
@@ -32,9 +30,8 @@ in {
     package = caddy;
 
     virtualHosts = let
-      dockerIP = "10.0.0.122";
+      clusterIP = config.services.pcsd.virtualIps.caddy-vip.ip;
-      jellyIP = "10.0.0.123";
+      nosIP = "10.0.0.121";
-      servivi = "10.0.0.249";
     in {
       "nelim.org" = {
         serverAliases = ["*.nelim.org"];
@@ -47,17 +44,17 @@ in {
 
         subDomains = {
           # Misc one-liners
-          vault.reverseProxy = "${servivi}:8781";
+          vault.reverseProxy = "${nosIP}:8781";
-          hauk.reverseProxy = "${servivi}:3003";
+          hauk.reverseProxy = "${nosIP}:3003";
           headscale.reverseProxy = "${clusterIP}:8085";
-          jelly.reverseProxy = "${jellyIP}:80";
+          jelly.reverseProxy = "${nosIP}:8097";
 
           # Resume builder
-          resume.reverseProxy = "${servivi}:3060";
+          resume.reverseProxy = "${nosIP}:3060";
-          resauth.reverseProxy = "${servivi}:3100";
+          resauth.reverseProxy = "${nosIP}:3100";
 
           # Nextcloud & Co
-          office.reverseProxy = "http://${servivi}:8055";
+          office.reverseProxy = "http://${nosIP}:8055";
           nextcloud = {
             subDomainName = "cloud";
             extraConfig = ''
@@ -66,81 +63,81 @@ in {
               redir /.well-known/webfinger /index.php/.well-known/webfinger 301
               redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301
             '';
-            reverseProxy = "${servivi}:8042";
+            reverseProxy = "${nosIP}:8042";
           };
 
           forgejo = {
             subDomainName = "git";
-            reverseProxy = "${servivi}:3000";
+            reverseProxy = "${nosIP}:3000";
           };
 
           nix-binary-cache = {
             subDomainName = "cache";
-            reverseProxy = "${servivi}:5000";
+            reverseProxy = "${nosIP}:5000";
           };
 
           calibre = {
             subDomainName = "books";
-            reverseProxy = "${servivi}:8083";
+            reverseProxy = "${nosIP}:8083";
           };
 
           immich = {
             subDomainName = "photos";
-            reverseProxy = "${servivi}:2283";
+            reverseProxy = "${nosIP}:2283";
           };
 
           # FreshRSS & Co
-          drss.reverseProxy = "${servivi}:3007";
+          drss.reverseProxy = "${nosIP}:3007";
           freshrss = {
             subDomainName = "rss";
-            reverseProxy = "${servivi}:2800";
+            reverseProxy = "${nosIP}:2800";
           };
 
           jellyseer = {
             subDomainName = "seerr";
-            reverseProxy = "${servivi}:5055";
+            reverseProxy = "${nosIP}:5055";
           };
 
           gameyfin = {
             subDomainName = "games";
-            reverseProxy = "${servivi}:8074";
+            reverseProxy = "${nosIP}:8074";
           };
 
-          wgui.reverseProxy = "${servivi}:51821";
+          wgui.reverseProxy = "${nosIP}:51821";
 
           lan = {
-            reverseProxy = "${servivi}:3020";
+            reverseProxy = "${nosIP}:3020";
             extraConfig = ''
               redir /index.html /
             '';
 
             subDirectories = {
-              bazarr.reverseProxy = "${servivi}:6767";
+              bazarr.reverseProxy = "${nosIP}:6767";
               bazarr-french = {
                 subDirName = "bafrr";
-                reverseProxy = "${servivi}:6766";
+                reverseProxy = "${nosIP}:6766";
               };
 
-              prowlarr.reverseProxy = "${servivi}:9696";
+              prowlarr.reverseProxy = "${nosIP}:9696";
-              radarr.reverseProxy = "${servivi}:7878";
+              radarr.reverseProxy = "${nosIP}:7878";
-              sabnzbd.reverseProxy = "${servivi}:8382";
+              sabnzbd.reverseProxy = "${nosIP}:8382";
-              sonarr.reverseProxy = "${servivi}:8989";
+              sonarr.reverseProxy = "${nosIP}:8989";
 
               calibre = {
                 experimental = true;
-                reverseProxy = "${servivi}:8580";
+                reverseProxy = "${nosIP}:8580";
               };
 
               qbittorent = {
                 subDirName = "qbt";
                 experimental = true;
-                reverseProxy = "${servivi}:8080";
+                reverseProxy = "${nosIP}:8080";
               };
 
               vaultwarden = {
                 subDirName = "vault";
                 experimental = true;
-                reverseProxy = "${servivi}:8780";
+                reverseProxy = "${nosIP}:8780";
               };
             };
           };
@@ -149,12 +146,12 @@ in {
           joal.extraConfig = ''
             route {
               rewrite * /joal/ui{uri}
-              reverse_proxy * ${servivi}:5656
+              reverse_proxy * ${nosIP}:5656
             }
           '';
           joalws.extraConfig = ''
             route {
-              reverse_proxy ${servivi}:5656
+              reverse_proxy ${nosIP}:5656
             }
           '';
         };

devices/nos/default.nix

@@ -1,9 +1,50 @@
-# WIP
+{config, ...}: let
-{...}: {
+  inherit (config.vars) mainUser hostName;
+in {
   imports = [
+    ./hardware-configuration.nix
+
+    ../../modules/kmscon.nix
+    ../../modules/sshd.nix
+    ../../modules/tailscale.nix
+
     ./modules/arion
     ./modules/jellyfin
     ./modules/mergerfs.nix
     ./modules/qbittorrent
+    ./modules/snapraid.nix
   ];
+
+  vars = {
+    mainUser = "matt";
+    hostName = "nos";
+    #promptMainColor = "?";
+  };
+
+  users.users.${mainUser} = {
+      isNormalUser = true;
+      extraGroups = [
+        "wheel"
+        "adm"
+      ];
+  };
+
+  home-manager.users.${mainUser} = {
+    imports = [];
+
+    # No touchy
+    home.stateVersion = "24.05";
+  };
+
+  networking = {
+    inherit hostName;
+    resolvconf.enable = true;
+    firewall.enable = false;
+  };
+
+  # Set your time zone.
+  time.timeZone = "America/Montreal";
+
+  # No touchy
+  system.stateVersion = "24.05";
 }

devices/nos/hardware-configuration.nix

@@ -0,0 +1,55 @@
+{
+  config,
+  modulesPath,
+  ...
+}: {
+  nixpkgs.hostPlatform = "x86_64-linux";
+  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+
+  boot = {
+    kernelModules = ["kvm-intel"];
+
+    initrd.availableKernelModules = [
+      "xhci_pci"
+      "ahci"
+      "nvme"
+      "usbhid"
+      "usb_storage"
+      "sd_mod"
+    ];
+
+    loader = {
+      efi.canTouchEfiVariables = true;
+      timeout = 2;
+
+      systemd-boot = {
+        enable = true;
+        consoleMode = "max";
+        configurationLimit = 30;
+      };
+    };
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/NIXROOT";
+      fsType = "btrfs";
+    };
+
+    "/boot" = {
+      device = "/dev/disk/by-label/NIXBOOT";
+      fsType = "vfat";
+    };
+  };
+
+  swapDevices = [
+    {
+      device = "/var/lib/swapfile";
+      size = 16 * 1024;
+    }
+  ];
+
+  zramSwap.enable = true;
+
+  hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware;
+}

devices/nos/modules/arion/default.nix

@@ -29,8 +29,8 @@ in {
     rwDataDir = configPath;
   };
 
-  services.borgbackup.configs.arion = {
+  #services.borgbackup.configs.arion = {
-    paths = [configPath];
+  #  paths = [configPath];
-    exclude = ["**/lineageos*"];
+  #  exclude = ["**/lineageos*"];
-  };
+  #};
 }

devices/nos/modules/jellyfin/jfa-go.nix

@@ -1,5 +1,8 @@
 {...}: {
-  systemd.services."arion-jfa-go".after = ["jellyfin.service"];
+  systemd.services."arion-jfa-go" = {
+    after = ["jellyfin.service"];
+    partOf = ["jellyfin.service"];
+  };
 
   arion.projects."jfa-go"."jfa-go" = {
     image = ./images/jfa-go.nix;

devices/nos/modules/jellyfin/nginx.conf

@@ -21,16 +21,13 @@ http {
 		## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc.
 		client_max_body_size 20M;
 
-		# use a variable to store the upstream proxy
-		set $jellyfin 10.0.0.249;
-
 		location = / {
 			return 302 https://$host/web/;
 		}
 
 		location / {
 			# Proxy main Jellyfin traffic
-			proxy_pass http://$jellyfin:8096;
+			proxy_pass http://localhost:8096;
 			proxy_set_header Host $host;
 			proxy_set_header X-Real-IP $remote_addr;
 			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -45,7 +42,7 @@ http {
 		# location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
 		location = /web/ {
 			# Proxy main Jellyfin traffic
-			proxy_pass http://$jellyfin:8096/web/index.html;
+			proxy_pass http://localhost:8096/web/index.html;
 			proxy_set_header Host $host;
 			proxy_set_header X-Real-IP $remote_addr;
 			proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -56,7 +53,7 @@ http {
 
 		location /socket {
 			# Proxy Jellyfin Websockets traffic
-			proxy_pass http://$jellyfin:8096;
+			proxy_pass http://localhost:8096;
 			proxy_http_version 1.1;
 			proxy_set_header Upgrade $http_upgrade;
 			proxy_set_header Connection "upgrade";

devices/nos/modules/mergerfs.nix

@@ -4,25 +4,6 @@ in {
   system.fsPackages = fsPkgs;
   environment.systemPackages = fsPkgs;
 
-  fileSystems."/data" = {
-    device = "//10.0.0.121/public";
-    fsType = "cifs";
-    options = [
-      "x-systemd.automount"
-      "noauto"
-      "x-systemd.idle-timeout=60"
-      "x-systemd.device-timeout=5s"
-      "x-systemd.mount-timeout=5s"
-      "uid=1000"
-      "gid=1000"
-      "credentials=${builtins.toFile "creds.txt" ''
-        username=root
-        domain=WORKGROUP
-      ''}"
-    ];
-  };
-
-  /*
   fileSystems = {
     "MergerFS Data" = {
       mountPoint = "/data";
@@ -90,6 +71,11 @@ in {
       fsType = "ext4";
       device = "/dev/disk/by-id/ata-WDC_WD80EAZZ-00BKLB0_WD-CA1GN0GK-part1";
     };
+
+    "d8 8tb-6" = {
+      mountPoint = "/mnt/drives/8tb6";
+      fsType = "ext4";
+      device = "/dev/disk/by-id/ata-ST8000DM004-2U9188_ZR15JMHV-part1";
+    };
   };
-  */
 }

devices/nos/modules/snapraid.nix

@@ -36,7 +36,7 @@ in {
       parityDrives);
 
     contentFiles =
-      ["/var/snapraid/content"]
+      ["/var/snapraid.content"]
       ++ map (fs: "${fs.mountPoint}/content") (attrValues dataDrives);
 
     exclude = [

devices/servivi/default.nix

@@ -11,9 +11,6 @@ in {
     ./modules/binary-cache.nix
     ./modules/minecraft.nix
     ./modules/nfs.nix
-
-    # WIP
-    ../nos
   ];
 
   vars = {

modules/tailscale.nix

@@ -23,18 +23,15 @@ in {
       # Desktop
       pc = "ssh -t matt@binto 'tmux -2u new -At ${hostName}'";
 
-      # Misc Nix servers
+      # NAS
+      nos = "ssh -t matt@nos 'tmux -2u new -At ${hostName}'";
+
+      # Experimenting server
       servivi = "ssh -t matt@servivi 'tmux -2u new -At ${hostName}'";
 
       # Cluster nodes
       thingone = "ssh -t matt@thingone 'tmux -2u new -At ${hostName}'";
       thingtwo = "ssh -t matt@thingtwo 'tmux -2u new -At ${hostName}'";
-
-      # Proxmox
-      pve = "ssh -t matt@pve 'tmux -2u new -At ${hostName}'";
-
-      # Proxmox LXC instances
-      jelly = "mosh matt@pve -- ssh -t matt@10.0.0.123 'tmux -2u new -At ${hostName}'";
     };
   };
 }