diff --git a/flake.nix b/flake.nix index 43e4278..500ef39 100644 --- a/flake.nix +++ b/flake.nix @@ -61,6 +61,7 @@ server = nixpkgs.lib.nixosSystem { inherit system pkgs; modules = [ + disko.nixosModules.disko ./src/system/machines/server home-manager.nixosModules.home-manager (import ./src/system/machines/server/modules/home-manager) diff --git a/src/system/machines/server/hardware.nix b/src/system/machines/server/hardware.nix index 7f31eed..8a9ebe5 100644 --- a/src/system/machines/server/hardware.nix +++ b/src/system/machines/server/hardware.nix @@ -1,26 +1,22 @@ { config, lib, modulesPath, ... }: { - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ./modules/disko + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/0fviSz-6z7Q-oH7Y-JOzH-nRxW-c029-2LxSqo"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/3BAA-D9DC"; - fsType = "vfat"; + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ]; + kernelModules = [ ]; }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; }; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; } diff --git a/src/system/machines/server/modules/disko/default.nix b/src/system/machines/server/modules/disko/default.nix new file mode 100644 index 0000000..8f5d43e --- /dev/null +++ b/src/system/machines/server/modules/disko/default.nix @@ -0,0 +1,75 @@ +{ lib, ... }: + +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + lvm = { + size = "100%"; + content = { + type = "lvm_pv"; + vg = "vg0"; + }; + }; + }; + }; + }; + }; + + lvm_vg = { + vg0 = { + type = "lvm_vg"; + lvs = { + root = { + size = "200G"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + data = { + size = "1T"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/data"; + }; + }; + bitcoin = { + size = "1T"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/var/lib/bitcoin"; + }; + }; + frigate = { + size = "3T"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/var/lib/frigate"; + }; + }; + # ~300GB left unallocated for future growth + }; + }; + }; + }; +} diff --git a/src/system/machines/server/modules/home-manager/default.nix b/src/system/machines/server/modules/home-manager/default.nix index 1d99c4d..d3a7e46 100644 --- a/src/system/machines/server/modules/home-manager/default.nix +++ b/src/system/machines/server/modules/home-manager/default.nix @@ -8,7 +8,7 @@ programs.home-manager.enable = true; - home.stateVersion = "23.11"; + home.stateVersion = "25.11"; home.username = "${config.user.name}"; home.homeDirectory = "/home/${config.user.name}"; @@ -17,6 +17,7 @@ user = { bash.enable = true; git.enable = true; + tmux.enable = true; security = { gpg.enable = true; diff --git a/src/system/machines/server/system.nix b/src/system/machines/server/system.nix index 3f51b82..400a547 100644 --- a/src/system/machines/server/system.nix +++ b/src/system/machines/server/system.nix @@ -1,25 +1,28 @@ { pkgs, lib, config, ... }: -{ system.stateVersion = "23.11"; +{ system.stateVersion = "25.11"; imports = [ ../../modules ]; - modules = { - system = { - nginx.enable = true; - forgejo.enable = true; - bitcoin = { - enable = true; - electrum.enable = true; - }; - }; - }; + # Modules disabled for base install + # modules = { + # system = { + # nginx.enable = true; + # forgejo.enable = true; + # bitcoin = { + # enable = true; + # electrum.enable = true; + # }; + # }; + # }; users.users = { ${config.user.name} = { isNormalUser = true; extraGroups = config.user.groups; - openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ]; + openssh.authorizedKeys.keys = [ + "${config.user.keys.ssh.desktop}" + ]; }; }; @@ -39,10 +42,9 @@ }; boot.loader = { - timeout = null; + timeout = 3; grub = { enable = true; - useOSProber = true; devices = [ "nodev" ]; efiSupport = true; configurationLimit = 5; @@ -58,11 +60,7 @@ wget git vim - ]; - - fonts.packages = with pkgs; [ - terminus_font - terminus-nerdfont + htop ]; security.sudo = { @@ -87,27 +85,38 @@ i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - useXkbConfig = true; - }; + console.font = "Lat2-Terminus16"; networking = { hostName = "server"; - useDHCP = lib.mkDefault true; - networkmanager.enable = true; + useDHCP = false; + interfaces.eno1 = { + ipv4.addresses = [{ + address = "192.168.0.154"; + prefixLength = 24; + }]; + }; + defaultGateway = "192.168.0.1"; + nameservers = [ "1.1.1.1" "8.8.8.8" ]; firewall = { enable = true; - allowedTCPPorts = [ 22 80 443 ]; + allowedTCPPorts = [ 22 ]; }; }; + services.fail2ban = { + enable = true; + maxretry = 5; + bantime = "1h"; + }; + services.openssh = { enable = true; startWhenNeeded = true; settings = { X11Forwarding = false; PasswordAuthentication = false; + PermitRootLogin = "no"; }; }; } diff --git a/src/user/config/keys/ssh/desktop.pub.key b/src/user/config/keys/ssh/desktop.pub.key new file mode 100644 index 0000000..4604ca9 --- /dev/null +++ b/src/user/config/keys/ssh/desktop.pub.key @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOYXfu4Jc/HtdyhOfAdCXYzhqCubIq3Bz6Kl9NDUov76 bryan@desktop diff --git a/src/user/modules/bash/config/shellHook.nix b/src/user/modules/bash/config/shellHook.nix index be94e35..a252b83 100644 --- a/src/user/modules/bash/config/shellHook.nix +++ b/src/user/modules/bash/config/shellHook.nix @@ -29,7 +29,7 @@ case $- in fi ''} ${optionalString tmux.enable '' - if [ -z "$DISPLAY" ] && [ -z "$TMUX" ]; then + if [ -z "$DISPLAY" ] && [ -z "$TMUX" ] && [ -z "$SSH_TTY" ]; then exec tmux fi ''} diff --git a/src/user/modules/tmux/config/tmux.nix b/src/user/modules/tmux/config/tmux.nix index d3ba11f..9ad7ae4 100644 --- a/src/user/modules/tmux/config/tmux.nix +++ b/src/user/modules/tmux/config/tmux.nix @@ -1,10 +1,44 @@ '' bind -n M-C source-file ~/.config/tmux/tmux.conf +# Navigation (matches hyprland Alt+hjkl) bind-key -n M-h select-pane -L bind-key -n M-j select-pane -D bind-key -n M-k select-pane -U bind-key -n M-l select-pane -R +# Move/swap pane (matches hyprland Alt+Shift+hjkl) +bind-key -n M-H swap-pane -s '{left-of}' +bind-key -n M-J swap-pane -s '{down-of}' +bind-key -n M-K swap-pane -s '{up-of}' +bind-key -n M-L swap-pane -s '{right-of}' + +# Actions bind-key -n M-q kill-pane +bind-key -n M-Return split-window -c "#{pane_current_path}" +bind-key -n M-f resize-pane -Z + +# Windows (like workspaces) +bind-key -n M-1 select-window -t 1 +bind-key -n M-2 select-window -t 2 +bind-key -n M-3 select-window -t 3 +bind-key -n M-4 select-window -t 4 +bind-key -n M-5 select-window -t 5 +bind-key -n M-6 select-window -t 6 +bind-key -n M-7 select-window -t 7 +bind-key -n M-8 select-window -t 8 +bind-key -n M-9 select-window -t 9 +bind-key -n M-0 select-window -t 10 + +# Move pane to window (like move to workspace) +bind-key -n M-! join-pane -t :1 +bind-key -n M-@ join-pane -t :2 +bind-key -n M-'#' join-pane -t :3 +bind-key -n M-'$' join-pane -t :4 +bind-key -n M-% join-pane -t :5 +bind-key -n M-^ join-pane -t :6 +bind-key -n M-& join-pane -t :7 +bind-key -n M-* join-pane -t :8 +bind-key -n M-( join-pane -t :9 +bind-key -n M-) join-pane -t :10 ''