feat(hosts,dreadnought): new host and machine better than battleship

flake.nix

@@ -84,6 +84,23 @@
     formatter = forAllSystems ({pkgs, ...}: pkgs.alejandra);
 
     nixosConfigurations = {
+      "dreadnought" = nixpkgs.lib.nixosSystem rec {
+        system = "x86_64-linux";
+        specialArgs = {
+          pkgs-unstable = import nixpkgs-unstable {
+            inherit system;
+            config.allowUnfree = true;
+            config.allowUnfreePredicate = _: true;
+          };
+          inherit inputs self;
+        };
+        modules = [
+          ./hosts/dreadnought/configuration.nix
+          ./home/terminal/configuration.nix
+          inputs.stylix.nixosModules.stylix
+          ./style.nix
+        ];
+      };
       "battleship" = nixpkgs.lib.nixosSystem rec {
         system = "x86_64-linux";
         specialArgs = {

hosts/dreadnought/configuration.nix

@@ -0,0 +1,103 @@
+{
+  inputs,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ../../secrets.nix
+    ./gpu.nix
+
+    ./impermanence.nix
+    inputs.disko.nixosModules.disko
+    ./disko.nix
+
+    ./hardware-configuration.nix
+  ];
+
+  # GnuPG keyring
+  programs.gnupg.agent = {
+    enable = true;
+    pinentryPackage = pkgs.pinentry-gtk2;
+    settings.default-cache-ttl = 3600 * 24;
+  };
+
+  # Yet another nix cli helper
+  programs.nh = {
+    enable = true;
+    clean.enable = true;
+    clean.extraArgs = "--keep-since 7d --keep 3";
+    flake = "/home/guz/Projects/dot013-nix";
+  };
+
+  # QMK keyboard
+  hardware.keyboard.qmk.enable = true;
+  services.udev.packages = with pkgs; [via vial];
+
+  # Pipewire
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+
+  # Tailscale
+  services.tailscale.enable = true;
+
+  # Networking
+  networking.hostName = "dreadnought";
+  networking.networkmanager.enable = true;
+
+  # Firewall
+  networking.firewall.enable = true;
+  networking.firewall.allowedUDPPorts = [53];
+  networking.firewall.allowedTCPPorts = [80 433];
+
+  # SSH
+  services.openssh.enable = true;
+  services.openssh.settings = {
+    PasswordAuthentication = false;
+    PermitRootLogin = "forced-commands-only";
+  };
+
+  # Locale
+  time.timeZone = "America/Sao_Paulo";
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = let
+    locale = "pt_BR.UTF-8";
+  in {
+    LC_ADDRESS = locale;
+    LC_IDENTIFICATION = locale;
+    LC_MEASUREMENT = locale;
+    LC_MONETARY = locale;
+    LC_NAME = locale;
+    LC_NUMERIC = locale;
+    LC_PAPER = locale;
+    LC_TELEPHONE = locale;
+    LC_TIME = locale;
+  };
+
+  # Keyboard
+  services.xserver.xkb.layout = "br";
+  console.keyMap = "br-abnt2";
+
+  security.polkit.enable = true;
+
+  # Nix
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+
+  # Bootloader
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "25.11"; # Did you read the comment?
+}

hosts/dreadnought/disko.nix

@@ -0,0 +1,72 @@
+{
+  disko.devices = {
+    disk.main = {
+      device = "/dev/nvme0n1"; # This will be overwritten by disko-install
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          ESP = {
+            label = "boot";
+            size = "512M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+              mountOptions = ["defaults"];
+            };
+          };
+          luks = {
+            size = "100%";
+            label = "luks";
+            content = {
+              type = "luks";
+              name = "cryptroot";
+              extraOpenArgs = [
+                "--allow-discards"
+                "--perf-no_read_workqueue"
+                "--perf-no_write_workqueue"
+              ];
+              settings = {crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];};
+              content = {
+                type = "btrfs";
+                extraArgs = ["-L" "nixos" "-f"];
+                subvolumes = {
+                  "/root" = {
+                    mountpoint = "/";
+                    mountOptions = ["subvol=root" "compress=zstd" "noatime"];
+                  };
+                  "/home" = {
+                    mountpoint = "/home";
+                    mountOptions = ["subvol=home" "compress=zstd" "noatime"];
+                  };
+                  "/nix" = {
+                    mountpoint = "/nix";
+                    mountOptions = ["subvol=nix" "compress=zstd" "noatime"];
+                  };
+                  "/persist" = {
+                    mountpoint = "/persist";
+                    mountOptions = ["subvol=persist" "compress=zstd" "noatime"];
+                  };
+                  "/log" = {
+                    mountpoint = "/var/log";
+                    mountOptions = ["subvol=log" "compress=zstd" "noatime"];
+                  };
+                  "/swap" = {
+                    mountpoint = "/swap";
+                    swap.swapfile.size = "8G";
+                  };
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+
+  fileSystems."/persist".neededForBoot = true;
+  fileSystems."/home".neededForBoot = true;
+  fileSystems."/var/log".neededForBoot = true;
+}

hosts/dreadnought/gpu.nix

@@ -0,0 +1,11 @@
+{pkgs, ...}: {
+  services.xserver.videoDrivers = ["modesetting"];
+
+  # AMD
+  hardware.graphics.enable = true;
+  hardware.graphics.enable32Bit = true;
+  hardware.amdgpu.initrd.enable = true;
+  hardware.amdgpu.opencl.enable = true;
+
+  environment.systemPackages = with pkgs; [clinfo];
+}

hosts/dreadnought/hardware-configuration.nix

@@ -0,0 +1,21 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/dreadnought/impermanence.nix

@@ -0,0 +1,68 @@
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    inputs.impermanence.nixosModules.impermanence
+  ];
+
+  environment.persistence."/persist" = {
+    enable = true;
+    hideMounts = true;
+    directories = [
+      # config.services.minecraft-servers.dataDir
+      "/etc/nixos"
+      "/etc/NetworkManager/system-connections"
+      "/etc/secureboot"
+      "/var/db/sudo"
+      "/var/keys"
+      "/var/log"
+      "/var/lib/bluetooth"
+      "/var/lib/nixos"
+      "/var/lib/systemd/coredump"
+      "/var/lib/tailscale"
+      {
+        directory = "/var/lib/colord";
+        user = "colord";
+        group = "colord";
+        mode = "u=rwx,g=rx,o=";
+      }
+    ];
+    files = [
+      "/etc/machine-id"
+    ];
+  };
+
+  boot.initrd.postResumeCommands = let
+    # https://github.com/nix-community/impermanence?tab=readme-ov-file#btrfs-subvolumes
+    script = pkgs.writeShellScriptBin "rollback" ''
+      mkdir -p /btrfs_tmp
+
+      mount -o subvol=/ /dev/mapper/cryptroot /btrfs_tmp
+
+      if [[ -e /btrfs_tmp/root ]]; then
+        mkdir -p /btrfs_tmp/old_roots
+        timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
+        mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
+      fi
+
+      delete_subvolume_recursively() {
+        IFS=$'\n'
+        for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+          delete_subvolume_recursively "/btrfs_tmp/$i"
+        done
+        btrfs subvolume delete "$1"
+      }
+
+      for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
+        delete_subvolume_recursively "$i"
+      done
+
+      btrfs subvolume create /btrfs_tmp/root
+      umount /btrfs_tmp
+    '';
+  in "${builtins.readFile (lib.getExe script)}";
+}

hosts/dreadnought/services.nix

@@ -0,0 +1,56 @@
+{
+  inputs,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    inputs.nix-minecraft.nixosModules.minecraft-servers
+  ];
+
+  nixpkgs.overlays = [
+    inputs.nix-minecraft.overlay
+  ];
+  nixpkgs.config.allowUnfree = true;
+  nixpkgs.config.allowUnfreePredicate = pkg:
+    builtins.elem (lib.getName pkg) [
+      "minecraft-server"
+      "minecraft-server-1.21.8"
+    ];
+
+  services.minecraft-servers = {
+    enable = true;
+    eula = true;
+    dataDir = "/var/lib/minecraft-servers";
+    managementSystem = {
+      tmux.enable = false;
+      systemd-socket.enable = true;
+    };
+    openFirewall = true;
+    servers = {
+      "heart-smp" = let
+        # modpack = inputs.heart-modpack.packages.${pkgs.stdenv.hostPlatform.system}.default;
+        modpack = pkgs.fetchPackwizModpack {
+          src = pkgs.fetchurl {
+            url = "https://code.capytal.cc/heart/modpack/releases/download/latest/Heart-0.1.0+1.21.10.mrpack";
+            hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
+          };
+          packHash = "sha256-jjmmw0NFls+/AxgNZMXTeKKzXr7b2YkhvyA1ATTu5l0=";
+        };
+        mcVersion = modpack.manifest.versions.minecraft;
+        # fabricVersion = modpack.manifest.versions.fabric;
+        serverVersion = lib.replaceStrings ["."] ["_"] "fabric-${mcVersion}";
+      in {
+        enable = true;
+        autoStart = false;
+        package = pkgs.fabricServers.${serverVersion}.override {loaderVersion = "0.17.3";};
+        symlinks = {
+          "mods" = "${modpack}/mods";
+        };
+        files = {
+          "config" = "${modpack}/config";
+        };
+      };
+    };
+  };
+}