From 0a2b99bd757a68f6f4deb0e779a4b19488c8bc8f Mon Sep 17 00:00:00 2001 From: "Gustavo \"Guz\" L de Mello" Date: Fri, 1 May 2026 19:17:54 -0300 Subject: [PATCH] feat(hosts,dreadnought): new host and machine better than battleship --- flake.nix | 17 +++ hosts/dreadnought/configuration.nix | 103 +++++++++++++++++++ hosts/dreadnought/disko.nix | 72 +++++++++++++ hosts/dreadnought/gpu.nix | 11 ++ hosts/dreadnought/hardware-configuration.nix | 21 ++++ hosts/dreadnought/impermanence.nix | 68 ++++++++++++ hosts/dreadnought/services.nix | 56 ++++++++++ 7 files changed, 348 insertions(+) create mode 100644 hosts/dreadnought/configuration.nix create mode 100644 hosts/dreadnought/disko.nix create mode 100644 hosts/dreadnought/gpu.nix create mode 100644 hosts/dreadnought/hardware-configuration.nix create mode 100644 hosts/dreadnought/impermanence.nix create mode 100644 hosts/dreadnought/services.nix diff --git a/flake.nix b/flake.nix index dc67366..9a69c28 100644 --- a/flake.nix +++ b/flake.nix @@ -84,6 +84,23 @@ formatter = forAllSystems ({pkgs, ...}: pkgs.alejandra); nixosConfigurations = { + "dreadnought" = nixpkgs.lib.nixosSystem rec { + system = "x86_64-linux"; + specialArgs = { + pkgs-unstable = import nixpkgs-unstable { + inherit system; + config.allowUnfree = true; + config.allowUnfreePredicate = _: true; + }; + inherit inputs self; + }; + modules = [ + ./hosts/dreadnought/configuration.nix + ./home/terminal/configuration.nix + inputs.stylix.nixosModules.stylix + ./style.nix + ]; + }; "battleship" = nixpkgs.lib.nixosSystem rec { system = "x86_64-linux"; specialArgs = { diff --git a/hosts/dreadnought/configuration.nix b/hosts/dreadnought/configuration.nix new file mode 100644 index 0000000..3391035 --- /dev/null +++ b/hosts/dreadnought/configuration.nix @@ -0,0 +1,103 @@ +{ + inputs, + lib, + pkgs, + ... +}: { + imports = [ + ../../secrets.nix + ./gpu.nix + + ./impermanence.nix + inputs.disko.nixosModules.disko + ./disko.nix + + ./hardware-configuration.nix + ]; + + # GnuPG keyring + programs.gnupg.agent = { + enable = true; + pinentryPackage = pkgs.pinentry-gtk2; + settings.default-cache-ttl = 3600 * 24; + }; + + # Yet another nix cli helper + programs.nh = { + enable = true; + clean.enable = true; + clean.extraArgs = "--keep-since 7d --keep 3"; + flake = "/home/guz/Projects/dot013-nix"; + }; + + # QMK keyboard + hardware.keyboard.qmk.enable = true; + services.udev.packages = with pkgs; [via vial]; + + # Pipewire + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + # Tailscale + services.tailscale.enable = true; + + # Networking + networking.hostName = "dreadnought"; + networking.networkmanager.enable = true; + + # Firewall + networking.firewall.enable = true; + networking.firewall.allowedUDPPorts = [53]; + networking.firewall.allowedTCPPorts = [80 433]; + + # SSH + services.openssh.enable = true; + services.openssh.settings = { + PasswordAuthentication = false; + PermitRootLogin = "forced-commands-only"; + }; + + # Locale + time.timeZone = "America/Sao_Paulo"; + i18n.defaultLocale = "en_US.UTF-8"; + i18n.extraLocaleSettings = let + locale = "pt_BR.UTF-8"; + in { + LC_ADDRESS = locale; + LC_IDENTIFICATION = locale; + LC_MEASUREMENT = locale; + LC_MONETARY = locale; + LC_NAME = locale; + LC_NUMERIC = locale; + LC_PAPER = locale; + LC_TELEPHONE = locale; + LC_TIME = locale; + }; + + # Keyboard + services.xserver.xkb.layout = "br"; + console.keyMap = "br-abnt2"; + + security.polkit.enable = true; + + # Nix + nix.settings.experimental-features = ["nix-command" "flakes"]; + + # Bootloader + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It's perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "25.11"; # Did you read the comment? +} diff --git a/hosts/dreadnought/disko.nix b/hosts/dreadnought/disko.nix new file mode 100644 index 0000000..85efe28 --- /dev/null +++ b/hosts/dreadnought/disko.nix @@ -0,0 +1,72 @@ +{ + disko.devices = { + disk.main = { + device = "/dev/nvme0n1"; # This will be overwritten by disko-install + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + label = "boot"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["defaults"]; + }; + }; + luks = { + size = "100%"; + label = "luks"; + content = { + type = "luks"; + name = "cryptroot"; + extraOpenArgs = [ + "--allow-discards" + "--perf-no_read_workqueue" + "--perf-no_write_workqueue" + ]; + settings = {crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];}; + content = { + type = "btrfs"; + extraArgs = ["-L" "nixos" "-f"]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = ["subvol=root" "compress=zstd" "noatime"]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = ["subvol=home" "compress=zstd" "noatime"]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = ["subvol=nix" "compress=zstd" "noatime"]; + }; + "/persist" = { + mountpoint = "/persist"; + mountOptions = ["subvol=persist" "compress=zstd" "noatime"]; + }; + "/log" = { + mountpoint = "/var/log"; + mountOptions = ["subvol=log" "compress=zstd" "noatime"]; + }; + "/swap" = { + mountpoint = "/swap"; + swap.swapfile.size = "8G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + + fileSystems."/persist".neededForBoot = true; + fileSystems."/home".neededForBoot = true; + fileSystems."/var/log".neededForBoot = true; +} diff --git a/hosts/dreadnought/gpu.nix b/hosts/dreadnought/gpu.nix new file mode 100644 index 0000000..1fb6427 --- /dev/null +++ b/hosts/dreadnought/gpu.nix @@ -0,0 +1,11 @@ +{pkgs, ...}: { + services.xserver.videoDrivers = ["modesetting"]; + + # AMD + hardware.graphics.enable = true; + hardware.graphics.enable32Bit = true; + hardware.amdgpu.initrd.enable = true; + hardware.amdgpu.opencl.enable = true; + + environment.systemPackages = with pkgs; [clinfo]; +} diff --git a/hosts/dreadnought/hardware-configuration.nix b/hosts/dreadnought/hardware-configuration.nix new file mode 100644 index 0000000..bbee9cb --- /dev/null +++ b/hosts/dreadnought/hardware-configuration.nix @@ -0,0 +1,21 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/dreadnought/impermanence.nix b/hosts/dreadnought/impermanence.nix new file mode 100644 index 0000000..afe5b7f --- /dev/null +++ b/hosts/dreadnought/impermanence.nix @@ -0,0 +1,68 @@ +{ + config, + inputs, + lib, + pkgs, + ... +}: { + imports = [ + inputs.impermanence.nixosModules.impermanence + ]; + + environment.persistence."/persist" = { + enable = true; + hideMounts = true; + directories = [ + # config.services.minecraft-servers.dataDir + "/etc/nixos" + "/etc/NetworkManager/system-connections" + "/etc/secureboot" + "/var/db/sudo" + "/var/keys" + "/var/log" + "/var/lib/bluetooth" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/var/lib/tailscale" + { + directory = "/var/lib/colord"; + user = "colord"; + group = "colord"; + mode = "u=rwx,g=rx,o="; + } + ]; + files = [ + "/etc/machine-id" + ]; + }; + + boot.initrd.postResumeCommands = let + # https://github.com/nix-community/impermanence?tab=readme-ov-file#btrfs-subvolumes + script = pkgs.writeShellScriptBin "rollback" '' + mkdir -p /btrfs_tmp + + mount -o subvol=/ /dev/mapper/cryptroot /btrfs_tmp + + if [[ -e /btrfs_tmp/root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/root + umount /btrfs_tmp + ''; + in "${builtins.readFile (lib.getExe script)}"; +} diff --git a/hosts/dreadnought/services.nix b/hosts/dreadnought/services.nix new file mode 100644 index 0000000..e7c6594 --- /dev/null +++ b/hosts/dreadnought/services.nix @@ -0,0 +1,56 @@ +{ + inputs, + lib, + pkgs, + ... +}: { + imports = [ + inputs.nix-minecraft.nixosModules.minecraft-servers + ]; + + nixpkgs.overlays = [ + inputs.nix-minecraft.overlay + ]; + nixpkgs.config.allowUnfree = true; + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "minecraft-server" + "minecraft-server-1.21.8" + ]; + + services.minecraft-servers = { + enable = true; + eula = true; + dataDir = "/var/lib/minecraft-servers"; + managementSystem = { + tmux.enable = false; + systemd-socket.enable = true; + }; + openFirewall = true; + servers = { + "heart-smp" = let + # modpack = inputs.heart-modpack.packages.${pkgs.stdenv.hostPlatform.system}.default; + modpack = pkgs.fetchPackwizModpack { + src = pkgs.fetchurl { + url = "https://code.capytal.cc/heart/modpack/releases/download/latest/Heart-0.1.0+1.21.10.mrpack"; + hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; + }; + packHash = "sha256-jjmmw0NFls+/AxgNZMXTeKKzXr7b2YkhvyA1ATTu5l0="; + }; + mcVersion = modpack.manifest.versions.minecraft; + # fabricVersion = modpack.manifest.versions.fabric; + serverVersion = lib.replaceStrings ["."] ["_"] "fabric-${mcVersion}"; + in { + enable = true; + autoStart = false; + package = pkgs.fabricServers.${serverVersion}.override {loaderVersion = "0.17.3";}; + symlinks = { + "mods" = "${modpack}/mods"; + }; + files = { + "config" = "${modpack}/config"; + }; + }; + }; + }; +}