feat(elcafe): add new server configuration

2025-11-02 00:00:12 +01:00
parent 2958cc4c7a
commit ef8d666b26
8 changed files with 205 additions and 3 deletions
--- a/hosts/elcafe/configuration.nix
+++ b/hosts/elcafe/configuration.nix
@@ -0,0 +1,74 @@
+{
+  inputs,
+  config,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    inputs.home-manager.nixosModules.default
+    ../../system
+  ];
+
+  sops.secrets = {
+    "elcafe/traefik/env".restartUnits = ["traefik.service"];
+    "elcafe/traefik/dynamic".restartUnits = ["traefik.service"];
+  };
+
+  mySystem = {
+    boot = {
+      kernel = {
+        hardened = true;
+        cpuVendor = "intel";
+      };
+      zfs = {
+        enable = true;
+        pools = ["tank"];
+      };
+    };
+    dev.docker = {
+      enable = true;
+      extraDaemonSettings.data-root = "/tank/docker/";
+    };
+    misc.keymap = "fr";
+    networking = {
+      hostname = "elcafe";
+      id = "501c7fb9";
+    };
+    packages.nix = {
+      gc.automatic = true;
+      trusted-users = [
+        "root"
+        "phundrak"
+      ];
+    };
+    services = {
+      endlessh.enable = true;
+      plex = {
+        enable = true;
+        dataDir = "/tank/web/plex-config";
+      };
+      ssh = {
+        enable = true;
+        allowedUsers = ["phundrak"];
+        passwordAuthentication = false;
+      };
+      traefik = {
+        enable = true;
+        envFiles = [config.sops.secrets."elcafe/traefik/env".path];
+        dynConf = config.sops.secrets."elcafe/traefik/dynamic".path;
+      };
+    };
+    users = {
+      root.disablePassword = true;
+      phundrak.enable = true;
+    };
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.11"; # Did you read the comment?
+}
--- a/hosts/elcafe/hardware-configuration.nix
+++ b/hosts/elcafe/hardware-configuration.nix
@@ -0,0 +1,42 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot = {
+    initrd = {
+      availableKernelModules = ["ahci" "xhci_pci" "ehci_pci" "megaraid_sas" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
+      kernelModules = [];
+    };
+    kernelModules = ["kvm-intel"];
+    extraModulePackages = [];
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/d2e703f7-90e0-43e7-9872-ce036f201c4b";
+    fsType = "ext4";
+  };
+
+  swapDevices = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno3.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno4.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}