add dn-server

2025-03-15 20:07:06 +08:00 · 2025-03-15 20:07:06 +08:00 · 735228acb6
commit 735228acb6
parent a304926231
17 changed files with 485 additions and 2 deletions
--- a/flake.lock
+++ b/flake.lock
@ -85,6 +85,26 @@
        "type": "github"
      }
    },
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1740485968,
+        "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
    "firefox": {
      "inputs": {
        "cachix": "cachix",
@ -1129,6 +1149,7 @@
    "root": {
      "inputs": {
        "Hyprspace": "Hyprspace",
+        "disko": "disko",
        "firefox": "firefox",
        "ghostty": "ghostty",
        "home-manager": "home-manager",
--- a/flake.nix
+++ b/flake.nix
@ -59,6 +59,11 @@
      url = "github:nix-community/lanzaboote/v0.4.2";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };

  outputs =
@ -67,6 +72,7 @@
      nixpkgs-unstable,
      nix-index-database,
      lanzaboote,
+      disko,
      ...
    }@inputs:
    let
@ -120,6 +126,40 @@
              ;
          };
        };
+
+        dn-server = nixpkgs.lib.nixosSystem {
+          modules = [
+            disko.nixosModules.disko
+            nix-index-database.nixosModules.nix-index
+            lanzaboote.nixosModules.lanzaboote
+            ./system/dev/dn-server
+          ];
+          specialArgs = {
+            inherit
+              unstable
+              inputs
+              system
+              nix-version
+              username
+              git-config
+              ;
+          };
+        };
+
+        # Use this for all other target
+        # nixos-anywhere --flake .#generic --generate-hardware-config nixos-generate-config ./hardware-configuration.nix <hostname>
+        generic = nixpkgs.lib.nixosSystem {
+          inherit system;
+
+          modules = [
+            disko.nixosModules.disko
+            ./system/dev/generic
+            ./hardware-configuration.nix
+          ];
+          specialArgs = {
+            inherit nix-version;
+          };
+        };
      };
    };
 }
--- a/home/user/packages.nix
+++ b/home/user/packages.nix
@ -76,6 +76,8 @@ in

      # PDF Preview
      poppler
+
+      trash-cli
    ])
    ++ [
      vesktopOverride # discord
--- a/home/user/server-default.nix
+++ b/home/user/server-default.nix
@ -0,0 +1,27 @@
+{ inputs, ... }:
+{
+  imports = [
+    ./git.nix
+    ./gtk.nix
+    ./shell.nix
+    ./config.nix
+    # ./packages.nix
+    ./programs.nix
+    ./environment.nix
+    ./virtualization.nix
+    ./hyprland.nix
+    ./swaync.nix
+    ./nvim.nix
+    ./bin.nix
+    ./desktops.nix
+    ./direnv.nix
+    inputs.hyprland.homeManagerModules.default
+  ];
+
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      allowUnfreePredicate = _: true;
+    };
+  };
+}
--- a/system/dev/dn-pre7780/default.nix
+++ b/system/dev/dn-pre7780/default.nix
@ -36,7 +36,7 @@ in
      nvidia-bus-id = nvidia-bus-id;
    })
    ../../modules/gaming.nix
-    ../../modules/wireguard.nix
+    # ../../modules/wireguard.nix
    ../../modules/dn-ca.nix
    (import ../../modules/wallpaper-engine.nix {
      offload = nvidia-offload-enabled;
--- a/system/dev/dn-server/boot.nix
+++ b/system/dev/dn-server/boot.nix
@ -0,0 +1,23 @@
+{ pkgs, ... }:
+
+{
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  boot.loader.systemd-boot.enable = true;
+
+  # Enable F keys in some wireless keyboard (Ex. neo65)
+  boot.extraModprobeConfig = ''
+    options hid_apple fnmode=2
+  '';
+
+  boot.initrd.systemd.enable = true;
+  boot.initrd.kernelModules = [
+    "i915"
+  ];
+  boot.swraid.enable = true;
+  boot.swraid.mdadmConf = ''
+    MAILADDR smitty
+    ARRAY /dev/md126 metadata=1.2 name=stuff:0
+    UUID=b75dc506-8f7c-4557-8b2f-adb5f1358dbc
+  '';
+}
--- a/system/dev/dn-server/default.nix
+++ b/system/dev/dn-server/default.nix
@ -0,0 +1,71 @@
+{
+  lib,
+  unstable,
+  inputs,
+  system,
+  nix-version,
+  git-config,
+  username,
+  config,
+  ...
+}:
+let
+  hyprcursor-size = "32";
+  xcursor-size = "24";
+  nvidia-mode = "offload";
+  # Get bus id with `lshw -C display`
+  intel-bus-id = "PCI:0:2:0";
+  nvidia-bus-id = "PCI:1:0:0";
+  nvidia-offload-enabled = config.hardware.nvidia.prime.offload.enable;
+  device-name = "dn-server";
+  monitors = [
+  ];
+in
+{
+  imports = [
+    inputs.home-manager.nixosModules.default
+    ./hardware-configuration.nix
+    ./boot.nix
+    ./packages.nix
+    ./services.nix
+    ./networking.nix
+    ../../modules/server-default.nix
+    ../../modules/cuda.nix
+    (import ../../modules/nvidia.nix {
+      nvidia-mode = nvidia-mode;
+      intel-bus-id = intel-bus-id;
+      nvidia-bus-id = nvidia-bus-id;
+    })
+    ../../modules/wine.nix
+  ];
+
+  # Overrides
+  networking.hostName = lib.mkForce device-name;
+
+  system.stateVersion = nix-version;
+
+  home-manager = {
+    backupFileExtension = "backup";
+    useUserPackages = true;
+    extraSpecialArgs = {
+      inherit
+        unstable
+        inputs
+        system
+        nix-version
+        xcursor-size
+        hyprcursor-size
+        git-config
+        username
+        nvidia-offload-enabled
+        device-name
+        monitors
+        ;
+    };
+    users."${username}" = {
+      imports = [
+        ../../../home
+      ];
+    };
+  };
+}
--- a/system/dev/dn-server/hardware-configuration.nix
+++ b/system/dev/dn-server/hardware-configuration.nix
@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/6081efdb-aa4e-4f31-ac7e-bd4dffa768bc";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/0185-B3AA";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/system/dev/dn-server/networking.nix
+++ b/system/dev/dn-server/networking.nix
@ -0,0 +1,20 @@
+{ config, pkgs, ... }:
+
+{
+  networking = {
+    networkmanager.enable = true;
+    enableIPv6 = false;
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        22
+        443
+        80
+        30072
+      ];
+      allowedUDPPorts = [
+        51820
+      ];
+    };
+  };
+}
--- a/system/dev/dn-server/packages.nix
+++ b/system/dev/dn-server/packages.nix
@ -0,0 +1,80 @@
+{
+  pkgs,
+  ...
+}:
+{
+  environment.systemPackages = with pkgs; [
+    neovim
+    file
+
+    cachix
+
+    upower
+    jq
+    bat
+    btop
+    eza
+    fzf
+    neofetch
+    ripgrep
+    tree
+    tldr # Alternative for man
+    wget
+    unzip
+    p7zip
+    killall
+    zip
+    glxinfo # OpenGL info
+    pciutils # PCI info
+    xdotool # Keyboard input simulation
+    ffmpeg # Video encoding
+    mpv # Media player
+
+    git
+    gh
+    gnumake
+    lm_sensors
+    openssl
+    openssl.dev
+    pkg-config # Include Lib
+    nodejs
+    yarn-berry
+    rustup
+    gcc
+    zig
+
+    vim
+    stylua
+    lazygit
+    luajitPackages.lua
+    lua51Packages.lua
+    luajitPackages.luarocks
+    luajitPackages.magick
+    imagemagick
+
+    fishPlugins.done
+    fishPlugins.fzf-fish
+    fishPlugins.forgit
+    fishPlugins.hydro
+    fishPlugins.grc
+    grc # Colorize
+    zoxide # Dir jumper
+    starship # Shell theme
+    carapace # Autocomplete
+
+    usbutils
+    udiskie
+    udisks
+
+    ffmpegthumbnailer
+
+    libsForQt5.qt5.qtmultimedia
+    libsForQt5.qt5.qtquickcontrols2
+    libsForQt5.qt5.qtgraphicaleffects
+    libsForQt5.qt5.qtsvg
+    libsForQt5.qt5.qtwayland
+    pkgs.gst_all_1.gst-libav
+    pkgs.gst_all_1.gstreamer
+    pkgs.gst_all_1.gst-plugins-good
+  ];
+}
--- a/system/dev/dn-server/services.nix
+++ b/system/dev/dn-server/services.nix
@ -0,0 +1,47 @@
+{ username, pkgs, ... }:
+
+{
+  systemd.services.flatpak-repo = {
+    wantedBy = [ "multi-user.target" ];
+    path = [ pkgs.flatpak ];
+    script = ''
+      flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
+    '';
+  };
+
+  services = {
+    dbus.enable = true;
+
+    blueman.enable = true;
+
+    openssh = {
+      enable = true;
+      ports = [
+        22
+        30072
+      ];
+      settings = {
+        PasswordAuthentication = true;
+        AllowUsers = [ username ];
+        UseDns = true;
+        PermitRootLogin = "yes";
+      };
+    };
+
+    xserver = {
+      enable = false;
+      xkb.layout = "us";
+    };
+
+    # USB auto mount
+    gvfs.enable = true;
+    udisks2.enable = true;
+    devmon.enable = true;
+
+    flatpak.enable = true;
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBzLpMKn0Q24ACC6k/7lOX0FIdcFhq15NY6849yROeUK danny@dn-pre7780"
+  ];
+}
--- a/system/dev/generic/boot.nix
+++ b/system/dev/generic/boot.nix
@ -0,0 +1,4 @@
+{
+  boot.swraid.enable = true;
+  boot.swraid.mdadmConf = "\n  MAILADDR smitty\n  ARRAY /dev/md126 metadata=1.2 name=stuff:0\n  UUID=f3c41e6f:7e27b57f:8b44503a:42538a51\n  ";
+}
--- a/system/dev/generic/default.nix
+++ b/system/dev/generic/default.nix
@ -0,0 +1,48 @@
+{
+  modulesPath,
+  lib,
+  pkgs,
+  nix-version,
+  ...
+}:
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disk.nix
+    ./boot.nix
+  ];
+
+  # boot.loader.systemd-boot.enable = true;
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+    devices = [ "/dev/md126" ];
+  };
+
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  services.openssh = {
+    enable = true;
+    ports = [
+      22
+      30072
+    ];
+    settings = {
+      PasswordAuthentication = true;
+      PermitRootLogin = "yes";
+    };
+  };
+
+  environment.systemPackages = map lib.lowPrio [
+    pkgs.curl
+    pkgs.gitMinimal
+  ];
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBzLpMKn0Q24ACC6k/7lOX0FIdcFhq15NY6849yROeUK danny@dn-pre7780"
+  ];
+
+  system.stateVersion = nix-version;
+}
--- a/system/dev/generic/disk.nix
+++ b/system/dev/generic/disk.nix
@ -0,0 +1,34 @@
+{ lib, ... }:
+{
+  disko.devices = {
+    disk = {
+      main = {
+        device = "/dev/disk/by-id/md-uuid-f3c41e6f:7e27b57f:8b44503a:42538a51";
+        type = "disk";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              type = "EF00";
+              size = "500M";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/system/modules/gaming.nix
+++ b/system/modules/gaming.nix
@ -22,6 +22,8 @@
  programs = {
    steam = {
      enable = true;
+      protontricks.enable = true;
+      gamescopeSession.enable = true;
      extest.enable = true;
      remotePlay.openFirewall = true;
      dedicatedServer.openFirewall = true;
--- a/system/modules/packages.nix
+++ b/system/modules/packages.nix
@ -8,6 +8,7 @@
  environment.systemPackages =
    (with pkgs; [
      neovim
+      file

      # Binary cache platform
      cachix
@ -106,4 +107,3 @@
    ++ [
      inputs.ghostty.packages.${system}.default
    ];
-}
--- a/system/modules/server-default.nix
+++ b/system/modules/server-default.nix
@ -0,0 +1,25 @@
+{ ... }:
+{
+  imports = [
+    ./plymouth.nix # Boot splash
+    ./fonts.nix
+    ./hardware.nix
+    ./hyprland.nix
+    ./internationalisation.nix
+    ./misc.nix
+    ./nixsettings.nix
+    ./programs.nix
+    ./security.nix
+    ./sound.nix
+    ./time.nix
+    ./theme.nix
+    ./users.nix
+    ./environment.nix
+    ./virtualization.nix
+    ./display-manager.nix
+    ./gc.nix
+    ./polkit.nix
+    ./lsp.nix
+    ./tmux.nix
+  ];
+}