nixos-config/hosts/orion/default.nix

{
  lib,
  pkgs,
  inputs,
  ...
}:
{
  imports = [
    inputs.srvos.nixosModules.server
    inputs.srvos.nixosModules.mixins-terminfo

    ./boot.nix
    ./disk-config.nix
    ./backups.nix
  ];

  ataraxia.defaults.role = "server";
  ataraxia.defaults.hardware.cpuVendor = "intel";
  ataraxia.defaults.hardware.gpuVendor = "intel";
  # Impermanence
  ataraxia.filesystems.zfs.enable = true;
  ataraxia.filesystems.zfs.eraseOnBoot.enable = true;
  ataraxia.filesystems.zfs.eraseOnBoot.snapshots = [
    "rpool/nixos/root@empty"
    "rpool/user/home@empty"
  ];
  ataraxia.filesystems.zfs.mountpoints = [
    "/etc/secrets"
    "/media/libvirt"
    "/nix"
    "/persist"
    "/srv"
    "/var/lib/containers"
    "/etc/secrets"
    "/var/lib/docker"
    "/var/lib/libvirt"
    "/var/lib/nixos-containers"
    "/var/lib/postgresql"
    "/var/log"
    "/vol"
  ];

  ataraxia.networkd = {
    enable = true;
    domain = "home.ataraxiadev.com";
    ifname = "enp2s0";
    mac = "d4:3d:7e:26:a8:af";
    bridge.enable = true;
    ipv4 = [
      {
        address = "10.10.10.10/24";
        gateway = "10.10.10.1";
        dns = [
          "10.10.10.1"
          "9.9.9.9"
        ];
      }
    ];
  };

  security.lockKernelModules = lib.mkForce false;
  environment.memoryAllocator.provider = lib.mkForce "libc";

  # Services
  services.postgresql.enable = true;
  services.postgresql.settings = {
    full_page_writes = "off";
    wal_init_zero = "off";
    wal_recycle = "off";
  };
  services.tailscale = {
    enable = true;
    useRoutingFeatures = "both";
  };

  # Auto-mount lan nfs share
  fileSystems."/media/local-nfs" = {
    device = "10.10.10.11:/";
    fsType = "nfs4";
    options = [
      "nfsvers=4.2"
      "x-systemd.automount"
      "noauto"
    ];
  };

  environment.systemPackages = with pkgs; [
    bat
    bottom
    dnsutils
    fd
    kitty.terminfo
    micro
    mkvtoolnix-cli
    nfs-utils
    p7zip
    podman-compose
    pwgen
    ripgrep
    rsync
    rustic-rs
    smartmontools
  ];

  ataraxia.containers.filestash.enable = true;
  ataraxia.containers.media-stack.enable = true;
  ataraxia.containers.tinyproxy.enable = true;
  ataraxia.security.acme.enable = true;
  ataraxia.services.authentik.enable = true;
  ataraxia.services.gitea.enable = true;
  ataraxia.services.syncyomi.enable = true;
  ataraxia.services.vaultwarden.enable = true;

  ataraxia.virtualisation.guests = {
    omv = {
      autoStart = true;
      user = "root";
      group = "root";
      xmlFile = ./vm/omv.xml;
    };
  };

  system.stateVersion = "25.05";
}
feat: new host 'orion' 2025-03-12 14:11:59 +03:00			`{`
feat: add wip orion host config 2025-07-08 19:58:35 +03:00			`lib,`
			`pkgs,`
			`inputs,`
			`...`
			`}:`
			`{`
			`imports = [`
			`inputs.srvos.nixosModules.server`
			`inputs.srvos.nixosModules.mixins-terminfo`

feat: add boot config for orion 2025-07-08 19:58:52 +03:00			`./boot.nix`
feat: add wip orion host config 2025-07-08 19:58:35 +03:00			`./disk-config.nix`
feat: add backup config for orion 2025-07-08 19:59:19 +03:00			`./backups.nix`
feat: add wip orion host config 2025-07-08 19:58:35 +03:00			`];`

feat: new host 'orion' 2025-03-12 14:11:59 +03:00			`ataraxia.defaults.role = "server";`
feat: add wip orion host config 2025-07-08 19:58:35 +03:00			`ataraxia.defaults.hardware.cpuVendor = "intel";`
			`ataraxia.defaults.hardware.gpuVendor = "intel";`
fix: add fs mounpoints to hosts 2025-03-12 15:42:24 +03:00			`# Impermanence`
feat: add wip orion host config 2025-07-08 19:58:35 +03:00			`ataraxia.filesystems.zfs.enable = true;`
fix: add fs mounpoints to hosts 2025-03-12 15:42:24 +03:00			`ataraxia.filesystems.zfs.eraseOnBoot.enable = true;`
			`ataraxia.filesystems.zfs.eraseOnBoot.snapshots = [`
feat: add wip orion host config 2025-07-08 19:58:35 +03:00			`"rpool/nixos/root@empty"`
			`"rpool/user/home@empty"`
fix: add fs mounpoints to hosts 2025-03-12 15:42:24 +03:00			`];`
			`ataraxia.filesystems.zfs.mountpoints = [`
			`"/etc/secrets"`
			`"/media/libvirt"`
			`"/nix"`
			`"/persist"`
feat: add wip orion host config 2025-07-08 19:58:35 +03:00			`"/srv"`
			`"/var/lib/containers"`
			`"/etc/secrets"`
fix: add fs mounpoints to hosts 2025-03-12 15:42:24 +03:00			`"/var/lib/docker"`
			`"/var/lib/libvirt"`
			`"/var/lib/nixos-containers"`
			`"/var/lib/postgresql"`
			`"/var/log"`
			`"/vol"`
			`];`
feat: add wip orion host config 2025-07-08 19:58:35 +03:00
			`ataraxia.networkd = {`
			`enable = true;`
			`domain = "home.ataraxiadev.com";`
			`ifname = "enp2s0";`
			`mac = "d4:3d:7e:26:a8:af";`
			`bridge.enable = true;`
			`ipv4 = [`
			`{`
			`address = "10.10.10.10/24";`
			`gateway = "10.10.10.1";`
			`dns = [`
			`"10.10.10.1"`
			`"9.9.9.9"`
			`];`
			`}`
			`];`
			`};`

			`security.lockKernelModules = lib.mkForce false;`
			`environment.memoryAllocator.provider = lib.mkForce "libc";`

			`# Services`
			`services.postgresql.enable = true;`
			`services.postgresql.settings = {`
			`full_page_writes = "off";`
			`wal_init_zero = "off";`
			`wal_recycle = "off";`
			`};`
			`services.tailscale = {`
			`enable = true;`
			`useRoutingFeatures = "both";`
			`};`

			`# Auto-mount lan nfs share`
			`fileSystems."/media/local-nfs" = {`
			`device = "10.10.10.11:/";`
			`fsType = "nfs4";`
			`options = [`
			`"nfsvers=4.2"`
			`"x-systemd.automount"`
			`"noauto"`
			`];`
			`};`

			`environment.systemPackages = with pkgs; [`
			`bat`
			`bottom`
			`dnsutils`
			`fd`
			`kitty.terminfo`
			`micro`
			`mkvtoolnix-cli`
			`nfs-utils`
			`p7zip`
			`podman-compose`
			`pwgen`
			`ripgrep`
			`rsync`
			`rustic-rs`
			`smartmontools`
			`];`

feat: add filestash container 2025-07-08 20:14:14 +03:00			`ataraxia.containers.filestash.enable = true;`
feat: add media-stack containers 2025-07-08 20:14:39 +03:00			`ataraxia.containers.media-stack.enable = true;`
feat: add tinyproxy nixos-container to orion 2025-07-08 20:06:01 +03:00			`ataraxia.containers.tinyproxy.enable = true;`
feat: add acme module 2025-07-08 20:06:38 +03:00			`ataraxia.security.acme.enable = true;`
feat: add authentik service 2025-07-08 20:08:11 +03:00			`ataraxia.services.authentik.enable = true;`
fix: enable gitea on orion 2025-07-08 20:08:38 +03:00			`ataraxia.services.gitea.enable = true;`
feat: add syncyomi service 2025-07-08 20:09:57 +03:00			`ataraxia.services.syncyomi.enable = true;`
feat: add vaultwared service to orion 2025-07-08 20:03:12 +03:00			`ataraxia.services.vaultwarden.enable = true;`

feat: add OMV vm to orion 2025-07-08 20:00:25 +03:00			`ataraxia.virtualisation.guests = {`
			`omv = {`
			`autoStart = true;`
fix: omv libvirt guest permissions 2025-07-10 18:29:41 +03:00			`user = "root";`
			`group = "root";`
feat: add OMV vm to orion 2025-07-08 20:00:25 +03:00			`xmlFile = ./vm/omv.xml;`
			`};`
			`};`

feat: add wip orion host config 2025-07-08 19:58:35 +03:00			`system.stateVersion = "25.05";`
feat: new host 'orion' 2025-03-12 14:11:59 +03:00			`}`