merge in poseidon configs temporarily

flake.nix

@@ -35,6 +35,12 @@
           ./hosts/servers/iris
         ];
       };
+      poseidon = nixpkgs.lib.nixosSystem {
+        modules = [
+          ./hosts/base.nix
+          ./hosts/servers/poseidon
+        ];
+      };
       nixos = nixpkgs.lib.nixosSystem {
         modules = [
           ./hosts/base.nix

hosts/servers/poseidon/default.nix

@@ -0,0 +1,13 @@
+{ config, lib, pkgs, modulesPath, ... }: 
+{
+  imports = [ 
+    ./hardware.nix
+    ../../../modules/sops.nix
+    ./old
+  ];
+
+  virtualisation.docker.daemon.settings = {
+    ipv6 = false;
+  };
+
+}

hosts/servers/poseidon/hardware.nix

@@ -0,0 +1,15 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/servers/poseidon/old/containers/default.nix

@@ -0,0 +1,5 @@
+{config, pkgs, lib, ...}: 
+let
+
+in
+  

hosts/servers/poseidon/old/default.nix

@@ -0,0 +1,92 @@
+{config, pkgs, lib, ...}:
+
+{
+  imports = [
+    ./oci-containers
+    ./nvidia.nix
+  ];
+
+
+
+  #boot.loader.efi.canTouchEfiVariables = true;
+  boot.kernelPackages = pkgs.linuxPackages_6_6;
+  boot.kernelParams = lib mkForce [ "nohibernate" "ipv6.disable=1" ];
+  boot.loader.grub = lib.mkForce {
+    enable = true;
+    device = "nodev";
+    zfsSupport = true;
+    efiSupport = true;
+    copyKernels = true;
+    efiInstallAsRemovable = true;
+    mirroredBoots = [
+      { devices = [ "/dev/disk/by-uuid/E862-56D1" ]; path = "/boot"; }
+      # { devices = [ "/dev/disk/by-uuid/5DF0-A042" ]; path = "/boot-fallback"; }
+    ];
+  };
+  boot.blacklistedKernelModules = ["nouveau"];
+
+  fileSystems."/" =
+    { device = "nixroot/root";
+      fsType = "zfs";
+    };
+
+  fileSystems."/nix" =
+    { device = "nixroot/root/nix";
+      fsType = "zfs";
+    };
+
+  fileSystems."/var" =
+    { device = "nixroot/root/var";
+      fsType = "zfs";
+    };
+
+  fileSystems."/home" =
+    { device = "nixroot/root/home";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/E862-56D1";
+    fsType = "vfat";
+    options = [ "nofail" "fmask=0077" "dmask=0077" ];
+  };
+
+  # fileSystems."/boot-fallback" = {
+  #   device = "/dev/disk/by-uuid/5DF0-A042";
+  #   fsType = "vfat";
+  #   options = [ "nofail" "fmask=0077" "dmask=0077" ];
+  # };
+
+  swapDevices = [ ];
+
+  # per server packages
+  environment.systemPackages = with pkgs; [
+    speedtest-cli
+    storcli
+    storcli2
+  ];
+
+  # per server networking options
+  networking.hostName = "poseidon";
+  networking.hostId = "1f2d79e1";
+  networking.networkmanager.insertNameservers = [ "10.5.0.1" "1.1.1.1" ];
+
+  # Mounts
+  boot.zfs.extraPools = [
+    "Velaris"
+  #  "Aeolus"
+  ];
+  # systemd.services.zfs-mount.enable = false;
+  # fileSystems = {
+  #   "/Velaris" = {
+  #     device = "Velaris";
+  #     fsType = "zfs";
+  #     options = [ "nofail" ];
+  #   };
+  #   "/Aeolus" = {
+  #     device = "Aeolus";
+  #     fsType = "zfs";
+  #     options = [ "nofail" ];
+  #   };
+  # };
+}

hosts/servers/poseidon/old/nvidia.nix

@@ -0,0 +1,57 @@
+{lib, config, ...}:
+
+{
+  services.xserver.videoDrivers = ["nvidia"];
+
+  hardware = {
+    graphics = {
+      enable = true;
+    };
+
+    nvidia-container-toolkit.enable = true;
+
+    nvidia = {
+      # Modesetting is required.
+      modesetting.enable = true;
+
+      # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
+      # Enable this if you have graphical corruption issues or application crashes after waking
+      # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead 
+      # of just the bare essentials.
+      powerManagement.enable = false;
+
+      # Fine-grained power management. Turns off GPU when not in use.
+      # Experimental and only works on modern Nvidia GPUs (Turing or newer).
+      powerManagement.finegrained = false;
+
+      # Use the NVidia open source kernel module (not to be confused with the
+      # independent third-party "nouveau" open source driver).
+      # Support is limited to the Turing and later architectures. Full list of 
+      # supported GPUs is at: 
+      # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 
+      # Only available from driver 515.43.04+
+      open = false;
+
+      # Enable the Nvidia settings menu,
+      # accessible via `nvidia-settings`.
+      nvidiaSettings = true;
+
+      # Optionally, you may need to select the appropriate driver version for your specific GPU.
+      # package = config.boot.kernelPackages.nvidiaPackages.stable;
+      package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
+        version = "580.105.08";
+
+        # Update these hashes to whatever nix tells you to,
+        # and set them back to `lib.fakeHash` every time you
+        # change the version.
+        sha256_64bit = "sha256-2cboGIZy8+t03QTPpp3VhHn6HQFiyMKMjRdiV2MpNHU=";
+        openSha256 = "sha256-FGmMt3ShQrw4q6wsk8DSvm96ie5yELoDFYinSlGZcwQ=";
+        settingsSha256 = "sha256-YvzWO1U3am4Nt5cQ+b5IJ23yeWx5ud1HCu1U0KoojLY=";
+
+        # You can leave these unspecified
+        sha256_aarch64 = lib.fakeHash;
+        persistencedSha256 = lib.fakeHash;
+      };
+    };
+  };
+}

hosts/servers/poseidon/old/oci-containers/default.nix

@@ -0,0 +1,38 @@
+{config, pkgs, lib, ...}: 
+let
+  jellyfin = import ./jellyfin.nix;
+  torrents = import ./torrents.nix;
+  misc = import ./misc.nix;
+  synapse = import ./synapse.nix;
+  important = import ./important.nix;
+  games = import ./games.nix;
+  cont_list = lib.foldr lib.recursiveUpdate {} [
+    jellyfin
+    # torrents
+    # misc
+    # synapse
+    important
+    #games
+  ];
+in
+{
+  # Setup docker containers
+  virtualisation.oci-containers = {
+    backend = "docker";
+    containers = cont_list;
+  };
+  systemd.services."docker-network-forgejo" = {
+    serviceConfig.Type = "oneshot";
+    wantedBy = [
+      "docker-forgejo.service"
+      "docker-forgejo-db.service"
+    ];
+    before = [
+      "docker-forgejo.service"
+      "docker-forgejo-db.service"
+    ];
+    script = ''
+      ${pkgs.docker}/bin/docker network inspect forgejo > /dev/null 2>&1 || ${pkgs.docker}/bin/docker network create forgejo
+    '';
+  };
+}

hosts/servers/poseidon/old/oci-containers/games.nix

@@ -0,0 +1,24 @@
+{
+  crafty = {
+    image = "registry.gitlab.com/crafty-controller/crafty-4:latest";
+    environment = {
+      TZ = "America/Chicago";
+    };
+    ports = [
+      "8000:8000"
+      "8443:8443"
+      "19132:19132"
+      "25500-25600:25500-25600"
+    ];
+    extraOptions = [
+      "--user" "1000:1000"
+    ];
+    volumes = [
+      "/Velaris/Storage/Backups/Crafty/Arch-Crafty:/crafty/backups"
+      "/Velaris/Crafty/Servers:/crafty/servers"
+      "/Velaris/Docker/crafty/logs:/crafty/logs"
+      "/Velaris/Docker/crafty/config:/crafty/app/config"
+      "/Velaris/Docker/crafty/import:/crafty/import"
+    ];
+  };
+}

hosts/servers/poseidon/old/oci-containers/important.nix

@@ -0,0 +1,135 @@
+{
+  "vaultwarden" = {
+    image = "vaultwarden/server:latest";
+    ports = [
+      "83:80"
+    ];
+    volumes = [
+      "/Velaris/Docker/vaultwarden/data:/data"
+    ];
+    networks = [
+      "forgejo"
+    ];
+  };
+  "forgejo" = {
+    image = "codeberg.org/forgejo/forgejo:11";
+    ports = [
+      "3000:3000"
+      "222:22"
+    ];
+    environment = {
+      USER_UID = "1000";
+      USER_GID = "1000";
+      TZ = "America/Chicago";
+      FORGEJO__database__DB_TYPE = "postgres";
+      FORGEJO__database__HOST = "forgejodb:5432";
+      FORGEJO__database__NAME = "forgejo";
+      FORGEJO__database__USER = "forgejo";
+      FORGEJO__database__PASSWD = "forgejo";
+    };
+    volumes = [
+      "/Velaris/Docker/forgejo/forgejo:/data"
+      "/etc/timezone:/etc/timezone:ro"
+      "/etc/localtime:/etc/localtime:ro"
+    ];
+    dependsOn = [
+      "forgejo-db"
+    ];
+    networks = [
+      "forgejo"
+    ];
+  };
+  "forgejo-db" = {
+    image = "postgres:14";
+    hostname = "forgejodb";
+    environment = {
+      POSTGRES_USER = "forgejo";
+      POSTGRES_PASSWORD = "forgejo";
+      POSTGRES_DB = "forgejo";
+    };
+    volumes = [
+      "/Velaris/Docker/forgejo/postgres:/var/lib/postgresql/data"
+    ];
+    networks = [
+      "forgejo"
+    ];
+  };
+#   "homeassistant" = {
+#     image = "ghcr.io/home-assistant/home-assistant:stable";
+#     # extraOptions = [
+#     #   "--network=host"
+#     # ];
+#     ports = [
+#       "8123:8123"
+#       "21060-21069:21060-21069"
+#       "5353:5353/udp"
+#     ];
+#     volumes = [
+#       "/Velaris/Docker/homeassistant/config:/config"
+#       "/etc/localtime:/etc/localtime:ro"
+#     ];
+#     privileged = true;
+#   };
+#   "mqtt" = {
+#     image = "eclipse-mosquitto";
+#     ports = [
+#       "1883:1883"
+#     ];
+#     volumes = [
+#       "/Velaris/Docker/mqtt/mosquitto/config:/mosquitto/config"
+#       "/Velaris/Docker/mqtt/mosquitto/data:/mosquitto/data"
+#       "/Velaris/Docker/mqtt/mosquitto/log:/mosquitto/log"
+#     ];
+#   };
+#   "zwavejs2mqtt" = {
+#     image = "zwavejs/zwave-js-ui:latest";
+#     extraOptions = [
+#       "-t"
+#       "--stop-signal=SIGINT"
+#     ];
+#     ports = [
+#       "8091:8091"
+#       "3001:3000"
+#     ];
+#     environment = {
+#       ZWAVEJS_EXTERNAL_CONFIG = "/usr/src/app/store/.config-db";
+#       TZ = "America/Chicago";
+#     };
+#     devices = [
+#       "/dev/serial/by-id/usb-Silicon_Labs_HubZ_Smart_Home_Controller_90F0010D-if00-port0:/dev/zwave"
+#     ];
+#     volumes = [
+#       "/Velaris/Docker/zwave/config:/usr/src/app/store"
+#     ];
+#   };
+  # "pihole" = {
+  #   image = "pihole/pihole:latest";
+  #   environment = {
+  #     TZ = "America/Chicago";
+  #   };
+  #   ports = [
+  #     "10.5.0.2:53:53/tcp"
+  #     "10.5.0.2:53:53/udp"
+  #     "82:80/tcp"
+  #   ];
+  #   volumes = [
+  #     "/Velaris/Docker/pihole/etc-pihole:/etc/pihole"
+  #     "/Velaris/Docker/pihole/etc-dnsmasq.d:/etc/dnsmasq.d"
+  #   ];
+  # };
+  "nginx-proxy-manager" = {
+    image = "jc21/nginx-proxy-manager:latest";
+    ports = [
+      "80:80"
+      "81:81"
+      "443:443"
+    ];
+    volumes = [
+      "/Velaris/Docker/nginx-proxy/data:/data"
+      "/Velaris/Docker/nginx-proxy/letsencrypt:/etc/letsencrypt"
+    ];
+    networks = [
+      "forgejo"
+    ];
+  };
+}

hosts/servers/poseidon/old/oci-containers/jellyfin.nix

@@ -0,0 +1,50 @@
+{
+  "plex" = {
+    image = "lscr.io/linuxserver/plex:latest";
+    ports = [
+      "32400:32400/tcp"
+      #"1901:1900/udp"
+    ];
+    environment = {
+      PUID = "1000";
+      PGID = "1000";
+      VERSION = "docker";
+      NVIDIA_DRIVER_CAPABILITIES = "all";
+      NVIDIA_VISIBLE_DEVICES = "all";
+    };
+    # extraOptions = [ "--device" "nvidia.com/gpu=all" ];
+    # privileged = true;
+    # devices = [
+    #   "/dev/dri:/dev/dri"
+    # ];
+    volumes = [
+      "/Velaris/Docker/plex-conf:/config"
+      "/Velaris/Media:/mnt/Media"
+    ];
+  };
+  "jellyfin" = {
+    image = "lscr.io/linuxserver/jellyfin:latest";
+    ports = [
+      "8096:8096"
+      "8920:8920" #optional
+      "7359:7359/udp" #optional
+      #"1900:1900/udp" #optional
+    ];
+    environment = {
+      PUID = "1000";
+      PGID = "1000";
+      TZ = "America/Chicago";
+      JELLYFIN_PublishedServerUrl = "https://jelly.nyxerinys.dev";
+      NVIDIA_DRIVER_CAPABILITIES = "all";
+    };
+    # extraOptions = [ "--device" "nvidia.com/gpu=all" ];
+    # devices = [
+    #   "/dev/dri:/dev/dri"
+    # ];
+    volumes = [
+      "/Velaris/Docker/jellyfin-conf:/config"
+      "/Velaris/Media:/data"
+    ];
+
+  };
+}

hosts/servers/poseidon/old/oci-containers/misc.nix

@@ -0,0 +1,25 @@
+{
+  "open-webui" = {
+    image = "ghcr.io/open-webui/open-webui:main";
+    ports = [
+      "3002:8080/tcp"
+    ];
+    volumes = [
+      "/Velaris/Docker/ai/open-webui-conf:/app/backend/data"
+    ];
+  };
+  "ollama" = {
+    image = "ollama/ollama";
+    ports = [
+      "11434:11434/tcp"
+    ];
+    environment = {
+      NVIDIA_DRIVER_CAPABILITIES = "all";
+      NVIDIA_VISIBLE_DEVICES = "all";
+    };
+    extraOptions = [ "--device" "nvidia.com/gpu=all" ];
+    volumes = [
+      "/Velaris/Docker/ai/ollama-conf:/root/.ollama"
+    ];
+  };
+}

hosts/servers/poseidon/old/oci-containers/synapse.nix

@@ -0,0 +1,67 @@
+let
+  wg = "synapse-wireguard";
+in {
+  ${wg} = {
+    image = "lscr.io/linuxserver/wireguard:latest";
+    capabilities = {
+      NET_ADMIN = true;
+      SYS_MODULE = true;
+    };
+    ports = [
+      "5432:5432"
+    ];
+    environment = {
+      PUID = "1000";
+      PGID = "1000";
+      TZ = "America/Chicago";
+      LOG_CONFS = "true";
+    };
+    extraOptions = [
+      "--sysctl" "net.ipv4.conf.all.src_valid_mark=1"
+
+    ];
+    volumes = [
+      "/Velaris/Docker/synapse/wg-config:/config"
+      "/lib/modules:/lib/modules"
+    ];
+  };
+  "synapse" = {
+    image = "ghcr.io/element-hq/synapse:latest";
+    environment = {
+      SYNAPSE_SERVER_NAME = "nyxerinys.dev";
+      SYNAPSE_REPORT_STATS = "no";
+      SYNAPSE_CONFIG_DIR = "/data";
+      SYNAPSE_CONFIG_PATH = "/data/homeserver.yaml";
+      UID = "1000";
+      GID = "1000";
+      TZ = "America/Chicago";
+    };
+    extraOptions = [
+      "--network" "container:${wg}"
+    ];
+    volumes = [
+      "/Velaris/Docker/synapse/syn:/data"
+      "/Velaris/Synapse/media:/data/media_store"
+    ];
+    dependsOn = [
+      wg
+      "synapse-db"
+    ];
+  };
+  "synapse-db" = {
+    image = "postgres:16";
+    environment = {
+      POSTGRES_INITDB_ARGS = "'--encoding=UTF8', '--locale=C'";
+    };
+    extraOptions = [
+      "--network" "container:${wg}"
+      "--user" "1000:1000"
+    ];
+    volumes = [
+      "/Velaris/Synapse/post:/var/lib/postgresql/data"
+    ];
+    dependsOn = [
+      wg
+    ];
+  };
+}

hosts/servers/poseidon/old/oci-containers/torrents.nix

@@ -0,0 +1,158 @@
+let
+  wg = "torrent-wireguard";
+in {
+  ${wg} = {
+    image = "lscr.io/linuxserver/wireguard:latest";
+    capabilities = {
+      NET_ADMIN = true;
+      SYS_MODULE = true;
+    };
+    ports = [
+      "5000:5000"
+      "8080:8080"
+      "9696:9696"
+      "7878:7878"
+      "7979:8989"
+      "8787:8787" #optional
+    ];
+    environment = {
+      PUID = "1000";
+      PGID = "1000";
+      TZ = "America/Chicago";
+      LOG_CONFS = "true";
+    };
+    extraOptions = [
+      "--sysctl" "net.ipv4.conf.all.src_valid_mark=1"
+
+    ];
+    volumes = [
+      "/Velaris/Docker/torrents/wg:/config"
+      "/lib/modules:/lib/modules"
+    ];
+  };
+  "qbittorrent" = {
+    image = "lscr.io/linuxserver/qbittorrent:latest";
+    environment = {
+      PUID = "1000";
+      PGID = "1000";
+      TZ = "America/Chicago";
+      WEBUI_PORT = "8080";
+    };
+    extraOptions = [
+      "--network" "container:${wg}"
+    ];
+    volumes = [
+      "/Velaris/Docker/torrents/qbit/config:/config"
+      "/Velaris/Media/Downloads:/downloads"
+    ];
+    dependsOn = [
+      wg
+    ];
+  };
+  "prowlarr" = {
+    image = "lscr.io/linuxserver/prowlarr:latest";
+    environment = {
+      PUID = "1000";
+      PGID = "1000";
+      TZ = "America/Chicago";
+    };
+    extraOptions = [
+      "--network" "container:${wg}"
+    ];
+    volumes = [
+      "/Velaris/Docker/torrents/prowlarr/config:/config"
+    ];
+    dependsOn = [
+      wg
+    ];
+  };
+  "radarr" = {
+    image = "lscr.io/linuxserver/radarr:latest";
+    environment = {
+      PUID = "1000";
+      PGID = "1000";
+      TZ = "America/Chicago";
+    };
+    extraOptions = [
+      "--network" "container:${wg}"
+    ];
+    volumes = [
+      "/Velaris/Docker/torrents/radarr/config:/config"
+      "/Velaris/Media/Movies:/movies"
+      "/Velaris/Media/Downloads:/downloads"
+    ];
+    dependsOn = [
+      wg
+    ];
+  };
+  "sonarr" = {
+    image = "lscr.io/linuxserver/sonarr:latest";
+    environment = {
+      PUID = "1000";
+      PGID = "1000";
+      TZ = "America/Chicago";
+    };
+    extraOptions = [
+      "--network" "container:${wg}"
+    ];
+    volumes = [
+      "/Velaris/Docker/torrents/sonarr/config:/config"
+      "/Velaris/Media/TV:/tv"
+      "/Velaris/Media/Downloads:/downloads"
+    ];
+    dependsOn = [
+      wg
+    ];
+  };
+  "readarr" = {
+    image = "lscr.io/linuxserver/readarr:0.4.19-nightly";
+    environment = {
+      PUID = "1000";
+      PGID = "1000";
+      TZ = "America/Chicago";
+    };
+    extraOptions = [
+      "--network" "container:${wg}"
+    ];
+    volumes = [
+      "/Velaris/Docker/torrents/readarr/config:/config"
+      "/Velaris/Media/Books:/books"
+      "/Velaris/Media/Downloads:/downloads"
+    ];
+    dependsOn = [
+      wg
+    ];
+  };
+  "flaresolverr" = {
+    image = "ghcr.io/flaresolverr/flaresolverr:latest";
+    environment = {
+      LOG_LEVEL = "debug";
+      TZ = "America/Chicago";
+    };
+    extraOptions = [
+      "--network" "container:${wg}"
+    ];
+    dependsOn = [
+      wg
+    ];
+  };
+  "anonupdater" = {
+    image = "ubuntu:latest";
+    environment = {
+      PUID = "1000";
+      PGID = "1000";
+      TZ = "America/Chicago";
+    };
+    cmd = [ "bash" "-c" "/anon/entrypoint.sh; tail -f /dev/null" ];
+    extraOptions = [
+      "--network" "container:${wg}"
+    ];
+    volumes = [
+      "/Velaris/Docker/torrents/anon:/anon"
+      "/Velaris/Media/Downloads:/downloads"
+    ];
+    dependsOn = [
+      wg
+    ];
+  };
+}