Add chewbacca nixos config

.github/actions/setup-ansible/action.yaml

@@ -21,6 +21,7 @@ runs:
         b2_account_key: ci
         backblaze_homeassistant_key: ci
         backblaze_zigbee2mqtt_key: ci
+        chewbacca_ip_tailscale: ci
         domain: ci
         duckdns_domain: ci
         duckdns_token: ci
@@ -35,7 +36,6 @@ runs:
         letsencrypt_provider: ci
         mqtt_server: ci
         navidrome_api_token: ci
-        nixos_ip_tailscale: ci
         telegram_chatids: 0
         telegram_token: ci
         traefik_password: ci

group_vars/nixos.yaml → group_vars/chewbacca.yaml

@@ -1,6 +1,6 @@
 ---
 ansible_become: true
-ansible_become_password: "{{ nixos_become_password }}"
+ansible_become_password: "{{ chewbacca_become_password }}"
 podcasts:
   - title: Self-Hosted
     feedUrl: https://selfhosted.show/rss

group_vars/monitor.yaml

@@ -13,11 +13,11 @@ gatus_dns_endpoints:
   - name: "media.{{ domain }} (primary)"
     server: "{{ rpi3_ip_tailscale }}"
     query: "media.{{ domain }}"
-    body: "{{ nixos_ip }}"
+    body: "{{ chewbacca_ip }}"
   - name: "media.{{ domain }} (secondary)"
     server: "{{ rpi2_ip_tailscale }}"
     query: "media.{{ domain }}"
-    body: "{{ nixos_ip }}"
+    body: "{{ chewbacca_ip }}"
 gatus_healthcheck_endpoints:
   - name: Backup homeassistant
     uuid: "{{ healthchecks_backup_homeassistant_uuid }}"

group_vars/pihole1.yaml

@@ -11,8 +11,8 @@ gatus_icmp_endpoints:
     url: "{{ rpi2_ip }}"
   - name: RPi0
     url: "{{ rpi0_ip }}"
-  - name: Nixos
-    url: "{{ nixos_ip }}"
+  - name: Chewbacca
+    url: "{{ chewbacca_ip }}"
 gatus_dns_endpoints:
   - name: "{{ domain }} (secondary) "
     server: "{{ rpi2_ip }}"
@@ -21,6 +21,6 @@ gatus_dns_endpoints:
   - name: "media.{{ domain }} (secondary)"
     server: "{{ rpi2_ip }}"
     query: "media.{{ domain }}"
-    body: "{{ nixos_ip }}"
+    body: "{{ chewbacca_ip }}"
 gatus_healthcheck_endpoints: []
 gatus_tailscale_devices: []

hosts.ini

@@ -12,8 +12,8 @@ localhost ansible_connection=local
 [zigbee]
 192.168.1.180 ansible_ssh_user=serveradmin
 
-[nixos]
-192.168.1.106 ansible_ssh_user=manager
+[chewbacca]
+192.168.1.49 ansible_ssh_user=manager
 
 [monitor]
 oci0 ansible_ssh_user=ubuntu

main.yaml

@@ -121,8 +121,8 @@
       vars:
         tailscale_docker: false
 
-- name: Setup nixos
-  hosts: nixos
+- name: Setup chewbacca
+  hosts: chewbacca
   vars_files:
     - vars/vault.yaml
 

roles/gatus/templates/config.yaml.j2

@@ -86,7 +86,7 @@ endpoints:
 {% endfor %}
   - name: Audiobookshelf
     group: Services
-    url: "http://{{ nixos_ip_tailscale }}:13378/healthcheck"
+    url: "http://{{ chewbacca_ip_tailscale }}:13378/healthcheck"
     headers:
       Authorization: Bearer {{ audiobookshelf_api_token }}
     interval: 15m
@@ -96,7 +96,7 @@ endpoints:
       - type: telegram
   - name: Jellyfin
     group: Services
-    url: "http://{{ nixos_ip_tailscale }}:8096/System/Info"
+    url: "http://{{ chewbacca_ip_tailscale }}:8096/System/Info"
     headers:
       X-MediaBrowser-Token: {{ jellyfin_api_token }}
     interval: 15m
@@ -106,7 +106,7 @@ endpoints:
       - type: telegram
   - name: Navidrome
     group: Services
-    url: "http://{{ nixos_ip_tailscale }}:4533/rest/ping?{{ navidrome_api_token }}"
+    url: "http://{{ chewbacca_ip_tailscale }}:4533/rest/ping?{{ navidrome_api_token }}"
     interval: 15m
     conditions:
       - "[STATUS] == 200"

roles/homeassistant/files/config/switch/wol.yaml

@@ -1,8 +1,4 @@
 ---
-- platform: wake_on_lan
-  name: NixOS Media Server
-  mac: !secret nixos_media_server_mac
-  host: !secret nixos_media_server_host
 - platform: wake_on_lan
   name: QNAP NAS
   mac: !secret qnap_nas_mac

roles/homeassistant/templates/secrets.yaml.j2

@@ -1,8 +1,6 @@
 home_city: {{ address_city | default("0") }}
 home_street: {{ address_street | default("0") }}
 
-nixos_media_server_mac: {{ nixos_mac | default("0") }}
-nixos_media_server_host: {{ nixos_ip | default("0") }}
 qnap_nas_mac: {{ qnap_mac | default("0") }}
 qnap_nas_host: {{ qnap_ip | default("0") }}
 

roles/nixos/files/configuration.nix

@@ -13,30 +13,36 @@ in
       ./services/navidrome.nix
     ];
 
-  # Enable flakes
+  # Nix stuff
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 7d";
+  };
 
-  # Use the GRUB boot loader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/sda";
-  boot.supportedFilesystems = [ "ntfs" ];
+  # Bootloader
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
 
-  # Configure networking
-  networking.hostName = "asus-nixos";
+  # Networking
+  networking.hostName = "chewbacca";
   networking.networkmanager.enable = true;
-  networking.interfaces = {
-    enp4s0 = {
-      wakeOnLan = {
-        enable = true;
-      };
-    };
-  };
 
-  # Set your time zone.
+  # Time zone, keyboard, language
   time.timeZone = "Europe/Stockholm";
-
-  # Select internationalisation properties.
   i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "sv_SE.UTF-8";
+    LC_IDENTIFICATION = "sv_SE.UTF-8";
+    LC_MEASUREMENT = "sv_SE.UTF-8";
+    LC_MONETARY = "sv_SE.UTF-8";
+    LC_NAME = "sv_SE.UTF-8";
+    LC_NUMERIC = "sv_SE.UTF-8";
+    LC_PAPER = "sv_SE.UTF-8";
+    LC_TELEPHONE = "sv_SE.UTF-8";
+    LC_TIME = "sv_SE.UTF-8";
+  };
   console = {
     font = "Lat2-Terminus16";
     keyMap = "sv-latin1";
@@ -50,7 +56,7 @@ in
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.manager = {
     isNormalUser = true;
-    extraGroups = [ "wheel" "docker" "transmission" ];
+    extraGroups = [ "wheel" "networkmanager" "docker" "transmission" ];
   };
 
   # List packages installed in system profile.
@@ -63,11 +69,9 @@ in
     ffmpeg
     python3
     git
+    vim
   ];
 
-  # Add ~/.local/bin to PATH
-  environment.localBinInPath = true;
-
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
 
@@ -123,10 +127,6 @@ in
     openRPCPort = true;
   };
 
-  # Handle lid closing.
-  services.logind.lidSwitch = "ignore";
-  services.logind.lidSwitchDocked = "ignore";
-
   # Enable and configure the firewall.
   networking.firewall = {
     enable = true;
@@ -139,12 +139,6 @@ in
     allowedUDPPortRanges = [{ from = 32768; to = 60999; }];
   };
 
-  # Configure automatic garbage collection
-  nix.gc = {
-    automatic = true;
-    dates = "weekly";
-    options = "--delete-older-than 30d";
-  };
-
-  system.stateVersion = "22.11"; # Did you read the comment?
+  # Did you read the comment?
+  system.stateVersion = "23.11";
 }

roles/nixos/files/flake.nix

@@ -17,7 +17,7 @@
     in
     {
       nixosConfigurations = {
-        "nixos" = nixpkgs.lib.nixosSystem {
+        "chewbacca" = nixpkgs.lib.nixosSystem {
           inherit system;
           modules = [
             ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })

roles/nixos/files/hardware-configuration.nix

@@ -0,0 +1,43 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/641a1fcb-7ec8-4ccd-9b47-998ccc4b799a";
+      fsType = "btrfs";
+      options = [ "subvol=@" ];
+    };
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/DFEC-3669";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s13f0u1u1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

roles/nixos/files/home.nix

@@ -3,7 +3,7 @@
 {
   home.username = "manager";
   home.homeDirectory = "/home/manager";
-  home.stateVersion = "23.05";
+  home.stateVersion = "23.11";
 
   home.packages = with pkgs; [
     emacs-nox

roles/nixos/files/services/navidrome.nix

@@ -25,10 +25,10 @@ in
       image = "ghcr.io/simojenki/bonob:v0.6.11";
       ports = [ "${toString bonobPort}:${toString bonobPort}" ];
       environment = {
-        BNB_URL = "http://192.168.1.106:${toString bonobPort}";
+        BNB_URL = "http://192.168.1.49:${toString bonobPort}";
         BNB_SONOS_AUTO_REGISTER = "true";
         BNB_SONOS_DEVICE_DISCOVERY = "true";
-        BNB_SUBSONIC_URL = "http://192.168.1.106:${toString navidromePort}";
+        BNB_SUBSONIC_URL = "http://192.168.1.49:${toString navidromePort}";
       };
       extraOptions = [ "--network=host" ];
     };

roles/nixos/handlers/main.yaml

@@ -1,6 +1,6 @@
 ---
 - name: Rebuild nixos
   ansible.builtin.command:
-    cmd: nixos-rebuild switch --flake /etc/nixos#nixos
+    cmd: nixos-rebuild switch --flake /etc/nixos#chewbacca
   become: true
   changed_when: true

roles/nixos/tasks/main.yaml

@@ -13,6 +13,13 @@
     mode: "0640"
   notify: "Rebuild nixos"
 
+- name: Create hardware config
+  ansible.builtin.copy:
+    src: "files/hardware-configuration.nix"
+    dest: "/etc/nixos/hardware-configuration.nix"
+    mode: "0640"
+  notify: "Rebuild nixos"
+
 - name: Create home config
   ansible.builtin.copy:
     src: "files/home.nix"