Adds glassbox host

flake.nix

@@ -72,6 +72,7 @@
           x86_64-live = mkNixos "x86_64" [./nixos/hosts/x86_64-live.nix];
           aarch64-live = mkNixos "aarch64" [./nixos/hosts/aarch64-live.nix];
 
+          glassbox = mkNixos "x86_64" [./nixos/hosts/glassbox.nix];
           nixbox = mkNixos "x86_64" [./nixos/hosts/nixbox.nix];
           thinkpad = mkNixos "x86_64" [./nixos/hosts/thinkpad.nix];
           voyager = mkNixos "aarch64" [./nixos/hosts/voyager];

nixos/hosts/glassbox.nix

@@ -0,0 +1,57 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    ../profiles/hyprland.nix
+    ../profiles/default.nix
+    ../users/willem/home/linux.nix
+    ../modules/zerotier.nix
+  ];
+
+  boot.initrd.availableKernelModules = ["vmd" "xhci_pci" "nvme" "ahci" "usbhid" "usb_storage" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = ["kvm-intel"];
+  boot.extraModulePackages = [];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  hardware.opengl.driSupport = true;
+  hardware.opengl.enable = true;
+
+  hardware.nvidia = {
+    modesetting.enable = true;
+    powerManagement.enable = false;
+    powerManagement.finegrained = false;
+    open = false;
+    nvidiaSettings = true;
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/4e9a4d87-4b00-413b-84c0-62e737a012a9";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/1641-A38E";
+    fsType = "vfat";
+  };
+
+  swapDevices = [];
+
+  networking.hostName = "glassbox";
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

nixos/hosts/nixbox.nix

@@ -6,159 +6,202 @@
   ...
 }: let
   torrent_group_id = 987;
-in {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-    ../profiles/hyprland.nix
-    ../profiles/default.nix
-    ../users/willem/home/linux.nix
-    ../modules/zerotier.nix
-  ];
+in
+  {
+    imports = [
+      (modulesPath + "/installer/scan/not-detected.nix")
+      ../profiles/hyprland.nix
+      ../profiles/default.nix
+      ../users/willem/home/linux.nix
+      ../modules/zerotier.nix
+    ];
 
-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["amdgpu"];
-  boot.extraModulePackages = [];
+    boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
+    boot.initrd.kernelModules = [];
+    boot.kernelModules = ["amdgpu"];
+    boot.extraModulePackages = [];
 
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
 
-  boot.supportedFilesystems = ["zfs"];
-  boot.zfs.forceImportRoot = false;
-  networking.hostId = "06818aaa";
+    boot.supportedFilesystems = ["zfs"];
+    boot.zfs.forceImportRoot = false;
+    networking.hostId = "06818aaa";
 
-  hardware.opengl.driSupport = true;
-  hardware.opengl.enable = true;
+    hardware.opengl.driSupport = true;
+    hardware.opengl.enable = true;
 
-  hardware.opengl.extraPackages = with pkgs; [
-    amdvlk
-  ];
+    hardware.opengl.extraPackages = with pkgs; [
+      amdvlk
+    ];
 
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/24855432-019b-43d9-9b83-9135b9dc31a6";
-    fsType = "ext4";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/F2E9-F515";
-    fsType = "vfat";
-  };
-
-  boot.zfs.extraPools = ["zpool"];
-
-  swapDevices = [{device = "/dev/disk/by-uuid/36bb51f0-f56d-4408-b61c-7905789a7304";}];
-
-  environment.systemPackages = [pkgs.zfs];
-
-  services.zfs.autoScrub.enable = true;
-
-  services.jellyfin.enable = true;
-
-  users.groups.torrent.gid = torrent_group_id;
-
-  services.transmission = {
-    enable = false;
-
-    package = pkgs.transmission_4;
-
-    group = "torrent";
-
-    settings = rec {
-      download-dir = "/zpool/media/torrents";
-      incomplete-dir = "/zpool/media/torrents/.incomplete";
-      incomplete-dir-enabled = true;
-      peer-port = 51413;
-      rpc-enabled = true;
-      rpc-bind-address = "0.0.0.0";
-      rpc-whitelist-enabled = false;
-      rpc-whitelist = "10.1.2.*,127.0.0.*";
-      rpc-host-whitelist-enabled = false;
+    fileSystems."/" = {
+      device = "/dev/disk/by-uuid/24855432-019b-43d9-9b83-9135b9dc31a6";
+      fsType = "ext4";
     };
-  };
 
-  networking.nftables.enable = true;
-  networking.nftables.flushRuleset = true;
+    fileSystems."/boot" = {
+      device = "/dev/disk/by-uuid/F2E9-F515";
+      fsType = "vfat";
+    };
 
-  networking.nftables.tables."nixos-fw".content = lib.mkForce "";
+    boot.zfs.extraPools = ["zpool"];
 
-  networking.nftables.ruleset = ''
-    table inet filter {
-      chain input {
-        type filter hook input priority 0;
+    swapDevices = [{device = "/dev/disk/by-uuid/36bb51f0-f56d-4408-b61c-7905789a7304";}];
 
-        # accept all localhost and zerotier traffic
-        iifname lo accept
-        iifname "zt*" accept
+    environment.systemPackages = [pkgs.zfs];
 
-        # accept traffic sent by us
-        ct state {established, related} accept
+    services.zfs.autoScrub.enable = true;
 
-        # ICMP
-        # routers may also want: mld-listener-query, nd-router-solicit
-        ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept
+    services.jellyfin.enable = true;
 
-        # allow "ping"
-        ip protocol icmp icmp type echo-request accept
+    users.groups.torrent.gid = torrent_group_id;
 
-        # jellyfin
-        tcp dport 8096 accept
-        tcp dport 8920 accept
-        udp dport 1900 accept
-        udp dport 7359 accept
+    services.transmission = {
+      enable = false;
 
-        # transmission web ui
-        tcp dport 9091 accept
+      package = pkgs.transmission_4;
 
-        # zerotier
-        udp dport 9993 accept
-        tcp dport 9993 accept
+      group = "torrent";
 
-        # ssh
-        tcp dport 22 accept
+      settings = rec {
+        download-dir = "/zpool/media/torrents";
+        incomplete-dir = "/zpool/media/torrents/.incomplete";
+        incomplete-dir-enabled = true;
+        peer-port = 51413;
+        rpc-enabled = true;
+        rpc-bind-address = "0.0.0.0";
+        rpc-whitelist-enabled = false;
+        rpc-whitelist = "10.1.2.*,127.0.0.*";
+        rpc-host-whitelist-enabled = false;
+      };
+    };
 
-        iifname "tun0" tcp dport 51413 accept
-        iifname "tun0" udp dport 51413 accept
+    networking.nftables.enable = true;
+    networking.nftables.flushRuleset = true;
 
-        iifname {lo, "zt*"} tcp dport 9091 accept
+    networking.nftables.tables."nixos-fw".content = lib.mkForce "";
 
-        iifname "tun0" skgid ${toString torrent_group_id} accept
+    networking.nftables.ruleset = ''
+      table inet filter {
+        chain input {
+          type filter hook input priority 0;
 
-        # drop all other packets
-        counter drop
-        #accept
+          # accept all localhost and zerotier traffic
+          iifname lo accept
+          iifname "zt*" accept
+
+          # accept traffic sent by us
+          ct state {established, related} accept
+
+          # ICMP
+          # routers may also want: mld-listener-query, nd-router-solicit
+          ip protocol icmp icmp type { destination-unreachable, router-advertisement, time-exceeded, parameter-problem } accept
+
+          # allow "ping"
+          ip protocol icmp icmp type echo-request accept
+
+          # jellyfin
+          tcp dport 8096 accept
+          tcp dport 8920 accept
+          udp dport 1900 accept
+          udp dport 7359 accept
+
+          # transmission web ui
+          tcp dport 9091 accept
+
+          # zerotier
+          udp dport 9993 accept
+          tcp dport 9993 accept
+
+          # ssh
+          tcp dport 22 accept
+
+          iifname "tun0" tcp dport 51413 accept
+          iifname "tun0" udp dport 51413 accept
+
+          iifname {lo, "zt*"} tcp dport 9091 accept
+
+          iifname "tun0" skgid ${toString torrent_group_id} accept
+
+          # drop all other packets
+          counter drop
+          #accept
+        }
+
+        chain output {
+          type filter hook output priority 0;
+
+          tcp dport 53 accept
+          udp dport 53 accept
+
+          oifname {"lo", "zt*"} tcp sport 9091 accept
+
+          skgid ${toString torrent_group_id} oifname != "tun0" counter drop
+
+          # zerotier
+          oifname "zt*" accept
+          udp dport 9993 accept
+          tcp dport 9993 accept
+
+          accept
+        }
+
+        chain forward {
+          type filter hook forward priority 0;
+
+          accept
+        }
       }
+    '';
 
-      chain output {
-        type filter hook output priority 0;
+    networking.useDHCP = lib.mkDefault true;
 
-        tcp dport 53 accept
-        udp dport 53 accept
+    networking.hostName = "nixbox";
 
-        oifname {"lo", "zt*"} tcp sport 9091 accept
+    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+    powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
+    hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  }
+  # Do not modify this file!  It was generated by ‘nixos-generate-config’
+  # and may be overwritten by future invocations.  Please make changes
+  # to /etc/nixos/configuration.nix instead.
+  {
+    config,
+    lib,
+    pkgs,
+    modulesPath,
+    ...
+  }: {
+    imports = [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
 
-        skgid ${toString torrent_group_id} oifname != "tun0" counter drop
+    boot.initrd.availableKernelModules = ["vmd" "xhci_pci" "nvme" "ahci" "usbhid" "usb_storage" "sd_mod"];
+    boot.initrd.kernelModules = [];
+    boot.kernelModules = ["kvm-intel"];
+    boot.extraModulePackages = [];
 
-        # zerotier
-        oifname "zt*" accept
-        udp dport 9993 accept
-        tcp dport 9993 accept
+    fileSystems."/" = {
+      device = "/dev/disk/by-uuid/4e9a4d87-4b00-413b-84c0-62e737a012a9";
+      fsType = "ext4";
+    };
 
-        accept
-      }
+    fileSystems."/boot" = {
+      device = "/dev/disk/by-uuid/1641-A38E";
+      fsType = "vfat";
+    };
 
-      chain forward {
-        type filter hook forward priority 0;
+    swapDevices = [];
 
-        accept
-      }
-    }
-  '';
+    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+    # (the default) this is the recommended approach. When using systemd-networkd it's
+    # still possible to use this option, but it's recommended to use it in conjunction
+    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+    networking.useDHCP = lib.mkDefault true;
+    # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
+    # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
 
-  networking.useDHCP = lib.mkDefault true;
-
-  networking.hostName = "nixbox";
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
-  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
+    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+    hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  }