add svalbard system as nas; xp11 becomes server

nix/deployments/nixops.nix

@@ -27,4 +27,12 @@
     deployment.targetHost = "192.168.1.65";
     imports = [ ../system/xps11/configuration.nix ];
   };
+
+  nas = {
+    deployment.targetHost = "192.168.1.168";
+    imports = [ ../system/svalbard/configuration.nix ];
+    networking.wireless.networks.N904.pskRaw = (
+      (import ../system/framework/keys.nix).wifi.N904.pskRaw
+    );
+  };
 }

nix/system/framework/keys.nix

@@ -7,4 +7,10 @@
     cert = if builtins.pathExists "/home/haak/dotfiles/secrets/syncthing/cert.pem" then "/home/haak/dotfiles/secrets/syncthing/cert.pem" else null;
     key = if builtins.pathExists "/home/haak/dotfiles/secrets/syncthing/key.pem" then "/home/haak/dotfiles/secrets/syncthing/key.pem" else null;
   };
+
+  wifi = {
+    N904 = {
+      pskRaw = if builtins.pathExists "/home/haak/dotfiles/secrets/wifi/n904/pskRaw.txt" then builtins.readFile "/home/haak/dotfiles/secrets/wifi/n904/pskRaw.txt" else null;
+    };
+  };
 }

nix/system/svalbard/README.md

@@ -0,0 +1,15 @@
+To set up ZFS on the spinning discs, followed steps derived from these sources (but without encryption):
+* https://ipetkov.dev/blog/installing-nixos-and-zfs-on-my-desktop/
+* https://cheat.readthedocs.io/en/latest/nixos/zfs_install.html
+
+```
+# DISK=<disk from /dev/disk/by-id>
+# POOL=<a name for the pool>
+# zpool create "${POOL}" $DISK
+# zfs create -o compression=on -o mountpoint=legacy "${POOL}/main"
+```
+
+then added the ZFS filesystem to `hardware-configuration.nix` (use the zfs
+created label as the device) and rebooted.
+
+Don't forget to `chown` the mounted system so that non-root can read/write there.

nix/system/svalbard/configuration.nix

@@ -0,0 +1,91 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ../common/users.nix
+    ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  boot.supportedFilesystems = [ "zfs" ];
+
+  networking.hostName = "svalbard"; # Define your hostname.
+  networking.hostId = "f9e8e9e8";
+  networking.wireless = {
+    enable = true; # Enables wireless support via wpa_supplicant.
+  };
+
+  services.zfs.trim.enable = true;
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Enable networking
+  # networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "America/Los_Angeles";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.utf8";
+
+  # Configure keymap in X11
+  services.xserver = {
+    layout = "us";
+    xkbVariant = "";
+  };
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    git
+    mullvad-vpn
+    rtorrent
+    tmux
+    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+  services.mullvad-vpn.enable = true;
+  networking.wireguard.enable = true;
+  networking.firewall.checkReversePath = "loose";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.05"; # Did you read the comment?
+
+}

nix/system/svalbard/hardware-configuration.nix

@@ -0,0 +1,49 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/0fdb799e-9740-4a8b-a0cd-9c2e81a761f8";
+      fsType = "ext4";
+    };
+
+  fileSystems."/storage" =
+    {
+      device = "storage-pool/main";
+      fsType = "zfs";
+    };
+
+  fileSystems."/boot/efi" =
+    {
+      device = "/dev/disk/by-uuid/5099-A753";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [{ device = "/dev/disk/by-uuid/0b031bb5-5a36-4190-b4a9-e2b53c61d2b5"; }];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  # high-resolution display
+  hardware.video.hidpi.enable = lib.mkDefault true;
+}

secrets

@@ -1 +1 @@
-Subproject commit 7feda1637d1281de7ca480937ee7e61975142812
+Subproject commit 23d8dd43d0a92e32fb9776b07b6574c492a7dc2b