Hosts/thor (#153)

* hosts/thor: initial thor server

* secrets: add root_thor publicKeys

* services/audiobookshelf: add audiobookshelf services

Author: EdenEast

.github/workflows/build-nixos.yml

@@ -43,6 +43,24 @@ jobs:
         name: edeneast
     - name: Build rize
       run: nix build --accept-flake-config --print-out-paths --show-trace .#nixosConfigurations.rize.config.system.build.toplevel
+  build-thor:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Free Disk Space (Ubuntu)
+      uses: jlumbroso/free-disk-space@main
+    - name: Checkout
+      uses: actions/checkout@v6
+      with:
+        fetch-depth: 1
+    - name: Install Nix
+      uses: DeterminateSystems/nix-installer-action@main
+    - name: Cachix
+      uses: cachix/cachix-action@master
+      with:
+        authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+        name: edeneast
+    - name: Build thor
+      run: nix build --accept-flake-config --print-out-paths --show-trace .#nixosConfigurations.thor.config.system.build.toplevel
   build-wrath:
     runs-on: ubuntu-latest
     steps:

flake.lock

@@ -0,0 +1,43 @@
+{
+  inputs,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./hardware.nix
+    ./secrets.nix
+  ];
+
+  # Base system definitions
+  networking.hostName = "thor";
+  system.stateVersion = "25.11";
+
+  time.timeZone = "America/Toronto";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  my = {
+    nixos = {
+      base = {
+        enable = true;
+        editor = inputs.nvim-config.packages.${pkgs.stdenv.hostPlatform.system}.stable;
+      };
+
+      profiles = {
+        keymap.enable = true;
+      };
+
+      services = {
+        audiobookshelf = {
+          enable = true;
+          tailscale.enable = true;
+        };
+        tailscale.enable = true;
+      };
+    };
+
+    users.eden = {
+      password = "$6$nF.UDyrpHmh6M$yKCw56auQ7Dm1FfvmQg6y3Y59mWsoiHJyAYhqF9e8nKjfeKwUoFocwHhogKUTq.A3hVe9S.smv7u1NLV/yPTd0";
+      enable = true;
+    };
+  };
+}

hosts/thor/configuration.nix

@@ -0,0 +1,38 @@
+{
+  disko.devices = {
+    disk = {
+      main = {
+        type = "disk";
+        device = "/dev/disk/by-id/ata-M4-CT128M4SSD2_000000001224090D56BE";
+        content = {
+          type = "gpt";
+          partitions = {
+            boot = {
+              size = "1M";
+              type = "EF02"; # for grub MBR
+              priority = 1;
+            };
+            ESP = {
+              size = "512M";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = ["umask=0077"];
+              };
+            };
+            root = {
+              size = "100%";
+              content = {
+                type = "filesystem";
+                format = "ext4";
+                mountpoint = "/";
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/thor/disko.nix

@@ -0,0 +1,41 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    ./disko.nix
+  ];
+
+  boot = {
+    supportedFilesystems = ["btrfs"];
+    initrd = {
+      availableKernelModules = ["nvme" "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
+      kernelModules = [];
+    };
+    kernelModules = [];
+    extraModulePackages = [];
+
+    # Bootloader. As this computer is an OLD computer we need to use grub
+    loader.grub = {
+      enable = true;
+      devices = lib.mkForce ["/dev/disk/by-id/ata-M4-CT128M4SSD2_000000001224090D56BE"];
+    };
+  };
+
+  environment.systemPackages = [pkgs.btrfs-progs];
+  fileSystems."/data" = {
+    device = "/dev/disk/by-label/data";
+    fsType = "btrfs";
+  };
+
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/thor/hardware.nix

@@ -0,0 +1,26 @@
+# Wrath
+
+## Overview
+
+Old desktop server
+
+---
+
+## Specs
+
+| Component   | Details                        |
+| ----------- | ------------------------------ |
+| **Model**   | Custom ATX Desktop             |
+| **CPU**     | Intel i7-3770s @ 3.10GHz       |
+| **RAM**     | 16GB                           |
+| **Storage** | 128GB SSD, 2x 1TB HDD          |
+
+---
+
+## Filesystems
+
+### `/` (Root)
+
+- **Format**: Ext4.
+
+---

hosts/thor/readme.md

@@ -0,0 +1,5 @@
+_: {
+  age.secrets = {
+    tailscaleAuthKey.file = ../../secrets/tailscale-auth.age;
+  };
+}

hosts/thor/secrets.nix

@@ -13,7 +13,7 @@
     assertions = [
       {
         assertion = config.my.disko.installDrive != "";
-        message = "config.myDisko.installDrive cannot be empty.";
+        message = "config.my.disko.installDrive cannot be empty.";
       }
     ];
 

modules/disko/btrfs-subvolumes/default.nix

@@ -7,6 +7,11 @@
 }: {
   options.my.nixos.base = {
     enable = lib.mkEnableOption "base system configuration";
+    editor = lib.mkOption {
+      type = lib.types.package;
+      description = "Default editor package";
+      default = pkgs.neovim;
+    };
   };
 
   config = lib.mkIf config.my.nixos.base.enable {
@@ -26,7 +31,7 @@
         libnotify
         lm_sensors
         vim
-        neovim
+        config.my.nixos.base.editor
       ];
 
       variables = {
@@ -54,6 +59,13 @@
       git.enable = true;
       nh.enable = true;
       ssh.knownHosts = config.my.snippets.ssh.knownHosts;
+
+      nix-index-database.comma.enable = true;
+      nix-index = {
+        enable = true;
+        enableFishIntegration = true;
+        enableZshIntegration = true;
+      };
     };
 
     networking.networkmanager.enable = true;

modules/nixos/base/default.nix

@@ -0,0 +1,66 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.my.nixos.services.audiobookshelf;
+in {
+  options.my.nixos.services.audiobookshelf = {
+    enable = lib.mkEnableOption "Enable the audiobookshelf service";
+
+    port = lib.mkOption {
+      description = "The TCP port Audiobookshelf will listen on.";
+      default = 8000;
+      type = lib.types.port;
+    };
+
+    tailscale = {
+      enable = lib.mkOption {
+        description = "Enable tailscale service";
+        default = false;
+        type = lib.types.bool;
+      };
+
+      name = lib.mkOption {
+        description = "Name of the audiobookshelf service";
+        default = "audiobookshelf";
+        type = lib.types.str;
+      };
+    };
+  };
+
+  config = lib.mkIf config.my.nixos.services.audiobookshelf.enable {
+    services = {
+      audiobookshelf = {
+        enable = true;
+        port = 8555;
+        openFirewall = true;
+      };
+
+      # TODO: https://github.com/tailscale/tailscale/issues/18381
+      # tailscale.serve.services.${cfg.tailscale.name}.https."443" = "https://localhost:${toString cfg.port}";
+    };
+
+    systemd.services.audiobookshelf-tailscale-serve = lib.mkIf cfg.tailscale.enable {
+      description = "Tailscale Service proxy for Audiobookshelf";
+      wantedBy = ["multi-user.target"];
+      after = [
+        "audiobookshelf.service"
+        "tailscaled.service"
+      ];
+
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = true;
+
+        ExecStart = "${pkgs.tailscale}/bin/tailscale serve \
+            --service=svc:${cfg.tailscale.name} \
+            --https=443 \
+            http://localhost:${toString cfg.port}";
+        ExecStop = "${pkgs.tailscale}/bin/tailscale serve clear \
+            svc:${cfg.tailscale.name}";
+      };
+    };
+  };
+}