restructure hosts

hosts/nixos/snowbelle/configuration.nix

@@ -0,0 +1,145 @@
+{ config, lib, stable_pkgs, unstable_pkgs, ... }:
+
+let
+  pkgs = stable_pkgs.x86_64;
+  unstable = unstable_pkgs.x86_64;
+in
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ../../../hosts
+      ../../../users/blake
+      ../../../modules/system
+      ../../../modules/holocron
+      ../../../modules/homelab
+      ../../../modules/homelab/minecraft_recpro
+    ];
+
+  system = {
+    ssh.enable = true;
+    backups.enable = true;
+    backups.repo = "/holocron/archives/servers/snowbelle";
+    sops.enable = true;
+    podman.enable = true;
+    yubikey.enable = true;
+    syncthing.enable = true;
+    tailscale.enable = true;
+    nvidia.enable = true;
+  };
+  holocron = {
+    copyparty.enable = true;
+    ensure_perms.enable = true;
+    zfs.enable = true;
+    smb.enable = true;
+    nfs.enable = true;
+  };
+  homelab = {
+    enable = true;
+    motd.enable = true;
+    gitea.enable = true;
+    glance.enable = true;
+    immich.enable = true;
+    hass.enable = true;
+    jellyfin.enable = true;
+    audiobookshelf.enable = true;
+    yacreader.enable = true;
+    qbittorrent.enable = true;
+    sonarr.enable = true;
+    radarr.enable = true;
+    bazarr.enable = true;
+    prowlarr.enable = true;
+    flaresolverr.enable = true;
+    zigbee2mqtt.enable = true;
+    mosquitto.enable = true;
+    caddy.enable = true;
+    uptime-kuma.enable = true;
+    vaultwarden.enable = true;
+  };
+  gameservers = {
+    minecraft_recpro.enable = true;
+  };
+
+  # boot (systemd is going on me)
+  boot.loader.systemd-boot.enable = true;   # systemd your pretty cool ya know
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.initrd.systemd.enable = true;  # better logging
+
+  # setup hostname and networking stack
+  services.resolved = {
+    enable = true;
+    fallbackDns = [ "1.1.1.1" "9.9.9.9" ];
+    dnsovertls = "opportunistic";
+  };
+  networking = {
+    hostName = "snowbelle"; # hostname
+    hostId = "3e6e7055";    # zfs wants this
+    networkmanager = {
+      enable = true;  # the goat
+      dns = "systemd-resolved"; # the backup dancer!
+      ensureProfiles.profiles = {
+        vpn = {
+          ethernet.mac-address = "7a:e4:07:8d:22:76";
+          connection.type = "vlan";
+          connection.id = "vpn";
+          connection.interface-name = "enp89s0.69";   # or just "vpn-vlan"
+          vlan.interface-name = "enp89s0.69";   # or just "vpn-vlan"
+          vlan.parent = "enp89s0";
+          vlan.id = 69;
+          #ipv4.dns = "9.9.9.9";
+        };
+      };
+    };
+  };
+
+  
+
+  hardware.bluetooth.enable = true;
+
+
+
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [
+    80      # set - http
+    111     # set - portmapper for nfs
+    139     # set - smb
+    443     # set - https
+    445     # set - cifs
+    1198
+    1883    # set - mqtt
+    2049    # set - nfs
+    2222    # srv - syncthing
+    7100    # srv - jellyfin
+    7101    # srv - audiobookshelf
+    7102    # srv - yacreader
+    7103    # srv - qbittorrent
+    7104    # srv - prowlarr
+    7105    # srv - bazarr
+    7106    # srv - sonarr
+    7107    # srv - radarr
+    7120    # srv - flaresolverr
+    5701    # srv - archivebox
+    7502    # srv - kiwix
+    7567    # srv - gitea ssh
+    7700    # srv - glance
+    7701    # srv - vaultwarden
+    7702    # srv - immich
+    7703    # srv - gitea
+    7704    # srv - hass
+    7705    # srv - zigbee2mqtt
+    7901    # srv - uptime kuma
+    7902    # srv - copyparty
+    25777   # srv - minecraft
+    25565   #        ^  ^  ^
+    25566   #        |  |  |
+    25567   #        |  |  |
+  ];
+
+  networking.firewall.allowedUDPPorts = [ 51820 ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = true;
+
+  system.stateVersion = "25.05"; # Did you read the comment?
+
+}
+

hosts/nixos/snowbelle/hardware-configuration.nix

@@ -0,0 +1,52 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "ahci" "nvme" "uas" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/8bc3b53e-804f-44d5-8da3-9913dda0e5c2";
+      fsType = "btrfs";
+      options = [ "subvol=@root" ];
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/8bc3b53e-804f-44d5-8da3-9913dda0e5c2";
+      fsType = "btrfs";
+      options = [ "subvol=@nix" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/8bc3b53e-804f-44d5-8da3-9913dda0e5c2";
+      fsType = "btrfs";
+      options = [ "subvol=@home" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/4CD7-D44A";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp89s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}