restructure hosts

hosts/nixos/snowbelle/configuration.nix

@@ -0,0 +1,145 @@
+{ config, lib, stable_pkgs, unstable_pkgs, ... }:
+
+let
+  pkgs = stable_pkgs.x86_64;
+  unstable = unstable_pkgs.x86_64;
+in
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ../../../hosts
+      ../../../users/blake
+      ../../../modules/system
+      ../../../modules/holocron
+      ../../../modules/homelab
+      ../../../modules/homelab/minecraft_recpro
+    ];
+
+  system = {
+    ssh.enable = true;
+    backups.enable = true;
+    backups.repo = "/holocron/archives/servers/snowbelle";
+    sops.enable = true;
+    podman.enable = true;
+    yubikey.enable = true;
+    syncthing.enable = true;
+    tailscale.enable = true;
+    nvidia.enable = true;
+  };
+  holocron = {
+    copyparty.enable = true;
+    ensure_perms.enable = true;
+    zfs.enable = true;
+    smb.enable = true;
+    nfs.enable = true;
+  };
+  homelab = {
+    enable = true;
+    motd.enable = true;
+    gitea.enable = true;
+    glance.enable = true;
+    immich.enable = true;
+    hass.enable = true;
+    jellyfin.enable = true;
+    audiobookshelf.enable = true;
+    yacreader.enable = true;
+    qbittorrent.enable = true;
+    sonarr.enable = true;
+    radarr.enable = true;
+    bazarr.enable = true;
+    prowlarr.enable = true;
+    flaresolverr.enable = true;
+    zigbee2mqtt.enable = true;
+    mosquitto.enable = true;
+    caddy.enable = true;
+    uptime-kuma.enable = true;
+    vaultwarden.enable = true;
+  };
+  gameservers = {
+    minecraft_recpro.enable = true;
+  };
+
+  # boot (systemd is going on me)
+  boot.loader.systemd-boot.enable = true;   # systemd your pretty cool ya know
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.initrd.systemd.enable = true;  # better logging
+
+  # setup hostname and networking stack
+  services.resolved = {
+    enable = true;
+    fallbackDns = [ "1.1.1.1" "9.9.9.9" ];
+    dnsovertls = "opportunistic";
+  };
+  networking = {
+    hostName = "snowbelle"; # hostname
+    hostId = "3e6e7055";    # zfs wants this
+    networkmanager = {
+      enable = true;  # the goat
+      dns = "systemd-resolved"; # the backup dancer!
+      ensureProfiles.profiles = {
+        vpn = {
+          ethernet.mac-address = "7a:e4:07:8d:22:76";
+          connection.type = "vlan";
+          connection.id = "vpn";
+          connection.interface-name = "enp89s0.69";   # or just "vpn-vlan"
+          vlan.interface-name = "enp89s0.69";   # or just "vpn-vlan"
+          vlan.parent = "enp89s0";
+          vlan.id = 69;
+          #ipv4.dns = "9.9.9.9";
+        };
+      };
+    };
+  };
+
+  
+
+  hardware.bluetooth.enable = true;
+
+
+
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [
+    80      # set - http
+    111     # set - portmapper for nfs
+    139     # set - smb
+    443     # set - https
+    445     # set - cifs
+    1198
+    1883    # set - mqtt
+    2049    # set - nfs
+    2222    # srv - syncthing
+    7100    # srv - jellyfin
+    7101    # srv - audiobookshelf
+    7102    # srv - yacreader
+    7103    # srv - qbittorrent
+    7104    # srv - prowlarr
+    7105    # srv - bazarr
+    7106    # srv - sonarr
+    7107    # srv - radarr
+    7120    # srv - flaresolverr
+    5701    # srv - archivebox
+    7502    # srv - kiwix
+    7567    # srv - gitea ssh
+    7700    # srv - glance
+    7701    # srv - vaultwarden
+    7702    # srv - immich
+    7703    # srv - gitea
+    7704    # srv - hass
+    7705    # srv - zigbee2mqtt
+    7901    # srv - uptime kuma
+    7902    # srv - copyparty
+    25777   # srv - minecraft
+    25565   #        ^  ^  ^
+    25566   #        |  |  |
+    25567   #        |  |  |
+  ];
+
+  networking.firewall.allowedUDPPorts = [ 51820 ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = true;
+
+  system.stateVersion = "25.05"; # Did you read the comment?
+
+}
+