Restructure deployment naming scheme

The deployments now get their names from the NATO phonetic alphabet.
Deployment sites get greek letters as names, though don't need to be in
order.

Author: inverted-tree

flake.lock

@@ -1,23 +1,34 @@
+# .    _                    ___ _
+#  ___|_|_ _    ___ ___ ___|  _|_|___
+# |   | |_|_|  |  _| . |   |  _| | . |
+# |_|_|_|_|_|  |___|___|_|_|_| |_|_  |
+# .                              |___|
+# ──────────────────────────────────────────────────────────────────────────────
+# A central flake for deploying all nix-based systems across multiple sites.
+
 {
-  description = "This flake manages all my nix machines.";
+  description = "Central flake for managing all nix deployments.";
 
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
     sops-nix.url = "github:Mic92/sops-nix";
     nix-minecraft.url = "github:Infinidoge/nix-minecraft";
   };
 
-  outputs =
-    inputs@{ self, nixpkgs, ... }:
+  outputs = inputs@{ self, nixpkgs, ... }:
     let
       system = "x86_64-linux";
       pkgs = nixpkgs.legacyPackages.${system};
-    in
-    {
+    in {
       # The itx server hosting most of my homelab.
       nixosConfigurations.itxserver = nixpkgs.lib.nixosSystem {
         specialArgs = { inherit inputs; };
         modules = [ ./hosts/itxserver/configuration.nix ];
       };
+
+      nixosConfigurations.alfa = nixpkgs.lib.nixosSystem {
+        specialArgs = { inherit inputs; };
+        modules = [ ./hosts/s-alfa/default.nix ];
+      };
     };
 }

flake.nix

@@ -0,0 +1,40 @@
+# .                                       _   _
+#  ___ ___ _____ _____ ___ ___    ___ ___| |_|_|___ ___ ___
+# |  _| . |     |     | . |   |  | . | . |  _| | . |   |_ -|
+# |___|___|_|_|_|_|_|_|___|_|_|  |___|  _| | |_|___|_|_|___|
+# .                                  |_| |__|
+# ──────────────────────────────────────────────────────────────────────────────
+# Defines options that are common across all host systems, be that servers or
+#   clients.
+
+{ pkgs, ... }: {
+  # This is the default locale for any machine
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  # Common nix settings that apply to all machines
+  nix = {
+    settings = {
+      experimental-features = [ "nix-command" "flakes" ];
+      auto-optimise-store = true;
+    };
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+    };
+  };
+
+  # Basic packages that are nice to have on any machine with any user
+  environment.systemPackages = with pkgs; [
+    bat
+    btop
+    curl
+    fastfetch
+    git
+    nixfmt
+    tmux
+    tree
+    vim
+    wget
+  ];
+}

hosts/common.nix

@@ -0,0 +1,169 @@
+# .                               _ ___
+#  ___ ___ ___ _ _ ___ ___     __| |  _| __
+# |_ -| -_|  _| | | -_|  _|   |. | |  _||. |
+# |___|___|_|  \_/|___|_|    |___|_|_| |___|
+# ──────────────────────────────────────────────────────────────────────────────
+# Defines the configuration for the central server ''alfa''. This server hosts
+#   all the containerized services and holds all the data.
+
+{ config, lib, pkgs, ... }@args:
+let inherit (args) inputs;
+in {
+  imports = [
+    # The hardware-dependent options:
+    ./hardware.nix
+    # Common settings thath apply to all machines:
+    ../common.nix
+    # Deployment-site specific options:
+    ../../sites/theta.nix
+    # The users for this system:
+    ../../users/lukas.nix
+    ../../users/docker.nix
+    # The custom modules:
+    ../../modules/containers/atuin.nix
+    ../../modules/containers/stump.nix
+    ../../modules/containers/homeassistant.nix
+    ../../modules/containers/plex.nix
+    ../../modules/containers/freshrss.nix
+    ../../modules/other/minecraft-server.nix
+    # Any third-party modules or flakes:
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  sops = {
+    defaultSopsFormat = "dotenv";
+    age.keyFile = "/home/lukas/.config/sops/age/keys.txt";
+    secrets.syncthing-user = {
+      sopsFile = ../../secrets/syncthing.env.enc;
+      key = "user";
+    };
+    secrets.syncthing-password = {
+      sopsFile = ../../secrets/syncthing.env.enc;
+      key = "password";
+    };
+  };
+
+  boot = {
+    loader.grub = {
+      enable = true;
+      zfsSupport = true;
+      efiSupport = true;
+      efiInstallAsRemovable = true;
+      mirroredBoots = [{
+        devices = [ "nodev" ];
+        path = "/boot";
+      }];
+    };
+    zfs.extraPools = [ "zpool" ];
+  };
+
+  networking = {
+    hostName = "alfa";
+    hostId = "1A0B35B6";
+    networkmanager = {
+      enable = true;
+      unmanaged = [ "eno1" ];
+    };
+    useDHCP = false;
+    interfaces = {
+      eno1.ipv4.addresses = [{
+        address = "10.0.0.10";
+        prefixLength = 24;
+      }];
+    };
+    defaultGateway = { interface = "eno1"; };
+    nameservers = [ "1.1.1.1" "1.0.0.1" "100.100.100.100" ];
+    firewall = {
+      allowedTCPPorts = [
+        8123 # Home assistant web GUI
+        8000
+        8888
+        32400 # Plex web GUI
+        8384 # Syncthing web GUI
+        22000 # Syncthing traffic
+      ];
+      allowedUDPPorts = [
+        22000 # Syncthing traffic
+        21027 # Syncthing discovery
+      ];
+    };
+    search = [ "tabby-crocodile.ts.net" ];
+  };
+
+  console = {
+    font = "Lat2-Terminus16";
+    useXkbConfig = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    compose2nix
+    gcc
+    gnumake
+    sops
+    tailscale
+  ];
+
+  services = {
+    zfs = {
+      autoScrub.enable = true;
+      autoSnapshot.enable = true;
+    };
+    openssh = {
+      enable = true;
+      ports = [ 22 ];
+      settings = {
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+        PermitRootLogin = "no";
+        AllowUsers = [ "lukas" ];
+      };
+    };
+    fail2ban = { enable = true; };
+    envfs.enable = true;
+    tailscale.enable = true;
+    syncthing = {
+      enable = true;
+      group = "syncthing";
+      user = "lukas";
+      dataDir = "/home/lukas/sync";
+      configDir = "/home/lukas/.config/syncthing";
+      overrideDevices = true;
+      overrideFolders = true;
+      settings = {
+        gui = {
+          user = config.sops.secrets.syncthing-user;
+          password = config.sops.secrets.syncthing-password;
+          address = "0.0.0.0:8384";
+        };
+        devices = {
+          "MacBook-Pro" = {
+            id =
+              "GZAKPGB-BBVIY5T-2D3EY22-YYMGT5L-R3MNHGX-GYWNRWR-TG4BUMW-BQMBBAU";
+          };
+        };
+        folders = {
+          "Mobile Backups" = {
+            path = "/data/backups/lukas/phone";
+            devices = [ "MacBook-Pro" ];
+          };
+          "Documents" = {
+            path = "/data/backups/lukas/documents";
+            devices = [ "MacBook-Pro" ];
+          };
+          "Picture Archive" = {
+            path = "/data/pictures/lukas/archive";
+            devices = [ "MacBook-Pro" ];
+          };
+        };
+      };
+    };
+  };
+
+  programs = {
+    zsh.enable = true;
+    neovim.enable = true;
+    neovim.defaultEditor = true;
+  };
+
+  system.stateVersion = "25.05";
+}

hosts/s-alfa/default.nix

@@ -0,0 +1,65 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "nvme"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "zpool/root";
+    fsType = "zfs";
+  };
+
+  fileSystems."/nix" = {
+    device = "zpool/nix";
+    fsType = "zfs";
+  };
+
+  fileSystems."/var" = {
+    device = "zpool/var";
+    fsType = "zfs";
+  };
+
+  fileSystems."/home" = {
+    device = "zpool/home";
+    fsType = "zfs";
+  };
+
+  fileSystems."/srv" = {
+    device = "zpool/srv";
+    fsType = "zfs";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/8BFB-9BC1";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/62f8f557-bc44-4545-8ac5-4f633ebb63a5"; }
+  ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/s-alfa/hardware.nix

@@ -0,0 +1,14 @@
+# .    _ _          _   _       _
+#  ___|_| |_ ___   | |_| |_ ___| |_  __
+# |_ -| |  _| -_|  |  _|   | -_|  _||. |
+# |___|_| | |___|  | | |_|_|___| | |___|
+# .     |__|       |__|        |__|
+# ──────────────────────────────────────────────────────────────────────────────
+# Deployment site theta. This nix expression sets all site-related options.
+
+{ ... }: {
+  time.timeZone = "Europe/Berlin";
+
+  networking = { defaultGateway = { address = "10.0.0.1"; }; };
+}
+