homeserver i guess

hosts/beatrice/configuration.nix

@@ -44,6 +44,9 @@
       };
     };
   };
+  environment.systemPackages = [
+    pkgs.jdk17_headless
+  ];
 
   system.stateVersion = "25.05"; # Did you read the comment?
 }

hosts/overlord/configuration.nix

@@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    ./disko.nix
+    ../../modules/nixos/networking/ssh.nix
+    ../../modules/nixos/users/tulg.nix
+    ../../modules/servers/common.nix
+    ../../modules/servers/per-host/overlord/nixarr.nix
+  ];
+
+  networking.hostName = "overlord";
+  system.stateVersion = "25.05";
+}

hosts/overlord/disko.nix

@@ -1,16 +1,15 @@
 {
   disko.devices = {
     disk = {
-      main = {
+      nixos = {
         type = "disk";
-        device = "/dev/sda";
+        device = "/dev/nvme0n1";
         content = {
           type = "gpt";
           partitions = {
             boot = {
               size = "1M";
-              type = "EF02";
-              priority = 1;
+              type = "EF02"; # for grub MBR
             };
             ESP = {
               size = "512M";

hosts/overlord/hardware-configuration.nix

@@ -0,0 +1,32 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "sd_mod"];
+  boot.initrd.kernelModules = ["dm-snapshot"];
+  boot.kernelModules = ["kvm-amd"];
+  boot.extraModulePackages = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp8s0.useDHCP = lib.mkDefault true;
+  fileSystems."/mnt/2tbhdd" = {
+    device = "/dev/disk/by-uuid/29c2878a-6b8b-4719-addc-ed57dd647d7b";
+    fsType = "ext4";
+  };
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/pirate/configuration.nix

@@ -1,35 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: {
-  imports = [
-    ./hardware-configuration.nix
-    ./disko.nix
-    ./nixarr.nix
-    ../../modules/nixos/networking/ssh.nix
-    ../../modules/nixos/users/tulg.nix
-  ];
-
-  networking.hostName = "pirate";
-  environment.systemPackages = with pkgs; [
-    nano
-    fastfetch
-    kitty
-  ];
-  services.openssh = {
-    settings = {
-      AllowTcpForwarding = true;
-      X11Forwarding = true;
-      GatewayPorts = "yes";
-    };
-  };
-  programs.bash.interactiveShellInit = ''
-    PS1="\[\e[38;5;177m\]\u\[\e[0m\]@\[\e[38;5;220m\]\h\[\e[0m\] \[\e[38;5;33m\]\w\[\e[0m\] \$ "
-  '';
-
-  nixpkgs.config.allowUnfree = true;
-  nix.settings.experimental-features = ["nix-command" "flakes"];
-  system.stateVersion = "25.05";
-}

hosts/pirate/hardware-configuration.nix

@@ -1,17 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
-  boot.loader.grub = {
-    enable = true;
-    efiSupport = true;
-  };
-  networking.useDHCP = lib.mkDefault true;
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}

hosts/pirate/nixarr.nix

@@ -1,65 +0,0 @@
-{
-  nixarr = {
-    enable = true;
-    # These two values are also the default, but you can set them to whatever
-    # else you want
-    # WARNING: Do _not_ set them to `/home/user/whatever`, it will not work!
-    mediaDir = "/data/media";
-    stateDir = "/data/media/.state/nixarr";
-
-    vpn = {
-      enable = false;
-      # WARNING: This file must _not_ be in the config git directory
-      # You can usually get this wireguard file from your VPN provider
-      wgConf = "/data/.secret/wg.conf";
-    };
-
-    jellyfin = {
-      enable = true;
-      # These options set up a nginx HTTPS reverse proxy, so you can access
-      # Jellyfin on your domain with HTTPS
-      expose.https = {
-        enable = true;
-        domainName = "your.domain.com";
-        acmeMail = "your@email.com"; # Required for ACME-bot
-      };
-    };
-
-    qbittorrent = {
-      enable = true;
-      #peerPort = 50000; # Set this to the port forwarded by your VPN
-      webuiPort = 5252; # Port for the qui WebUI (default)
-      openFirewall = true;
-
-      # Disable DHT/PeX for private trackers (optional)
-      # privateTrackers.disableDhtPex = true;
-
-      # Extra qBittorrent configuration (optional)
-      # See: https://github.com/qbittorrent/qBittorrent/wiki/Explanation-of-Options-in-qBittorrent
-      extraConfig = {
-        BitTorrent = {
-          "Session\\MaxActiveDownloads" = 3;
-          "Session\\MaxActiveTorrents" = 5;
-        };
-      };
-    };
-    prowlarr = {
-      enable = true;
-      openFirewall = true;
-
-      settings-sync.enable-nixarr-apps = true;
-
-      # Define tags for organizing indexers
-    };
-
-    # It is possible for this module to run the *Arrs through a VPN, but it
-    # is generally not recommended, as it can cause rate-limiting issues.
-    bazarr.enable = false;
-    lidarr.enable = false;
-    #prowlarr.enable = true;
-    radarr.enable = false;
-    sonarr.enable = false;
-  };
-  services.prowlarr.settings.auth.required = "DisabledForLocalAddresses";
-  networking.firewall.allowedTCPPorts = [6881];
-}