diff --git a/hosts/default.nix b/hosts/default.nix index 5b25616..8cc0e6b 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -75,11 +75,15 @@ in { fish.enable = lib.mkDefault true; gnupg.agent = { enable = lib.mkDefault true; +<<<<<<< Updated upstream <<<<<<< HEAD pinentryPackage = lib.mkForce pkgs.pinentry-qt; ======= # pinentryPackage = pkgs.pinentry-curses; >>>>>>> d18eaa1 (update default) +======= +# pinentryPackage = lib.mkForce pkgs.pinentry-qt; +>>>>>>> Stashed changes enableSSHSupport = lib.mkDefault true; }; }; diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index 474d2f8..8094fe7 100644 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -8,7 +8,7 @@ let password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06"; hostname = "jallen-nas"; - allowedPorts = [ 2342 3493 61208 ]; + allowedPorts = [ 2342 3493 61208 9090 ]; enableDisplayManager = false; in { imports = [ # Include the results of the hardware scan. @@ -16,6 +16,19 @@ in { ../default.nix ]; + # Cockpit + services.cockpit = { + enable = true; + port = 9090; + settings = { + WebService = { + AllowUnencrypted = true; + }; + }; + }; + + + nas-apps = { jellyfin.enable = true; @@ -66,7 +79,7 @@ in { sharePath = "/mnt/mainpool/isos"; }; TimeMachine = { - public = true; + public = false; sharePath = "/mnt/mainpool/TimeMachine"; enableTimeMachine = true; timeMachineMaxSize = "1T"; @@ -111,6 +124,8 @@ in { # Services configs services = { + udisks2.enable = true; + # Enable the X11 windowing system. xserver = { enable = enableDisplayManager; @@ -292,6 +307,9 @@ in { protonvpn-cli protonmail-bridge pass + cockpit + packagekit + gnome.gnome-packagekit ]; }; diff --git a/hosts/nas/configuration.nix.save b/hosts/nas/configuration.nix.save new file mode 100644 index 0000000..3baf80d --- /dev/null +++ b/hosts/nas/configuration.nix.save @@ -0,0 +1,429 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: +let + user = "admin"; + password = + "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06"; + hostname = "jallen-nas"; + allowedPorts = [ 2342 3493 61208 ]; + enableDisplayManager = false; +in { + imports = [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ../default.nix + ]; + + # Cockpit + services.cockpit = { + enable = true; + port = 9090; + settings = { + WebService = { + AllowUnencrypted = true; + }; + }; + }; + + + nas-apps = { + jellyfin.enable = true; + + jellyseerr.enable = true; + + sabnzbd.enable = true; + + radarr.enable = true; + + sonarr.enable = true; + + collabora.enable = true; + + mariadb.enable = true; + + nextcloud = { + enable = true; + httpPort = "9980"; + httpsPort = "9443"; + }; + + orca-slicer.enable = true; + + swag.enable = true; + }; + + nas-samba = { + enable = true; + hostsAllow = "10.0.1."; + enableTimeMachine = true; + timeMachinePath = "/mnt/mainpool/TimeMachine"; + + shares = { + "3d_printer" = { + public = true; + sharePath = "/mnt/mainpool/3d_printer"; + }; + Backup = { + public = true; + sharePath = "/mnt/mainpool/Backup"; + }; + Documents = { + public = true; + sharePath = "/mnt/mainpool/Documents"; + }; + isos = { + public = true; + sharePath = "/mnt/mainpool/isos"; + }; + TimeMachine = { + public = true; + sharePath = "/mnt/mainpool/TimeMachine"; + enableTimeMachine = true; + timeMachineMaxSize = "1T"; + }; + }; + }; + + share.hardware.nvidia = { + enable = true; + enableBeta = true; + nvidiaSettings = true; + enableNvidiaDocker = true; + }; + + # Configure bootloader with lanzaboot and secureboot + boot = { + loader = { + systemd-boot = { + enable = true; + configurationLimit = 5; + }; + + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; + + # Override kernel to latest + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + + kernelParams = [ "nohibernate" ]; + + consoleLogLevel = 3; + bootspec.enable = true; + + supportedFilesystems = [ "zfs" ]; + + zfs.extraPools = [ "junk" ]; + zfs.requestEncryptionCredentials = false; + }; + + # Services configs + services = { + # Enable the X11 windowing system. + xserver = { + enable = enableDisplayManager; + + # Enable the Plasma 6 Desktop Environment. + displayManager = { + sddm.enable = enableDisplayManager; + #defaultSession = "plasma"; + }; + desktopManager.plasma5.enable = enableDisplayManager; + }; + + # Set to enable Flatpak + flatpak.enable = false; + + # Enable RDP + xrdp = { + enable = enableDisplayManager; + defaultWindowManager = "startplasma-x11"; + openFirewall = enableDisplayManager; + }; + + avahi = { + enable = true; + nssmdns = true; + publish = { + enable = true; + addresses = true; + domain = true; + hinfo = true; + userServices = true; + workstation = true; + }; + extraServiceFiles = { # TODO is this needed? + smb = '' + + + + %h + + _smb._tcp + 445 + + + ''; + }; + }; + + apcupsd = { + enable = true; + }; + + grafana = { + enable = true; + settings.server = { + http_port = 2342; + domain = hostname; + serve_from_sub_path = true; + http_addr = ""; + }; + dataDir = "/mnt/ssd/nix-app-data/grafana"; + }; + + prometheus = { + enable = true; + port = 9001; + exporters = { + node = { + enable = true; + enabledCollectors = [ "diskstats" "systemd" ]; + port = 9002; + }; + smartctl = { + enable = true; + group = "disk"; + devices = [ + "/dev/sda" + "/dev/sdb" + "/dev/sdc" + "/dev/sdd" + "/dev/sde" + "/dev/sdf" + "/dev/sdg" + "/dev/sdh" + "/dev/sdi" + "/dev/nvme0n1" + "/dev/nvme1n1" + ]; + }; + }; + + scrapeConfigs = [{ + job_name = hostname; + static_configs = [{ + targets = [ + "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" + "127.0.0.1:${ + toString config.services.prometheus.exporters.smartctl.port + }" + ]; + }]; + }]; + }; + }; + + systemd.services = { + nas-mounts = { + path = [ pkgs.zfs pkgs.bash ]; + script = '' + if test -d /mnt/ssd/ssd_app_data; then + echo "NAS ZFS Pools Mounted." + else + zpool import -f "MainPool" + zpool import -f "SSD" + zfs load-key -L file:///root/main-pool.key "MainPool" + zfs load-key -L file:///root/ssd.key "SSD" + zfs mount -a + echo "NAS ZFS Pools Mounted." + fi + ''; + wantedBy = [ "multi-user.target" ]; + }; + + glances-server = { + path = [ pkgs.bash pkgs.glances ]; + script = '' + #!/user/bin/env bash + glances -w + ''; + wantedBy = [ "multi-user.target" ]; + }; + }; + + # Networking configs enp7s0 + networking = { + hostName = hostname; + + hostId = "4b501480"; + + # Enable Network Manager + networkmanager.enable = true; + + firewall = { + enable = true; + allowPing = true; + extraCommands = + "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed? + allowedTCPPorts = allowedPorts; + allowedUDPPorts = allowedPorts; + }; + }; + + # Configure environment + environment = { + etc."nut/upsd.conf".source = ./upsd.conf; + etc."nut/upsd.users".source = ./upsd.users; + etc."nut/upsmon.conf".source = ./upsmon.conf; + # List packages installed in system profile. To search, run: + # $ nix search wget + systemPackages = with pkgs; [ + vim + wget + nano + efibootmgr + sbctl + pciutils + vulkan-tools + clinfo + glances + python3 + nix-ld + binutils + gcc + cmake + ffmpeg + ninja + nodejs-18_x + nut + protonvpn-cli + protonmail-bridge + pass + ]; + }; + + # Configure programs + programs = { + fish.enable = true; + virt-manager.enable = true; + nix-ld.enable = true; + }; + + power.ups = { + enable = true; + mode = "netserver"; + ups."nasups" = { + driver = "usbhid-ups"; + port = "auto"; + description = "NAS UPS"; + }; + }; + + # Configure nixpkgs + nixpkgs = { + config = { + # Enable non free + allowUnfree = true; + + permittedInsecurePackages = [ + # ... + ]; + }; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users = { + # See https://search.nixos.org/options?channel=unstable&show=users.mutableUsers&from=0&size=50&sort=relevance&type=packages&query=users.users + mutableUsers = false; + groups.jallen-nas.gid = 1000; # create nas group cause truenas perms + + # Admin account + users."${user}" = { + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "docker" + "podman" + "libvirtd" + "nas-apps" + "jallen-nas" + ]; # Enable ‘sudo’ for the user. + initialHashedPassword = password; + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ + # macBook + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local" + # desktop windows + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC" + # desktop nixos + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos" + ]; + packages = with pkgs; [ + neofetch + git + parted + aspell + aspellDicts.en + aspellDicts.en-computers + aspellDicts.en-science + aha + papirus-icon-theme + firefox + ]; + }; + + # Nix app account + users.nix-apps = { + isSystemUser = true; + uid = 911; + group = "jallen-nas"; + extraGroups = [ "jallen-nas" ]; # Enable ‘sudo’ for the user. + hashedPassword = password; + }; + + groups.nut.name = "nut"; + users.upsuser = { + group = "nut"; + isNormalUser = false; + isSystemUser = true; + createHome = true; + home = "/var/lib/nut"; + hashedPassword = password; + }; + }; + + # Virtualisation + virtualisation = { + docker = { + enable = true; + enableOnBoot = true; + }; + + libvirtd.enable = true; + }; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? + +}