mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sdf

Browse Source
This commit is contained in:
mjallen18
2024-03-27 13:18:44 -05:00
parent 0883053f0c
commit 083a73e052
3 changed files with 453 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/default.nix
View File

@@ -75,11 +75,15 @@ in {
fish.enable = lib.mkDefault true; fish.enable = lib.mkDefault true;
gnupg.agent = { gnupg.agent = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
<<<<<<< Updated upstream
<<<<<<< HEAD <<<<<<< HEAD
pinentryPackage = lib.mkForce pkgs.pinentry-qt; pinentryPackage = lib.mkForce pkgs.pinentry-qt;
======= =======
# pinentryPackage = pkgs.pinentry-curses; # pinentryPackage = pkgs.pinentry-curses;
>>>>>>> d18eaa1 (update default) >>>>>>> d18eaa1 (update default)
=======
# pinentryPackage = lib.mkForce pkgs.pinentry-qt;
>>>>>>> Stashed changes
enableSSHSupport = lib.mkDefault true; enableSSHSupport = lib.mkDefault true;
}; };
}; };

22
hosts/nas/configuration.nix
View File

@@ -8,7 +8,7 @@ let
password = password =
"$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06"; "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
hostname = "jallen-nas"; hostname = "jallen-nas";
allowedPorts = [ 2342 3493 61208 ]; allowedPorts = [ 2342 3493 61208 9090 ];
enableDisplayManager = false; enableDisplayManager = false;
in { in {
imports = [ # Include the results of the hardware scan. imports = [ # Include the results of the hardware scan.
@@ -16,6 +16,19 @@ in {
../default.nix ../default.nix
]; ];
# Cockpit
services.cockpit = {
enable = true;
port = 9090;
settings = {
WebService = {
AllowUnencrypted = true;
};
};
};
nas-apps = { nas-apps = {
jellyfin.enable = true; jellyfin.enable = true;
@@ -66,7 +79,7 @@ in {
sharePath = "/mnt/mainpool/isos"; sharePath = "/mnt/mainpool/isos";
}; };
TimeMachine = { TimeMachine = {
public = true; public = false;
sharePath = "/mnt/mainpool/TimeMachine"; sharePath = "/mnt/mainpool/TimeMachine";
enableTimeMachine = true; enableTimeMachine = true;
timeMachineMaxSize = "1T"; timeMachineMaxSize = "1T";
@@ -111,6 +124,8 @@ in {
# Services configs # Services configs
services = { services = {
udisks2.enable = true;
# Enable the X11 windowing system. # Enable the X11 windowing system.
xserver = { xserver = {
enable = enableDisplayManager; enable = enableDisplayManager;
@@ -292,6 +307,9 @@ in {
protonvpn-cli protonvpn-cli
protonmail-bridge protonmail-bridge
pass pass
cockpit
packagekit
gnome.gnome-packagekit
]; ];
}; };

429
hosts/nas/configuration.nix.save Normal file
View File

@@ -0,0 +1,429 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
let
user = "admin";
password =
"$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
hostname = "jallen-nas";
allowedPorts = [ 2342 3493 61208 ];
enableDisplayManager = false;
in {
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
../default.nix
];
# Cockpit
services.cockpit = {
enable = true;
port = 9090;
settings = {
WebService = {
AllowUnencrypted = true;
};
};
};
nas-apps = {
jellyfin.enable = true;
jellyseerr.enable = true;
sabnzbd.enable = true;
radarr.enable = true;
sonarr.enable = true;
collabora.enable = true;
mariadb.enable = true;
nextcloud = {
enable = true;
httpPort = "9980";
httpsPort = "9443";
};
orca-slicer.enable = true;
swag.enable = true;
};
nas-samba = {
enable = true;
hostsAllow = "10.0.1.";
enableTimeMachine = true;
timeMachinePath = "/mnt/mainpool/TimeMachine";
shares = {
"3d_printer" = {
public = true;
sharePath = "/mnt/mainpool/3d_printer";
};
Backup = {
public = true;
sharePath = "/mnt/mainpool/Backup";
};
Documents = {
public = true;
sharePath = "/mnt/mainpool/Documents";
};
isos = {
public = true;
sharePath = "/mnt/mainpool/isos";
};
TimeMachine = {
public = true;
sharePath = "/mnt/mainpool/TimeMachine";
enableTimeMachine = true;
timeMachineMaxSize = "1T";
};
};
};
share.hardware.nvidia = {
enable = true;
enableBeta = true;
nvidiaSettings = true;
enableNvidiaDocker = true;
};
# Configure bootloader with lanzaboot and secureboot
boot = {
loader = {
systemd-boot = {
enable = true;
configurationLimit = 5;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
# Override kernel to latest
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
kernelParams = [ "nohibernate" ];
consoleLogLevel = 3;
bootspec.enable = true;
supportedFilesystems = [ "zfs" ];
zfs.extraPools = [ "junk" ];
zfs.requestEncryptionCredentials = false;
};
# Services configs
services = {
# Enable the X11 windowing system.
xserver = {
enable = enableDisplayManager;
# Enable the Plasma 6 Desktop Environment.
displayManager = {
sddm.enable = enableDisplayManager;
#defaultSession = "plasma";
};
desktopManager.plasma5.enable = enableDisplayManager;
};
# Set to enable Flatpak
flatpak.enable = false;
# Enable RDP
xrdp = {
enable = enableDisplayManager;
defaultWindowManager = "startplasma-x11";
openFirewall = enableDisplayManager;
};
avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
extraServiceFiles = { # TODO is this needed?
smb = ''
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
'';
};
};
apcupsd = {
enable = true;
};
grafana = {
enable = true;
settings.server = {
http_port = 2342;
domain = hostname;
serve_from_sub_path = true;
http_addr = "";
};
dataDir = "/mnt/ssd/nix-app-data/grafana";
};
prometheus = {
enable = true;
port = 9001;
exporters = {
node = {
enable = true;
enabledCollectors = [ "diskstats" "systemd" ];
port = 9002;
};
smartctl = {
enable = true;
group = "disk";
devices = [
"/dev/sda"
"/dev/sdb"
"/dev/sdc"
"/dev/sdd"
"/dev/sde"
"/dev/sdf"
"/dev/sdg"
"/dev/sdh"
"/dev/sdi"
"/dev/nvme0n1"
"/dev/nvme1n1"
];
};
};
scrapeConfigs = [{
job_name = hostname;
static_configs = [{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
"127.0.0.1:${
toString config.services.prometheus.exporters.smartctl.port
}"
];
}];
}];
};
};
systemd.services = {
nas-mounts = {
path = [ pkgs.zfs pkgs.bash ];
script = ''
if test -d /mnt/ssd/ssd_app_data; then
echo "NAS ZFS Pools Mounted."
else
zpool import -f "MainPool"
zpool import -f "SSD"
zfs load-key -L file:///root/main-pool.key "MainPool"
zfs load-key -L file:///root/ssd.key "SSD"
zfs mount -a
echo "NAS ZFS Pools Mounted."
fi
'';
wantedBy = [ "multi-user.target" ];
};
glances-server = {
path = [ pkgs.bash pkgs.glances ];
script = ''
#!/user/bin/env bash
glances -w
'';
wantedBy = [ "multi-user.target" ];
};
};
# Networking configs enp7s0
networking = {
hostName = hostname;
hostId = "4b501480";
# Enable Network Manager
networkmanager.enable = true;
firewall = {
enable = true;
allowPing = true;
extraCommands =
"iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed?
allowedTCPPorts = allowedPorts;
allowedUDPPorts = allowedPorts;
};
};
# Configure environment
environment = {
etc."nut/upsd.conf".source = ./upsd.conf;
etc."nut/upsd.users".source = ./upsd.users;
etc."nut/upsmon.conf".source = ./upsmon.conf;
# List packages installed in system profile. To search, run:
# $ nix search wget
systemPackages = with pkgs; [
vim
wget
nano
efibootmgr
sbctl
pciutils
vulkan-tools
clinfo
glances
python3
nix-ld
binutils
gcc
cmake
ffmpeg
ninja
nodejs-18_x
nut
protonvpn-cli
protonmail-bridge
pass
];
};
# Configure programs
programs = {
fish.enable = true;
virt-manager.enable = true;
nix-ld.enable = true;
};
power.ups = {
enable = true;
mode = "netserver";
ups."nasups" = {
driver = "usbhid-ups";
port = "auto";
description = "NAS UPS";
};
};
# Configure nixpkgs
nixpkgs = {
config = {
# Enable non free
allowUnfree = true;
permittedInsecurePackages = [
# ...
];
};
};
# Define a user account. Don't forget to set a password with passwd.
users = {
# See https://search.nixos.org/options?channel=unstable&show=users.mutableUsers&from=0&size=50&sort=relevance&type=packages&query=users.users
mutableUsers = false;
groups.jallen-nas.gid = 1000; # create nas group cause truenas perms
# Admin account
users."${user}" = {
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"docker"
"podman"
"libvirtd"
"nas-apps"
"jallen-nas"
]; # Enable sudo for the user.
initialHashedPassword = password;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
# macBook
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
# desktop windows
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
# desktop nixos
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
];
packages = with pkgs; [
neofetch
git
parted
aspell
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
aha
papirus-icon-theme
firefox
];
};
# Nix app account
users.nix-apps = {
isSystemUser = true;
uid = 911;
group = "jallen-nas";
extraGroups = [ "jallen-nas" ]; # Enable sudo for the user.
hashedPassword = password;
};
groups.nut.name = "nut";
users.upsuser = {
group = "nut";
isNormalUser = false;
isSystemUser = true;
createHome = true;
home = "/var/lib/nut";
hashedPassword = password;
};
};
# Virtualisation
virtualisation = {
docker = {
enable = true;
enableOnBoot = true;
};
libvirtd.enable = true;
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}