From 1331e69b58c1fa29c73de3ed6c5a5b795e7de343 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Thu, 29 Jan 2026 19:15:22 -0600 Subject: [PATCH] idk shits so fucked lol --- lib/module/default.nix | 4 +- modules/nixos/nix/default.nix | 2 +- modules/nixos/services/attic/default.nix | 4 + .../nixos/services/dispatcharr/default.nix | 10 +- modules/nixos/services/lubelogger/default.nix | 6 +- modules/nixos/services/manyfold/default.nix | 2 +- modules/nixos/services/ntfy/default.nix | 2 +- modules/nixos/services/traefik/default.nix | 2 +- modules/nixos/services/unmanic/default.nix | 7 +- packages/raspberrypi/linux-rpi/default.nix | 6 +- secrets/nas_pool.key | 52 +++ .../aarch64-darwin/macbook-pro/default.nix | 8 +- .../macbook-pro-nixos/default.nix | 16 +- systems/aarch64-linux/pi5/default.nix | 16 +- systems/x86_64-linux/jallen-nas/apps.nix | 15 +- systems/x86_64-linux/jallen-nas/default.nix | 144 +++++-- systems/x86_64-linux/jallen-nas/nas-pool.nix | 383 ++++++++++++++++++ systems/x86_64-linux/jallen-nas/services.nix | 2 +- systems/x86_64-linux/matt-nixos/default.nix | 16 +- 19 files changed, 619 insertions(+), 78 deletions(-) create mode 100644 secrets/nas_pool.key create mode 100644 systems/x86_64-linux/jallen-nas/nas-pool.nix diff --git a/lib/module/default.nix b/lib/module/default.nix index 701afb7..cd409d0 100644 --- a/lib/module/default.nix +++ b/lib/module/default.nix @@ -69,7 +69,7 @@ rec { }; systemd.services.${serviceName} = { - requires = [ "media-nas-main.mount" ]; + requires = [ "media-nas-main-appdata.mount" ]; }; services = { @@ -106,7 +106,7 @@ rec { port = mkOpt types.int 80 "Port for ${name} to be hosted on"; - configDir = mkOpt types.str "/media/nas/main/nix-app-data" "Path to the config dir"; + configDir = mkOpt types.str "/media/nas/main/appdata" "Path to the config dir"; dataDir = mkOpt types.str "/media/nas/main" "Path to the data dir"; diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix index 6626885..d95b7da 100644 --- a/modules/nixos/nix/default.nix +++ b/modules/nixos/nix/default.nix @@ -7,7 +7,7 @@ { nix = { settings = { - extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; + # extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; substituters = [ "https://cache.mjallen.dev/nas-cache" "https://nixos-apple-silicon.cachix.org" diff --git a/modules/nixos/services/attic/default.nix b/modules/nixos/services/attic/default.nix index 1553a6a..119fa3a 100644 --- a/modules/nixos/services/attic/default.nix +++ b/modules/nixos/services/attic/default.nix @@ -20,6 +20,10 @@ let environmentFile = cfg.environmentFile; settings = { listen = "${cfg.listenAddress}:${toString cfg.port}"; + storage = { + type = "local"; + path = "${cfg.configDir}/atticd"; + }; }; }; diff --git a/modules/nixos/services/dispatcharr/default.nix b/modules/nixos/services/dispatcharr/default.nix index e66af58..ed9fa53 100644 --- a/modules/nixos/services/dispatcharr/default.nix +++ b/modules/nixos/services/dispatcharr/default.nix @@ -28,12 +28,12 @@ let "${toString cfg.port}:9191" ]; environment = { - DISPATCHARR_LOG_LEVEL = "DEBUG"; + # DISPATCHARR_LOG_LEVEL = "DEBUG"; DISPATCHARR_ENV = "aio"; - DJANGO_SECRET_KEY = "123456"; - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; + # DJANGO_SECRET_KEY = "123456"; + # PUID = cfg.puid; + # PGID = cfg.pgid; + # TZ = cfg.timeZone; }; }; }; diff --git a/modules/nixos/services/lubelogger/default.nix b/modules/nixos/services/lubelogger/default.nix index 3349b7c..e59fe3f 100644 --- a/modules/nixos/services/lubelogger/default.nix +++ b/modules/nixos/services/lubelogger/default.nix @@ -23,9 +23,9 @@ let "${cfg.configDir}/lubelogger:/App/data" "${cfg.configDir}/lubelogger/keys:/root/.aspnet/DataProtection-Keys" ]; - environmentFiles = [ - "${cfg.configDir}/lubelogger/lubelogger.env" - ]; + # environmentFiles = [ + # "${cfg.configDir}/lubelogger/lubelogger.env" + # ]; environment = { PUID = toString config.users.users.nix-apps.uid; PGID = toString config.users.groups.jallen-nas.gid; diff --git a/modules/nixos/services/manyfold/default.nix b/modules/nixos/services/manyfold/default.nix index 6963cdc..f0eef1e 100755 --- a/modules/nixos/services/manyfold/default.nix +++ b/modules/nixos/services/manyfold/default.nix @@ -29,7 +29,7 @@ let ]; volumes = [ "${cfg.configDir}/manyfold:/config" - "${cfg.dataDir}/3d_printer:/libraries" + "${cfg.dataDir}/documents/3d-models:/libraries" ]; environment = { PUID = cfg.puid; diff --git a/modules/nixos/services/ntfy/default.nix b/modules/nixos/services/ntfy/default.nix index 68d8689..1d800f9 100644 --- a/modules/nixos/services/ntfy/default.nix +++ b/modules/nixos/services/ntfy/default.nix @@ -22,7 +22,7 @@ let enable-login = true; listen-http = ":${toString cfg.port}"; cache-file = "${cfg.configDir}/ntfy/cache.db"; - attachment-cache-dir = "${cfg.dataDir}/ntfy/attachments"; + attachment-cache-dir = "${cfg.configDir}/ntfy/attachments"; behind-proxy = true; auth-default-access = "deny-all"; auth-file = "${cfg.configDir}/ntfy/user.db"; diff --git a/modules/nixos/services/traefik/default.nix b/modules/nixos/services/traefik/default.nix index cd58393..dff601c 100755 --- a/modules/nixos/services/traefik/default.nix +++ b/modules/nixos/services/traefik/default.nix @@ -101,7 +101,7 @@ let # misc letsEncryptEmail = "jalle008@proton.me"; - dataDir = "/media/nas/main/nix-app-data/traefik"; + dataDir = "/media/nas/main/appdata/traefik"; authentikAddress = "http://${serverIp}:9000/outpost.goauthentik.io/auth/traefik"; in { diff --git a/modules/nixos/services/unmanic/default.nix b/modules/nixos/services/unmanic/default.nix index 9ead15e..607e241 100644 --- a/modules/nixos/services/unmanic/default.nix +++ b/modules/nixos/services/unmanic/default.nix @@ -18,7 +18,12 @@ let virtualisation.oci-containers.containers.${name} = { autoStart = true; image = "josh5/unmanic"; - extraOptions = [ "--device=/dev/dri" ]; + devices = [ + "/dev/dri/renderD128:/dev/dri/renderD128" + "/dev/dri/card0:/dev/dri/card0" + "/dev/dri/renderD129:/dev/dri/renderD129" + "/dev/dri/card1:/dev/dri/card1" + ]; volumes = [ "${cfg.configDir}/unmanic:/config" "${cfg.dataDir}/movies:/library/movies" diff --git a/packages/raspberrypi/linux-rpi/default.nix b/packages/raspberrypi/linux-rpi/default.nix index 61b4c0e..34cbb11 100644 --- a/packages/raspberrypi/linux-rpi/default.nix +++ b/packages/raspberrypi/linux-rpi/default.nix @@ -14,12 +14,12 @@ let inherit (lib.${namespace}) selectVariant mkAllSources; versionSpec = importJSON ./version.json; - selected = selectVariant versionSpec null null; + selected = selectVariant versionSpec "lts" null; vars = selected.variables or { }; sources = mkAllSources selected; - modDirVersion = vars.modDirVersion; - tag = vars.tag; + modDirVersion = selected.variables.modDirVersion; + tag = "stable"; # NOTE: raspberrypifw & raspberryPiWirelessFirmware should be updated with this # all of these fail for various reasons diff --git a/secrets/nas_pool.key b/secrets/nas_pool.key new file mode 100644 index 0000000..8c04aec --- /dev/null +++ b/secrets/nas_pool.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCiOGVSMHqyqm/z +bv9omxL+dZ6KCFFqIFU2R54yJipLNXUzQNZNftX531O9OjxwXP5+G6lneTb87p5s +03PeabMid3RqVhE32ku1ITEqNd7YrxD/dh2wcFiOJ6WkB8r/EcJkvAYvhMN0H39p +qQetjWEeibppwil/a5eaXgwf5qE8wf7YVg5sQ8vJXQzSf1HyQ+mhKNAiLGk2zyOd +F2Gnc2NwhG2tCiY8wPk4nfajcuiHH8TJeb43RGkWjuFtuwRYm6nSAZsLS65mSTZf +Wba6+cN48+/bNOFM62DT4POH1KGvJJYSMGN22rCZOgNl3ut4FQggN2d/Qb3VLOxY +6l1r6Ya4CE/zeLLGKDpPUez23V1tvUNr4ztcZ8XHaSpuFzbrBuP1ddClarcw7THC +PefFN2vQRrkko8ql9+HdUTDgoJfCNT3+LVbFctYJan6FdWHwW8qlYcZ2Q6GcVEP5 +AdsHzzAqYutTTedYJo66QotS7r8bSrDfAM/yuVr7mW8rBCkySVcWwh98nCMn/CBH +UYiXeZuyzIP2+PxAxi4wT+O6qdbMgUGkFQbfj8IZ7uL9wDn1JPk/RQCayJVe5Dbi +Jl7yHQ40SMIfb3vSdygfEgzfcnmFYTjTyDzYAK4YyE0jDnCjBXI6YUr2Nq90O8zD +6TRVVsj/u5Otri7KlCEgdtMxdtgiLQIDAQABAoICAAFMvJPj6CYq7NQa/t6w/peq +WP3xiVF1dw+4LPs2FUWrMa60JZaf99ZVZNlE/Uhhl/c251MS0UJFv5NopR3r/XyL +teBgoylHs8gv2Jh/4pkcdS4bnXfh8CiBBp5uiSclCchlcN+lmF+2tuS7IkdQm2Dm +wppOIEExZ/9B79mIYm29si1Vw/s343FpsCYc0T4rL1Tt7xXInE+aAxOJpR8pDGvR +q9B+ODmcl2kBBWf6DjhMivbNGNCRjEDOUURGgm20hZZPEmJzSOKJ69UbJc/2tPG9 +pp2itu43JPxdnSXow4jg0EQ1PguTcf6WsxtFJeBwiEzVyAI1hFaQBXuRTFrs5C1T +1uFso83FeRudq6IbnOcaFN6RvKXrcdo5370pEp4hsZGIY1BW2DL4n9LtEEq9eXYI +nE5kJCvBMHCBd9Hh40MwwAW9dCxvugQyQdhuc6pCI6Z7qrnUiXnckMtg3sXLEpjU +3ALNhAy3HCI6JuIqWdy4kqBRnS4u+5yhMkuSYVK8OaB6vYdwBR33LQiyRzn89kZb +87b8yv5zmyOLWva/RH7Qd23pRSYibs71lrUECVJHPAz/XH08+ZjdR+0gX3Ux+p5A +3QJgmq+GnxZAEenU8IugnoWaYF2oUWxMVgSxA2kbYAcuE/C0oxg2nNhcMTfZoJl8 +yoUURQ9SvkCJsgzvrFYzAoIBAQDN6aplWB9AqWm798pZrEc9/zDjYV4bitVg8fz7 +qxuf9ma66D+UBdTuC1jwdbqPEXm5XXxm6hwYlTCF/mzo6Vge9h1KzVQhQ3ZcKdWm +NAwSVHUqTEHAybLxd+Rnnxa/8Thdysl8Q72hNCDZ9948WsZmQxSRTa2CBA6m3DWz +U+Twb55j5l456KXBZ6LzQobdzd3Qjq/ISKA1mLUl54Okqb/szjVHTw+lo9gcdekL +sqsFLzGpp+FKDRykzrn3bfsC4inYrNtfGM6xRHXjT/RwDftFSxzN4qM9nhgSddE3 +0TpkSrwFbM2oaExbbVABbuMF78r6gO/pGCUxqEVRVNgYExbHAoIBAQDJrfgvX4WR +rIuAYpXYqaKhBG/xEi1x7fqye1BKmmKUqGnYelmSwwAJrthqccvIevMcVH1ccENl +Oc9niMSxIGieS1g+L2a9PchOhITDFx6LUn2UJtbslbTPcIBpaGv92JAY5mUYWoId +lZ7gNbI0sbc1lDZBuwUG4bfaFo6bInhS1Bz5Dqp5je52r+3IpAcPBkb0agV3ysNT +TnkFkCEQ9BDv/K6rdt8V4IpFD1PRkSFjcZmqzsFDbUeGDdCTSCaFRmZxaueGYtqS +1s3RGhVZgNxGRUN72sAOWJZmnCtbbIBIEPFpgjgR9Wv69plgvLL9BLwlD68yqlI2 +EgvHQqkRtHtrAoIBAFxipkzqCLueRw5K0sMBBMXQJUMfgHWjCLGCYRsZXj+a8eSS +J1RmeW6EMNdSOu3NzWtZgmM6TnjJFwhHat3lM+BQVDwne8Og3Q3kxzLWz0O6GQdt +R2MUG/Ey9Yt4WWCs/bk3LsdOLVqSZNrm1xMFN1bSafv3eg2HfHto+b8HuQQXUF1K +EqSwuQ3ZTccO5ivGHetg2YVm8FqbtUrYYLwUXUQGEOl5k2+h32iFjpXtB8Y/smyI +IhBzaZKYHd/hvGlCx7urcpFsM/Bc4vel++n6m+4vETFeqhcPQ4WkzsXYXfZ5gXp9 +opgYk4nBtc+uzLTxLYTPLNTMPIPXF6KyCnJivikCggEAT/oaUob5y+P1yirOK4ZR +xLKixaGkvepWoVK/a2Y/s535o2wZe1ay/CQHFGceHdmL8O8ca3zlbQ34zqDxByDH +/AX672YSwvbuKRzqHQddCHjk7cxdLKLNefmuIp7TPG4V7pnm+zphIORFhbolejoD +Yk7tGTHV832tT+HkGWcY+he9iZKkTeHX798iV4+ccPvXRXOJyZBx1uZmnasjQbrX +wKOejMZt/xn1Gx/R6Gg6KlpRSugEwf1jAKkXzmAtTmq1k0KGn8cx0Es4gTRrxPuR +3pf3A/Widc3xjq1dkDq9wFZftax7GbwOXw5NkowiGq43AidvHZNnWKPdYd5wd2Hw +EwKCAQBqIkHe8R3CC9a8RkuFdOQ0h3eRQ1tDLroOGX1xN8LDa6td3y1I54Qp2JMe +4XBoZI39ys0SI5F2Nb+ZchGq0CYP4QiUXAgN5O7yD1z9VLgKQWO2OgnHsUp/EXPt +//nYhG8N+KmsBpL2pI5IzZENT8bCSXyFdcZSVojKvL6LGJyiHwjr7qRYilV6VzZA +QJvMqSuJe5PDBJoVIwrMVss+dlcTS2oFOtsINq/LPE9vqkEDKdMq1syf0MJoPgEz +qV7tZiizRSb87y4m7w2dW2MLusttWOdWZ3oizFbkperFxtmAaLQA5ITZTShUe3Gv +XJK5cy3m1Z26ids20l7rwdtfqk0d +-----END PRIVATE KEY----- diff --git a/systems/aarch64-darwin/macbook-pro/default.nix b/systems/aarch64-darwin/macbook-pro/default.nix index 3a55b2f..b42f212 100755 --- a/systems/aarch64-darwin/macbook-pro/default.nix +++ b/systems/aarch64-darwin/macbook-pro/default.nix @@ -43,10 +43,10 @@ remote_only: true ''; # programs.ccache.cacheDir = "/etc/ccache"; - systemd.tmpfiles.rules = [ - # "d /var/cache/ccache 0770 builder nixbld -" - "p+ /var/cache/ccache/ccache.conf - - - - /etc/ccache.conf" - ]; + # systemd.tmpfiles.rules = [ + # # "d /var/cache/ccache 0770 builder nixbld -" + # "p+ /var/cache/ccache/ccache.conf - - - - /etc/ccache.conf" + # ]; } ); }; diff --git a/systems/aarch64-linux/macbook-pro-nixos/default.nix b/systems/aarch64-linux/macbook-pro-nixos/default.nix index 3b57ad0..319f325 100755 --- a/systems/aarch64-linux/macbook-pro-nixos/default.nix +++ b/systems/aarch64-linux/macbook-pro-nixos/default.nix @@ -23,14 +23,14 @@ ${namespace} = { impermanence = { enable = true; - extraDirectories = [ - { - directory = "/var/cache/ccache"; - user = "nobody"; - group = "nobody"; - mode = "u=rwx,g=rwx,o=rx"; - } - ]; + # extraDirectories = [ + # { + # directory = "/var/cache/ccache"; + # user = "nobody"; + # group = "nobody"; + # mode = "u=rwx,g=rwx,o=rx"; + # } + # ]; }; user = { name = "matt"; diff --git a/systems/aarch64-linux/pi5/default.nix b/systems/aarch64-linux/pi5/default.nix index f45fe77..70db8f8 100644 --- a/systems/aarch64-linux/pi5/default.nix +++ b/systems/aarch64-linux/pi5/default.nix @@ -21,14 +21,14 @@ # ################################################### impermanence = { enable = true; - extraDirectories = [ - { - directory = "/var/cache/ccache"; - user = "nobody"; - group = "nobody"; - mode = "u=rwx,g=rwx,o=rx"; - } - ]; + # extraDirectories = [ + # { + # directory = "/var/cache/ccache"; + # user = "nobody"; + # group = "nobody"; + # mode = "u=rwx,g=rwx,o=rx"; + # } + # ]; }; # ################################################### diff --git a/systems/x86_64-linux/jallen-nas/apps.nix b/systems/x86_64-linux/jallen-nas/apps.nix index 3f64fe9..39c2268 100755 --- a/systems/x86_64-linux/jallen-nas/apps.nix +++ b/systems/x86_64-linux/jallen-nas/apps.nix @@ -23,7 +23,7 @@ in ]; }; }; - ai = enabled; + # ai = enabled; arrs = enabled; attic = { enable = true; @@ -62,7 +62,7 @@ in }; }; collabora = { - enable = true; + enable = false; port = 9980; }; crowdsec = { @@ -79,7 +79,7 @@ in port = 8409; }; free-games-claimer = { - enable = true; + enable = false; port = 6080; }; gitea = { @@ -122,7 +122,7 @@ in port = 3214; }; matrix = { - enable = true; + enable = false; port = 8448; reverseProxy.enable = true; }; @@ -133,12 +133,13 @@ in port = 4000; }; nextcloud = { - enable = true; + enable = false; port = 9988; }; ntfy = { enable = true; port = 2586; + createUser = true; reverseProxy.enable = true; }; ocis = disabled; @@ -147,12 +148,12 @@ in port = 9200; }; opencloud = { - enable = true; + enable = false; port = 9200; reverseProxy.enable = true; }; orca-slicer = { - enable = true; + enable = false; port = 3100; httpsPort = 3101; }; diff --git a/systems/x86_64-linux/jallen-nas/default.nix b/systems/x86_64-linux/jallen-nas/default.nix index 59e9d35..c531f11 100755 --- a/systems/x86_64-linux/jallen-nas/default.nix +++ b/systems/x86_64-linux/jallen-nas/default.nix @@ -12,6 +12,7 @@ in imports = [ ./boot.nix ./apps.nix + # ./nas-pool.nix ./users.nix ./services.nix ./sops.nix @@ -267,20 +268,119 @@ in # ################################################### # # Mounts # # # ################################################### - fileSystems."/media/nas/main" = { - label = "nas_pool"; - # device = "/dev/sde:/dev/sdf:/dev/sdh:/dev/sdi:/dev/sdj:/dev/nmve0n1:/dev/nvme1n1"; - fsType = "bcachefs"; - mountPoint = "/media/nas/main"; - options = [ - # "noauto" - "nofail" - # "x-systemd.mount-timeout=0" - # "x-systemd.device-timeout=0" - ]; + # fileSystems."/media/nas/main" = { + # label = "nas_pool"; + # # device = "/dev/sde:/dev/sdf:/dev/sdh:/dev/sdi:/dev/sdj:/dev/nmve0n1:/dev/nvme1n1"; + # fsType = "bcachefs"; + # mountPoint = "/media/nas/main"; + # options = [ + # # "noauto" + # "nofail" + # # "x-systemd.mount-timeout=0" + # # "x-systemd.device-timeout=0" + # ]; + # }; + fileSystems = { + "/media/nas/main/appdata" = { + device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552"; + fsType = "bcachefs"; + options = [ + "X-mount.subdir=appdata" + "x-systemd.device-timeout=180s" + ]; + }; + "/media/nas/main/backup" = { + device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552"; + fsType = "bcachefs"; + options = [ + "X-mount.subdir=backup" + "x-systemd.device-timeout=180s" + ]; + }; + "/media/nas/main/databases" = { + device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552"; + fsType = "bcachefs"; + options = [ + "X-mount.subdir=databases" + "x-systemd.device-timeout=180s" + ]; + }; + "/media/nas/main/documents" = { + device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552"; + fsType = "bcachefs"; + options = [ + "X-mount.subdir=documents" + "x-systemd.device-timeout=180s" + ]; + }; + "/media/nas/games/heroic" = { + device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552"; + fsType = "bcachefs"; + options = [ + "X-mount.subdir=heroic" + "x-systemd.device-timeout=180s" + ]; + }; + "/media/nas/main/movies" = { + device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552"; + fsType = "bcachefs"; + options = [ + "X-mount.subdir=movies" + "x-systemd.device-timeout=180s" + ]; + }; + "/media/nas/main/photos" = { + device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552"; + fsType = "bcachefs"; + options = [ + "X-mount.subdir=photos" + "x-systemd.device-timeout=180s" + ]; + }; + "/media/nas/games/steam" = { + device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552"; + fsType = "bcachefs"; + options = [ + "X-mount.subdir=steam" + "x-systemd.device-timeout=180s" + ]; + }; + "/media/nas/main/tv" = { + device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552"; + fsType = "bcachefs"; + options = [ + "X-mount.subdir=tv" + "x-systemd.device-timeout=180s" + ]; + }; + "/persist" = { + device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552"; + fsType = "bcachefs"; + options = [ + "X-mount.subdir=persist" + "x-systemd.device-timeout=180s" + ]; + }; + "/subvolumes" = { + device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552"; + fsType = "bcachefs"; + }; }; - boot.initrd.luks.devices.cryptroot.device = "/dev/disk/by-partlabel/disk-main-jallen-nas-cryptroot"; + environment.etc = { + "crypttab".text = '' + hdd1-cryptroot UUID="295d4c78-41f0-4792-bd97-ac88b2455cdc" none tpm2-device=auto + hdd2-cryptroot UUID="7c9c2179-351c-40a5-9257-e9ee2a1e794a" none tpm2-device=auto + ssd1-cryptroot UUID="d78fa862-212c-4d4f-ad86-bfeead5cc054" none tpm2-device=auto,allow-discards,perf-no_read_workqueue,perf-no_write_workqueue + ssd2-cryptroot UUID="1661c173-3809-4517-9ab8-ad94c229048d" none tpm2-device=auto,allow-discards,perf-no_read_workqueue,perf-no_write_workqueue + ssd3-cryptroot UUID="cfea125e-90b1-4248-834d-16dcaf310783" none tpm2-device=auto,allow-discards,perf-no_read_workqueue,perf-no_write_workqueue + ssd4-cryptroot UUID="96055401-6d1a-4308-9e4e-2211e1e23635" none tpm2-device=auto,allow-discards,perf-no_read_workqueue,perf-no_write_workqueue + ssd5-cryptroot UUID="055e27e0-c96a-4899-8ee7-cb1cd5f21476" none tpm2-device=auto,allow-discards,perf-no_read_workqueue,perf-no_write_workqueue + ssd6-cryptroot UUID="6e830abd-2555-4558-81a3-4a990507b5a7" none tpm2-device=auto,allow-discards,perf-no_read_workqueue,perf-no_write_workqueue + ''; + }; + + # boot.initrd.luks.devices.cryptroot.device = "/dev/disk/by-partlabel/disk-main-jallen-nas-cryptroot"; # Configure environment environment = { @@ -310,22 +410,18 @@ in persistence."/media/nas/main/persist" = { hideMounts = true; directories = [ - { - directory = "/var/cache/ccache"; - user = "nobody"; - group = "nobody"; - mode = "u=rwx,g=rwx,o=rx"; - } - { - directory = "/var/lib/redis-ccache"; - user = "redis-ccache"; - group = "redis-ccache"; - mode = "u=rwx,g=,o="; - } + # { + # directory = "/var/lib/redis-ccache"; + # user = "redis-ccache"; + # group = "redis-ccache"; + # mode = "u=rwx,g=,o="; + # } ]; }; }; + networking.firewall.checkReversePath = false; + # Configure programs programs = { kdeconnect.enable = lib.mkForce false; diff --git a/systems/x86_64-linux/jallen-nas/nas-pool.nix b/systems/x86_64-linux/jallen-nas/nas-pool.nix new file mode 100644 index 0000000..a5d2d4a --- /dev/null +++ b/systems/x86_64-linux/jallen-nas/nas-pool.nix @@ -0,0 +1,383 @@ +{ lib, ... }: +{ + disko.devices = { + disk = { + ################################################################# + # HDD1 + ################################################################# + hdd1 = { + device = "/dev/disk/by-id/ata-ST24000DM001-3Y7103_ZXA0QYPG"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + hdd1p1 = { + size = "100%"; + content = { + type = "luks"; + name = "hdd1-cryptroot"; + extraOpenArgs = [ + "--allow-discards" + "--perf-no_read_workqueue" + "--perf-no_write_workqueue" + ]; + settings = { + allowDiscards = true; + # keyFile = lib.snowfall.fs.get-file "secrets/nas_pool.key"; + crypttabExtraOpts = [ + "tpm2-device=auto" + "fido2-device=auto" + "token-timeout=10" + ]; + }; + content = { + type = "bcachefs"; + filesystem = "nas_pool_subvolumes"; + label = "hdd.hdd1"; + extraFormatArgs = [ + "--discard" + ]; + }; + }; + }; + }; + }; + }; + + ################################################################# + # HDD2 + ################################################################# + hdd2 = { + device = "/dev/disk/by-id/ata-ST24000NM000C-3WD103_ZXA0H7EQ"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + hdd2p1 = { + size = "100%"; + content = { + type = "luks"; + name = "hdd2-cryptroot"; + extraOpenArgs = [ + "--allow-discards" + "--perf-no_read_workqueue" + "--perf-no_write_workqueue" + ]; + settings = { + allowDiscards = true; + # keyFile = lib.snowfall.fs.get-file "secrets/nas_pool.key"; + crypttabExtraOpts = [ + "tpm2-device=auto" + "fido2-device=auto" + "token-timeout=10" + ]; + }; + content = { + type = "bcachefs"; + filesystem = "nas_pool_subvolumes"; + label = "hdd.hdd2"; + extraFormatArgs = [ + "--discard" + ]; + }; + }; + }; + }; + }; + }; + + ################################################################# + # SSD1 + ################################################################# + ssd1 = { + device = "/dev/disk/by-id/nvme-CT1000P310SSD8_25034D8045A9"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ssd1p1 = { + size = "100%"; + content = { + type = "luks"; + name = "ssd1-cryptroot"; + extraOpenArgs = [ + "--allow-discards" + "--perf-no_read_workqueue" + "--perf-no_write_workqueue" + ]; + settings = { + allowDiscards = true; + # keyFile = lib.snowfall.fs.get-file "secrets/nas_pool.key"; + crypttabExtraOpts = [ + "tpm2-device=auto" + "fido2-device=auto" + "token-timeout=10" + ]; + }; + content = { + type = "bcachefs"; + filesystem = "nas_pool_subvolumes"; + label = "ssd.ssd1"; + extraFormatArgs = [ + "--discard" + ]; + }; + }; + }; + }; + }; + }; + + ################################################################# + # SSD2 + ################################################################# + ssd2 = { + device = "/dev/disk/by-id/nvme-CT1000P310SSD8_25185002525B"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ssd2p1 = { + size = "100%"; + content = { + type = "luks"; + name = "ssd2-cryptroot"; + extraOpenArgs = [ + "--allow-discards" + "--perf-no_read_workqueue" + "--perf-no_write_workqueue" + ]; + settings = { + allowDiscards = true; + # keyFile = lib.snowfall.fs.get-file "secrets/nas_pool.key"; + crypttabExtraOpts = [ + "tpm2-device=auto" + "fido2-device=auto" + "token-timeout=10" + ]; + }; + content = { + type = "bcachefs"; + filesystem = "nas_pool_subvolumes"; + label = "ssd.ssd2"; + extraFormatArgs = [ + "--discard" + ]; + }; + }; + }; + }; + }; + }; + + ################################################################# + # SSD3 + ################################################################# + ssd3 = { + device = "/dev/disk/by-id/nvme-CT1000P310SSD8_25285184CC5C"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ssd3p1 = { + size = "100%"; + content = { + type = "luks"; + name = "ssd3-cryptroot"; + extraOpenArgs = [ + "--allow-discards" + "--perf-no_read_workqueue" + "--perf-no_write_workqueue" + ]; + settings = { + allowDiscards = true; + # keyFile = lib.snowfall.fs.get-file "secrets/nas_pool.key"; + crypttabExtraOpts = [ + "tpm2-device=auto" + "fido2-device=auto" + "token-timeout=10" + ]; + }; + content = { + type = "bcachefs"; + filesystem = "nas_pool_subvolumes"; + label = "ssd.ssd3"; + extraFormatArgs = [ + "--discard" + ]; + }; + }; + }; + }; + }; + }; + + ################################################################# + # SSD4 + ################################################################# + ssd4 = { + device = "/dev/disk/by-id/nvme-CT1000P310SSD8_25285186280D"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ssd4p1 = { + size = "100%"; + content = { + type = "luks"; + name = "ssd4-cryptroot"; + extraOpenArgs = [ + "--allow-discards" + "--perf-no_read_workqueue" + "--perf-no_write_workqueue" + ]; + settings = { + allowDiscards = true; + # keyFile = lib.snowfall.fs.get-file "secrets/nas_pool.key"; + crypttabExtraOpts = [ + "tpm2-device=auto" + "fido2-device=auto" + "token-timeout=10" + ]; + }; + content = { + type = "bcachefs"; + filesystem = "nas_pool_subvolumes"; + label = "ssd.ssd4"; + extraFormatArgs = [ + "--discard" + ]; + }; + }; + }; + }; + }; + }; + + ################################################################# + # SSD5 + ################################################################# + ssd5 = { + device = "/dev/disk/by-id/nvme-INTEL_SSDPEKNW010T8_PHNH845600381P0B"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ssd5p1 = { + size = "100%"; + content = { + type = "luks"; + name = "ssd5-cryptroot"; + extraOpenArgs = [ + "--allow-discards" + "--perf-no_read_workqueue" + "--perf-no_write_workqueue" + ]; + settings = { + allowDiscards = true; + # keyFile = lib.snowfall.fs.get-file "secrets/nas_pool.key"; + crypttabExtraOpts = [ + "tpm2-device=auto" + "fido2-device=auto" + "token-timeout=10" + ]; + }; + content = { + type = "bcachefs"; + filesystem = "nas_pool_subvolumes"; + label = "ssd.ssd5"; + extraFormatArgs = [ + "--discard" + ]; + }; + }; + }; + }; + }; + }; + + ################################################################# + # SSD6 + ################################################################# + ssd6 = { + device = "/dev/disk/by-id/nvme-WDS100T3X0C-00SJG0_202007A00A86"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ssd6p1 = { + size = "100%"; + content = { + type = "luks"; + name = "ssd6-cryptroot"; + extraOpenArgs = [ + "--allow-discards" + "--perf-no_read_workqueue" + "--perf-no_write_workqueue" + ]; + settings = { + allowDiscards = true; + # keyFile = lib.snowfall.fs.get-file "secrets/nas_pool.key"; + crypttabExtraOpts = [ + "tpm2-device=auto" + "fido2-device=auto" + "token-timeout=10" + ]; + }; + content = { + type = "bcachefs"; + filesystem = "nas_pool_subvolumes"; + label = "ssd.ssd6"; + extraFormatArgs = [ + "--discard" + ]; + }; + }; + }; + }; + }; + }; + }; + + bcachefs_filesystems = { + nas_pool_subvolumes = { + type = "bcachefs_filesystem"; + extraFormatArgs = [ + "--compression=zstd" + "--background_compression=zstd" + "--metadata_tartget=ssd" + "--promote_tartget=ssd" + "--foreground_target=ssd" + "--background_target=hdd" + "--data_replicas=2" + ]; + subvolumes = { + "backup" = { + mountpoint = "/media/nas/main/backup"; + }; + "documents" = { + mountpoint = "/media/nas/main/documents"; + }; + "heroic" = { + mountpoint = "/media/nas/games/heroic"; + }; + "movies" = { + mountpoint = "/media/nas/main/movies"; + }; + "photos" = { + mountpoint = "/media/nas/main/photos"; + }; + "steam" = { + mountpoint = "/media/nas/games/steam"; + }; + "tv" = { + mountpoint = "/media/nas/main/tv"; + }; + "persist" = { + mountpoint = "/persist"; + }; + }; + }; + }; + }; +} \ No newline at end of file diff --git a/systems/x86_64-linux/jallen-nas/services.nix b/systems/x86_64-linux/jallen-nas/services.nix index 927f78b..7669761 100755 --- a/systems/x86_64-linux/jallen-nas/services.nix +++ b/systems/x86_64-linux/jallen-nas/services.nix @@ -32,7 +32,7 @@ enable = true; package = pkgs.postgresql_16; enableTCPIP = true; - dataDir = "/media/nas/main/nix-app-data/postgresql"; + dataDir = "/media/nas/main/databases/postgresql"; ensureDatabases = [ "authentik" "homeassistant" diff --git a/systems/x86_64-linux/matt-nixos/default.nix b/systems/x86_64-linux/matt-nixos/default.nix index a770780..7cf9bae 100644 --- a/systems/x86_64-linux/matt-nixos/default.nix +++ b/systems/x86_64-linux/matt-nixos/default.nix @@ -55,14 +55,14 @@ impermanence = { enable = true; - extraDirectories = [ - { - directory = "/var/cache/ccache"; - user = "nobody"; - group = "nobody"; - mode = "u=rwx,g=rwx,o=rx"; - } - ]; + # extraDirectories = [ + # { + # directory = "/var/cache/ccache"; + # user = "nobody"; + # group = "nobody"; + # mode = "u=rwx,g=rwx,o=rx"; + # } + # ]; }; network = {