mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

idk shits so fucked lol

Browse Source
This commit is contained in:
mjallen18
2026-01-29 19:15:22 -06:00
parent 9c8733431d
commit 1331e69b58
19 changed files with 619 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/module/default.nix
View File

@@ -69,7 +69,7 @@ rec {
}; };
systemd.services.${serviceName} = { systemd.services.${serviceName} = {
requires = [ "media-nas-main.mount" ]; requires = [ "media-nas-main-appdata.mount" ];
}; };
services = { services = {
@@ -106,7 +106,7 @@ rec {
port = mkOpt types.int 80 "Port for ${name} to be hosted on"; port = mkOpt types.int 80 "Port for ${name} to be hosted on";
configDir = mkOpt types.str "/media/nas/main/nix-app-data" "Path to the config dir"; configDir = mkOpt types.str "/media/nas/main/appdata" "Path to the config dir";
dataDir = mkOpt types.str "/media/nas/main" "Path to the data dir"; dataDir = mkOpt types.str "/media/nas/main" "Path to the data dir";

2
modules/nixos/nix/default.nix
View File

@@ -7,7 +7,7 @@
{ {
nix = { nix = {
settings = { settings = {
extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; # extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
substituters = [ substituters = [
"https://cache.mjallen.dev/nas-cache" "https://cache.mjallen.dev/nas-cache"
"https://nixos-apple-silicon.cachix.org" "https://nixos-apple-silicon.cachix.org"

4
modules/nixos/services/attic/default.nix
View File

@@ -20,6 +20,10 @@ let
environmentFile = cfg.environmentFile; environmentFile = cfg.environmentFile;
settings = { settings = {
listen = "${cfg.listenAddress}:${toString cfg.port}"; listen = "${cfg.listenAddress}:${toString cfg.port}";
storage = {
type = "local";
path = "${cfg.configDir}/atticd";
};
}; };
}; };

10
modules/nixos/services/dispatcharr/default.nix
View File

@@ -28,12 +28,12 @@ let
"${toString cfg.port}:9191" "${toString cfg.port}:9191"
]; ];
environment = { environment = {
DISPATCHARR_LOG_LEVEL = "DEBUG"; # DISPATCHARR_LOG_LEVEL = "DEBUG";
DISPATCHARR_ENV = "aio"; DISPATCHARR_ENV = "aio";
DJANGO_SECRET_KEY = "123456"; # DJANGO_SECRET_KEY = "123456";
PUID = cfg.puid; # PUID = cfg.puid;
PGID = cfg.pgid; # PGID = cfg.pgid;
TZ = cfg.timeZone; # TZ = cfg.timeZone;
}; };
}; };
}; };

6
modules/nixos/services/lubelogger/default.nix
View File

@@ -23,9 +23,9 @@ let
"${cfg.configDir}/lubelogger:/App/data" "${cfg.configDir}/lubelogger:/App/data"
"${cfg.configDir}/lubelogger/keys:/root/.aspnet/DataProtection-Keys" "${cfg.configDir}/lubelogger/keys:/root/.aspnet/DataProtection-Keys"
]; ];
environmentFiles = [ # environmentFiles = [
"${cfg.configDir}/lubelogger/lubelogger.env" # "${cfg.configDir}/lubelogger/lubelogger.env"
]; # ];
environment = { environment = {
PUID = toString config.users.users.nix-apps.uid; PUID = toString config.users.users.nix-apps.uid;
PGID = toString config.users.groups.jallen-nas.gid; PGID = toString config.users.groups.jallen-nas.gid;

2
modules/nixos/services/manyfold/default.nix
View File

@@ -29,7 +29,7 @@ let
]; ];
volumes = [ volumes = [
"${cfg.configDir}/manyfold:/config" "${cfg.configDir}/manyfold:/config"
"${cfg.dataDir}/3d_printer:/libraries" "${cfg.dataDir}/documents/3d-models:/libraries"
]; ];
environment = { environment = {
PUID = cfg.puid; PUID = cfg.puid;

2
modules/nixos/services/ntfy/default.nix
View File

@@ -22,7 +22,7 @@ let
enable-login = true; enable-login = true;
listen-http = ":${toString cfg.port}"; listen-http = ":${toString cfg.port}";
cache-file = "${cfg.configDir}/ntfy/cache.db"; cache-file = "${cfg.configDir}/ntfy/cache.db";
attachment-cache-dir = "${cfg.dataDir}/ntfy/attachments"; attachment-cache-dir = "${cfg.configDir}/ntfy/attachments";
behind-proxy = true; behind-proxy = true;
auth-default-access = "deny-all"; auth-default-access = "deny-all";
auth-file = "${cfg.configDir}/ntfy/user.db"; auth-file = "${cfg.configDir}/ntfy/user.db";

2
modules/nixos/services/traefik/default.nix
View File

@@ -101,7 +101,7 @@ let
# misc # misc
letsEncryptEmail = "jalle008@proton.me"; letsEncryptEmail = "jalle008@proton.me";
dataDir = "/media/nas/main/nix-app-data/traefik"; dataDir = "/media/nas/main/appdata/traefik";
authentikAddress = "http://${serverIp}:9000/outpost.goauthentik.io/auth/traefik"; authentikAddress = "http://${serverIp}:9000/outpost.goauthentik.io/auth/traefik";
in in
{ {

7
modules/nixos/services/unmanic/default.nix
View File

@@ -18,7 +18,12 @@ let
virtualisation.oci-containers.containers.${name} = { virtualisation.oci-containers.containers.${name} = {
autoStart = true; autoStart = true;
image = "josh5/unmanic"; image = "josh5/unmanic";
extraOptions = [ "--device=/dev/dri" ]; devices = [
"/dev/dri/renderD128:/dev/dri/renderD128"
"/dev/dri/card0:/dev/dri/card0"
"/dev/dri/renderD129:/dev/dri/renderD129"
"/dev/dri/card1:/dev/dri/card1"
];
volumes = [ volumes = [
"${cfg.configDir}/unmanic:/config" "${cfg.configDir}/unmanic:/config"
"${cfg.dataDir}/movies:/library/movies" "${cfg.dataDir}/movies:/library/movies"

6
packages/raspberrypi/linux-rpi/default.nix
View File

@@ -14,12 +14,12 @@ let
inherit (lib.${namespace}) selectVariant mkAllSources; inherit (lib.${namespace}) selectVariant mkAllSources;
versionSpec = importJSON ./version.json; versionSpec = importJSON ./version.json;
selected = selectVariant versionSpec null null; selected = selectVariant versionSpec "lts" null;
vars = selected.variables or { }; vars = selected.variables or { };
sources = mkAllSources selected; sources = mkAllSources selected;
modDirVersion = vars.modDirVersion; modDirVersion = selected.variables.modDirVersion;
tag = vars.tag; tag = "stable";
# NOTE: raspberrypifw & raspberryPiWirelessFirmware should be updated with this # NOTE: raspberrypifw & raspberryPiWirelessFirmware should be updated with this
# all of these fail for various reasons # all of these fail for various reasons

52
secrets/nas_pool.key Normal file
View File

@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCiOGVSMHqyqm/z
bv9omxL+dZ6KCFFqIFU2R54yJipLNXUzQNZNftX531O9OjxwXP5+G6lneTb87p5s
03PeabMid3RqVhE32ku1ITEqNd7YrxD/dh2wcFiOJ6WkB8r/EcJkvAYvhMN0H39p
qQetjWEeibppwil/a5eaXgwf5qE8wf7YVg5sQ8vJXQzSf1HyQ+mhKNAiLGk2zyOd
F2Gnc2NwhG2tCiY8wPk4nfajcuiHH8TJeb43RGkWjuFtuwRYm6nSAZsLS65mSTZf
Wba6+cN48+/bNOFM62DT4POH1KGvJJYSMGN22rCZOgNl3ut4FQggN2d/Qb3VLOxY
6l1r6Ya4CE/zeLLGKDpPUez23V1tvUNr4ztcZ8XHaSpuFzbrBuP1ddClarcw7THC
PefFN2vQRrkko8ql9+HdUTDgoJfCNT3+LVbFctYJan6FdWHwW8qlYcZ2Q6GcVEP5
AdsHzzAqYutTTedYJo66QotS7r8bSrDfAM/yuVr7mW8rBCkySVcWwh98nCMn/CBH
UYiXeZuyzIP2+PxAxi4wT+O6qdbMgUGkFQbfj8IZ7uL9wDn1JPk/RQCayJVe5Dbi
Jl7yHQ40SMIfb3vSdygfEgzfcnmFYTjTyDzYAK4YyE0jDnCjBXI6YUr2Nq90O8zD
6TRVVsj/u5Otri7KlCEgdtMxdtgiLQIDAQABAoICAAFMvJPj6CYq7NQa/t6w/peq
WP3xiVF1dw+4LPs2FUWrMa60JZaf99ZVZNlE/Uhhl/c251MS0UJFv5NopR3r/XyL
teBgoylHs8gv2Jh/4pkcdS4bnXfh8CiBBp5uiSclCchlcN+lmF+2tuS7IkdQm2Dm
wppOIEExZ/9B79mIYm29si1Vw/s343FpsCYc0T4rL1Tt7xXInE+aAxOJpR8pDGvR
q9B+ODmcl2kBBWf6DjhMivbNGNCRjEDOUURGgm20hZZPEmJzSOKJ69UbJc/2tPG9
pp2itu43JPxdnSXow4jg0EQ1PguTcf6WsxtFJeBwiEzVyAI1hFaQBXuRTFrs5C1T
1uFso83FeRudq6IbnOcaFN6RvKXrcdo5370pEp4hsZGIY1BW2DL4n9LtEEq9eXYI
nE5kJCvBMHCBd9Hh40MwwAW9dCxvugQyQdhuc6pCI6Z7qrnUiXnckMtg3sXLEpjU
3ALNhAy3HCI6JuIqWdy4kqBRnS4u+5yhMkuSYVK8OaB6vYdwBR33LQiyRzn89kZb
87b8yv5zmyOLWva/RH7Qd23pRSYibs71lrUECVJHPAz/XH08+ZjdR+0gX3Ux+p5A
3QJgmq+GnxZAEenU8IugnoWaYF2oUWxMVgSxA2kbYAcuE/C0oxg2nNhcMTfZoJl8
yoUURQ9SvkCJsgzvrFYzAoIBAQDN6aplWB9AqWm798pZrEc9/zDjYV4bitVg8fz7
qxuf9ma66D+UBdTuC1jwdbqPEXm5XXxm6hwYlTCF/mzo6Vge9h1KzVQhQ3ZcKdWm
NAwSVHUqTEHAybLxd+Rnnxa/8Thdysl8Q72hNCDZ9948WsZmQxSRTa2CBA6m3DWz
U+Twb55j5l456KXBZ6LzQobdzd3Qjq/ISKA1mLUl54Okqb/szjVHTw+lo9gcdekL
sqsFLzGpp+FKDRykzrn3bfsC4inYrNtfGM6xRHXjT/RwDftFSxzN4qM9nhgSddE3
0TpkSrwFbM2oaExbbVABbuMF78r6gO/pGCUxqEVRVNgYExbHAoIBAQDJrfgvX4WR
rIuAYpXYqaKhBG/xEi1x7fqye1BKmmKUqGnYelmSwwAJrthqccvIevMcVH1ccENl
Oc9niMSxIGieS1g+L2a9PchOhITDFx6LUn2UJtbslbTPcIBpaGv92JAY5mUYWoId
lZ7gNbI0sbc1lDZBuwUG4bfaFo6bInhS1Bz5Dqp5je52r+3IpAcPBkb0agV3ysNT
TnkFkCEQ9BDv/K6rdt8V4IpFD1PRkSFjcZmqzsFDbUeGDdCTSCaFRmZxaueGYtqS
1s3RGhVZgNxGRUN72sAOWJZmnCtbbIBIEPFpgjgR9Wv69plgvLL9BLwlD68yqlI2
EgvHQqkRtHtrAoIBAFxipkzqCLueRw5K0sMBBMXQJUMfgHWjCLGCYRsZXj+a8eSS
J1RmeW6EMNdSOu3NzWtZgmM6TnjJFwhHat3lM+BQVDwne8Og3Q3kxzLWz0O6GQdt
R2MUG/Ey9Yt4WWCs/bk3LsdOLVqSZNrm1xMFN1bSafv3eg2HfHto+b8HuQQXUF1K
EqSwuQ3ZTccO5ivGHetg2YVm8FqbtUrYYLwUXUQGEOl5k2+h32iFjpXtB8Y/smyI
IhBzaZKYHd/hvGlCx7urcpFsM/Bc4vel++n6m+4vETFeqhcPQ4WkzsXYXfZ5gXp9
opgYk4nBtc+uzLTxLYTPLNTMPIPXF6KyCnJivikCggEAT/oaUob5y+P1yirOK4ZR
xLKixaGkvepWoVK/a2Y/s535o2wZe1ay/CQHFGceHdmL8O8ca3zlbQ34zqDxByDH
/AX672YSwvbuKRzqHQddCHjk7cxdLKLNefmuIp7TPG4V7pnm+zphIORFhbolejoD
Yk7tGTHV832tT+HkGWcY+he9iZKkTeHX798iV4+ccPvXRXOJyZBx1uZmnasjQbrX
wKOejMZt/xn1Gx/R6Gg6KlpRSugEwf1jAKkXzmAtTmq1k0KGn8cx0Es4gTRrxPuR
3pf3A/Widc3xjq1dkDq9wFZftax7GbwOXw5NkowiGq43AidvHZNnWKPdYd5wd2Hw
EwKCAQBqIkHe8R3CC9a8RkuFdOQ0h3eRQ1tDLroOGX1xN8LDa6td3y1I54Qp2JMe
4XBoZI39ys0SI5F2Nb+ZchGq0CYP4QiUXAgN5O7yD1z9VLgKQWO2OgnHsUp/EXPt
//nYhG8N+KmsBpL2pI5IzZENT8bCSXyFdcZSVojKvL6LGJyiHwjr7qRYilV6VzZA
QJvMqSuJe5PDBJoVIwrMVss+dlcTS2oFOtsINq/LPE9vqkEDKdMq1syf0MJoPgEz
qV7tZiizRSb87y4m7w2dW2MLusttWOdWZ3oizFbkperFxtmAaLQA5ITZTShUe3Gv
XJK5cy3m1Z26ids20l7rwdtfqk0d
-----END PRIVATE KEY-----

8
systems/aarch64-darwin/macbook-pro/default.nix
View File

@@ -43,10 +43,10 @@
remote_only: true remote_only: true
''; '';
# programs.ccache.cacheDir = "/etc/ccache"; # programs.ccache.cacheDir = "/etc/ccache";
systemd.tmpfiles.rules = [ # systemd.tmpfiles.rules = [
# "d /var/cache/ccache 0770 builder nixbld -" # # "d /var/cache/ccache 0770 builder nixbld -"
"p+ /var/cache/ccache/ccache.conf - - - - /etc/ccache.conf" # "p+ /var/cache/ccache/ccache.conf - - - - /etc/ccache.conf"
]; # ];
} }
); );
}; };

16
systems/aarch64-linux/macbook-pro-nixos/default.nix
View File

@@ -23,14 +23,14 @@
${namespace} = { ${namespace} = {
impermanence = { impermanence = {
enable = true; enable = true;
extraDirectories = [ # extraDirectories = [
{ # {
directory = "/var/cache/ccache"; # directory = "/var/cache/ccache";
user = "nobody"; # user = "nobody";
group = "nobody"; # group = "nobody";
mode = "u=rwx,g=rwx,o=rx"; # mode = "u=rwx,g=rwx,o=rx";
} # }
]; # ];
}; };
user = { user = {
name = "matt"; name = "matt";

16
systems/aarch64-linux/pi5/default.nix
View File

@@ -21,14 +21,14 @@
# ################################################### # ###################################################
impermanence = { impermanence = {
enable = true; enable = true;
extraDirectories = [ # extraDirectories = [
{ # {
directory = "/var/cache/ccache"; # directory = "/var/cache/ccache";
user = "nobody"; # user = "nobody";
group = "nobody"; # group = "nobody";
mode = "u=rwx,g=rwx,o=rx"; # mode = "u=rwx,g=rwx,o=rx";
} # }
]; # ];
}; };
# ################################################### # ###################################################

15
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -23,7 +23,7 @@ in
]; ];
}; };
}; };
ai = enabled; # ai = enabled;
arrs = enabled; arrs = enabled;
attic = { attic = {
enable = true; enable = true;
@@ -62,7 +62,7 @@ in
}; };
}; };
collabora = { collabora = {
enable = true; enable = false;
port = 9980; port = 9980;
}; };
crowdsec = { crowdsec = {
@@ -79,7 +79,7 @@ in
port = 8409; port = 8409;
}; };
free-games-claimer = { free-games-claimer = {
enable = true; enable = false;
port = 6080; port = 6080;
}; };
gitea = { gitea = {
@@ -122,7 +122,7 @@ in
port = 3214; port = 3214;
}; };
matrix = { matrix = {
enable = true; enable = false;
port = 8448; port = 8448;
reverseProxy.enable = true; reverseProxy.enable = true;
}; };
@@ -133,12 +133,13 @@ in
port = 4000; port = 4000;
}; };
nextcloud = { nextcloud = {
enable = true; enable = false;
port = 9988; port = 9988;
}; };
ntfy = { ntfy = {
enable = true; enable = true;
port = 2586; port = 2586;
createUser = true;
reverseProxy.enable = true; reverseProxy.enable = true;
}; };
ocis = disabled; ocis = disabled;
@@ -147,12 +148,12 @@ in
port = 9200; port = 9200;
}; };
opencloud = { opencloud = {
enable = true; enable = false;
port = 9200; port = 9200;
reverseProxy.enable = true; reverseProxy.enable = true;
}; };
orca-slicer = { orca-slicer = {
enable = true; enable = false;
port = 3100; port = 3100;
httpsPort = 3101; httpsPort = 3101;
}; };

144
systems/x86_64-linux/jallen-nas/default.nix
View File

@@ -12,6 +12,7 @@ in
imports = [ imports = [
./boot.nix ./boot.nix
./apps.nix ./apps.nix
# ./nas-pool.nix
./users.nix ./users.nix
./services.nix ./services.nix
./sops.nix ./sops.nix
@@ -267,20 +268,119 @@ in
# ################################################### # ###################################################
# # Mounts # # # # Mounts # #
# ################################################### # ###################################################
fileSystems."/media/nas/main" = { # fileSystems."/media/nas/main" = {
label = "nas_pool"; # label = "nas_pool";
# device = "/dev/sde:/dev/sdf:/dev/sdh:/dev/sdi:/dev/sdj:/dev/nmve0n1:/dev/nvme1n1"; # # device = "/dev/sde:/dev/sdf:/dev/sdh:/dev/sdi:/dev/sdj:/dev/nmve0n1:/dev/nvme1n1";
fsType = "bcachefs"; # fsType = "bcachefs";
mountPoint = "/media/nas/main"; # mountPoint = "/media/nas/main";
options = [ # options = [
# "noauto" # # "noauto"
"nofail" # "nofail"
# "x-systemd.mount-timeout=0" # # "x-systemd.mount-timeout=0"
# "x-systemd.device-timeout=0" # # "x-systemd.device-timeout=0"
]; # ];
# };
fileSystems = {
"/media/nas/main/appdata" = {
device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552";
fsType = "bcachefs";
options = [
"X-mount.subdir=appdata"
"x-systemd.device-timeout=180s"
];
};
"/media/nas/main/backup" = {
device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552";
fsType = "bcachefs";
options = [
"X-mount.subdir=backup"
"x-systemd.device-timeout=180s"
];
};
"/media/nas/main/databases" = {
device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552";
fsType = "bcachefs";
options = [
"X-mount.subdir=databases"
"x-systemd.device-timeout=180s"
];
};
"/media/nas/main/documents" = {
device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552";
fsType = "bcachefs";
options = [
"X-mount.subdir=documents"
"x-systemd.device-timeout=180s"
];
};
"/media/nas/games/heroic" = {
device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552";
fsType = "bcachefs";
options = [
"X-mount.subdir=heroic"
"x-systemd.device-timeout=180s"
];
};
"/media/nas/main/movies" = {
device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552";
fsType = "bcachefs";
options = [
"X-mount.subdir=movies"
"x-systemd.device-timeout=180s"
];
};
"/media/nas/main/photos" = {
device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552";
fsType = "bcachefs";
options = [
"X-mount.subdir=photos"
"x-systemd.device-timeout=180s"
];
};
"/media/nas/games/steam" = {
device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552";
fsType = "bcachefs";
options = [
"X-mount.subdir=steam"
"x-systemd.device-timeout=180s"
];
};
"/media/nas/main/tv" = {
device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552";
fsType = "bcachefs";
options = [
"X-mount.subdir=tv"
"x-systemd.device-timeout=180s"
];
};
"/persist" = {
device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552";
fsType = "bcachefs";
options = [
"X-mount.subdir=persist"
"x-systemd.device-timeout=180s"
];
};
"/subvolumes" = {
device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552";
fsType = "bcachefs";
};
}; };
boot.initrd.luks.devices.cryptroot.device = "/dev/disk/by-partlabel/disk-main-jallen-nas-cryptroot"; environment.etc = {
"crypttab".text = ''
hdd1-cryptroot UUID="295d4c78-41f0-4792-bd97-ac88b2455cdc" none tpm2-device=auto
hdd2-cryptroot UUID="7c9c2179-351c-40a5-9257-e9ee2a1e794a" none tpm2-device=auto
ssd1-cryptroot UUID="d78fa862-212c-4d4f-ad86-bfeead5cc054" none tpm2-device=auto,allow-discards,perf-no_read_workqueue,perf-no_write_workqueue
ssd2-cryptroot UUID="1661c173-3809-4517-9ab8-ad94c229048d" none tpm2-device=auto,allow-discards,perf-no_read_workqueue,perf-no_write_workqueue
ssd3-cryptroot UUID="cfea125e-90b1-4248-834d-16dcaf310783" none tpm2-device=auto,allow-discards,perf-no_read_workqueue,perf-no_write_workqueue
ssd4-cryptroot UUID="96055401-6d1a-4308-9e4e-2211e1e23635" none tpm2-device=auto,allow-discards,perf-no_read_workqueue,perf-no_write_workqueue
ssd5-cryptroot UUID="055e27e0-c96a-4899-8ee7-cb1cd5f21476" none tpm2-device=auto,allow-discards,perf-no_read_workqueue,perf-no_write_workqueue
ssd6-cryptroot UUID="6e830abd-2555-4558-81a3-4a990507b5a7" none tpm2-device=auto,allow-discards,perf-no_read_workqueue,perf-no_write_workqueue
'';
};
# boot.initrd.luks.devices.cryptroot.device = "/dev/disk/by-partlabel/disk-main-jallen-nas-cryptroot";
# Configure environment # Configure environment
environment = { environment = {
@@ -310,22 +410,18 @@ in
persistence."/media/nas/main/persist" = { persistence."/media/nas/main/persist" = {
hideMounts = true; hideMounts = true;
directories = [ directories = [
{ # {
directory = "/var/cache/ccache"; # directory = "/var/lib/redis-ccache";
user = "nobody"; # user = "redis-ccache";
group = "nobody"; # group = "redis-ccache";
mode = "u=rwx,g=rwx,o=rx"; # mode = "u=rwx,g=,o=";
} # }
{
directory = "/var/lib/redis-ccache";
user = "redis-ccache";
group = "redis-ccache";
mode = "u=rwx,g=,o=";
}
]; ];
}; };
}; };
networking.firewall.checkReversePath = false;
# Configure programs # Configure programs
programs = { programs = {
kdeconnect.enable = lib.mkForce false; kdeconnect.enable = lib.mkForce false;

383
systems/x86_64-linux/jallen-nas/nas-pool.nix Normal file
View File

@@ -0,0 +1,383 @@
{ lib, ... }:
{
disko.devices = {
disk = {
#################################################################
# HDD1
#################################################################
hdd1 = {
device = "/dev/disk/by-id/ata-ST24000DM001-3Y7103_ZXA0QYPG";
type = "disk";
content = {
type = "gpt";
partitions = {
hdd1p1 = {
size = "100%";
content = {
type = "luks";
name = "hdd1-cryptroot";
extraOpenArgs = [
"--allow-discards"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
settings = {
allowDiscards = true;
# keyFile = lib.snowfall.fs.get-file "secrets/nas_pool.key";
crypttabExtraOpts = [
"tpm2-device=auto"
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "bcachefs";
filesystem = "nas_pool_subvolumes";
label = "hdd.hdd1";
extraFormatArgs = [
"--discard"
];
};
};
};
};
};
};
#################################################################
# HDD2
#################################################################
hdd2 = {
device = "/dev/disk/by-id/ata-ST24000NM000C-3WD103_ZXA0H7EQ";
type = "disk";
content = {
type = "gpt";
partitions = {
hdd2p1 = {
size = "100%";
content = {
type = "luks";
name = "hdd2-cryptroot";
extraOpenArgs = [
"--allow-discards"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
settings = {
allowDiscards = true;
# keyFile = lib.snowfall.fs.get-file "secrets/nas_pool.key";
crypttabExtraOpts = [
"tpm2-device=auto"
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "bcachefs";
filesystem = "nas_pool_subvolumes";
label = "hdd.hdd2";
extraFormatArgs = [
"--discard"
];
};
};
};
};
};
};
#################################################################
# SSD1
#################################################################
ssd1 = {
device = "/dev/disk/by-id/nvme-CT1000P310SSD8_25034D8045A9";
type = "disk";
content = {
type = "gpt";
partitions = {
ssd1p1 = {
size = "100%";
content = {
type = "luks";
name = "ssd1-cryptroot";
extraOpenArgs = [
"--allow-discards"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
settings = {
allowDiscards = true;
# keyFile = lib.snowfall.fs.get-file "secrets/nas_pool.key";
crypttabExtraOpts = [
"tpm2-device=auto"
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "bcachefs";
filesystem = "nas_pool_subvolumes";
label = "ssd.ssd1";
extraFormatArgs = [
"--discard"
];
};
};
};
};
};
};
#################################################################
# SSD2
#################################################################
ssd2 = {
device = "/dev/disk/by-id/nvme-CT1000P310SSD8_25185002525B";
type = "disk";
content = {
type = "gpt";
partitions = {
ssd2p1 = {
size = "100%";
content = {
type = "luks";
name = "ssd2-cryptroot";
extraOpenArgs = [
"--allow-discards"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
settings = {
allowDiscards = true;
# keyFile = lib.snowfall.fs.get-file "secrets/nas_pool.key";
crypttabExtraOpts = [
"tpm2-device=auto"
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "bcachefs";
filesystem = "nas_pool_subvolumes";
label = "ssd.ssd2";
extraFormatArgs = [
"--discard"
];
};
};
};
};
};
};
#################################################################
# SSD3
#################################################################
ssd3 = {
device = "/dev/disk/by-id/nvme-CT1000P310SSD8_25285184CC5C";
type = "disk";
content = {
type = "gpt";
partitions = {
ssd3p1 = {
size = "100%";
content = {
type = "luks";
name = "ssd3-cryptroot";
extraOpenArgs = [
"--allow-discards"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
settings = {
allowDiscards = true;
# keyFile = lib.snowfall.fs.get-file "secrets/nas_pool.key";
crypttabExtraOpts = [
"tpm2-device=auto"
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "bcachefs";
filesystem = "nas_pool_subvolumes";
label = "ssd.ssd3";
extraFormatArgs = [
"--discard"
];
};
};
};
};
};
};
#################################################################
# SSD4
#################################################################
ssd4 = {
device = "/dev/disk/by-id/nvme-CT1000P310SSD8_25285186280D";
type = "disk";
content = {
type = "gpt";
partitions = {
ssd4p1 = {
size = "100%";
content = {
type = "luks";
name = "ssd4-cryptroot";
extraOpenArgs = [
"--allow-discards"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
settings = {
allowDiscards = true;
# keyFile = lib.snowfall.fs.get-file "secrets/nas_pool.key";
crypttabExtraOpts = [
"tpm2-device=auto"
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "bcachefs";
filesystem = "nas_pool_subvolumes";
label = "ssd.ssd4";
extraFormatArgs = [
"--discard"
];
};
};
};
};
};
};
#################################################################
# SSD5
#################################################################
ssd5 = {
device = "/dev/disk/by-id/nvme-INTEL_SSDPEKNW010T8_PHNH845600381P0B";
type = "disk";
content = {
type = "gpt";
partitions = {
ssd5p1 = {
size = "100%";
content = {
type = "luks";
name = "ssd5-cryptroot";
extraOpenArgs = [
"--allow-discards"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
settings = {
allowDiscards = true;
# keyFile = lib.snowfall.fs.get-file "secrets/nas_pool.key";
crypttabExtraOpts = [
"tpm2-device=auto"
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "bcachefs";
filesystem = "nas_pool_subvolumes";
label = "ssd.ssd5";
extraFormatArgs = [
"--discard"
];
};
};
};
};
};
};
#################################################################
# SSD6
#################################################################
ssd6 = {
device = "/dev/disk/by-id/nvme-WDS100T3X0C-00SJG0_202007A00A86";
type = "disk";
content = {
type = "gpt";
partitions = {
ssd6p1 = {
size = "100%";
content = {
type = "luks";
name = "ssd6-cryptroot";
extraOpenArgs = [
"--allow-discards"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
settings = {
allowDiscards = true;
# keyFile = lib.snowfall.fs.get-file "secrets/nas_pool.key";
crypttabExtraOpts = [
"tpm2-device=auto"
"fido2-device=auto"
"token-timeout=10"
];
};
content = {
type = "bcachefs";
filesystem = "nas_pool_subvolumes";
label = "ssd.ssd6";
extraFormatArgs = [
"--discard"
];
};
};
};
};
};
};
};
bcachefs_filesystems = {
nas_pool_subvolumes = {
type = "bcachefs_filesystem";
extraFormatArgs = [
"--compression=zstd"
"--background_compression=zstd"
"--metadata_tartget=ssd"
"--promote_tartget=ssd"
"--foreground_target=ssd"
"--background_target=hdd"
"--data_replicas=2"
];
subvolumes = {
"backup" = {
mountpoint = "/media/nas/main/backup";
};
"documents" = {
mountpoint = "/media/nas/main/documents";
};
"heroic" = {
mountpoint = "/media/nas/games/heroic";
};
"movies" = {
mountpoint = "/media/nas/main/movies";
};
"photos" = {
mountpoint = "/media/nas/main/photos";
};
"steam" = {
mountpoint = "/media/nas/games/steam";
};
"tv" = {
mountpoint = "/media/nas/main/tv";
};
"persist" = {
mountpoint = "/persist";
};
};
};
};
};
}

2
systems/x86_64-linux/jallen-nas/services.nix
View File

@@ -32,7 +32,7 @@
enable = true; enable = true;
package = pkgs.postgresql_16; package = pkgs.postgresql_16;
enableTCPIP = true; enableTCPIP = true;
dataDir = "/media/nas/main/nix-app-data/postgresql"; dataDir = "/media/nas/main/databases/postgresql";
ensureDatabases = [ ensureDatabases = [
"authentik" "authentik"
"homeassistant" "homeassistant"

16
systems/x86_64-linux/matt-nixos/default.nix
View File

@@ -55,14 +55,14 @@
impermanence = { impermanence = {
enable = true; enable = true;
extraDirectories = [ # extraDirectories = [
{ # {
directory = "/var/cache/ccache"; # directory = "/var/cache/ccache";
user = "nobody"; # user = "nobody";
group = "nobody"; # group = "nobody";
mode = "u=rwx,g=rwx,o=rx"; # mode = "u=rwx,g=rwx,o=rx";
} # }
]; # ];
}; };
network = { network = {