From 407f8ede878f7a7cee56980d2d11c8d4f97fddcf Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Fri, 18 Jul 2025 13:21:50 -0500 Subject: [PATCH] temp --- flake.nix | 18 ++++++ modules/nixos/disko/options.nix | 7 +++ modules/nixos/disko/x86_64-linux/default.nix | 7 ++- modules/nixos/homeassistant/default.nix | 32 +++++----- modules/nixos/homeassistant/hass.nix | 62 ------------------- modules/nixos/nvidia/default.nix | 4 +- modules/nixos/nvidia/options.nix | 4 +- systems/x86_64-linux/nas/apps.nix | 1 - .../nas/apps/nextcloud/default.nix | 18 ++---- systems/x86_64-linux/nas/boot.nix | 9 --- .../nas/{configuration.nix => default.nix} | 23 ++++--- systems/x86_64-linux/nas/networking.nix | 4 +- systems/x86_64-linux/nas/nixpkgs.nix | 5 -- systems/x86_64-linux/nas/sops.nix | 22 +++---- 14 files changed, 83 insertions(+), 133 deletions(-) create mode 100644 modules/nixos/disko/options.nix delete mode 100644 modules/nixos/homeassistant/hass.nix rename systems/x86_64-linux/nas/{configuration.nix => default.nix} (93%) diff --git a/flake.nix b/flake.nix index 48876a7..bb4aef8 100644 --- a/flake.nix +++ b/flake.nix @@ -88,6 +88,7 @@ # common modules modules.nixos = with inputs; [ chaotic.nixosModules.default + disko.nixosModules.disko home-manager.nixosModules.home-manager impermanence.nixosModules.impermanence lanzaboote.nixosModules.lanzaboote @@ -110,6 +111,23 @@ ]; }; + # ###################################################### + # NAS # + # ###################################################### + nas = { + modules = with inputs; [ + authentik-nix.nixosModules.default + crowdsec.nixosModules.crowdsec + crowdsec.nixosModules.crowdsec-firewall-bouncer + nixos-hardware.nixosModules.common-pc + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-cpu-amd-pstate + nixos-hardware.nixosModules.common-cpu-amd-zenpower + nixos-hardware.nixosModules.common-hidpi + ]; + # overlays = with inputs; [ crowdsec.overlays.default ]; + }; + # ###################################################### # Steamdeck # # ###################################################### diff --git a/modules/nixos/disko/options.nix b/modules/nixos/disko/options.nix new file mode 100644 index 0000000..ce3cd83 --- /dev/null +++ b/modules/nixos/disko/options.nix @@ -0,0 +1,7 @@ +{ lib, namespace, ... }: +with lib; +{ + options.${namespace}.hardware.disko = { + enable = mkEnableOption "enable disko"; + }; +} \ No newline at end of file diff --git a/modules/nixos/disko/x86_64-linux/default.nix b/modules/nixos/disko/x86_64-linux/default.nix index 15dfb73..57cdf55 100644 --- a/modules/nixos/disko/x86_64-linux/default.nix +++ b/modules/nixos/disko/x86_64-linux/default.nix @@ -1,10 +1,13 @@ -{ config, lib, system, ... }: +{ config, lib, system, namespace, ... }: let + cfg = config.${namespace}.hardware.disko; isArm = builtins.match "aarch64*" system != null; rootDisk = "/dev/nvme0n1"; in { - config = lib.mkIf (!isArm) { + imports = [ ../options.nix ]; + + config = lib.mkIf (cfg.enable && !isArm) { disko.devices = { nodev."/" = { fsType = "tmpfs"; diff --git a/modules/nixos/homeassistant/default.nix b/modules/nixos/homeassistant/default.nix index 72f191a..169244c 100755 --- a/modules/nixos/homeassistant/default.nix +++ b/modules/nixos/homeassistant/default.nix @@ -44,43 +44,42 @@ in "cloudflare" "co2signal" "color_extractor" + "esphome" + "ffmpeg" + "google_translate" "holiday" + "homekit" + "isal" "jellyfin" + "met" "music_assistant" + "mqtt" "nut" "nextcloud" "nws" "ollama" "onedrive" "ping" + "radio_browser" "samsungtv" "season" + "shopping_list" "simplefin" "smartthings" + "subaru" "upnp" + "vesync" "workday" "wyoming" - - "google_translate" - "met" - "radio_browser" - "shopping_list" - "esphome" - # Recommended for fast zlib compression - # https://www.home-assistant.io/integrations/isal - "isal" - "subaru" - "vesync" - "mqtt" # Enables MQTT integration in HA - "ffmpeg" # Enables camera streams - "zha" # Enables Zigbee integration - "homekit" - "music_assistant" + "zha" ]; + customComponents = with pkgs.home-assistant-custom-components; [ + # nixpkgs auth-header localtuya + # packages pkgs.${namespace}.ha-anycubic pkgs.${namespace}.ha-bambulab pkgs.${namespace}.ha-gehome @@ -91,6 +90,7 @@ in pkgs.${namespace}.ha-petlibro pkgs.${namespace}.ha-wyzeapi ]; + customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [ atomic-calendar-revive bubble-card diff --git a/modules/nixos/homeassistant/hass.nix b/modules/nixos/homeassistant/hass.nix deleted file mode 100644 index 972ad64..0000000 --- a/modules/nixos/homeassistant/hass.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ dream2nix, ... }: -let - hostAddress = "10.0.1.4"; - localAddress = "10.0.4.2"; - hassPort = 8123; -in -{ - containers.homeassistant = { - autoStart = true; - privateNetwork = true; - hostAddress = hostAddress; - localAddress = localAddress; - - bindMounts = { - "/var/lib/homeassistant" = { - hostPath = "/var/lib/homeassistant"; - isReadOnly = false; - }; - USB0 = { - hostPath = "/dev/ttyUSB0"; - mountPoint = "/dev/ttyUSB0"; - isReadOnly = false; - }; - }; - - config = { lib, ... }: - { - imports = [ - ./homeassistant.nix - ]; - - networking = { - firewall = { - enable = true; - allowedTCPPorts = [ hassPort ]; - }; - # Use systemd-resolved inside the container - # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 - useHostResolvConf = lib.mkForce false; - }; - - # Create and set permissions for required directories - system.activationScripts.hass-dirs = '' - mkdir -p /var/lib/homeassistant - chown -R homeassistant:homeassistant /var/lib/homeassistat - chmod -R 775 /var/lib/homeassistant - ''; - - services.resolved.enable = true; - system.stateVersion = "23.11"; - }; - }; - - networking.nat = { - forwardPorts = [ - { - destination = "${localAddress}:${toString hassPort}"; - sourcePort = hassPort; - } - ]; - }; -} diff --git a/modules/nixos/nvidia/default.nix b/modules/nixos/nvidia/default.nix index 7a49303..3c3a7f2 100755 --- a/modules/nixos/nvidia/default.nix +++ b/modules/nixos/nvidia/default.nix @@ -1,12 +1,12 @@ { lib, config, - pkgs, + namespace, ... }: with lib; let - cfg = config.share.hardware.nvidia; + cfg = config.${namespace}.hardware.nvidia; in { imports = [ ./options.nix ]; diff --git a/modules/nixos/nvidia/options.nix b/modules/nixos/nvidia/options.nix index 6abcb98..2b2cb2b 100755 --- a/modules/nixos/nvidia/options.nix +++ b/modules/nixos/nvidia/options.nix @@ -1,7 +1,7 @@ -{ lib, ... }: +{ lib, namespace, ... }: with lib; { - options.share.hardware.nvidia = { + options.${namespace}.hardware.nvidia = { enable = mkEnableOption "nvidia hardware config"; enableOpen = mkOption { diff --git a/systems/x86_64-linux/nas/apps.nix b/systems/x86_64-linux/nas/apps.nix index 8c9a1ed..3e734a2 100755 --- a/systems/x86_64-linux/nas/apps.nix +++ b/systems/x86_64-linux/nas/apps.nix @@ -19,7 +19,6 @@ in ./apps/paperless ./apps/traefik ./apps/wyoming - ../../modules ]; nas-apps = { diff --git a/systems/x86_64-linux/nas/apps/nextcloud/default.nix b/systems/x86_64-linux/nas/apps/nextcloud/default.nix index 0746a0b..06b6fdc 100755 --- a/systems/x86_64-linux/nas/apps/nextcloud/default.nix +++ b/systems/x86_64-linux/nas/apps/nextcloud/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, namespace, ... }: let settings = import ../../settings.nix; adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path; @@ -6,7 +6,7 @@ let jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path; nextcloudUserId = config.users.users.nix-apps.uid; nextcloudGroupId = config.users.groups.jallen-nas.gid; - nextcloudPackage = pkgs.unstable.nextcloud31; + nextcloudPackage = pkgs.nextcloud31; hostAddress = settings.hostAddress; localAddress = "10.0.2.18"; nextcloudPortExtHttp = 9988; @@ -19,6 +19,9 @@ in privateNetwork = true; hostAddress = hostAddress; localAddress = localAddress; + specialArgs = { + inherit namespace; + }; bindMounts = { secrets = { @@ -53,9 +56,8 @@ in }; config = - { pkgs, lib, ... }: + { pkgs, lib, namespace, ... }: { - imports = [ ../../../../modules/nvidia ]; nixpkgs.config.allowUnfree = true; networking.extraHosts = '' ${hostAddress} host.containers protonmail-bridge @@ -189,14 +191,6 @@ in nix-ld.enable = true; }; - share.hardware.nvidia = { - enable = true; - enableBeta = true; - enableOpen = true; - nvidiaSettings = true; - enableNvidiaDocker = true; - }; - system.stateVersion = "23.11"; networking = { firewall = { diff --git a/systems/x86_64-linux/nas/boot.nix b/systems/x86_64-linux/nas/boot.nix index a85bf51..3f0a169 100755 --- a/systems/x86_64-linux/nas/boot.nix +++ b/systems/x86_64-linux/nas/boot.nix @@ -19,15 +19,6 @@ in }; }; - lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - settings = { - console-mode = "max"; - }; - configurationLimit = configLimit; - }; - kernel.sysctl = { "net.ipv4.ip_forward" = 1; "net.ipv6.conf.all.forwarding" = 1; diff --git a/systems/x86_64-linux/nas/configuration.nix b/systems/x86_64-linux/nas/default.nix similarity index 93% rename from systems/x86_64-linux/nas/configuration.nix rename to systems/x86_64-linux/nas/default.nix index ac7abdb..450ef38 100755 --- a/systems/x86_64-linux/nas/configuration.nix +++ b/systems/x86_64-linux/nas/default.nix @@ -7,6 +7,7 @@ pkgs, lib, inputs, + namespace, ... }: { @@ -28,12 +29,16 @@ powerManagement.cpuFreqGovernor = "powersave"; - share.hardware.nvidia = { - enable = true; - enableBeta = true; - enableOpen = true; - nvidiaSettings = true; - enableNvidiaDocker = true; + ${namespace} = { + bootloader.lanzaboote.enable = true; + desktop.cosmic.enable = true; + hardware.nvidia = { + enable = true; + enableBeta = true; + enableOpen = true; + nvidiaSettings = true; + enableNvidiaDocker = true; + }; }; security.tpm2 = { @@ -71,7 +76,7 @@ jq llama-cpp ninja - inputs.nas-nixai.packages.x86_64-linux.nixai + # inputs.nas-nixai.packages.x86_64-linux.nixai networkmanagerapplet nmon nut @@ -80,7 +85,7 @@ protonmail-bridge protonvpn-cli python3 - unstable.python3Packages.llama-cpp-python + python3Packages.llama-cpp-python qrencode rcon sbctl @@ -102,7 +107,7 @@ }; msmtp = { - enable = true; + enable = false; accounts = { default = { auth = true; diff --git a/systems/x86_64-linux/nas/networking.nix b/systems/x86_64-linux/nas/networking.nix index 547dbdc..d7dffc2 100755 --- a/systems/x86_64-linux/nas/networking.nix +++ b/systems/x86_64-linux/nas/networking.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, lib, ... }: let settings = import ./settings.nix; ports = [ @@ -29,7 +29,7 @@ in { # Networking configs networking = { - hostName = settings.hostName; + hostName = lib.mkForce settings.hostName; useNetworkd = true; diff --git a/systems/x86_64-linux/nas/nixpkgs.nix b/systems/x86_64-linux/nas/nixpkgs.nix index bd7a33e..2b3df9e 100755 --- a/systems/x86_64-linux/nas/nixpkgs.nix +++ b/systems/x86_64-linux/nas/nixpkgs.nix @@ -2,11 +2,6 @@ { # Configure nixpkgs nixpkgs = { - overlays = [ - outputs.overlays.nixpkgs-unstable - outputs.overlays.nixpkgs-stable - ]; - config = { # Enable non free allowUnfree = true; diff --git a/systems/x86_64-linux/nas/sops.nix b/systems/x86_64-linux/nas/sops.nix index cdbbaad..43d9e5c 100755 --- a/systems/x86_64-linux/nas/sops.nix +++ b/systems/x86_64-linux/nas/sops.nix @@ -18,7 +18,7 @@ in # Either the group id or group name representation of the secret group # It is recommended to get the group name from `config.users.users..group` to avoid misconfiguration sops = { - defaultSopsFile = ../../secrets/nas-secrets.yaml; + defaultSopsFile = ../../../secrets/nas-secrets.yaml; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # ------------------------------ @@ -33,7 +33,7 @@ in }; "wifi" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; }; # ------------------------------ @@ -55,12 +55,12 @@ in # ------------------------------ "ssh-keys-public/jallen-nas-root" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; path = "/root/.ssh/id_ed25519.pub"; mode = "0640"; }; "ssh-keys-private/jallen-nas-root" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; path = "/root/.ssh/id_ed25519"; mode = "0600"; }; @@ -199,37 +199,37 @@ in # ------------------------------ "secureboot/GUID" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; path = "/etc/secureboot/GUID"; mode = "0640"; }; "secureboot/keys/db-key" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; path = "/etc/secureboot/keys/db/db.key"; mode = "0640"; }; "secureboot/keys/db-pem" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; path = "/etc/secureboot/keys/db/db.pem"; mode = "0640"; }; "secureboot/keys/KEK-key" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; path = "/etc/secureboot/keys/KEK/KEK.key"; mode = "0640"; }; "secureboot/keys/KEK-pem" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; path = "/etc/secureboot/keys/KEK/KEK.pem"; mode = "0640"; }; "secureboot/keys/PK-key" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; path = "/etc/secureboot/keys/PK/PK.key"; mode = "0640"; }; "secureboot/keys/PK-pem" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; path = "/etc/secureboot/keys/PK/PK.pem"; mode = "0640"; };