mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

temp

Browse Source
This commit is contained in:
mjallen18
2025-07-18 13:21:50 -05:00
parent 996e34d075
commit 407f8ede87
14 changed files with 83 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
systems/x86_64-linux/nas/apps.nix
View File

@@ -19,7 +19,6 @@ in
./apps/paperless
./apps/traefik
./apps/wyoming
../../modules
];
nas-apps = {

18
systems/x86_64-linux/nas/apps/nextcloud/default.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, namespace, ... }:
let
settings = import ../../settings.nix;
adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
@@ -6,7 +6,7 @@ let
jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
nextcloudUserId = config.users.users.nix-apps.uid;
nextcloudGroupId = config.users.groups.jallen-nas.gid;
nextcloudPackage = pkgs.unstable.nextcloud31;
nextcloudPackage = pkgs.nextcloud31;
hostAddress = settings.hostAddress;
localAddress = "10.0.2.18";
nextcloudPortExtHttp = 9988;
@@ -19,6 +19,9 @@ in
privateNetwork = true;
hostAddress = hostAddress;
localAddress = localAddress;
specialArgs = {
inherit namespace;
};
bindMounts = {
secrets = {
@@ -53,9 +56,8 @@ in
};
config =
{ pkgs, lib, ... }:
{ pkgs, lib, namespace, ... }:
{
imports = [ ../../../../modules/nvidia ];
nixpkgs.config.allowUnfree = true;
networking.extraHosts = ''
${hostAddress} host.containers protonmail-bridge
@@ -189,14 +191,6 @@ in
nix-ld.enable = true;
};
share.hardware.nvidia = {
enable = true;
enableBeta = true;
enableOpen = true;
nvidiaSettings = true;
enableNvidiaDocker = true;
};
system.stateVersion = "23.11";
networking = {
firewall = {

9
systems/x86_64-linux/nas/boot.nix
View File

@@ -19,15 +19,6 @@ in
};
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
settings = {
console-mode = "max";
};
configurationLimit = configLimit;
};
kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;

23
systems/x86_64-linux/nas/configuration.nix → systems/x86_64-linux/nas/default.nix
View File

@@ -7,6 +7,7 @@
pkgs,
lib,
inputs,
namespace,
...
}:
{
@@ -28,12 +29,16 @@
powerManagement.cpuFreqGovernor = "powersave";
share.hardware.nvidia = {
enable = true;
enableBeta = true;
enableOpen = true;
nvidiaSettings = true;
enableNvidiaDocker = true;
${namespace} = {
bootloader.lanzaboote.enable = true;
desktop.cosmic.enable = true;
hardware.nvidia = {
enable = true;
enableBeta = true;
enableOpen = true;
nvidiaSettings = true;
enableNvidiaDocker = true;
};
};
security.tpm2 = {
@@ -71,7 +76,7 @@
jq
llama-cpp
ninja
inputs.nas-nixai.packages.x86_64-linux.nixai
# inputs.nas-nixai.packages.x86_64-linux.nixai
networkmanagerapplet
nmon
nut
@@ -80,7 +85,7 @@
protonmail-bridge
protonvpn-cli
python3
unstable.python3Packages.llama-cpp-python
python3Packages.llama-cpp-python
qrencode
rcon
sbctl
@@ -102,7 +107,7 @@
};
msmtp = {
enable = true;
enable = false;
accounts = {
default = {
auth = true;

4
systems/x86_64-linux/nas/networking.nix
View File

@@ -1,4 +1,4 @@
{ config, ... }:
{ config, lib, ... }:
let
settings = import ./settings.nix;
ports = [
@@ -29,7 +29,7 @@ in
{
# Networking configs
networking = {
hostName = settings.hostName;
hostName = lib.mkForce settings.hostName;
useNetworkd = true;

5
systems/x86_64-linux/nas/nixpkgs.nix
View File

@@ -2,11 +2,6 @@
{
# Configure nixpkgs
nixpkgs = {
overlays = [
outputs.overlays.nixpkgs-unstable
outputs.overlays.nixpkgs-stable
];
config = {
# Enable non free
allowUnfree = true;

22
systems/x86_64-linux/nas/sops.nix
View File

@@ -18,7 +18,7 @@ in
# Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = {
defaultSopsFile = ../../secrets/nas-secrets.yaml;
defaultSopsFile = ../../../secrets/nas-secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------
@@ -33,7 +33,7 @@ in
};
"wifi" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
};
# ------------------------------
@@ -55,12 +55,12 @@ in
# ------------------------------
"ssh-keys-public/jallen-nas-root" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/root/.ssh/id_ed25519.pub";
mode = "0640";
};
"ssh-keys-private/jallen-nas-root" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/root/.ssh/id_ed25519";
mode = "0600";
};
@@ -199,37 +199,37 @@ in
# ------------------------------
"secureboot/GUID" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/GUID";
mode = "0640";
};
"secureboot/keys/db-key" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/db/db.key";
mode = "0640";
};
"secureboot/keys/db-pem" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/db/db.pem";
mode = "0640";
};
"secureboot/keys/KEK-key" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0640";
};
"secureboot/keys/KEK-pem" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0640";
};
"secureboot/keys/PK-key" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/PK/PK.key";
mode = "0640";
};
"secureboot/keys/PK-pem" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0640";
};