temp

2025-07-18 13:21:50 -05:00
parent 996e34d075
commit 407f8ede87
14 changed files with 83 additions and 133 deletions
--- a/systems/x86_64-linux/nas/default.nix
+++ b/systems/x86_64-linux/nas/default.nix
@@ -0,0 +1,204 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{
+  config,
+  pkgs,
+  lib,
+  inputs,
+  namespace,
+  ...
+}:
+{
+  imports = [
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+    ./filesystems.nix
+    ./boot.nix
+    ./apps.nix
+    ./grafana.nix
+    ./networking.nix
+    ./nixpkgs.nix
+    ./ups.nix
+    ./users.nix
+    ./samba.nix
+    ./services.nix
+    ./sops.nix
+  ];
+
+  powerManagement.cpuFreqGovernor = "powersave";
+
+  ${namespace} = {
+    bootloader.lanzaboote.enable = true;
+    desktop.cosmic.enable = true;
+    hardware.nvidia = {
+      enable = true;
+      enableBeta = true;
+      enableOpen = true;
+      nvidiaSettings = true;
+      enableNvidiaDocker = true;
+    };
+  };
+
+  security.tpm2 = {
+    enable = true;
+  };
+
+  # Configure environment
+  environment = {
+    etc.crypttab.text = ''
+      ssd1 UUID=eff4b19c-aba7-41ab-b452-a8c6654d8754 none tpm2-device=auto
+      ssd2 UUID=c8640e19-6cd9-49d0-a355-bac09d17ea0d none tpm2-device=auto
+      hdd1 UUID=8d7dd657-d9b0-47ed-97e1-a9d1eba12b56 none tpm2-device=auto
+      hdd2 UUID=11ee92b0-6334-4be7-bb2d-d85f5a3f51a6 none tpm2-device=auto
+      hdd3 UUID=4463ea6f-3fcf-4e49-80c8-ba7f424471f0 none tpm2-device=auto
+      hdd4 UUID=13fe7737-b72b-4d5f-a79d-1ca0d438f8f0 none tpm2-device=auto
+      hdd5 UUID=2b4be219-613d-4512-8277-0260989d5377 none tpm2-device=auto
+    '';
+
+    etc.machine-id.text = ''
+      57cdf5fc27f3469f80d0a339f1238aeb
+    '';
+
+    systemPackages = with pkgs; [
+      attic-client
+      binutils
+      cryptsetup
+      cmake
+      deconz
+      duperemove
+      efibootmgr
+      ffmpeg
+      gcc
+      glances
+      ipset
+      jq
+      llama-cpp
+      ninja
+      # inputs.nas-nixai.packages.x86_64-linux.nixai
+      networkmanagerapplet
+      nmon
+      nut
+      packagekit
+      pass
+      protonmail-bridge
+      protonvpn-cli
+      python3
+      python3Packages.llama-cpp-python
+      qrencode
+      rcon
+      sbctl
+      speedtest-cli
+      tigervnc
+      tpm2-tools
+      tpm2-tss
+    ];
+  };
+
+  # Configure programs
+  programs = {
+    virt-manager.enable = true;
+    nix-ld.enable = true;
+    screen.enable = true;
+    coolercontrol = {
+      enable = true;
+      nvidiaSupport = true;
+    };
+
+    msmtp = {
+      enable = false;
+      accounts = {
+        default = {
+          auth = true;
+          tls_starttls = false;
+          host = "smtp.gmail.com";
+          user = "matt.l.jallen";
+          from = "matt.l.jallen@gmail.com";
+          passwordeval = "cat ${config.sops.secrets."jallen-nas/gitea/mail-key".path}";
+        };
+      };
+      defaults = {
+        port = 465;
+        tls = true;
+      };
+    };
+  };
+
+  hardware.fancontrol = {
+    enable = false;
+    config = ''
+      # Configuration file generated by pwmconfig, changes will be lost
+      # hwmon6/temp9_input -- chipset temp?
+      # hwmon2/temp1_input -- cpu temp?
+      # hwmon6/pwm5 -- chipset fan?
+      # hwmon6/pwm2, hwmon6/pwm3 -- cpu fans?
+      # hwmon6/pwm4 -- case fans?
+
+      INTERVAL=10
+      DEVPATH=hwmon2=devices/pci0000:00/0000:00:18.3 hwmon6=devices/platform/nct6775.656
+      DEVNAME=hwmon2=k10temp hwmon6=nct6798
+      FCTEMPS=hwmon6/pwm5=hwmon6/temp9_input hwmon6/pwm2=hwmon2/temp1_input hwmon6/pwm3=hwmon2/temp1_input hwmon6/pwm4=hwmon2/temp1_input
+      FCFANS=hwmon6/pwm5=hwmon6/fan5_input hwmon6/pwm2=hwmon6/fan2_input hwmon6/pwm3=hwmon6/fan3_input hwmon6/pwm4=hwmon6/fan4_input
+      MINTEMP=hwmon6/pwm5=20 hwmon6/pwm2=20 hwmon6/pwm3=20 hwmon6/pwm4=20
+      MAXTEMP=hwmon6/pwm5=60 hwmon6/pwm2=90 hwmon6/pwm3=90 hwmon6/pwm4=90
+      MINSTART=hwmon6/pwm5=16 hwmon6/pwm2=90 hwmon6/pwm3=45 hwmon6/pwm4=60
+      MINSTOP=hwmon6/pwm5=14 hwmon6/pwm2=0 hwmon6/pwm3=30 hwmon6/pwm4=45
+      MINPWM=hwmon6/pwm5=14 hwmon6/pwm2=0 hwmon6/pwm3=0 hwmon6/pwm4=0
+      MAXPWM=hwmon6/pwm5=255 hwmon6/pwm2=255 hwmon6/pwm3=255 hwmon6/pwm4=255
+    '';
+  };
+
+  # Virtualisation
+  virtualisation = {
+    podman = {
+      enable = true;
+      dockerCompat = true;
+      autoPrune.enable = true;
+      defaultNetwork.settings = {
+        dns_enabled = true;
+      };
+    };
+
+    libvirtd.enable = true;
+  };
+
+  # Enable nix flakes and nix-command tools
+  nix = {
+    settings = {
+      substituters = [
+        "https://nix-community.cachix.org"
+        "https://cache.nixos.org/"
+      ];
+      trusted-public-keys = [
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+      warn-dirty = lib.mkForce false;
+      experimental-features = lib.mkForce [
+        "nix-command"
+        "flakes"
+      ];
+      trusted-users = [ "@wheel" ];
+    };
+
+    # Garbage collect automatically every week
+    gc.automatic = lib.mkDefault true;
+    gc.options = lib.mkDefault "--delete-older-than 30d";
+
+    optimise.automatic = lib.mkDefault true;
+  };
+
+  # Nixpkgs configuration
+  nixpkgs = {
+    config = {
+      allowUnfree = lib.mkForce true;
+      allowUnsupportedSystem = true;
+      permittedInsecurePackages = [
+        # ...
+      ];
+    };
+  };
+  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+    "vscode-extension-github-copilot"
+  ];
+}