mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

temp

Browse Source
This commit is contained in:
mjallen18
2025-07-18 13:21:50 -05:00
parent 996e34d075
commit 407f8ede87
14 changed files with 83 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
flake.nix
View File

@@ -88,6 +88,7 @@
# common modules # common modules
modules.nixos = with inputs; [ modules.nixos = with inputs; [
chaotic.nixosModules.default chaotic.nixosModules.default
disko.nixosModules.disko
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
@@ -110,6 +111,23 @@
]; ];
}; };
# ######################################################
# NAS #
# ######################################################
nas = {
modules = with inputs; [
authentik-nix.nixosModules.default
crowdsec.nixosModules.crowdsec
crowdsec.nixosModules.crowdsec-firewall-bouncer
nixos-hardware.nixosModules.common-pc
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-cpu-amd-pstate
nixos-hardware.nixosModules.common-cpu-amd-zenpower
nixos-hardware.nixosModules.common-hidpi
];
# overlays = with inputs; [ crowdsec.overlays.default ];
};
# ###################################################### # ######################################################
# Steamdeck # # Steamdeck #
# ###################################################### # ######################################################

7
modules/nixos/disko/options.nix Normal file
View File

@@ -0,0 +1,7 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.hardware.disko = {
enable = mkEnableOption "enable disko";
};
}

7
modules/nixos/disko/x86_64-linux/default.nix
View File

@@ -1,10 +1,13 @@
{ config, lib, system, ... }: { config, lib, system, namespace, ... }:
let let
cfg = config.${namespace}.hardware.disko;
isArm = builtins.match "aarch64*" system != null; isArm = builtins.match "aarch64*" system != null;
rootDisk = "/dev/nvme0n1"; rootDisk = "/dev/nvme0n1";
in in
{ {
config = lib.mkIf (!isArm) { imports = [ ../options.nix ];
config = lib.mkIf (cfg.enable && !isArm) {
disko.devices = { disko.devices = {
nodev."/" = { nodev."/" = {
fsType = "tmpfs"; fsType = "tmpfs";

32
modules/nixos/homeassistant/default.nix
View File

@@ -44,43 +44,42 @@ in
"cloudflare" "cloudflare"
"co2signal" "co2signal"
"color_extractor" "color_extractor"
"esphome"
"ffmpeg"
"google_translate"
"holiday" "holiday"
"homekit"
"isal"
"jellyfin" "jellyfin"
"met"
"music_assistant" "music_assistant"
"mqtt"
"nut" "nut"
"nextcloud" "nextcloud"
"nws" "nws"
"ollama" "ollama"
"onedrive" "onedrive"
"ping" "ping"
"radio_browser"
"samsungtv" "samsungtv"
"season" "season"
"shopping_list"
"simplefin" "simplefin"
"smartthings" "smartthings"
"subaru"
"upnp" "upnp"
"vesync"
"workday" "workday"
"wyoming" "wyoming"
"zha"
"google_translate"
"met"
"radio_browser"
"shopping_list"
"esphome"
# Recommended for fast zlib compression
# https://www.home-assistant.io/integrations/isal
"isal"
"subaru"
"vesync"
"mqtt" # Enables MQTT integration in HA
"ffmpeg" # Enables camera streams
"zha" # Enables Zigbee integration
"homekit"
"music_assistant"
]; ];
customComponents = with pkgs.home-assistant-custom-components; [ customComponents = with pkgs.home-assistant-custom-components; [
# nixpkgs
auth-header auth-header
localtuya localtuya
# packages
pkgs.${namespace}.ha-anycubic pkgs.${namespace}.ha-anycubic
pkgs.${namespace}.ha-bambulab pkgs.${namespace}.ha-bambulab
pkgs.${namespace}.ha-gehome pkgs.${namespace}.ha-gehome
@@ -91,6 +90,7 @@ in
pkgs.${namespace}.ha-petlibro pkgs.${namespace}.ha-petlibro
pkgs.${namespace}.ha-wyzeapi pkgs.${namespace}.ha-wyzeapi
]; ];
customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [ customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
atomic-calendar-revive atomic-calendar-revive
bubble-card bubble-card

62
modules/nixos/homeassistant/hass.nix
View File

@@ -1,62 +0,0 @@
{ dream2nix, ... }:
let
hostAddress = "10.0.1.4";
localAddress = "10.0.4.2";
hassPort = 8123;
in
{
containers.homeassistant = {
autoStart = true;
privateNetwork = true;
hostAddress = hostAddress;
localAddress = localAddress;
bindMounts = {
"/var/lib/homeassistant" = {
hostPath = "/var/lib/homeassistant";
isReadOnly = false;
};
USB0 = {
hostPath = "/dev/ttyUSB0";
mountPoint = "/dev/ttyUSB0";
isReadOnly = false;
};
};
config = { lib, ... }:
{
imports = [
./homeassistant.nix
];
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ hassPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
# Create and set permissions for required directories
system.activationScripts.hass-dirs = ''
mkdir -p /var/lib/homeassistant
chown -R homeassistant:homeassistant /var/lib/homeassistat
chmod -R 775 /var/lib/homeassistant
'';
services.resolved.enable = true;
system.stateVersion = "23.11";
};
};
networking.nat = {
forwardPorts = [
{
destination = "${localAddress}:${toString hassPort}";
sourcePort = hassPort;
}
];
};
}

4
modules/nixos/nvidia/default.nix
View File

@@ -1,12 +1,12 @@
{ {
lib, lib,
config, config,
pkgs, namespace,
... ...
}: }:
with lib; with lib;
let let
cfg = config.share.hardware.nvidia; cfg = config.${namespace}.hardware.nvidia;
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

4
modules/nixos/nvidia/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }: { lib, namespace, ... }:
with lib; with lib;
{ {
options.share.hardware.nvidia = { options.${namespace}.hardware.nvidia = {
enable = mkEnableOption "nvidia hardware config"; enable = mkEnableOption "nvidia hardware config";
enableOpen = mkOption { enableOpen = mkOption {

1
systems/x86_64-linux/nas/apps.nix
View File

@@ -19,7 +19,6 @@ in
./apps/paperless ./apps/paperless
./apps/traefik ./apps/traefik
./apps/wyoming ./apps/wyoming
../../modules
]; ];
nas-apps = { nas-apps = {

18
systems/x86_64-linux/nas/apps/nextcloud/default.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, namespace, ... }:
let let
settings = import ../../settings.nix; settings = import ../../settings.nix;
adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path; adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
@@ -6,7 +6,7 @@ let
jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path; jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
nextcloudUserId = config.users.users.nix-apps.uid; nextcloudUserId = config.users.users.nix-apps.uid;
nextcloudGroupId = config.users.groups.jallen-nas.gid; nextcloudGroupId = config.users.groups.jallen-nas.gid;
nextcloudPackage = pkgs.unstable.nextcloud31; nextcloudPackage = pkgs.nextcloud31;
hostAddress = settings.hostAddress; hostAddress = settings.hostAddress;
localAddress = "10.0.2.18"; localAddress = "10.0.2.18";
nextcloudPortExtHttp = 9988; nextcloudPortExtHttp = 9988;
@@ -19,6 +19,9 @@ in
privateNetwork = true; privateNetwork = true;
hostAddress = hostAddress; hostAddress = hostAddress;
localAddress = localAddress; localAddress = localAddress;
specialArgs = {
inherit namespace;
};
bindMounts = { bindMounts = {
secrets = { secrets = {
@@ -53,9 +56,8 @@ in
}; };
config = config =
{ pkgs, lib, ... }: { pkgs, lib, namespace, ... }:
{ {
imports = [ ../../../../modules/nvidia ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking.extraHosts = '' networking.extraHosts = ''
${hostAddress} host.containers protonmail-bridge ${hostAddress} host.containers protonmail-bridge
@@ -189,14 +191,6 @@ in
nix-ld.enable = true; nix-ld.enable = true;
}; };
share.hardware.nvidia = {
enable = true;
enableBeta = true;
enableOpen = true;
nvidiaSettings = true;
enableNvidiaDocker = true;
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
networking = { networking = {
firewall = { firewall = {

9
systems/x86_64-linux/nas/boot.nix
View File

@@ -19,15 +19,6 @@ in
}; };
}; };
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
settings = {
console-mode = "max";
};
configurationLimit = configLimit;
};
kernel.sysctl = { kernel.sysctl = {
"net.ipv4.ip_forward" = 1; "net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1; "net.ipv6.conf.all.forwarding" = 1;

23
systems/x86_64-linux/nas/configuration.nix → systems/x86_64-linux/nas/default.nix
View File

@@ -7,6 +7,7 @@
pkgs, pkgs,
lib, lib,
inputs, inputs,
namespace,
... ...
}: }:
{ {
@@ -28,12 +29,16 @@
powerManagement.cpuFreqGovernor = "powersave"; powerManagement.cpuFreqGovernor = "powersave";
share.hardware.nvidia = { ${namespace} = {
enable = true; bootloader.lanzaboote.enable = true;
enableBeta = true; desktop.cosmic.enable = true;
enableOpen = true; hardware.nvidia = {
nvidiaSettings = true; enable = true;
enableNvidiaDocker = true; enableBeta = true;
enableOpen = true;
nvidiaSettings = true;
enableNvidiaDocker = true;
};
}; };
security.tpm2 = { security.tpm2 = {
@@ -71,7 +76,7 @@
jq jq
llama-cpp llama-cpp
ninja ninja
inputs.nas-nixai.packages.x86_64-linux.nixai # inputs.nas-nixai.packages.x86_64-linux.nixai
networkmanagerapplet networkmanagerapplet
nmon nmon
nut nut
@@ -80,7 +85,7 @@
protonmail-bridge protonmail-bridge
protonvpn-cli protonvpn-cli
python3 python3
unstable.python3Packages.llama-cpp-python python3Packages.llama-cpp-python
qrencode qrencode
rcon rcon
sbctl sbctl
@@ -102,7 +107,7 @@
}; };
msmtp = { msmtp = {
enable = true; enable = false;
accounts = { accounts = {
default = { default = {
auth = true; auth = true;

4
systems/x86_64-linux/nas/networking.nix
View File

@@ -1,4 +1,4 @@
{ config, ... }: { config, lib, ... }:
let let
settings = import ./settings.nix; settings = import ./settings.nix;
ports = [ ports = [
@@ -29,7 +29,7 @@ in
{ {
# Networking configs # Networking configs
networking = { networking = {
hostName = settings.hostName; hostName = lib.mkForce settings.hostName;
useNetworkd = true; useNetworkd = true;

5
systems/x86_64-linux/nas/nixpkgs.nix
View File

@@ -2,11 +2,6 @@
{ {
# Configure nixpkgs # Configure nixpkgs
nixpkgs = { nixpkgs = {
overlays = [
outputs.overlays.nixpkgs-unstable
outputs.overlays.nixpkgs-stable
];
config = { config = {
# Enable non free # Enable non free
allowUnfree = true; allowUnfree = true;

22
systems/x86_64-linux/nas/sops.nix
View File

@@ -18,7 +18,7 @@ in
# Either the group id or group name representation of the secret group # Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration # It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = { sops = {
defaultSopsFile = ../../secrets/nas-secrets.yaml; defaultSopsFile = ../../../secrets/nas-secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------ # ------------------------------
@@ -33,7 +33,7 @@ in
}; };
"wifi" = { "wifi" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
}; };
# ------------------------------ # ------------------------------
@@ -55,12 +55,12 @@ in
# ------------------------------ # ------------------------------
"ssh-keys-public/jallen-nas-root" = { "ssh-keys-public/jallen-nas-root" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
path = "/root/.ssh/id_ed25519.pub"; path = "/root/.ssh/id_ed25519.pub";
mode = "0640"; mode = "0640";
}; };
"ssh-keys-private/jallen-nas-root" = { "ssh-keys-private/jallen-nas-root" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
path = "/root/.ssh/id_ed25519"; path = "/root/.ssh/id_ed25519";
mode = "0600"; mode = "0600";
}; };
@@ -199,37 +199,37 @@ in
# ------------------------------ # ------------------------------
"secureboot/GUID" = { "secureboot/GUID" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/GUID"; path = "/etc/secureboot/GUID";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/db-key" = { "secureboot/keys/db-key" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/db/db.key"; path = "/etc/secureboot/keys/db/db.key";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/db-pem" = { "secureboot/keys/db-pem" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/db/db.pem"; path = "/etc/secureboot/keys/db/db.pem";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/KEK-key" = { "secureboot/keys/KEK-key" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/KEK/KEK.key"; path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/KEK-pem" = { "secureboot/keys/KEK-pem" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/KEK/KEK.pem"; path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/PK-key" = { "secureboot/keys/PK-key" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/PK/PK.key"; path = "/etc/secureboot/keys/PK/PK.key";
mode = "0640"; mode = "0640";
}; };
"secureboot/keys/PK-pem" = { "secureboot/keys/PK-pem" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
path = "/etc/secureboot/keys/PK/PK.pem"; path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0640"; mode = "0640";
}; };