mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

nas cleanup

Browse Source
This commit is contained in:
Matt Jallen
2024-02-20 10:21:33 -06:00
parent 1950e4a75f
commit 5f9eb06a33
1 changed files with 42 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
configuration-nas.nix
View File

@@ -131,7 +131,7 @@ in
pulse.enable = true; pulse.enable = true;
}; };
# Enable Flatpak # Set to enable Flatpak
flatpak.enable = false; flatpak.enable = false;
# Enable RDP # Enable RDP
@@ -152,7 +152,7 @@ in
userServices = true; userServices = true;
workstation = true; workstation = true;
}; };
extraServiceFiles = { extraServiceFiles = { # TODO is this needed?
smb = '' smb = ''
<?xml version="1.0" standalone='no'?><!--*-nxml-*--> <?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
@@ -168,10 +168,6 @@ in
}; };
}; };
# libnvidia-container does not support cgroups v2 (prior to 1.8.0)
# https://github.com/NVIDIA/nvidia-docker/issues/1447
systemd.enableUnifiedCgroupHierarchy = false;
systemd.services.nas-mounts = { systemd.services.nas-mounts = {
path = [ pkgs.zfs pkgs.bash ]; path = [ pkgs.zfs pkgs.bash ];
script = '' script = ''
@@ -202,7 +198,7 @@ in
firewall = { firewall = {
enable = true; enable = true;
allowPing = true; allowPing = true;
extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns''; extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns''; # TODO is this needed?
allowedTCPPorts = [ 80 443 61208 ]; allowedTCPPorts = [ 80 443 61208 ];
allowedUDPPorts = [ 80 443 61208 ]; allowedUDPPorts = [ 80 443 61208 ];
}; };
@@ -246,7 +242,11 @@ in
}; };
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.users."${user}" = { users = {
groups.jallen-nas.gid = 1000; # create nas group cause truenas perms
# Admin account
users."${user}" = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "docker" "podman" "libvirtd" ]; # Enable sudo for the user. extraGroups = [ "wheel" "networkmanager" "docker" "podman" "libvirtd" ]; # Enable sudo for the user.
initialHashedPassword = password; initialHashedPassword = password;
@@ -265,18 +265,25 @@ in
]; ];
}; };
# Define a user account. Don't forget to set a password with passwd. # Nix app account
users.users.mjallen = { users.nix-apps = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user. uid = 911;
extraGroups = [ "jallen-nas" "wheel" "docker" "podman" "libvirt" ]; # Enable sudo for the user.
initialHashedPassword = password; initialHashedPassword = password;
shell = pkgs.fish; };
}; };
virtualisation.docker.enable = true; # Virtualisation
virtualisation.docker.enableNvidia = true; virtualisation = {
virtualisation.docker.enableOnBoot = true; docker = {
virtualisation.libvirtd.enable = true; enable = true;
enableNvidia = true;
enableOnBoot = true;
};
libvirtd.enable = true;
};
# This option defines the first version of NixOS you have installed on this particular machine, # This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.