diff --git a/flake.nix b/flake.nix index 70dfd2d..ddfc644 100644 --- a/flake.nix +++ b/flake.nix @@ -46,6 +46,20 @@ ]; }; + # NAS + "jallen-nas" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/nas/configuration.nix + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.matt = import ./hosts/nas/home.nix; + } + ]; + }; + # mac nix "mac-nixos" = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; diff --git a/hosts/default.nix b/hosts/default.nix index 8cc0e6b..7d4a6aa 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -75,15 +75,8 @@ in { fish.enable = lib.mkDefault true; gnupg.agent = { enable = lib.mkDefault true; -<<<<<<< Updated upstream -<<<<<<< HEAD - pinentryPackage = lib.mkForce pkgs.pinentry-qt; -======= # pinentryPackage = pkgs.pinentry-curses; ->>>>>>> d18eaa1 (update default) -======= -# pinentryPackage = lib.mkForce pkgs.pinentry-qt; ->>>>>>> Stashed changes + # pinentryPackage = lib.mkForce pkgs.pinentry-qt; enableSSHSupport = lib.mkDefault true; }; }; diff --git a/hosts/nas/configuration.nix.save b/hosts/nas/configuration.nix.save deleted file mode 100644 index 3baf80d..0000000 --- a/hosts/nas/configuration.nix.save +++ /dev/null @@ -1,429 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - -{ config, lib, pkgs, ... }: -let - user = "admin"; - password = - "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06"; - hostname = "jallen-nas"; - allowedPorts = [ 2342 3493 61208 ]; - enableDisplayManager = false; -in { - imports = [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ../default.nix - ]; - - # Cockpit - services.cockpit = { - enable = true; - port = 9090; - settings = { - WebService = { - AllowUnencrypted = true; - }; - }; - }; - - - nas-apps = { - jellyfin.enable = true; - - jellyseerr.enable = true; - - sabnzbd.enable = true; - - radarr.enable = true; - - sonarr.enable = true; - - collabora.enable = true; - - mariadb.enable = true; - - nextcloud = { - enable = true; - httpPort = "9980"; - httpsPort = "9443"; - }; - - orca-slicer.enable = true; - - swag.enable = true; - }; - - nas-samba = { - enable = true; - hostsAllow = "10.0.1."; - enableTimeMachine = true; - timeMachinePath = "/mnt/mainpool/TimeMachine"; - - shares = { - "3d_printer" = { - public = true; - sharePath = "/mnt/mainpool/3d_printer"; - }; - Backup = { - public = true; - sharePath = "/mnt/mainpool/Backup"; - }; - Documents = { - public = true; - sharePath = "/mnt/mainpool/Documents"; - }; - isos = { - public = true; - sharePath = "/mnt/mainpool/isos"; - }; - TimeMachine = { - public = true; - sharePath = "/mnt/mainpool/TimeMachine"; - enableTimeMachine = true; - timeMachineMaxSize = "1T"; - }; - }; - }; - - share.hardware.nvidia = { - enable = true; - enableBeta = true; - nvidiaSettings = true; - enableNvidiaDocker = true; - }; - - # Configure bootloader with lanzaboot and secureboot - boot = { - loader = { - systemd-boot = { - enable = true; - configurationLimit = 5; - }; - - efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "/boot"; - }; - }; - - # Override kernel to latest - kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; - - kernelParams = [ "nohibernate" ]; - - consoleLogLevel = 3; - bootspec.enable = true; - - supportedFilesystems = [ "zfs" ]; - - zfs.extraPools = [ "junk" ]; - zfs.requestEncryptionCredentials = false; - }; - - # Services configs - services = { - # Enable the X11 windowing system. - xserver = { - enable = enableDisplayManager; - - # Enable the Plasma 6 Desktop Environment. - displayManager = { - sddm.enable = enableDisplayManager; - #defaultSession = "plasma"; - }; - desktopManager.plasma5.enable = enableDisplayManager; - }; - - # Set to enable Flatpak - flatpak.enable = false; - - # Enable RDP - xrdp = { - enable = enableDisplayManager; - defaultWindowManager = "startplasma-x11"; - openFirewall = enableDisplayManager; - }; - - avahi = { - enable = true; - nssmdns = true; - publish = { - enable = true; - addresses = true; - domain = true; - hinfo = true; - userServices = true; - workstation = true; - }; - extraServiceFiles = { # TODO is this needed? - smb = '' - - - - %h - - _smb._tcp - 445 - - - ''; - }; - }; - - apcupsd = { - enable = true; - }; - - grafana = { - enable = true; - settings.server = { - http_port = 2342; - domain = hostname; - serve_from_sub_path = true; - http_addr = ""; - }; - dataDir = "/mnt/ssd/nix-app-data/grafana"; - }; - - prometheus = { - enable = true; - port = 9001; - exporters = { - node = { - enable = true; - enabledCollectors = [ "diskstats" "systemd" ]; - port = 9002; - }; - smartctl = { - enable = true; - group = "disk"; - devices = [ - "/dev/sda" - "/dev/sdb" - "/dev/sdc" - "/dev/sdd" - "/dev/sde" - "/dev/sdf" - "/dev/sdg" - "/dev/sdh" - "/dev/sdi" - "/dev/nvme0n1" - "/dev/nvme1n1" - ]; - }; - }; - - scrapeConfigs = [{ - job_name = hostname; - static_configs = [{ - targets = [ - "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" - "127.0.0.1:${ - toString config.services.prometheus.exporters.smartctl.port - }" - ]; - }]; - }]; - }; - }; - - systemd.services = { - nas-mounts = { - path = [ pkgs.zfs pkgs.bash ]; - script = '' - if test -d /mnt/ssd/ssd_app_data; then - echo "NAS ZFS Pools Mounted." - else - zpool import -f "MainPool" - zpool import -f "SSD" - zfs load-key -L file:///root/main-pool.key "MainPool" - zfs load-key -L file:///root/ssd.key "SSD" - zfs mount -a - echo "NAS ZFS Pools Mounted." - fi - ''; - wantedBy = [ "multi-user.target" ]; - }; - - glances-server = { - path = [ pkgs.bash pkgs.glances ]; - script = '' - #!/user/bin/env bash - glances -w - ''; - wantedBy = [ "multi-user.target" ]; - }; - }; - - # Networking configs enp7s0 - networking = { - hostName = hostname; - - hostId = "4b501480"; - - # Enable Network Manager - networkmanager.enable = true; - - firewall = { - enable = true; - allowPing = true; - extraCommands = - "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed? - allowedTCPPorts = allowedPorts; - allowedUDPPorts = allowedPorts; - }; - }; - - # Configure environment - environment = { - etc."nut/upsd.conf".source = ./upsd.conf; - etc."nut/upsd.users".source = ./upsd.users; - etc."nut/upsmon.conf".source = ./upsmon.conf; - # List packages installed in system profile. To search, run: - # $ nix search wget - systemPackages = with pkgs; [ - vim - wget - nano - efibootmgr - sbctl - pciutils - vulkan-tools - clinfo - glances - python3 - nix-ld - binutils - gcc - cmake - ffmpeg - ninja - nodejs-18_x - nut - protonvpn-cli - protonmail-bridge - pass - ]; - }; - - # Configure programs - programs = { - fish.enable = true; - virt-manager.enable = true; - nix-ld.enable = true; - }; - - power.ups = { - enable = true; - mode = "netserver"; - ups."nasups" = { - driver = "usbhid-ups"; - port = "auto"; - description = "NAS UPS"; - }; - }; - - # Configure nixpkgs - nixpkgs = { - config = { - # Enable non free - allowUnfree = true; - - permittedInsecurePackages = [ - # ... - ]; - }; - }; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users = { - # See https://search.nixos.org/options?channel=unstable&show=users.mutableUsers&from=0&size=50&sort=relevance&type=packages&query=users.users - mutableUsers = false; - groups.jallen-nas.gid = 1000; # create nas group cause truenas perms - - # Admin account - users."${user}" = { - isNormalUser = true; - extraGroups = [ - "wheel" - "networkmanager" - "docker" - "podman" - "libvirtd" - "nas-apps" - "jallen-nas" - ]; # Enable ‘sudo’ for the user. - initialHashedPassword = password; - shell = pkgs.fish; - openssh.authorizedKeys.keys = [ - # macBook - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local" - # desktop windows - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC" - # desktop nixos - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos" - ]; - packages = with pkgs; [ - neofetch - git - parted - aspell - aspellDicts.en - aspellDicts.en-computers - aspellDicts.en-science - aha - papirus-icon-theme - firefox - ]; - }; - - # Nix app account - users.nix-apps = { - isSystemUser = true; - uid = 911; - group = "jallen-nas"; - extraGroups = [ "jallen-nas" ]; # Enable ‘sudo’ for the user. - hashedPassword = password; - }; - - groups.nut.name = "nut"; - users.upsuser = { - group = "nut"; - isNormalUser = false; - isSystemUser = true; - createHome = true; - home = "/var/lib/nut"; - hashedPassword = password; - }; - }; - - # Virtualisation - virtualisation = { - docker = { - enable = true; - enableOnBoot = true; - }; - - libvirtd.enable = true; - }; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "23.11"; # Did you read the comment? - -}