mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
mjallen18
2025-08-26 17:54:01 -05:00
parent c50bcd4120
commit 9ebb187a85
6 changed files with 173 additions and 167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
systems/x86_64-linux/jallen-nas/boot.nix
View File

@@ -5,19 +5,12 @@
...
}:
let
configLimit = 50;
kernel = pkgs.linuxPackages; # linuxPackages_latest;
in
{
# Configure bootloader with lanzaboot and secureboot
boot = {
kernelModules = [ "nct6775" ];
loader = {
systemd-boot = {
enable = false;
configurationLimit = configLimit;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
@@ -51,7 +44,6 @@ in
];
systemd = {
enable = true;
# tpm2.enable = true;
tpm2.enable = true;
};
clevis = {
@@ -67,8 +59,4 @@ in
};
environment.etc."clevis/nas_pool.jwe".source = config.sops.secrets."jallen-nas/nas_pool".path;
zramSwap = {
enable = true;
};
}

83
systems/x86_64-linux/jallen-nas/default.nix
View File

@@ -3,6 +3,7 @@
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
pkgs,
namespace,
...
@@ -14,8 +15,6 @@
./filesystems.nix
./boot.nix
./apps.nix
./grafana.nix
./networking.nix # - moved to modules/nixos/network
./ups.nix
./users.nix
./samba.nix
@@ -28,9 +27,22 @@
powerManagement.cpuFreqGovernor = "powersave";
${namespace} = {
# ###################################################
# # Boot # #
# ###################################################
bootloader.lanzaboote.enable = true;
impermanence.enable = true;
# ###################################################
# # Desktop # #
# ###################################################
desktop.cosmic.enable = false;
# ###################################################
# # Development # #
# ###################################################
development = {
enable = true;
includeLanguages = [
@@ -39,7 +51,11 @@
];
includeContainers = true;
};
monitoring.enable = true;
# ###################################################
# # Hardware # #
# ###################################################
hardware.nvidia = {
enable = true;
enableBeta = true;
@@ -47,6 +63,23 @@
nvidiaSettings = true;
enableNvidiaDocker = true;
};
# ###################################################
# # Impermanence # #
# ###################################################
impermanence.enable = true;
# ###################################################
# # Monitoring # #
# ###################################################
monitoring.enable = true;
# ###################################################
# # Network # #
# ###################################################
network = {
ipv4 = {
address = "10.0.1.3/24";
@@ -54,7 +87,6 @@
gateway = "10.0.1.1";
interface = "wlp6s0";
};
useNetworkd = true;
hostId = "4b501480";
nat = {
enable = true;
@@ -66,12 +98,50 @@
enable = true;
allowPing = true;
trustedInterfaces = [ "tailscale0" ];
allowedTCPPorts = [
8008 # restic
9000 # authentik
2342 # grafana
51820 # wireguard
1025
1143
10200
10300
8127
9943 # onlyoffice
4000 # netbootxyz
4080 # netbootxyz
3000 # gitea
2222 # gitea ssh
3300
9898
6754 # lubelogger
2283 # immich
4444 # code-server
9012
8192
];
allowedUDPPorts = config.${namespace}.network.firewall.allowedTCPPorts;
};
};
# ###################################################
# # User # #
# ###################################################
user = {
name = "admin";
linger = true;
};
# ###################################################
# # Services # #
# ###################################################
services = {
grafana.enable = true;
};
};
security.tpm2 = {
@@ -115,7 +185,4 @@
nvidiaSupport = true;
};
};
# Additional virtualization beyond what's in development module
virtualisation.libvirtd.enable = true;
}

89
systems/x86_64-linux/jallen-nas/grafana.nix
View File

@@ -1,89 +0,0 @@
{ config, ... }:
let
upsUser = "nas-admin";
in
{
services = {
prometheus = {
enable = true;
exporters = {
node = {
enable = true;
enabledCollectors = [
"filesystem"
"diskstats"
"meminfo"
"cpu"
"systemd" # Ensures systemd collector is enabled
"processes"
];
extraFlags = [
"--collector.filesystem.mount-points-exclude=^/(dev|proc|sys|run)($|/)"
];
};
libvirt = {
enable = false;
openFirewall = true;
};
nut = {
enable = true;
openFirewall = true;
passwordPath = config.sops.secrets."jallen-nas/ups_password".path;
nutUser = upsUser;
};
# restic = {
# enable = true;
# openFirewall = true;
# resticPort = 8008;
# };
};
scrapeConfigs = [
{
job_name = "node";
static_configs = [
{
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
}
];
}
{
job_name = "traefik";
static_configs = [
{
targets = [ "localhost:8082" ];
}
];
}
];
};
grafana = {
enable = true;
settings = {
server = {
http_port = 9999;
http_addr = "0.0.0.0";
};
};
dataDir = "/media/nas/main/nix-app-data/grafana";
provision = {
enable = true;
datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://localhost:${toString config.services.prometheus.port}";
}
];
};
};
};
# Open firewall ports for Grafana
networking.firewall = {
allowedTCPPorts = [ 9999 ];
allowedUDPPorts = [ 9999 ];
};
}

54
systems/x86_64-linux/jallen-nas/networking.nix
View File

@@ -1,54 +0,0 @@
{ ... }:
let
ports = [
8008 # restic
9000 # authentik
2342 # grafana
51820 # wireguard
1025
1143
10200
10300
8127
9943 # onlyoffice
4000 # netbootxyz
4080 # netbootxyz
3000 # gitea
2222 # gitea ssh
3300
9898
6754 # lubelogger
2283 # immich
4444 # code-server
9012
8192
];
in
{
# Networking configs
networking = {
# useNetworkd = true;
# hostId = "4b501480";
# nat = {
# enable = true;
# internalInterfaces = [ "ve-+" ];
# externalInterface = "wlp6s0";
# # Lazy IPv6 connectivity for the container
# enableIPv6 = true;
# };
firewall = {
# enable = true;
# allowPing = true;
allowedTCPPorts = ports;
allowedUDPPorts = ports;
# # always allow traffic from your Tailscale network
# trustedInterfaces = [ "tailscale0" ];
};
};
}

4
systems/x86_64-linux/nuc/boot.nix
View File

@@ -51,8 +51,4 @@ in
};
};
};
zramSwap = {
enable = true;
};
}