diff --git a/modules/nixos/disko/options.nix b/modules/nixos/disko/options.nix index dff17ba..4329ebc 100644 --- a/modules/nixos/disko/options.nix +++ b/modules/nixos/disko/options.nix @@ -1,5 +1,8 @@ { lib, namespace, ... }: with lib; +let + inherit (lib.${namespace}) mkOpt mkBoolOpt; +in { options.${namespace}.hardware.disko = { enable = mkEnableOption "enable disko"; @@ -11,5 +14,9 @@ with lib; default = "btrfs"; description = "Filesystem to use for the root partition"; }; + + enableSwap = mkBoolOpt false "Enable swap"; + + swapSize = mkOpt types.str "16G" "size of swap part"; }; } diff --git a/modules/nixos/disko/x86_64-linux/default.nix b/modules/nixos/disko/x86_64-linux/default.nix index 943eebd..fa2387e 100644 --- a/modules/nixos/disko/x86_64-linux/default.nix +++ b/modules/nixos/disko/x86_64-linux/default.nix @@ -102,6 +102,11 @@ in }; }; + swap = lib.mkIf cfg.enableSwap { + type = "8200"; + size = cfg.swapSize; + }; + root = if cfg.filesystem == "btrfs" then btrfsRoot else bcachefsRoot; }; }; diff --git a/modules/nixos/services/common/default.nix b/modules/nixos/services/common/default.nix index fd7340e..498d9de 100644 --- a/modules/nixos/services/common/default.nix +++ b/modules/nixos/services/common/default.nix @@ -40,6 +40,8 @@ }; }; + udisks2.enable = true; + # configure pipewire pipewire = { enable = lib.mkDefault true; diff --git a/modules/nixos/services/minecraft/default.nix b/modules/nixos/services/minecraft/default.nix new file mode 100644 index 0000000..cd408c6 --- /dev/null +++ b/modules/nixos/services/minecraft/default.nix @@ -0,0 +1,23 @@ +{ config, ... }: +{ + minecraft-server = { + enable = false; + eula = true; + declarative = true; + openFirewall = true; + dataDir = "/media/nas/main/ssd_app_data/minecraft"; + serverProperties = { + enforce-whitelist = true; + white-list = true; + "enable-rcon" = true; + "rcon.password" = config.sops.secrets."jallen-nas/admin_password".path; + }; + whitelist = { + mjallen18 = "03d9fba9-4453-4ad1-afa6-c67738685189"; + AlpineScent = "76ff084d-2e66-4877-aec2-d6b278431bda"; + Fortltude = "61a01913-8b10-4d64-b7ce-7958088cd6d3"; + SpicyNick = "8bb5976f-6fd9-4fa5-8697-6ecb4ee38427"; + }; + jvmOpts = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10"; + }; +} \ No newline at end of file diff --git a/modules/nixos/services/samba/default.nix b/modules/nixos/services/samba/default.nix index 8f050ef..b59a177 100755 --- a/modules/nixos/services/samba/default.nix +++ b/modules/nixos/services/samba/default.nix @@ -2,6 +2,27 @@ with lib; let cfg = config.nas-samba; + sambaShares = + let + make = + name: share: + nameValuePair "${name}" { + path = share.sharePath; + public = if share.enableTimeMachine then "no" else "yes"; + browseable = if share.browseable then "yes" else "no"; + writable = "yes"; + "force group" = "jallen-nas"; + "read only" = if share.readOnly then "yes" else "no"; + "guest ok" = if share.guestOk then "yes" else "no"; + "create mask" = share.createMask; + "directory mask" = share.directoryMask; + "fruit:aapl" = if share.enableTimeMachine then "yes" else "no"; + "fruit:time machine" = if share.enableTimeMachine then "yes" else "no"; + "vfs objects" = "catia fruit streams_xattr"; + "fruit:time machine max size" = share.timeMachineMaxSize; + }; + in + mapAttrs' make cfg.shares; in { imports = [ ./options.nix ]; @@ -32,27 +53,21 @@ in openFirewall = true; nsswins = true; nmbd.enable = true; - settings = - let - make = - name: share: - nameValuePair "${name}" { - path = share.sharePath; - public = if share.enableTimeMachine then "no" else "yes"; - browseable = if share.browseable then "yes" else "no"; - writable = "yes"; - "force group" = "jallen-nas"; - "read only" = if share.readOnly then "yes" else "no"; - "guest ok" = if share.guestOk then "yes" else "no"; - "create mask" = share.createMask; - "directory mask" = share.directoryMask; - "fruit:aapl" = if share.enableTimeMachine then "yes" else "no"; - "fruit:time machine" = if share.enableTimeMachine then "yes" else "no"; - "vfs objects" = "catia fruit streams_xattr"; - "fruit:time machine max size" = share.timeMachineMaxSize; - }; - in - mapAttrs' make cfg.shares; + settings = { + global = { + "workgroup" = "WORKGROUP"; + "server string" = "Jallen-NAS"; + "netbios name" = "Jallen-NAS"; + "security" = "user"; + #"use sendfile" = "yes"; + #"max protocol" = "smb2"; + # note: localhost is the ipv6 localhost ::1 + "hosts allow" = "10.0.1. 127.0.0.1 localhost"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; + }; + } // sambaShares; }; }; } diff --git a/systems/x86_64-linux/jallen-nas/default.nix b/systems/x86_64-linux/jallen-nas/default.nix index 25dcb4b..b8f5e8a 100755 --- a/systems/x86_64-linux/jallen-nas/default.nix +++ b/systems/x86_64-linux/jallen-nas/default.nix @@ -10,9 +10,6 @@ }: { imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ./filesystems.nix ./boot.nix ./apps.nix ./ups.nix @@ -56,12 +53,19 @@ # # Hardware # # # ################################################### - hardware.nvidia = { - enable = true; - enableBeta = true; - enableOpen = true; - nvidiaSettings = true; - enableNvidiaDocker = true; + hardware = { + disko = { + enable = true; + enableSwap = true; + }; + + nvidia = { + enable = true; + enableBeta = true; + enableOpen = true; + nvidiaSettings = true; + enableNvidiaDocker = true; + }; }; # ################################################### @@ -144,6 +148,16 @@ }; }; + # ################################################### + # # Mounts # # + # ################################################### + fileSystems."/media/nas/main" = { + label = "nas_pool"; + # device = "/dev/sde:/dev/sdf:/dev/sdh:/dev/sdi:/dev/sdj:/dev/nmve0n1:/dev/nvme1n1"; + fsType = "bcachefs"; + mountPoint = "/media/nas/main"; + }; + security.tpm2 = { enable = true; }; diff --git a/systems/x86_64-linux/jallen-nas/filesystems.nix b/systems/x86_64-linux/jallen-nas/filesystems.nix deleted file mode 100755 index fee1613..0000000 --- a/systems/x86_64-linux/jallen-nas/filesystems.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: -{ - fileSystems."/media/nas/main" = { - label = "nas_pool"; - # device = "/dev/sde:/dev/sdf:/dev/sdh:/dev/sdi:/dev/sdj:/dev/nmve0n1:/dev/nvme1n1"; - fsType = "bcachefs"; - mountPoint = "/media/nas/main"; - }; -} diff --git a/systems/x86_64-linux/jallen-nas/hardware-configuration.nix b/systems/x86_64-linux/jallen-nas/hardware-configuration.nix deleted file mode 100755 index 8706ffa..0000000 --- a/systems/x86_64-linux/jallen-nas/hardware-configuration.nix +++ /dev/null @@ -1,128 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... -}: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = [ - "nvme" - "mpt3sas" - "xhci_pci" - "ahci" - "uas" - "sd_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "none"; - fsType = "tmpfs"; - options = [ - "defaults" - "size=25%" - "mode=755" - ]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/C6E9-7371"; - fsType = "vfat"; - }; - - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3"; - fsType = "btrfs"; - options = [ - "subvol=nix" - "compress-force=zstd" - "noatime" - ]; - }; - - fileSystems."/etc" = { - device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3"; - fsType = "btrfs"; - options = [ - "subvol=etc" - "compress-force=zstd" - "noatime" - ]; - }; - - fileSystems."/root" = { - device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3"; - fsType = "btrfs"; - options = [ - "subvol=root" - "compress-force=zstd" - "noatime" - ]; - }; - - fileSystems."/var/log" = { - device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3"; - fsType = "btrfs"; - options = [ - "subvol=log" - "compress-force=zstd" - "noatime" - ]; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3"; - fsType = "btrfs"; - options = [ - "subvol=home" - "compress-force=zstd" - ]; - }; - - fileSystems."/tmp" = { - device = "/dev/disk/by-uuid/8e3841fc-9222-443c-af72-075dd8ac07f2"; - fsType = "btrfs"; - options = [ - "compress-force=zstd" - "noatime" - ]; - }; - - swapDevices = [ - { - device = "/dev/disk/by-id/ata-Samsung_SSD_860_EVO_500GB_S3Z1NW0KA10457X-part2"; - randomEncryption.enable = true; - } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.docker0.useDHCP = lib.mkDefault true; - # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true; - # networking.interfaces.podman0.useDHCP = lib.mkDefault true; - # networking.interfaces.veth0.useDHCP = lib.mkDefault true; - # networking.interfaces.veth1.useDHCP = lib.mkDefault true; - # networking.interfaces.veth2.useDHCP = lib.mkDefault true; - # networking.interfaces.veth3.useDHCP = lib.mkDefault true; - # networking.interfaces.veth4.useDHCP = lib.mkDefault true; - # networking.interfaces.veth5.useDHCP = lib.mkDefault true; - # networking.interfaces.veth6.useDHCP = lib.mkDefault true; - # networking.interfaces.veth7.useDHCP = lib.mkDefault true; - # networking.interfaces.vethd3ca67e.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/systems/x86_64-linux/jallen-nas/services.nix b/systems/x86_64-linux/jallen-nas/services.nix index e9024ac..82ed406 100755 --- a/systems/x86_64-linux/jallen-nas/services.nix +++ b/systems/x86_64-linux/jallen-nas/services.nix @@ -1,76 +1,7 @@ -{ pkgs, config, ... }: -let - enableDisplayManager = false; -in +{ pkgs, ... }: { # Services configs services = { - - minecraft-server = { - enable = false; - eula = true; - declarative = true; - openFirewall = true; - dataDir = "/media/nas/main/ssd_app_data/minecraft"; - serverProperties = { - enforce-whitelist = true; - white-list = true; - "enable-rcon" = true; - "rcon.password" = config.sops.secrets."jallen-nas/admin_password".path; - }; - whitelist = { - mjallen18 = "03d9fba9-4453-4ad1-afa6-c67738685189"; - AlpineScent = "76ff084d-2e66-4877-aec2-d6b278431bda"; - Fortltude = "61a01913-8b10-4d64-b7ce-7958088cd6d3"; - SpicyNick = "8bb5976f-6fd9-4fa5-8697-6ecb4ee38427"; - }; - jvmOpts = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10"; - }; - - udisks2.enable = true; - - # Enable the Desktop Environment. - desktopManager.plasma6.enable = enableDisplayManager; - displayManager = { - sddm.enable = enableDisplayManager; - defaultSession = "plasma"; - }; - - gnome.gnome-keyring.enable = true; - - # Enable RDP - xrdp = { - enable = true; - openFirewall = true; - }; - - avahi = { - enable = true; - nssmdns4 = true; - publish = { - enable = true; - addresses = true; - domain = true; - hinfo = true; - userServices = true; - workstation = true; - }; - extraServiceFiles = { - # TODO is this needed? - smb = '' - - - - %h - - _smb._tcp - 445 - - - ''; - }; - }; - tailscale = { enable = true; openFirewall = true; @@ -89,36 +20,6 @@ in # authKeyFile = "/media/nas/main/nix-app-data/tailscale/auth"; }; - btrfs = { - autoScrub.enable = false; - autoScrub.fileSystems = [ - "/nix" - "/root" - "/etc" - "/var/log" - "/home" - "/media/nas/main/nix-app-data" - "/media/nas/main/ssd_app_data" - "/media/nas/main/mariadb" - "/media/nas/main/3d_printer" - "/media/nas/main/backup" - "/media/nas/main/documents" - "/media/nas/main/nextcloud" - "/media/nas/main/movies" - "/media/nas/main/tv" - "/media/nas/main/isos" - ]; - }; - - # nixai = { - # enable = true; - # mcp = { - # enable = true; - # # Optional: custom socket path - # socketPath = "/run/nixai/mcp.sock"; - # }; - # }; - postgresql = { enable = true; package = pkgs.postgresql_16; @@ -147,161 +48,4 @@ in }; }; - - # TODO move to normal samba settings - services.samba.settings.global = { - "workgroup" = "WORKGROUP"; - "server string" = "Jallen-NAS"; - "netbios name" = "Jallen-NAS"; - "security" = "user"; - #"use sendfile" = "yes"; - #"max protocol" = "smb2"; - # note: localhost is the ipv6 localhost ::1 - "hosts allow" = "10.0.1. 127.0.0.1 localhost"; - "hosts deny" = "0.0.0.0/0"; - "guest account" = "nobody"; - "map to guest" = "bad user"; - }; - - systemd.services = { - btrfs-balance = { - description = "BTRFS Balance Service"; - # This ensures the service only runs when the filesystem is mounted - requires = [ "local-fs.target" ]; - after = [ "local-fs.target" ]; - - # The actual balance command - script = '' - # Start with lower usage to handle the most fragmented blocks first - ${pkgs.btrfs-progs}/bin/btrfs balance start -dusage=5 -musage=5 /mount/point - ${pkgs.btrfs-progs}/bin/btrfs balance start -dusage=10 -musage=10 /mount/point - ${pkgs.btrfs-progs}/bin/btrfs balance start -dusage=20 -musage=20 /mount/point - ''; - - serviceConfig = { - Type = "oneshot"; - Nice = 19; # Lowest CPU priority - IOSchedulingClass = "idle"; # Lowest I/O priority - # Prevent multiple instances from running simultaneously - ExecStartPre = "${pkgs.coreutils}/bin/rm -f /var/run/btrfs-balance.stamp"; - ExecStopPost = "${pkgs.coreutils}/bin/touch /var/run/btrfs-balance.stamp"; - }; - }; - - system-update-check = { - description = "Check for system configuration updates"; - - # Required packages for the service - path = with pkgs; [ - git - nixos-rebuild - openssh - ]; - - # Service configuration - serviceConfig = { - Type = "oneshot"; - User = "root"; - WorkingDirectory = "/etc/nixos"; # Adjust this path to your config location - }; - - # The script that runs to check for updates - script = '' - # Store the current commit hash - OLD_HASH=$(git rev-parse HEAD) - - # Fetch updates from remote - git fetch origin main # Adjust branch name if needed - - # Get the new commit hash - NEW_HASH=$(git rev-parse origin/main) - - # If there are changes, pull and rebuild - if [ "$OLD_HASH" != "$NEW_HASH" ]; then - echo "Updates found, pulling changes..." - git pull origin main - - # Get commit message and timestamp for the tag - COMMIT_MSG=$(git log -1 --pretty=%B | head -n1 | tr -dc '[:alnum:][:space:]-' | tr '[:space:]' '-') - TIMESTAMP=$(date +%Y%m%d-%H%M) - SHORT_HASH=$(git rev-parse --short HEAD) - - # Create a profile name using the timestamp, short hash, and commit message - PROFILE_NAME="$TIMESTAMP-$SHORT_HASH-$COMMIT_MSG" - - # Rebuild the system - nixos-rebuild boot --profile-name "$PROFILE_NAME" - - echo "System rebuilt with profile: $PROFILE_NAME" - else - echo "No updates found" - fi - ''; - }; - - rsync-ssd = { - path = [ - pkgs.bash - pkgs.rsync - ]; - script = '' - rsync -rtpogvPlHzs --ignore-existing /media/nas/main /media/nas/main/backup/ssd - ''; - }; - - hd-idle = { - enable = false; - environment = { - HD_IDLE_OPTS = "-a /dev/disk/by-id/ata-Samsung_SSD_860_EVO_500GB_S3Z1NW0KA10457X,/dev/disk/by-id/ata-SSD2SC240G1SA754D117-820_PNY29140000558890457,/dev/disk/by-id/ata-ST3000DM007-1WY10G_ZFN28XXS,/dev/disk/by-id/ata-ST3000DM007-1WY10G_ZFQ052KN,/dev/disk/by-id/ata-ST3000DM007-1WY10G_ZFQ052NN,/dev/disk/by-id/ata-ST3000VN007-2E4166_Z731JVZJ,/dev/disk/by-id/ata-ST4000VN008-2DR166_ZDHBNBGP,/dev/disk/by-id/ata-ST8000AS0002-1NA17Z_Z8411RMB"; - }; - path = [ - pkgs.bash - pkgs.hd-idle - ]; - script = '' - hd-idle $HD_IDLE_OPTS - ''; - serviceConfig = { - Type = "oneshot"; - }; - }; - }; - - security.pam.services.login.enableGnomeKeyring = true; - # Configure gpg-agent to cache keys - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - # Set how long to cache the passphrase (in seconds) - # defaultCacheTtl = 34560; - # maxCacheTtl = 34560; - }; - - # Create a timer to run the service periodically - systemd.timers = { - btrfs-balance = { - description = "Timer for BTRFS Balance Service"; - wantedBy = [ "timers.target" ]; - - timerConfig = { - # Run weekly on Sunday at 2am - OnCalendar = "Sun *-*-* 02:00:00"; - # Add randomized delay to prevent multiple systems from starting at exactly the same time - RandomizedDelaySec = "1h"; - # Ensure we don't start multiple times if the system was off - Persistent = true; - }; - }; - system-update-check = { - description = "Timer for system configuration updates"; - wantedBy = [ "timers.target" ]; - - # Timer configuration - timerConfig = { - OnCalendar = "daily"; # Check every day - Persistent = true; # Run immediately if last run was missed - Unit = "system-update-check.service"; - }; - }; - }; }