mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
mjallen18
2025-08-26 18:30:57 -05:00
parent 9ebb187a85
commit baa831d002
9 changed files with 97 additions and 424 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
modules/nixos/disko/options.nix
View File

@@ -1,5 +1,8 @@
{ lib, namespace, ... }: { lib, namespace, ... }:
with lib; with lib;
let
inherit (lib.${namespace}) mkOpt mkBoolOpt;
in
{ {
options.${namespace}.hardware.disko = { options.${namespace}.hardware.disko = {
enable = mkEnableOption "enable disko"; enable = mkEnableOption "enable disko";
@@ -11,5 +14,9 @@ with lib;
default = "btrfs"; default = "btrfs";
description = "Filesystem to use for the root partition"; description = "Filesystem to use for the root partition";
}; };
enableSwap = mkBoolOpt false "Enable swap";
swapSize = mkOpt types.str "16G" "size of swap part";
}; };
} }

5
modules/nixos/disko/x86_64-linux/default.nix
View File

@@ -102,6 +102,11 @@ in
}; };
}; };
swap = lib.mkIf cfg.enableSwap {
type = "8200";
size = cfg.swapSize;
};
root = if cfg.filesystem == "btrfs" then btrfsRoot else bcachefsRoot; root = if cfg.filesystem == "btrfs" then btrfsRoot else bcachefsRoot;
}; };
}; };

2
modules/nixos/services/common/default.nix
View File

@@ -40,6 +40,8 @@
}; };
}; };
udisks2.enable = true;
# configure pipewire # configure pipewire
pipewire = { pipewire = {
enable = lib.mkDefault true; enable = lib.mkDefault true;

23
modules/nixos/services/minecraft/default.nix Normal file
View File

@@ -0,0 +1,23 @@
{ config, ... }:
{
minecraft-server = {
enable = false;
eula = true;
declarative = true;
openFirewall = true;
dataDir = "/media/nas/main/ssd_app_data/minecraft";
serverProperties = {
enforce-whitelist = true;
white-list = true;
"enable-rcon" = true;
"rcon.password" = config.sops.secrets."jallen-nas/admin_password".path;
};
whitelist = {
mjallen18 = "03d9fba9-4453-4ad1-afa6-c67738685189";
AlpineScent = "76ff084d-2e66-4877-aec2-d6b278431bda";
Fortltude = "61a01913-8b10-4d64-b7ce-7958088cd6d3";
SpicyNick = "8bb5976f-6fd9-4fa5-8697-6ecb4ee38427";
};
jvmOpts = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10";
};
}

57
modules/nixos/services/samba/default.nix
View File

@@ -2,6 +2,27 @@
with lib; with lib;
let let
cfg = config.nas-samba; cfg = config.nas-samba;
sambaShares =
let
make =
name: share:
nameValuePair "${name}" {
path = share.sharePath;
public = if share.enableTimeMachine then "no" else "yes";
browseable = if share.browseable then "yes" else "no";
writable = "yes";
"force group" = "jallen-nas";
"read only" = if share.readOnly then "yes" else "no";
"guest ok" = if share.guestOk then "yes" else "no";
"create mask" = share.createMask;
"directory mask" = share.directoryMask;
"fruit:aapl" = if share.enableTimeMachine then "yes" else "no";
"fruit:time machine" = if share.enableTimeMachine then "yes" else "no";
"vfs objects" = "catia fruit streams_xattr";
"fruit:time machine max size" = share.timeMachineMaxSize;
};
in
mapAttrs' make cfg.shares;
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];
@@ -32,27 +53,21 @@ in
openFirewall = true; openFirewall = true;
nsswins = true; nsswins = true;
nmbd.enable = true; nmbd.enable = true;
settings = settings = {
let global = {
make = "workgroup" = "WORKGROUP";
name: share: "server string" = "Jallen-NAS";
nameValuePair "${name}" { "netbios name" = "Jallen-NAS";
path = share.sharePath; "security" = "user";
public = if share.enableTimeMachine then "no" else "yes"; #"use sendfile" = "yes";
browseable = if share.browseable then "yes" else "no"; #"max protocol" = "smb2";
writable = "yes"; # note: localhost is the ipv6 localhost ::1
"force group" = "jallen-nas"; "hosts allow" = "10.0.1. 127.0.0.1 localhost";
"read only" = if share.readOnly then "yes" else "no"; "hosts deny" = "0.0.0.0/0";
"guest ok" = if share.guestOk then "yes" else "no"; "guest account" = "nobody";
"create mask" = share.createMask; "map to guest" = "bad user";
"directory mask" = share.directoryMask; };
"fruit:aapl" = if share.enableTimeMachine then "yes" else "no"; } // sambaShares;
"fruit:time machine" = if share.enableTimeMachine then "yes" else "no";
"vfs objects" = "catia fruit streams_xattr";
"fruit:time machine max size" = share.timeMachineMaxSize;
};
in
mapAttrs' make cfg.shares;
}; };
}; };
} }

32
systems/x86_64-linux/jallen-nas/default.nix
View File

@@ -10,9 +10,6 @@
}: }:
{ {
imports = [ imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./filesystems.nix
./boot.nix ./boot.nix
./apps.nix ./apps.nix
./ups.nix ./ups.nix
@@ -56,12 +53,19 @@
# # Hardware # # # # Hardware # #
# ################################################### # ###################################################
hardware.nvidia = { hardware = {
enable = true; disko = {
enableBeta = true; enable = true;
enableOpen = true; enableSwap = true;
nvidiaSettings = true; };
enableNvidiaDocker = true;
nvidia = {
enable = true;
enableBeta = true;
enableOpen = true;
nvidiaSettings = true;
enableNvidiaDocker = true;
};
}; };
# ################################################### # ###################################################
@@ -144,6 +148,16 @@
}; };
}; };
# ###################################################
# # Mounts # #
# ###################################################
fileSystems."/media/nas/main" = {
label = "nas_pool";
# device = "/dev/sde:/dev/sdf:/dev/sdh:/dev/sdi:/dev/sdj:/dev/nmve0n1:/dev/nvme1n1";
fsType = "bcachefs";
mountPoint = "/media/nas/main";
};
security.tpm2 = { security.tpm2 = {
enable = true; enable = true;
}; };

9
systems/x86_64-linux/jallen-nas/filesystems.nix
View File

@@ -1,9 +0,0 @@
{ ... }:
{
fileSystems."/media/nas/main" = {
label = "nas_pool";
# device = "/dev/sde:/dev/sdf:/dev/sdh:/dev/sdi:/dev/sdj:/dev/nmve0n1:/dev/nvme1n1";
fsType = "bcachefs";
mountPoint = "/media/nas/main";
};
}

128
systems/x86_64-linux/jallen-nas/hardware-configuration.nix
View File

@@ -1,128 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"nvme"
"mpt3sas"
"xhci_pci"
"ahci"
"uas"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
options = [
"defaults"
"size=25%"
"mode=755"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/C6E9-7371";
fsType = "vfat";
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3";
fsType = "btrfs";
options = [
"subvol=nix"
"compress-force=zstd"
"noatime"
];
};
fileSystems."/etc" = {
device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3";
fsType = "btrfs";
options = [
"subvol=etc"
"compress-force=zstd"
"noatime"
];
};
fileSystems."/root" = {
device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3";
fsType = "btrfs";
options = [
"subvol=root"
"compress-force=zstd"
"noatime"
];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3";
fsType = "btrfs";
options = [
"subvol=log"
"compress-force=zstd"
"noatime"
];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3";
fsType = "btrfs";
options = [
"subvol=home"
"compress-force=zstd"
];
};
fileSystems."/tmp" = {
device = "/dev/disk/by-uuid/8e3841fc-9222-443c-af72-075dd8ac07f2";
fsType = "btrfs";
options = [
"compress-force=zstd"
"noatime"
];
};
swapDevices = [
{
device = "/dev/disk/by-id/ata-Samsung_SSD_860_EVO_500GB_S3Z1NW0KA10457X-part2";
randomEncryption.enable = true;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
# networking.interfaces.podman0.useDHCP = lib.mkDefault true;
# networking.interfaces.veth0.useDHCP = lib.mkDefault true;
# networking.interfaces.veth1.useDHCP = lib.mkDefault true;
# networking.interfaces.veth2.useDHCP = lib.mkDefault true;
# networking.interfaces.veth3.useDHCP = lib.mkDefault true;
# networking.interfaces.veth4.useDHCP = lib.mkDefault true;
# networking.interfaces.veth5.useDHCP = lib.mkDefault true;
# networking.interfaces.veth6.useDHCP = lib.mkDefault true;
# networking.interfaces.veth7.useDHCP = lib.mkDefault true;
# networking.interfaces.vethd3ca67e.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

258
systems/x86_64-linux/jallen-nas/services.nix
View File

@@ -1,76 +1,7 @@
{ pkgs, config, ... }: { pkgs, ... }:
let
enableDisplayManager = false;
in
{ {
# Services configs # Services configs
services = { services = {
minecraft-server = {
enable = false;
eula = true;
declarative = true;
openFirewall = true;
dataDir = "/media/nas/main/ssd_app_data/minecraft";
serverProperties = {
enforce-whitelist = true;
white-list = true;
"enable-rcon" = true;
"rcon.password" = config.sops.secrets."jallen-nas/admin_password".path;
};
whitelist = {
mjallen18 = "03d9fba9-4453-4ad1-afa6-c67738685189";
AlpineScent = "76ff084d-2e66-4877-aec2-d6b278431bda";
Fortltude = "61a01913-8b10-4d64-b7ce-7958088cd6d3";
SpicyNick = "8bb5976f-6fd9-4fa5-8697-6ecb4ee38427";
};
jvmOpts = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10";
};
udisks2.enable = true;
# Enable the Desktop Environment.
desktopManager.plasma6.enable = enableDisplayManager;
displayManager = {
sddm.enable = enableDisplayManager;
defaultSession = "plasma";
};
gnome.gnome-keyring.enable = true;
# Enable RDP
xrdp = {
enable = true;
openFirewall = true;
};
avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
extraServiceFiles = {
# TODO is this needed?
smb = ''
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
'';
};
};
tailscale = { tailscale = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
@@ -89,36 +20,6 @@ in
# authKeyFile = "/media/nas/main/nix-app-data/tailscale/auth"; # authKeyFile = "/media/nas/main/nix-app-data/tailscale/auth";
}; };
btrfs = {
autoScrub.enable = false;
autoScrub.fileSystems = [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
"/media/nas/main/nix-app-data"
"/media/nas/main/ssd_app_data"
"/media/nas/main/mariadb"
"/media/nas/main/3d_printer"
"/media/nas/main/backup"
"/media/nas/main/documents"
"/media/nas/main/nextcloud"
"/media/nas/main/movies"
"/media/nas/main/tv"
"/media/nas/main/isos"
];
};
# nixai = {
# enable = true;
# mcp = {
# enable = true;
# # Optional: custom socket path
# socketPath = "/run/nixai/mcp.sock";
# };
# };
postgresql = { postgresql = {
enable = true; enable = true;
package = pkgs.postgresql_16; package = pkgs.postgresql_16;
@@ -147,161 +48,4 @@ in
}; };
}; };
# TODO move to normal samba settings
services.samba.settings.global = {
"workgroup" = "WORKGROUP";
"server string" = "Jallen-NAS";
"netbios name" = "Jallen-NAS";
"security" = "user";
#"use sendfile" = "yes";
#"max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1
"hosts allow" = "10.0.1. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
};
systemd.services = {
btrfs-balance = {
description = "BTRFS Balance Service";
# This ensures the service only runs when the filesystem is mounted
requires = [ "local-fs.target" ];
after = [ "local-fs.target" ];
# The actual balance command
script = ''
# Start with lower usage to handle the most fragmented blocks first
${pkgs.btrfs-progs}/bin/btrfs balance start -dusage=5 -musage=5 /mount/point
${pkgs.btrfs-progs}/bin/btrfs balance start -dusage=10 -musage=10 /mount/point
${pkgs.btrfs-progs}/bin/btrfs balance start -dusage=20 -musage=20 /mount/point
'';
serviceConfig = {
Type = "oneshot";
Nice = 19; # Lowest CPU priority
IOSchedulingClass = "idle"; # Lowest I/O priority
# Prevent multiple instances from running simultaneously
ExecStartPre = "${pkgs.coreutils}/bin/rm -f /var/run/btrfs-balance.stamp";
ExecStopPost = "${pkgs.coreutils}/bin/touch /var/run/btrfs-balance.stamp";
};
};
system-update-check = {
description = "Check for system configuration updates";
# Required packages for the service
path = with pkgs; [
git
nixos-rebuild
openssh
];
# Service configuration
serviceConfig = {
Type = "oneshot";
User = "root";
WorkingDirectory = "/etc/nixos"; # Adjust this path to your config location
};
# The script that runs to check for updates
script = ''
# Store the current commit hash
OLD_HASH=$(git rev-parse HEAD)
# Fetch updates from remote
git fetch origin main # Adjust branch name if needed
# Get the new commit hash
NEW_HASH=$(git rev-parse origin/main)
# If there are changes, pull and rebuild
if [ "$OLD_HASH" != "$NEW_HASH" ]; then
echo "Updates found, pulling changes..."
git pull origin main
# Get commit message and timestamp for the tag
COMMIT_MSG=$(git log -1 --pretty=%B | head -n1 | tr -dc '[:alnum:][:space:]-' | tr '[:space:]' '-')
TIMESTAMP=$(date +%Y%m%d-%H%M)
SHORT_HASH=$(git rev-parse --short HEAD)
# Create a profile name using the timestamp, short hash, and commit message
PROFILE_NAME="$TIMESTAMP-$SHORT_HASH-$COMMIT_MSG"
# Rebuild the system
nixos-rebuild boot --profile-name "$PROFILE_NAME"
echo "System rebuilt with profile: $PROFILE_NAME"
else
echo "No updates found"
fi
'';
};
rsync-ssd = {
path = [
pkgs.bash
pkgs.rsync
];
script = ''
rsync -rtpogvPlHzs --ignore-existing /media/nas/main /media/nas/main/backup/ssd
'';
};
hd-idle = {
enable = false;
environment = {
HD_IDLE_OPTS = "-a /dev/disk/by-id/ata-Samsung_SSD_860_EVO_500GB_S3Z1NW0KA10457X,/dev/disk/by-id/ata-SSD2SC240G1SA754D117-820_PNY29140000558890457,/dev/disk/by-id/ata-ST3000DM007-1WY10G_ZFN28XXS,/dev/disk/by-id/ata-ST3000DM007-1WY10G_ZFQ052KN,/dev/disk/by-id/ata-ST3000DM007-1WY10G_ZFQ052NN,/dev/disk/by-id/ata-ST3000VN007-2E4166_Z731JVZJ,/dev/disk/by-id/ata-ST4000VN008-2DR166_ZDHBNBGP,/dev/disk/by-id/ata-ST8000AS0002-1NA17Z_Z8411RMB";
};
path = [
pkgs.bash
pkgs.hd-idle
];
script = ''
hd-idle $HD_IDLE_OPTS
'';
serviceConfig = {
Type = "oneshot";
};
};
};
security.pam.services.login.enableGnomeKeyring = true;
# Configure gpg-agent to cache keys
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
# Set how long to cache the passphrase (in seconds)
# defaultCacheTtl = 34560;
# maxCacheTtl = 34560;
};
# Create a timer to run the service periodically
systemd.timers = {
btrfs-balance = {
description = "Timer for BTRFS Balance Service";
wantedBy = [ "timers.target" ];
timerConfig = {
# Run weekly on Sunday at 2am
OnCalendar = "Sun *-*-* 02:00:00";
# Add randomized delay to prevent multiple systems from starting at exactly the same time
RandomizedDelaySec = "1h";
# Ensure we don't start multiple times if the system was off
Persistent = true;
};
};
system-update-check = {
description = "Timer for system configuration updates";
wantedBy = [ "timers.target" ];
# Timer configuration
timerConfig = {
OnCalendar = "daily"; # Check every day
Persistent = true; # Run immediately if last run was missed
Unit = "system-update-check.service";
};
};
};
} }