merge

systems/x86_64-linux/nas/apps.nix

@@ -98,6 +98,62 @@
       };
 
       tdarr.enable = true;
+
+      authentik = {
+        enable = true;
+        port = 9000;
+        environmentFile = "/run/secrets/jallen-nas/authentik-env";
+      };
+
+      attic = {
+        enable = true;
+        port = 9012;
+        listenAddress = "[::]";
+        environmentFile = "/run/secrets/jallen-nas/attic-key";
+      };
+
+      protonmail-bridge = {
+        enable = true;
+        smtpPort = 1025;
+        imapPort = 1143;
+        user = "admin";
+      };
+
+      netbootxyz = {
+        enable = true;
+        httpPort = 4000;
+        httpsPort = 4080;
+        dataDir = "/media/nas/main/nix-app-data/netbootxyz";
+      };
+
+      glances = {
+        enable = true;
+        port = 61208;
+        bindAddress = "0.0.0.0";
+      };
+
+      code-server = {
+        enable = true;
+        port = 4444;
+        user = "admin";
+        group = "jallen-nas";
+        host = "0.0.0.0";
+        auth = "none";
+        hashedPassword = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
+        extraEnvironment = {
+          PROXY_DOMAIN = "code.mjallen.dev";
+        };
+      };
+
+      restic = {
+        enable = true;
+        port = 8008;
+        dataDir = "/media/nas/main/backup/restic";
+        prometheus = true;
+        listenAddress = "0.0.0.0";
+        htpasswdFile = "/media/nas/main/backup/restic/.htpasswd";
+        extraFlags = [ "--no-auth" ];
+      };
     };
   };
 }

systems/x86_64-linux/nas/default.nix

@@ -3,7 +3,6 @@
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 
 {
-  config,
   pkgs,
   namespace,
   ...
@@ -67,52 +66,6 @@
       firewall = {
         enable = true;
         allowPing = true;
-        allowedTCPPorts = [
-          8008 # restic
-          9000 # authentik
-          2342 # grafana
-          51820 # wireguard
-          1025
-          1143
-          10200
-          10300
-          8127
-          9980 # onlyoffice
-          4000 # netbootxyz
-          4080 # netbootxyz
-          3000 # gitea
-          2222 # gitea ssh
-          3300
-          9898
-          6754 # lubelogger
-          2283 # immich
-          4444 # code-server
-          9012
-          8192
-        ];
-        allowedUDPPorts = [
-          8008 # restic
-          9000 # authentik
-          2342 # grafana
-          51820 # wireguard
-          1025
-          1143
-          10200
-          10300
-          8127
-          9980 # onlyoffice
-          4000 # netbootxyz
-          4080 # netbootxyz
-          3000 # gitea
-          2222 # gitea ssh
-          3300
-          9898
-          6754 # lubelogger
-          2283 # immich
-          4444 # code-server
-          9012
-          8192
-        ];
         trustedInterfaces = [ "tailscale0" ];
       };
     };
@@ -143,7 +96,6 @@
       ffmpeg
       ipset
       llama-cpp
-      # inputs.nas-nixai.packages.x86_64-linux.nixai
       networkmanagerapplet
       nut
       packagekit
@@ -167,48 +119,6 @@
       enable = true;
       nvidiaSupport = true;
     };
-
-    msmtp = {
-      enable = false;
-      accounts = {
-        default = {
-          auth = true;
-          tls_starttls = false;
-          host = "smtp.gmail.com";
-          user = "matt.l.jallen";
-          from = "matt.l.jallen@gmail.com";
-          passwordeval = "cat ${config.sops.secrets."jallen-nas/gitea/mail-key".path}";
-        };
-      };
-      defaults = {
-        port = 465;
-        tls = true;
-      };
-    };
-  };
-
-  hardware.fancontrol = {
-    enable = false;
-    config = ''
-      # Configuration file generated by pwmconfig, changes will be lost
-      # hwmon6/temp9_input -- chipset temp?
-      # hwmon2/temp1_input -- cpu temp?
-      # hwmon6/pwm5 -- chipset fan?
-      # hwmon6/pwm2, hwmon6/pwm3 -- cpu fans?
-      # hwmon6/pwm4 -- case fans?
-
-      INTERVAL=10
-      DEVPATH=hwmon2=devices/pci0000:00/0000:00:18.3 hwmon6=devices/platform/nct6775.656
-      DEVNAME=hwmon2=k10temp hwmon6=nct6798
-      FCTEMPS=hwmon6/pwm5=hwmon6/temp9_input hwmon6/pwm2=hwmon2/temp1_input hwmon6/pwm3=hwmon2/temp1_input hwmon6/pwm4=hwmon2/temp1_input
-      FCFANS=hwmon6/pwm5=hwmon6/fan5_input hwmon6/pwm2=hwmon6/fan2_input hwmon6/pwm3=hwmon6/fan3_input hwmon6/pwm4=hwmon6/fan4_input
-      MINTEMP=hwmon6/pwm5=20 hwmon6/pwm2=20 hwmon6/pwm3=20 hwmon6/pwm4=20
-      MAXTEMP=hwmon6/pwm5=60 hwmon6/pwm2=90 hwmon6/pwm3=90 hwmon6/pwm4=90
-      MINSTART=hwmon6/pwm5=16 hwmon6/pwm2=90 hwmon6/pwm3=45 hwmon6/pwm4=60
-      MINSTOP=hwmon6/pwm5=14 hwmon6/pwm2=0 hwmon6/pwm3=30 hwmon6/pwm4=45
-      MINPWM=hwmon6/pwm5=14 hwmon6/pwm2=0 hwmon6/pwm3=0 hwmon6/pwm4=0
-      MAXPWM=hwmon6/pwm5=255 hwmon6/pwm2=255 hwmon6/pwm3=255 hwmon6/pwm4=255
-    '';
   };
 
   # Additional virtualization beyond what's in development module

systems/x86_64-linux/nas/grafana.nix

@@ -82,5 +82,8 @@ in
     };
   };
   # Open firewall ports for Grafana
-  networking.firewall.allowedTCPPorts = [ 9999 ];
+  networking.firewall = {
+    allowedTCPPorts = [ 9999 ];
+    allowedUDPPorts = [ 9999 ];
+  };
 }

systems/x86_64-linux/nas/nix-serve.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 {
   # "https://cache.mjallen.dev"
   # "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
@@ -10,14 +10,6 @@
     openFirewall = true;
   };
 
-  services.atticd = {
-    enable = true;
-    environmentFile = config.sops.secrets."jallen-nas/attic-key".path;
-    settings = {
-      listen = "[::]:9012";
-    };
-  };
-
   # Improved systemd service with better error handling
   systemd = {
     services = {

systems/x86_64-linux/nas/services.nix

@@ -8,21 +8,6 @@ in
   # Services configs
   services = {
 
-    code-server = {
-      enable = true;
-      disableTelemetry = true;
-      disableUpdateCheck = true;
-      user = "admin";
-      group = "jallen-nas";
-      host = "0.0.0.0";
-      port = 4444;
-      auth = "none";
-      hashedPassword = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
-      extraEnvironment = {
-        PROXY_DOMAIN = "code.mjallen.dev";
-      };
-    };
-
     minecraft-server = {
       enable = false;
       eula = true;
@@ -127,11 +112,6 @@ in
       ];
     };
 
-    authentik = {
-      enable = true;
-      environmentFile = config.sops.secrets."jallen-nas/authentik-env".path;
-    };
-
     # nixai = {
     #   enable = true;
     #   mcp = {
@@ -168,33 +148,6 @@ in
       };
     };
 
-    restic.server = {
-      enable = true;
-      dataDir = "/media/nas/main/backup/restic";
-      prometheus = true;
-      listenAddress = "0.0.0.0:8008";
-      htpasswd-file = "/media/nas/main/backup/restic/.htpasswd";
-    };
-  };
-
-  systemd.user.services = {
-    protonmail-bridge = {
-      description = "Protonmail Bridge";
-      enable = true;
-      environment = {
-        GNUPGHOME = "%h/.gnupg";
-        PASSWORD_STORE_DIR = "%h/.password-store";
-      };
-      script = "${pkgs.protonmail-bridge}/bin/protonmail-bridge --noninteractive";
-      path = [
-        pkgs.gnome-keyring
-        pkgs.gnupg
-        pkgs.pass
-        pkgs.protonmail-bridge
-      ];
-      wantedBy = [ "default.target" ];
-      after = [ "gpg-agent.service" ];
-    };
   };
 
   # TODO move to normal samba settings
@@ -298,17 +251,6 @@ in
       '';
     };
 
-    glances-server = {
-      path = [
-        pkgs.bash
-        pkgs.glances
-      ];
-      script = ''
-        glances -w
-      '';
-      wantedBy = [ "multi-user.target" ];
-    };
-
     hd-idle = {
       enable = false;
       environment = {