mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

bruh

Browse Source
This commit is contained in:
mjallen18
2026-01-30 22:45:46 -06:00
parent 044bac7464
commit bca4a13614
14 changed files with 581 additions and 342 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
flake.lock generated
View File

@@ -14,11 +14,11 @@
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1768220016,
"narHash": "sha256-jIYGoq90mDkeVEM9r9CHa/3H1ByYp7ZkE0IRf+haysE=",
"lastModified": 1769348998,
"narHash": "sha256-nP4gw7bdwYGa+TQEvpMrYrp6/wsGklrC2cmIUjP4HNI=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "94c544f6cd51735728391c8e9463efc893ddf26b",
"rev": "eee255ff2ffd90477889740a56ee75cf7020886e",
"type": "github"
},
"original": {
@@ -30,16 +30,16 @@
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1765907481,
"narHash": "sha256-d0pPNE2T30COdFse0T15Mx8XW4BGg8hgPQvmW2dAV9s=",
"owner": "goauthentik",
"lastModified": 1768596569,
"narHash": "sha256-HDTbQB/sMhYh2b95dQwzF8OgrwLWdl4hVmx6wtDcgE8=",
"owner": "ma27",
"repo": "authentik",
"rev": "0d617e4ad1eb9e4540ba5381e6ce06e971affc63",
"rev": "72ad5fe320f2201fc2a37372d4c9cb46377a58e5",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2025.10.3",
"owner": "ma27",
"ref": "2025.12.1-dependency-fix",
"repo": "authentik",
"type": "github"
}
@@ -115,16 +115,16 @@
"brew-src": {
"flake": false,
"locked": {
"lastModified": 1763638478,
"narHash": "sha256-n/IMowE9S23ovmTkKX7KhxXC2Yq41EAVFR2FBIXPcT8=",
"lastModified": 1769363988,
"narHash": "sha256-BiGPeulrDVetXP+tjxhMcGLUROZAtZIhU5m4MqawCfM=",
"owner": "Homebrew",
"repo": "brew",
"rev": "fbfdbaba008189499958a7aeb1e2c36ab10c067d",
"rev": "d01011cac6d72032c75fd2cd9489909e95d9faf2",
"type": "github"
},
"original": {
"owner": "Homebrew",
"ref": "5.0.3",
"ref": "5.0.12",
"repo": "brew",
"type": "github"
}
@@ -191,11 +191,11 @@
]
},
"locked": {
"lastModified": 1768923567,
"narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=",
"lastModified": 1769524058,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
"owner": "nix-community",
"repo": "disko",
"rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
"type": "github"
},
"original": {
@@ -495,20 +495,19 @@
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs-stable"
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1768949235,
"narHash": "sha256-TtjKgXyg1lMfh374w5uxutd6Vx2P/hU81aEhTxrO2cg=",
"lastModified": 1769813945,
"narHash": "sha256-9ABv9Lo9t6MrFjlnRnU8Zw1C6LVj2+R8PipQ/rxGLHk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "75ed713570ca17427119e7e204ab3590cc3bf2a5",
"rev": "475921375def3eb930e1f8883f619ff8609accb6",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
@@ -520,11 +519,11 @@
]
},
"locked": {
"lastModified": 1768949235,
"narHash": "sha256-TtjKgXyg1lMfh374w5uxutd6Vx2P/hU81aEhTxrO2cg=",
"lastModified": 1769580047,
"narHash": "sha256-tNqCP/+2+peAXXQ2V8RwsBkenlfWMERb+Uy6xmevyhM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "75ed713570ca17427119e7e204ab3590cc3bf2a5",
"rev": "366d78c2856de6ab3411c15c1cb4fb4c2bf5c826",
"type": "github"
},
"original": {
@@ -541,11 +540,11 @@
]
},
"locked": {
"lastModified": 1769187349,
"narHash": "sha256-clG+nT6I2qxjIgk5WoSDKJyNhzKJs9jzbCujPF2S/yg=",
"lastModified": 1769813945,
"narHash": "sha256-9ABv9Lo9t6MrFjlnRnU8Zw1C6LVj2+R8PipQ/rxGLHk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "082a4cd87c6089d1d9c58ebe52655f9e07245fcb",
"rev": "475921375def3eb930e1f8883f619ff8609accb6",
"type": "github"
},
"original": {
@@ -595,11 +594,11 @@
"homebrew-cask": {
"flake": false,
"locked": {
"lastModified": 1769190302,
"narHash": "sha256-4BG10dq9vemchreQT04rCadVYPgcv3XPB+2F/rJ/ShM=",
"lastModified": 1769824858,
"narHash": "sha256-IU9GSYsQ+VAInFEhqGLOME0h8Up+t2/8NYhJqeo5J0k=",
"owner": "homebrew",
"repo": "homebrew-cask",
"rev": "b959384f6fa48144ff5878bd32da12f3d322e1d7",
"rev": "7eb30f6a521b26b9ee9c3324301104277f214c86",
"type": "github"
},
"original": {
@@ -611,11 +610,11 @@
"homebrew-core": {
"flake": false,
"locked": {
"lastModified": 1769188316,
"narHash": "sha256-KfSw5Tz/FifYBkfIvKT64DDd5oBL42FwzdSLPwsWU7g=",
"lastModified": 1769830839,
"narHash": "sha256-syxwftbd9+0WzAQp+FUlikUwxA/lpPZu1Eo3/kVTGUc=",
"owner": "homebrew",
"repo": "homebrew-core",
"rev": "6f8f0f166802a41d54c12251b2f75c1b9b6f5599",
"rev": "0c4c32f56cf6df42d3b467c5aa54f011da850080",
"type": "github"
},
"original": {
@@ -630,11 +629,11 @@
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1768941735,
"narHash": "sha256-OyxsfXNcOkt06/kM+4bnuC8moDx+t7Qr+RB0BBa83Ig=",
"lastModified": 1769548169,
"narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "69ecf31e8fddc9354a4b418f3a517445d486bb54",
"rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
"type": "github"
},
"original": {
@@ -716,11 +715,11 @@
"brew-src": "brew-src"
},
"locked": {
"lastModified": 1764473698,
"narHash": "sha256-C91gPgv6udN5WuIZWNehp8qdLqlrzX6iF/YyboOj6XI=",
"lastModified": 1769437432,
"narHash": "sha256-8d7KnCpT2LweRvSzZYEGd9IM3eFX+A78opcnDM0+ndk=",
"owner": "zhaofengli",
"repo": "nix-homebrew",
"rev": "6a8ab60bfd66154feeaa1021fc3b32684814a62a",
"rev": "a5409abd0d5013d79775d3419bcac10eacb9d8c5",
"type": "github"
},
"original": {
@@ -794,11 +793,11 @@
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1769134548,
"narHash": "sha256-16UWbfkIEaG728vwCdXM5C/8f1NLqBwZc039p8Yj9CA=",
"lastModified": 1769826952,
"narHash": "sha256-8CpJxXwRyN8gSzjT0e4QjWPwVs/W0uHRJ6fEPGaTk7I=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "969bb9a90fa1365e8b5028d1b67dbd439b268675",
"rev": "2b93cd3f310d6a9d24ccfc154740d591288d6754",
"type": "github"
},
"original": {
@@ -862,11 +861,11 @@
"nixpkgs": "nixpkgs_10"
},
"locked": {
"lastModified": 1769126487,
"narHash": "sha256-OA+Qrrf0FWqARjgJASGrPKMUw237G3gYG+MQn4upABU=",
"lastModified": 1769538514,
"narHash": "sha256-/3Hk9YEI+9vA2+4AFErByc1V3LcCDNThmXYhFWlkQiU=",
"owner": "nix-community",
"repo": "nixos-apple-silicon",
"rev": "003afbd7b4f90c83497906ba2e9099874c2e3a4f",
"rev": "749992a1cd11092ac9eea8a05fb953f591df59db",
"type": "github"
},
"original": {
@@ -905,11 +904,11 @@
]
},
"locked": {
"lastModified": 1764234087,
"narHash": "sha256-NHF7QWa0ZPT8hsJrvijREW3+nifmF2rTXgS2v0tpcEA=",
"lastModified": 1769813415,
"narHash": "sha256-nnVmNNKBi1YiBNPhKclNYDORoHkuKipoz7EtVnXO50A=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "032a1878682fafe829edfcf5fdfad635a2efe748",
"rev": "8946737ff703382fda7623b9fab071d037e897d5",
"type": "github"
},
"original": {
@@ -920,11 +919,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1769086393,
"narHash": "sha256-3ymIZ8s3+hu7sDl/Y48o6bwMxorfKrmn97KuWiw1vjY=",
"lastModified": 1769302137,
"narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "9f7ba891ea5fc3ededd7804f1a23fafadbcb26ca",
"rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8",
"type": "github"
},
"original": {
@@ -936,11 +935,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1765779637,
"narHash": "sha256-KJ2wa/BLSrTqDjbfyNx70ov/HdgNBCBBSQP3BIzKnv4=",
"lastModified": 1768305791,
"narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1306659b587dc277866c7b69eb97e5f07864d8c4",
"rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
"type": "github"
},
"original": {
@@ -999,11 +998,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1769089682,
"narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=",
"lastModified": 1769598131,
"narHash": "sha256-e7VO/kGLgRMbWtpBqdWl0uFg8Y2XWFMdz0uUJvlML8o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "078d69f03934859a181e81ba987c2bb033eebfc5",
"rev": "fa83fd837f3098e3e678e6cf017b2b36102c7211",
"type": "github"
},
"original": {
@@ -1015,11 +1014,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1769018530,
"narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
@@ -1047,27 +1046,27 @@
},
"nixpkgs_11": {
"locked": {
"lastModified": 1769089682,
"narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=",
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "078d69f03934859a181e81ba987c2bb033eebfc5",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_12": {
"locked": {
"lastModified": 1768569498,
"narHash": "sha256-bB6Nt99Cj8Nu5nIUq0GLmpiErIT5KFshMQJGMZwgqUo=",
"lastModified": 1769268028,
"narHash": "sha256-mAdJpV0e5IGZjnE4f/8uf0E4hQR7ptRP00gnZKUOdMo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "be5afa0fcb31f0a96bf9ecba05a516c66fcd8114",
"rev": "ab9fbbcf4858bd6d40ba2bbec37ceb4ab6e1f562",
"type": "github"
},
"original": {
@@ -1428,11 +1427,11 @@
"nixpkgs": "nixpkgs_12"
},
"locked": {
"lastModified": 1768863606,
"narHash": "sha256-1IHAeS8WtBiEo5XiyJBHOXMzECD6aaIOJmpQKzRRl64=",
"lastModified": 1769469829,
"narHash": "sha256-wFcr32ZqspCxk4+FvIxIL0AZktRs6DuF8oOsLt59YBU=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c7067be8db2c09ab1884de67ef6c4f693973f4a2",
"rev": "c5eebd4eb2e3372fe12a8d70a248a6ee9dd02eff",
"type": "github"
},
"original": {
@@ -1485,11 +1484,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1768744881,
"narHash": "sha256-3+h7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p+S6BA=",
"lastModified": 1769819994,
"narHash": "sha256-AJB2hcg1OgocLGuVdot9HyCD+Kv+a6znhY2i3XqcZYU=",
"owner": "nix-community",
"repo": "stylix",
"rev": "06684f00cfbee14da96fd4307b966884de272d3a",
"rev": "8b14679c0e1570b0e137f0f7997717be0fdf2cf2",
"type": "github"
},
"original": {
@@ -1646,11 +1645,11 @@
]
},
"locked": {
"lastModified": 1768158989,
"narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=",
"lastModified": 1769691507,
"narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca",
"rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b",
"type": "github"
},
"original": {

4
flake.nix
View File

@@ -15,8 +15,8 @@
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
nixpkgs = nixpkgs-stable;
home-manager = home-manager-stable;
nixpkgs = nixpkgs-unstable;
home-manager = home-manager-unstable;
# The name "snowfall-lib" is required due to how Snowfall Lib processes your
# flake's inputs.

2
homes/aarch64-darwin/mattjallen@macbook-pro/default.nix
View File

@@ -15,7 +15,7 @@ let
age
cpufetch
deadnix
nixfmt-rfc-style
nixfmt
nodePackages.nodejs
uv
sops

2
modules/home/home/default.nix
View File

@@ -24,7 +24,7 @@ in
lm_sensors
nano
nix-prefetch-scripts
nixfmt-rfc-style
nixfmt
pciutils
protonup-ng
rsync

46
modules/nixos/homeassistant/services/govee2mqtt/default.nix Normal file
View File

@@ -0,0 +1,46 @@
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.home-assistant;
in
{
config = mkIf cfg.enable {
sops = {
secrets = {
"jallen-nas/govee2mqtt/govee-email" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
"jallen-nas/govee2mqtt/govee-password" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
"jallen-nas/govee2mqtt/govee-api" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
};
templates = {
"govee2mqtt.env" = {
mode = "660";
restartUnits = [ "govee2mqtt.service" ];
content = ''
GOVEE_EMAIL=${config.sops.placeholder."jallen-nas/govee2mqtt/govee-email"}
GOVEE_PASSWORD=${config.sops.placeholder."jallen-nas/govee2mqtt/govee-password"}
GOVEE_API_KEY=${config.sops.placeholder."jallen-nas/govee2mqtt/govee-api"}
GOVEE_MQTT_HOST=localhost
GOVEE_MQTT_PORT=1883
'';
};
};
};
services = {
govee2mqtt = {
enable = true;
environmentFile = config.sops.templates."govee2mqtt.env".path;
};
};
};
}

15
modules/nixos/homeassistant/services/homeassistant/default.nix
View File

@@ -11,19 +11,19 @@ let
cfg = config.${namespace}.services.home-assistant;
in
{
disabledModules = [
"services/home-automation/home-assistant.nix"
];
# disabledModules = [
# "services/home-automation/home-assistant.nix"
# ];
imports = [
"${inputs.nixpkgs-unstable}/nixos/modules/services/home-automation/home-assistant.nix"
];
# imports = [
# "${inputs.nixpkgs-unstable}/nixos/modules/services/home-automation/home-assistant.nix"
# ];
config = mkIf cfg.enable {
services.home-assistant = {
enable = true;
package = pkgs.unstable.home-assistant;
package = pkgs.home-assistant;
openFirewall = true;
configDir = "/var/lib/homeassistant";
configWritable = true; # todo
@@ -252,6 +252,7 @@ in
ha-bambulab
ha-bedjet
ha-gehome
# ha-govee
ha-icloud3
ha-local-llm
ha-mail-and-packages

4
modules/nixos/nix/default.nix
View File

@@ -9,14 +9,14 @@
settings = {
# extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
substituters = [
"https://cache.mjallen.dev/nas-cache"
# "https://cache.mjallen.dev/nas-cache"
"https://nixos-apple-silicon.cachix.org"
"https://nixos-raspberrypi.cachix.org"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"nas-cache:Y7PR+XTLr1bLIL85PKb9Tk9/BnE5HndTKvZYWVP1/48="
# "nas-cache:Y7PR+XTLr1bLIL85PKb9Tk9/BnE5HndTKvZYWVP1/48="
"nixos-apple-silicon.cachix.org-1:8psDu5SA5dAD7qA0zMy5UT292TxeEPzIz8VVEr2Js20="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="

69
modules/nixos/services/arrs/default.nix
View File

@@ -16,6 +16,39 @@ let
description = "*arr Services";
options = { };
moduleConfig = {
sops = {
secrets = {
"jallen-nas/sabnzbd/password" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
"jallen-nas/sabnzbd/api-key" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
"jallen-nas/sabnzbd/nzb-key" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
"jallen-nas/sabnzbd/server/username" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
"jallen-nas/sabnzbd/server/password" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
};
};
templates = {
"sabnzbd.ini" = {
mode = "660";
restartUnits = [ "sabnzbd.service" ];
content = ''
misc.password=${config.sops.placeholder."jallen-nas/sabnzbd/password"}
misc.api_key=${config.sops.placeholder."jallen-nas/sabnzbd/api-key"}
misc.nzb_key=${config.sops.placeholder."jallen-nas/sabnzbd/nzb-key"}
servers."news.newsgroupdirect.com".username=${config.sops.placeholder."jallen-nas/sabnzbd/server/username"}
servers."news.newsgroupdirect.com".password=${config.sops.placeholder."jallen-nas/sabnzbd/server/password"}
'';
};
};
};
# Enable radarr service
services.radarr = {
enable = true;
@@ -38,10 +71,42 @@ let
# Enable Sabnzbd service
services.sabnzbd = {
enable = true;
# openFirewall = cfg.openFirewall;
user = "nix-apps";
group = "jallen-nas";
configFile = "${cfg.configDir}/sabnzbd/sabnzbd.ini";
secretFiles = [
config.sops.templates."sabnzbd.ini".path
];
settings = {
misc = {
host = "0.0.0.0";
port = 8280;
cache_limit = "10G";
download_dir = "${cfg.configDir}/downloads";
complete_dir = "${cfg.configDir}/incomplete";
};
servers = {
"news.newsgroupdirect.com" = {
name = "news.newsgroupdirect.com";
displayname = "news.newsgroupdirect.com";
host = "news.newsgroupdirect.com";
port = 563;
timeout = 60;
connections = 8;
ssl = true;
ssl_verify = 2;
ssl_ciphers = "";
enable = true;
required = false;
optional = false;
retention = 0;
expire_date = "";
quota = "";
usage_at_start = 0;
priority = 0;
notes = "";
};
};
};
};
services.deluge = {

30
packages/homeassistant/ha-govee/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
buildHomeAssistantComponent,
python3Packages,
fetchFromGitHub,
lib,
...
}:
buildHomeAssistantComponent rec {
owner = "LaggAt";
domain = "govee";
version = "2025.7.1";
src = fetchFromGitHub {
owner = owner;
repo = "hacs-govee";
rev = version;
hash = "sha256-3SnYjjQU2qRBcKs40bCpN75Ad3HqMcn/hRj1faSSeHw=";
};
buildInputs = with python3Packages; [
dacite
];
meta = {
changelog = "https://github.com/${owner}/hacs-govee/releases/tag/${version}";
description = "The Govee integration allows you to control and monitor lights and switches using the Govee API.";
homepage = "https://github.com/${owner}/hacs-govee";
maintainers = [ ];
};
}

425
secrets/nas-secrets.yaml
View File

File diff suppressed because one or more lines are too long

1
systems/test.jwe Normal file
View File

@@ -0,0 +1 @@
eyJhbGciOiJkaXIiLCJjbGV2aXMiOnsicGluIjoidHBtMiIsInRwbTIiOnsiaGFzaCI6InNoYTI1NiIsImp3a19wcml2IjoiQU80QUlPQU5tZ1oxQm5FSnRnWmtGNUJHTjRyYVhhYjhycjMtZ0JCWlBpT2ctRVVNQUJBMUQxUDJJYXBrWmQ0b3ZHeTdlbW9TVEQ5MGxzd2lOWDZTWnlRdk5lSTQ1OHhCaGF1S1JETUpDRXlYWVdHeGhBa0R2M3B2bVBsN2VpRl8xTTROODRPN2J4VVpzLUpxbUR1ajFkSXBMamVJQ0QwOTl4TF9wY1hHN1lCamFTSnh5dnU3Yk5vR3NqNk5rSGc0ZjF6bm80SUpKZ3hvSUw0bVlXY1ZGdENDbmVzMlpCS2haUnMtMHc1RHRfU0p0cWNPYVFMRzhNZmV2UFlVbWhJU1JKc0I2eFowcUw4Szllb2Q2a1lJMFRLT3BzS0M4UlcydFZjeldnZzlER0U5LUQyY3doV1RkUWxvUUhTOU5BTUgiLCJqd2tfcHViIjoiQUM0QUNBQUxBQUFFMGdBQUFCQUFJQnE0bHVYVDZRbENEOGVmbDBSc1hBUldES3dyRkRsRG4wSHoxSnJobjFLbiIsImtleSI6ImVjYyJ9fSwiZW5jIjoiQTI1NkdDTSJ9..0I9lRNcfUtySIzvm.nNi1-YX-l0FR6U2W.iqCTuceLKdVjRd5pe3L8_Q

14
systems/x86_64-linux/jallen-nas/boot.nix
View File

@@ -17,17 +17,17 @@ in
initrd = {
supportedFilesystems = [ "bcachefs" ];
clevis = {
enable = false;
devices = {
"/dev/disk/by-label/nas_pool".secretFile = "/etc/clevis/nas_pool.jwe";
};
};
# clevis = {
# enable = false;
# devices = {
# "/dev/disk/by-label/nas_pool".secretFile = "/etc/clevis/nas_pool.jwe";
# };
# };
};
# Enable binfmt emulation for ARM
binfmt.emulatedSystems = [ "aarch64-linux" ]; # --argstr system aarch64-linux
};
environment.etc."clevis/nas_pool.jwe".source = config.sops.secrets."jallen-nas/nas_pool".path;
# environment.etc."clevis/nas_pool.jwe".source = config.sops.secrets."jallen-nas/nas_pool".path;
}

91
systems/x86_64-linux/jallen-nas/default.nix
View File

@@ -12,6 +12,7 @@ in
imports = [
./boot.nix
./apps.nix
./disabled.nix
# ./nas-pool.nix
./users.nix
./services.nix
@@ -285,7 +286,12 @@ in
device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552";
fsType = "bcachefs";
};
# "/media/nas/test" = {
# device = "UUID=621706d6-e3a8-48d6-9560-58b01129a846";
# fsType = "bcachefs";
# };
};
fileSystems."/etc".neededForBoot = true;
environment.etc = {
"crypttab".text = ''
@@ -300,43 +306,55 @@ in
'';
};
boot.initrd.luks.devices = {
hdd1-cryptroot = {
device = "/dev/disk/by-uuid/295d4c78-41f0-4792-bd97-ac88b2455cdc";
};
hdd2-cryptroot = {
device = "/dev/disk/by-uuid/7c9c2179-351c-40a5-9257-e9ee2a1e794a";
};
ssd1-cryptroot = {
device = "/dev/disk/by-uuid/d78fa862-212c-4d4f-ad86-bfeead5cc054";
allowDiscards = true;
bypassWorkqueues = true;
};
ssd2-cryptroot = {
device = "/dev/disk/by-uuid/1661c173-3809-4517-9ab8-ad94c229048d";
allowDiscards = true;
bypassWorkqueues = true;
};
ssd3-cryptroot = {
device = "/dev/disk/by-uuid/cfea125e-90b1-4248-834d-16dcaf310783";
allowDiscards = true;
bypassWorkqueues = true;
};
ssd4-cryptroot = {
device = "/dev/disk/by-uuid/96055401-6d1a-4308-9e4e-2211e1e23635";
allowDiscards = true;
bypassWorkqueues = true;
};
ssd5-cryptroot = {
device = "/dev/disk/by-uuid/055e27e0-c96a-4899-8ee7-cb1cd5f21476";
allowDiscards = true;
bypassWorkqueues = true;
};
ssd6-cryptroot = {
device = "/dev/disk/by-uuid/6e830abd-2555-4558-81a3-4a990507b5a7";
allowDiscards = true;
bypassWorkqueues = true;
boot.initrd = {
luks.devices = {
# "621706d6-e3a8-48d6-9560-58b01129a846" = {
# device = "/dev/disk/by-uuid/621706d6-e3a8-48d6-9560-58b01129a846";
# };
hdd1-cryptroot = {
device = "/dev/disk/by-uuid/295d4c78-41f0-4792-bd97-ac88b2455cdc";
};
hdd2-cryptroot = {
device = "/dev/disk/by-uuid/7c9c2179-351c-40a5-9257-e9ee2a1e794a";
};
ssd1-cryptroot = {
device = "/dev/disk/by-uuid/d78fa862-212c-4d4f-ad86-bfeead5cc054";
allowDiscards = true;
bypassWorkqueues = true;
};
ssd2-cryptroot = {
device = "/dev/disk/by-uuid/1661c173-3809-4517-9ab8-ad94c229048d";
allowDiscards = true;
bypassWorkqueues = true;
};
ssd3-cryptroot = {
device = "/dev/disk/by-uuid/cfea125e-90b1-4248-834d-16dcaf310783";
allowDiscards = true;
bypassWorkqueues = true;
};
ssd4-cryptroot = {
device = "/dev/disk/by-uuid/96055401-6d1a-4308-9e4e-2211e1e23635";
allowDiscards = true;
bypassWorkqueues = true;
};
ssd5-cryptroot = {
device = "/dev/disk/by-uuid/055e27e0-c96a-4899-8ee7-cb1cd5f21476";
allowDiscards = true;
bypassWorkqueues = true;
};
ssd6-cryptroot = {
device = "/dev/disk/by-uuid/6e830abd-2555-4558-81a3-4a990507b5a7";
allowDiscards = true;
bypassWorkqueues = true;
};
};
# clevis = {
# enable = true;
# devices = {
# "621706d6-e3a8-48d6-9560-58b01129a846".secretFile = ../../../test.jwe;
# };
# };
};
# boot.initrd.luks.devices.cryptroot.device = "/dev/disk/by-partlabel/disk-main-jallen-nas-cryptroot";
@@ -360,7 +378,6 @@ in
protonmail-bridge
protonvpn-gui
qrencode
rcon
sbctl
tigervnc
tpm2-tools

69
systems/x86_64-linux/jallen-nas/disabled.nix Normal file
View File

@@ -0,0 +1,69 @@
{
config,
lib,
namespace,
...
}:
with lib;
let
inherit (lib.${namespace}) enabled disabled;
in
{
specialisation = {
safe-mode = {
configuration = {
${namespace} = {
services = {
actual = mkForce disabled;
ai = mkForce disabled;
arrs = mkForce disabled;
attic = mkForce disabled;
authentik = mkForce disabled;
authentikRac = mkForce disabled;
calibre = mkForce disabled;
calibre-web = mkForce disabled;
code-server = mkForce disabled;
collabora = mkForce disabled;
crowdsec = mkForce disabled;
dispatcharr = mkForce disabled;
ersatztv = mkForce disabled;
free-games-claimer = mkForce disabled;
gitea = mkForce disabled;
glance = mkForce disabled;
glances = mkForce disabled;
headscale = mkForce disabled;
immich = mkForce disabled;
jellyfin = mkForce disabled;
jellyseerr = mkForce disabled;
lubelogger = mkForce disabled;
manyfold = mkForce disabled;
matrix = mkForce disabled;
minecraft = mkForce disabled;
mongodb = mkForce disabled;
netbootxyz = mkForce disabled;
nextcloud = mkForce disabled;
ntfy = mkForce disabled;
ocis = mkForce disabled;
onlyoffice = mkForce disabled;
opencloud = mkForce disabled;
orca-slicer = mkForce disabled;
paperless = mkForce disabled;
paperless-ai = mkForce disabled;
protonmail-bridge = mkForce disabled;
restic = mkForce disabled;
sunshine = mkForce disabled;
tdarr = mkForce disabled;
traefik = mkForce disabled;
unmanic = mkForce disabled;
uptime-kuma = mkForce disabled;
wyoming = mkForce disabled;
};
};
services = {
postgresql = mkForce disabled;
};
};
};
};
}