mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

formatting + organizing

Browse Source
This commit is contained in:
mjallen18
2024-07-24 21:43:55 -05:00
parent 4b4b419873
commit c5a9ff512c
20 changed files with 744 additions and 652 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/default.nix
View File

@@ -98,14 +98,14 @@ in
# Security config
security = {
wrappers."mount.nfs" = {
setuid = true;
owner = "root";
group = "root";
source = "${pkgs.nfs-utils.out}/bin/mount.nfs";
};
rtkit.enable = lib.mkDefault true;
# configure sudo

16
hosts/desktop/boot.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, outputs, pkgs, ... }:
{
config,
lib,
outputs,
pkgs,
...
}:
{
# Configure bootloader with lanzaboot and secureboot
boot = {
@@ -27,14 +33,14 @@
# Override kernel to latest
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [
kernelParams = [
"quiet"
# needed cause ssd powersaving is broken af I guess
"nvme_core.default_ps_max_latency_us=0"
"pcie_aspm=off"
];
"pcie_aspm=off"
];
consoleLogLevel = 3;
bootspec.enable = true;
};
}
}

12
hosts/desktop/configuration.nix
View File

@@ -115,11 +115,15 @@ in
systemd.services = {
fix-wifi = {
path = [ pkgs.bash pkgs.networkmanager pkgs.kmod ];
path = [
pkgs.bash
pkgs.networkmanager
pkgs.kmod
];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type="oneshot";
Type = "oneshot";
ExecStart = [ "${resetNetworkScript}/bin/reset-network" ];
};
};
@@ -138,6 +142,7 @@ in
# Enable Network Manager
networkmanager.enable = true;
networkmanager.wifi.powersave = false;
networkmanager.settings.connectivity.uri = "http://nmcheck.gnome.org/check_network_status.txt";
};
@@ -165,6 +170,7 @@ in
aspellDicts.en-science
borgbackup
clinfo
direnv
efibootmgr
gparted
grsync
@@ -185,7 +191,7 @@ in
# native wayland support (unstable)
wineWowPackages.waylandFull
];
sessionVariables = {
STEAM_FORCE_DESKTOPUI_SCALING = "1";
};

10
hosts/desktop/filesystems.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, outputs, pkgs, ... }:
{
config,
lib,
outputs,
pkgs,
...
}:
{
fileSystems."/media/nas/backup" = {
device = "//10.0.1.18/Backup";
@@ -44,4 +50,4 @@
"gid=wheel"
];
};
}
}

5
hosts/desktop/home.nix
View File

@@ -107,7 +107,10 @@
"org/gnome/desktop/peripherals/mouse".accel-profile = "flat";
"org/gnome/desktop/peripherals/touchpad".two-finger-scrolling-enabled = true;
"org/gnome/desktop/peripherals/touchpad".tap-to-click = true;
"org/gnome/mutter".experimental-features = [ "scale-monitor-framebuffer" "variable-refresh-rate" ];
"org/gnome/mutter".experimental-features = [
"scale-monitor-framebuffer"
"variable-refresh-rate"
];
"org/gnome/tweaks".show-extensions-notice = false;
"org/gnome/shell".enabled-extensions = [
"appindicatorsupport@rgcjonas.gmail.com"

4
hosts/mac-nixos/configuration.nix
View File

@@ -46,7 +46,7 @@
# Enable the Plasma 6 Desktop Environment.
displayManager.gdm.enable = false;
};
displayManager.sddm.enable = true;
desktopManager.plasma6.enable = true;
@@ -92,7 +92,7 @@
];
environment.sessionVariables = rec {
DBX_CONTAINER_MANAGER = "podman";
DBX_CONTAINER_MANAGER = "podman";
};
# Copy the NixOS configuration file and link it from the resulting system

63
hosts/nas/apps.nix Normal file
View File

@@ -0,0 +1,63 @@
{
inputs,
outputs,
config,
lib,
pkgs,
...
}:
{
nas-apps = {
collabora.enable = true;
deluge.enable = true;
homarr.enable = true;
homepage.enable = false;
jackett.enable = true;
jellyfin.enable = true;
jellyseerr.enable = true;
mariadb.enable = true;
mealie = {
enable = true;
baseUrl = "https://mealie.mjallen.dev";
maxConcurrency = "4";
maxWorkers = "4";
allowSignup = "false";
};
nextcloud = {
enable = true;
httpPort = "9981";
httpsPort = "9443";
};
ollama.enable = true;
onlyoffice.enable = false;
open-webui.enable = true;
orca-slicer.enable = true;
radarr.enable = true;
redis.enable = true;
sabnzbd.enable = true;
sonarr.enable = true;
swag.enable = true;
tdarr.enable = true;
vscode.enable = true;
};
}

52
hosts/nas/boot.nix Normal file
View File

@@ -0,0 +1,52 @@
{
inputs,
outputs,
config,
lib,
pkgs,
...
}:
let
configLimit = 5;
kernel = pkgs.linuxPackages_latest;
in
{
# Configure bootloader with lanzaboot and secureboot
boot = {
loader = {
systemd-boot = {
enable = true;
configurationLimit = configLimit;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
# Override kernel to latest
kernelPackages = kernel;
kernelParams = [
"nohibernate"
"amd_pstate=active"
];
consoleLogLevel = 3;
bootspec.enable = true;
initrd = {
kernelModules = [
"tpm"
"tpm_tis"
"tpm_crb"
"tpm_infineon"
];
systemd = {
enable = true;
enableTpm2 = true;
};
};
};
}

576
hosts/nas/configuration.nix
View File

@@ -13,23 +13,18 @@
let
user = "admin";
password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
hostname = "jallen-nas";
allowedPorts = [
2342
3493
61208
9090
# config.services.tailscale.port
# 22
];
enableDisplayManager = false;
# adding a flag cause nixos cant figure itself out and broke shit that cant be fixed
enableUps = false;
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./filesystems.nix
./boot.nix
./apps.nix
./networking.nix
./ups.nix
./samba.nix
./services.nix
../default.nix
];
@@ -47,100 +42,6 @@ in
nix.settings.trusted-users = [ "@wheel" ];
powerManagement.cpuFreqGovernor = "powersave";
nas-apps = {
collabora.enable = true;
deluge.enable = true;
homarr.enable = true;
homepage.enable = false;
jackett.enable = true;
jellyfin.enable = true;
jellyseerr.enable = true;
mariadb.enable = true;
mealie = {
enable = true;
baseUrl = "https://mealie.mjallen.dev";
maxConcurrency = "4";
maxWorkers = "4";
allowSignup = "false";
};
nextcloud = {
enable = true;
httpPort = "9981";
httpsPort = "9443";
};
ollama.enable = true;
onlyoffice.enable = false;
open-webui.enable = true;
orca-slicer.enable = true;
radarr.enable = true;
redis.enable = true;
sabnzbd.enable = true;
sonarr.enable = true;
swag.enable = true;
tdarr.enable = true;
vscode.enable = true;
};
nas-samba = {
enable = true;
hostsAllow = "10.0.1.";
enableTimeMachine = true;
timeMachinePath = "/media/nas/main/timemachine";
shares = {
"3d_printer" = {
public = true;
sharePath = "/media/nas/main/3d_printer";
};
Backup = {
public = true;
sharePath = "/media/nas/main/backup";
};
Documents = {
public = true;
sharePath = "/media/nas/main/documents";
};
isos = {
public = true;
sharePath = "/media/nas/main/isos";
};
TimeMachine = {
public = false;
sharePath = "/media/nas/main/timemachine";
enableTimeMachine = true;
timeMachineMaxSize = "1T";
};
app_data = {
public = true;
sharePath = "/media/nas/ssd/ssd_app_data";
};
nix-config = {
public = true;
sharePath = "/home/matt/nix-config";
};
};
};
share.hardware.nvidia = {
enable = true;
enableBeta = false;
@@ -149,274 +50,15 @@ in
enableNvidiaDocker = true;
};
# Configure bootloader with lanzaboot and secureboot
boot = {
loader = {
systemd-boot = {
enable = true;
configurationLimit = 5;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
# Override kernel to latest
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [
"nohibernate"
"amd_pstate=active"
];
consoleLogLevel = 3;
bootspec.enable = true;
initrd = {
kernelModules = [ "tpm" "tpm_tis" "tpm_crb" "tpm_infineon" ];
systemd = {
enable = true;
enableTpm2 = true;
};
};
};
security.tpm2 = {
enable = true;
};
# Services configs
services = {
udisks2.enable = true;
# Enable the X11 windowing system.
xserver = {
enable = enableDisplayManager;
# Enable the Plasma 6 Desktop Environment.
desktopManager.plasma5.enable = enableDisplayManager;
};
displayManager = {
sddm.enable = enableDisplayManager;
#defaultSession = "plasma";
};
# Set to enable Flatpak
flatpak.enable = false;
# Enable RDP
xrdp = {
enable = enableDisplayManager;
defaultWindowManager = "startplasma-x11";
openFirewall = enableDisplayManager;
};
avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
extraServiceFiles = {
# TODO is this needed?
smb = ''
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
'';
};
};
apcupsd = {
enable = true;
};
grafana = {
enable = true;
settings.server = {
http_port = 2342;
domain = hostname;
serve_from_sub_path = true;
http_addr = "";
};
dataDir = "/media/nas/ssd/nix-app-data/grafana";
};
prometheus = {
enable = true;
port = 9001;
exporters = {
node = {
enable = true;
enabledCollectors = [
"diskstats"
"systemd"
];
port = 9002;
};
smartctl = {
enable = true;
group = "disk";
devices = [
"/dev/sda"
"/dev/sdb"
"/dev/sdc"
"/dev/sdd"
"/dev/sde"
"/dev/sdf"
"/dev/sdg"
"/dev/sdh"
"/dev/sdi"
"/dev/nvme0n1"
"/dev/nvme1n1"
];
};
};
scrapeConfigs = [
{
job_name = hostname;
static_configs = [
{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
"127.0.0.1:${toString config.services.prometheus.exporters.smartctl.port}"
];
}
];
}
];
};
tailscale = {
enable = true;
openFirewall = true;
useRoutingFeatures = "client";
extraUpFlags = [ "--advertise-exit-node" ];
};
btrfs = {
autoScrub.enable = true;
autoScrub.fileSystems = [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
"/media/nas/ssd/nix-app-data"
"/media/nas/ssd/ssd_app_data"
"/media/nas/ssd/mariadb"
"/media/nas/main/3d_printer"
"/media/nas/main/backup"
"/media/nas/main/documents"
"/media/nas/main/nextcloud"
"/media/nas/main/movies"
"/media/nas/main/tv"
"/media/nas/main/isos"
];
};
};
systemd.services = {
tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig.Type = "oneshot";
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up -authkey nodekey:e4557e761f8fa2cb51a189d32484092036d3954b61502b7e19688869a5107707
'';
};
glances-server = {
path = [
pkgs.bash
pkgs.glances
];
script = ''
glances -w
'';
wantedBy = [ "multi-user.target" ];
};
};
# Networking configs enp7s0
networking = {
hostName = hostname;
hostId = "4b501480";
# Enable Network Manager
networkmanager.enable = false;
interfaces = {
wlp6s0.ipv4.addresses = [ {
address = "10.0.1.18";
prefixLength = 24;
} ];
};
defaultGateway.address = "10.0.1.1";
nameservers = [ "10.0.1.1" ];
wireless = {
enable = true;
networks = {
"Joeys Jungle" = {
psk = "kR8v&3Qd";
};
};
};
firewall = {
enable = true;
allowPing = true;
extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed?
allowedTCPPorts = allowedPorts;
allowedUDPPorts = allowedPorts;
# always allow traffic from your Tailscale network
trustedInterfaces = [ "tailscale0" ];
};
};
# Configure environment
environment = {
# etc."nut/upsd.conf".source = /home/matt/upsd.conf;
# etc."nut/upsd.users".source = /home/matt/upsd.users;
# etc."nut/upsmon.conf".source = /home/matt/upsmon.conf;
# etc."nut/upsd.conf".source = /home/matt/upsd.conf;
# etc."nut/upsd.users".source = /home/matt/upsd.users;
# etc."nut/upsmon.conf".source = /home/matt/upsmon.conf;
etc.crypttab.text = ''
ssd1 UUID=eff4b19c-aba7-41ab-b452-a8c6654d8754 none tpm2-device=auto
@@ -481,51 +123,6 @@ in
screen.enable = true;
};
power.ups = {
ups = {
enable = enableUps;
mode = "netserver";
ups."nasups" = {
driver = "usbhid-ups";
port = "auto";
description = "NAS UPS";
};
upsmon = {
monitor = "nasups@localhost 1 upsuser BogieDudie1 primary";
};
upsd = {
enable = enableUps;
listen = {
address = 0.0 0.0 0.0;
port = 3493;
};
};
# users = {
# actions = [ "SET" ];
# instcmds = [ "ALL" ];
##* upsmon = "primary";
# passwordFile = "/home/matt/ups.conf";
# };
};
# Add UPS monitoring service
upsmon = {
enable = true;
# Configure UPS device
device = "/dev/usb/hiddev1"; # Change this to your UPS device
driver = "usbhid-ups"; # Change this if your UPS uses a different driver
# Set UPS monitoring options
options = {
# NOTIFYCMD = "/path/to/notify-script.sh"; # Path to your notification script
POLLFREQ = 5;
POLLFREQALERT = 5;
HOSTSYNC = "on";
DEADTIME = 15;
FINALDELAY = 5;
};
};
};
# Configure nixpkgs
nixpkgs = {
overlays = [ outputs.overlays.nixpkgs-unstable ];
@@ -616,159 +213,6 @@ in
libvirtd.enable = true;
};
fileSystems."/media/nas/ssd/nix-app-data" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [
"subvol=nix-app-data"
"compress=zstd"
];
};
fileSystems."/media/nas/ssd/ssd_app_data" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [
"subvol=ssd_app_data"
"compress=zstd"
];
};
fileSystems."/media/nas/ssd/mariadb" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [
"subvol=mariadb"
"compress=zstd"
];
};
fileSystems."/media/nas/ssd/VMs" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [
"subvol=VMs"
"compress=zstd"
];
};
fileSystems."/media/nas/main/3d_printer" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=3d_printer"
"compress=zstd"
];
};
fileSystems."/media/nas/main/backup" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=backup"
"compress=zstd"
];
};
fileSystems."/media/nas/main/books" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=books"
"compress=zstd"
];
};
fileSystems."/media/nas/main/documents" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=documents"
"compress=zstd"
];
};
fileSystems."/media/nas/main/homeassistant" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=homeassistant"
"compress=zstd"
];
};
fileSystems."/media/nas/main/isos" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=isos"
"compress=zstd"
];
};
fileSystems."/media/nas/main/movies" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=movies"
"compress=zstd"
];
};
fileSystems."/media/nas/main/nextcloud" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=nextcloud"
"compress=zstd"
];
};
fileSystems."/media/nas/main/photos" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=photos"
"compress=zstd"
];
};
fileSystems."/media/nas/main/switch" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=switch"
"compress=zstd"
];
};
fileSystems."/media/nas/main/tv" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=tv"
"compress=zstd"
];
};
fileSystems."/media/nas/main/timemachine" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=timemachine"
"compress=zstd"
];
};
# fileSystems."/media/nas/main/vms" = {
# device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
# fsType = "btrfs";
# options = [
# "subvol=vms"
# "compress=zstd"
# ];
# };
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#

120
hosts/nas/filesystems.nix Normal file
View File

@@ -0,0 +1,120 @@
{
inputs,
config,
lib,
outputs,
pkgs,
...
}:
let
btrfsOptions = [
"subvol=nix-app-data"
"compress=zstd"
];
in
{
fileSystems."/media/nas/ssd/nix-app-data" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [
"subvol=nix-app-data"
"compress=zstd"
];
};
fileSystems."/media/nas/ssd/ssd_app_data" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = btrfsOptions;
};
fileSystems."/media/nas/ssd/mariadb" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = btrfsOptions;
};
fileSystems."/media/nas/ssd/VMs" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = btrfsOptions;
};
fileSystems."/media/nas/main/3d_printer" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = btrfsOptions;
};
fileSystems."/media/nas/main/backup" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = btrfsOptions;
};
fileSystems."/media/nas/main/books" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = btrfsOptions;
};
fileSystems."/media/nas/main/documents" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = btrfsOptions;
};
fileSystems."/media/nas/main/homeassistant" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = btrfsOptions;
};
fileSystems."/media/nas/main/isos" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = btrfsOptions;
};
fileSystems."/media/nas/main/movies" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = btrfsOptions;
};
fileSystems."/media/nas/main/nextcloud" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = btrfsOptions;
};
fileSystems."/media/nas/main/photos" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = btrfsOptions;
};
fileSystems."/media/nas/main/switch" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = btrfsOptions;
};
fileSystems."/media/nas/main/tv" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = btrfsOptions;
};
fileSystems."/media/nas/main/timemachine" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = btrfsOptions;
};
# fileSystems."/media/nas/main/vms" = {
# device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
# fsType = "btrfs";
# options = btrfsOptions;
# };
}

66
hosts/nas/networking.nix Normal file
View File

@@ -0,0 +1,66 @@
{
inputs,
outputs,
config,
lib,
pkgs,
...
}:
let
hostname = "jallen-nas";
ipAddress = "10.0.1.18";
gateway = "10.0.1.1";
ssid = "Joeys Jungle";
password = "kR8v&3Qd";
allowedPorts = [
2342
3493
61208
9090
# config.services.tailscale.port
# 22
];
in
{
# Networking configs enp7s0
networking = {
hostName = hostname;
hostId = "4b501480";
# Enable Network Manager
networkmanager.enable = false;
interfaces = {
wlp6s0.ipv4.addresses = [
{
address = ipAddress;
prefixLength = 24;
}
];
};
defaultGateway.address = gateway;
nameservers = [ gateway ];
wireless = {
enable = true;
networks = {
ssid = {
psk = password;
};
};
};
firewall = {
enable = true;
allowPing = true;
extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed?
allowedTCPPorts = allowedPorts;
allowedUDPPorts = allowedPorts;
# always allow traffic from your Tailscale network
trustedInterfaces = [ "tailscale0" ];
};
};
}

49
hosts/nas/samba.nix Normal file
View File

@@ -0,0 +1,49 @@
{
inputs,
outputs,
config,
lib,
pkgs,
...
}:
{
nas-samba = {
enable = true;
hostsAllow = "10.0.1.";
enableTimeMachine = true;
timeMachinePath = "/media/nas/main/timemachine";
shares = {
"3d_printer" = {
public = true;
sharePath = "/media/nas/main/3d_printer";
};
Backup = {
public = true;
sharePath = "/media/nas/main/backup";
};
Documents = {
public = true;
sharePath = "/media/nas/main/documents";
};
isos = {
public = true;
sharePath = "/media/nas/main/isos";
};
TimeMachine = {
public = false;
sharePath = "/media/nas/main/timemachine";
enableTimeMachine = true;
timeMachineMaxSize = "1T";
};
app_data = {
public = true;
sharePath = "/media/nas/ssd/ssd_app_data";
};
nix-config = {
public = true;
sharePath = "/home/matt/nix-config";
};
};
};
}

204
hosts/nas/services.nix Normal file
View File

@@ -0,0 +1,204 @@
{
inputs,
outputs,
config,
lib,
pkgs,
...
}:
let
enableDisplayManager = false;
hostname = "jallen-nas";
in
{
# Services configs
services = {
udisks2.enable = true;
# Enable the X11 windowing system.
xserver = {
enable = enableDisplayManager;
# Enable the Plasma 6 Desktop Environment.
desktopManager.plasma5.enable = enableDisplayManager;
};
displayManager = {
sddm.enable = enableDisplayManager;
#defaultSession = "plasma";
};
# Set to enable Flatpak
flatpak.enable = false;
# Enable RDP
xrdp = {
enable = enableDisplayManager;
defaultWindowManager = "startplasma-x11";
openFirewall = enableDisplayManager;
};
avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
extraServiceFiles = {
# TODO is this needed?
smb = ''
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
'';
};
};
apcupsd = {
enable = true;
};
grafana = {
enable = true;
settings.server = {
http_port = 2342;
domain = hostname;
serve_from_sub_path = true;
http_addr = "";
};
dataDir = "/media/nas/ssd/nix-app-data/grafana";
};
prometheus = {
enable = true;
port = 9001;
exporters = {
node = {
enable = true;
enabledCollectors = [
"diskstats"
"systemd"
];
port = 9002;
};
smartctl = {
enable = true;
group = "disk";
devices = [
"/dev/sda"
"/dev/sdb"
"/dev/sdc"
"/dev/sdd"
"/dev/sde"
"/dev/sdf"
"/dev/sdg"
"/dev/sdh"
"/dev/sdi"
"/dev/nvme0n1"
"/dev/nvme1n1"
];
};
};
scrapeConfigs = [
{
job_name = hostname;
static_configs = [
{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
"127.0.0.1:${toString config.services.prometheus.exporters.smartctl.port}"
];
}
];
}
];
};
tailscale = {
enable = true;
openFirewall = true;
useRoutingFeatures = "client";
extraUpFlags = [ "--advertise-exit-node" ];
};
btrfs = {
autoScrub.enable = true;
autoScrub.fileSystems = [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
"/media/nas/ssd/nix-app-data"
"/media/nas/ssd/ssd_app_data"
"/media/nas/ssd/mariadb"
"/media/nas/main/3d_printer"
"/media/nas/main/backup"
"/media/nas/main/documents"
"/media/nas/main/nextcloud"
"/media/nas/main/movies"
"/media/nas/main/tv"
"/media/nas/main/isos"
];
};
};
systemd.services = {
tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = [
"network-pre.target"
"tailscale.service"
];
wants = [
"network-pre.target"
"tailscale.service"
];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig.Type = "oneshot";
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up -authkey nodekey:e4557e761f8fa2cb51a189d32484092036d3954b61502b7e19688869a5107707
'';
};
glances-server = {
path = [
pkgs.bash
pkgs.glances
];
script = ''
glances -w
'';
wantedBy = [ "multi-user.target" ];
};
};
}

59
hosts/nas/ups.nix Normal file
View File

@@ -0,0 +1,59 @@
{
inputs,
outputs,
config,
lib,
pkgs,
...
}:
let
enableUps = true;
upsmonCmd = "nasups@localhost 1 upsuser BogieDudie1 primary";
upsName = "nasups";
in
{
power.ups = {
ups = {
enable = enableUps;
mode = "netserver";
ups.upsName = {
driver = "usbhid-ups";
port = "auto";
description = "NAS UPS";
};
upsmon = {
monitor = upsmonCmd;
};
upsd = {
enable = enableUps;
listen = {
address = 0.0 0.0 0.0;
port = 3493;
};
};
# users = {
# actions = [ "SET" ];
# instcmds = [ "ALL" ];
##* upsmon = "primary";
# passwordFile = "/home/matt/ups.conf";
# };
};
# Add UPS monitoring service
upsmon = {
enable = true;
# Configure UPS device
device = "/dev/usb/hiddev1"; # Change this to your UPS device
driver = "usbhid-ups"; # Change this if your UPS uses a different driver
# Set UPS monitoring options
options = {
# NOTIFYCMD = "/path/to/notify-script.sh"; # Path to your notification script
POLLFREQ = 5;
POLLFREQALERT = 5;
HOSTSYNC = "on";
DEADTIME = 15;
FINALDELAY = 5;
};
};
};
}

132
hosts/pi4/hardware-configuration.nix
View File

@@ -1,74 +1,88 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"uas"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/1DE6-4D02";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot/firmware" =
{ device = "/dev/disk/by-uuid/1BE6-CB10";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot/uefi" =
{ device = "/dev/disk/by-uuid/1BE3-8523";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
fsType = "btrfs";
options = [ "subvol=etc" ];
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
fsType = "btrfs";
options = [ "subvol=root" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
fsType = "btrfs";
options = [ "subvol=log" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
fsType = "btrfs";
options = [ "subvol=home" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/8b5640bb-2fbf-4e69-9504-fb9508d49f01"; }
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1DE6-4D02";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
fileSystems."/boot/firmware" = {
device = "/dev/disk/by-uuid/1BE6-CB10";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
fileSystems."/boot/uefi" = {
device = "/dev/disk/by-uuid/1BE3-8523";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/etc" = {
device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
fsType = "btrfs";
options = [ "subvol=etc" ];
};
fileSystems."/root" = {
device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
fsType = "btrfs";
options = [ "subvol=root" ];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
fsType = "btrfs";
options = [ "subvol=log" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
fsType = "btrfs";
options = [ "subvol=home" ];
};
swapDevices = [ { device = "/dev/disk/by-uuid/8b5640bb-2fbf-4e69-9504-fb9508d49f01"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

7
modules/apps/collabora/default.nix
View File

@@ -15,7 +15,10 @@ in
virtualisation.oci-containers.containers."${cfg.name}" = {
autoStart = cfg.autoStart;
image = cfg.image;
extraOptions = [ "--cap-add=MKNOD" "--privileged" ];
extraOptions = [
"--cap-add=MKNOD"
"--privileged"
];
ports = [ "${cfg.port}:9980" ];
volumes = [
# ...
@@ -29,7 +32,7 @@ in
domain = "office.mjallen.dev";
aliasgroup1 = "https://cloud\.mjallen\.dev:443";
aliasgroup2 = "https://cloud\.mjallen\.dev:443";
# DONT_GEN_SSL_CERT = cfg.dontGenSslCert;
# DONT_GEN_SSL_CERT = cfg.dontGenSslCert;
server_name = cfg.serverName;
dictionaries = cfg.dictionaries;
extra_params = cfg.extraParams;

4
modules/apps/mealie/default.nix
View File

@@ -16,9 +16,7 @@ in
autoStart = cfg.autoStart;
image = cfg.image;
ports = [ "${cfg.port}:9000" ];
volumes = [
"${cfg.dataPath}:/app/data"
];
volumes = [ "${cfg.dataPath}:/app/data" ];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;

4
modules/apps/ollama/default.nix
View File

@@ -17,9 +17,7 @@ in
autoStart = true;
image = cfg.image;
extraOptions = [ "--device=nvidia.com/gpu=0" ];
volumes = [
"${cfg.configPath}:/root/.ollama"
];
volumes = [ "${cfg.configPath}:/root/.ollama" ];
ports = [ "${cfg.port}:11434" ];
environment = {
NVIDIA_VISIBLE_DEVICES = "all";

4
modules/apps/redis/default.nix
View File

@@ -20,9 +20,7 @@ in
"--requirepass"
"BogieDudie1"
];
ports = [
"6379:6379"
];
ports = [ "6379:6379" ];
};
};
}

5
modules/apps/tdarr/default.nix
View File

@@ -25,7 +25,10 @@ in
"${cfg.moviesPath}:/data/movies"
"${cfg.tvPath}:/data/tv"
];
ports = [ "${cfg.serverPort}:8266" "${cfg.webUIPort}:8265" ];
ports = [
"${cfg.serverPort}:8266"
"${cfg.webUIPort}:8265"
];
environment = {
serverPort = "8266";
webUIPort = "8265";