diff --git a/hosts/default.nix b/hosts/default.nix
index 1ac8824..ad043e2 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -98,14 +98,14 @@ in
# Security config
security = {
-
+
wrappers."mount.nfs" = {
setuid = true;
owner = "root";
group = "root";
source = "${pkgs.nfs-utils.out}/bin/mount.nfs";
};
-
+
rtkit.enable = lib.mkDefault true;
# configure sudo
diff --git a/hosts/desktop/boot.nix b/hosts/desktop/boot.nix
index a29902a..0abb0ec 100644
--- a/hosts/desktop/boot.nix
+++ b/hosts/desktop/boot.nix
@@ -1,4 +1,10 @@
-{ config, lib, outputs, pkgs, ... }:
+{
+ config,
+ lib,
+ outputs,
+ pkgs,
+ ...
+}:
{
# Configure bootloader with lanzaboot and secureboot
boot = {
@@ -27,14 +33,14 @@
# Override kernel to latest
kernelPackages = pkgs.linuxPackages_latest;
- kernelParams = [
+ kernelParams = [
"quiet"
# needed cause ssd powersaving is broken af I guess
"nvme_core.default_ps_max_latency_us=0"
- "pcie_aspm=off"
- ];
+ "pcie_aspm=off"
+ ];
consoleLogLevel = 3;
bootspec.enable = true;
};
-}
\ No newline at end of file
+}
diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix
index cf49868..a0761e3 100644
--- a/hosts/desktop/configuration.nix
+++ b/hosts/desktop/configuration.nix
@@ -115,11 +115,15 @@ in
systemd.services = {
fix-wifi = {
- path = [ pkgs.bash pkgs.networkmanager pkgs.kmod ];
+ path = [
+ pkgs.bash
+ pkgs.networkmanager
+ pkgs.kmod
+ ];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
- Type="oneshot";
+ Type = "oneshot";
ExecStart = [ "${resetNetworkScript}/bin/reset-network" ];
};
};
@@ -138,6 +142,7 @@ in
# Enable Network Manager
networkmanager.enable = true;
+ networkmanager.wifi.powersave = false;
networkmanager.settings.connectivity.uri = "http://nmcheck.gnome.org/check_network_status.txt";
};
@@ -165,6 +170,7 @@ in
aspellDicts.en-science
borgbackup
clinfo
+ direnv
efibootmgr
gparted
grsync
@@ -185,7 +191,7 @@ in
# native wayland support (unstable)
wineWowPackages.waylandFull
];
-
+
sessionVariables = {
STEAM_FORCE_DESKTOPUI_SCALING = "1";
};
diff --git a/hosts/desktop/filesystems.nix b/hosts/desktop/filesystems.nix
index fe31915..1241173 100644
--- a/hosts/desktop/filesystems.nix
+++ b/hosts/desktop/filesystems.nix
@@ -1,4 +1,10 @@
-{ config, lib, outputs, pkgs, ... }:
+{
+ config,
+ lib,
+ outputs,
+ pkgs,
+ ...
+}:
{
fileSystems."/media/nas/backup" = {
device = "//10.0.1.18/Backup";
@@ -44,4 +50,4 @@
"gid=wheel"
];
};
-}
\ No newline at end of file
+}
diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix
index 87608d2..a9c4afc 100644
--- a/hosts/desktop/home.nix
+++ b/hosts/desktop/home.nix
@@ -107,7 +107,10 @@
"org/gnome/desktop/peripherals/mouse".accel-profile = "flat";
"org/gnome/desktop/peripherals/touchpad".two-finger-scrolling-enabled = true;
"org/gnome/desktop/peripherals/touchpad".tap-to-click = true;
- "org/gnome/mutter".experimental-features = [ "scale-monitor-framebuffer" "variable-refresh-rate" ];
+ "org/gnome/mutter".experimental-features = [
+ "scale-monitor-framebuffer"
+ "variable-refresh-rate"
+ ];
"org/gnome/tweaks".show-extensions-notice = false;
"org/gnome/shell".enabled-extensions = [
"appindicatorsupport@rgcjonas.gmail.com"
diff --git a/hosts/mac-nixos/configuration.nix b/hosts/mac-nixos/configuration.nix
index 4ea4033..9aa0c35 100644
--- a/hosts/mac-nixos/configuration.nix
+++ b/hosts/mac-nixos/configuration.nix
@@ -46,7 +46,7 @@
# Enable the Plasma 6 Desktop Environment.
displayManager.gdm.enable = false;
};
-
+
displayManager.sddm.enable = true;
desktopManager.plasma6.enable = true;
@@ -92,7 +92,7 @@
];
environment.sessionVariables = rec {
- DBX_CONTAINER_MANAGER = "podman";
+ DBX_CONTAINER_MANAGER = "podman";
};
# Copy the NixOS configuration file and link it from the resulting system
diff --git a/hosts/nas/apps.nix b/hosts/nas/apps.nix
new file mode 100644
index 0000000..2985b8e
--- /dev/null
+++ b/hosts/nas/apps.nix
@@ -0,0 +1,63 @@
+{
+ inputs,
+ outputs,
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+{
+ nas-apps = {
+ collabora.enable = true;
+
+ deluge.enable = true;
+
+ homarr.enable = true;
+
+ homepage.enable = false;
+
+ jackett.enable = true;
+
+ jellyfin.enable = true;
+
+ jellyseerr.enable = true;
+
+ mariadb.enable = true;
+
+ mealie = {
+ enable = true;
+ baseUrl = "https://mealie.mjallen.dev";
+ maxConcurrency = "4";
+ maxWorkers = "4";
+ allowSignup = "false";
+ };
+
+ nextcloud = {
+ enable = true;
+ httpPort = "9981";
+ httpsPort = "9443";
+ };
+
+ ollama.enable = true;
+
+ onlyoffice.enable = false;
+
+ open-webui.enable = true;
+
+ orca-slicer.enable = true;
+
+ radarr.enable = true;
+
+ redis.enable = true;
+
+ sabnzbd.enable = true;
+
+ sonarr.enable = true;
+
+ swag.enable = true;
+
+ tdarr.enable = true;
+
+ vscode.enable = true;
+ };
+}
diff --git a/hosts/nas/boot.nix b/hosts/nas/boot.nix
new file mode 100644
index 0000000..845d817
--- /dev/null
+++ b/hosts/nas/boot.nix
@@ -0,0 +1,52 @@
+{
+ inputs,
+ outputs,
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+let
+ configLimit = 5;
+ kernel = pkgs.linuxPackages_latest;
+in
+{
+ # Configure bootloader with lanzaboot and secureboot
+ boot = {
+ loader = {
+ systemd-boot = {
+ enable = true;
+ configurationLimit = configLimit;
+ };
+
+ efi = {
+ canTouchEfiVariables = true;
+ efiSysMountPoint = "/boot";
+ };
+ };
+
+ # Override kernel to latest
+ kernelPackages = kernel;
+
+ kernelParams = [
+ "nohibernate"
+ "amd_pstate=active"
+ ];
+
+ consoleLogLevel = 3;
+ bootspec.enable = true;
+
+ initrd = {
+ kernelModules = [
+ "tpm"
+ "tpm_tis"
+ "tpm_crb"
+ "tpm_infineon"
+ ];
+ systemd = {
+ enable = true;
+ enableTpm2 = true;
+ };
+ };
+ };
+}
diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix
index cef9f79..f46013f 100755
--- a/hosts/nas/configuration.nix
+++ b/hosts/nas/configuration.nix
@@ -13,23 +13,18 @@
let
user = "admin";
password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
- hostname = "jallen-nas";
- allowedPorts = [
- 2342
- 3493
- 61208
- 9090
-# config.services.tailscale.port
-# 22
- ];
- enableDisplayManager = false;
- # adding a flag cause nixos cant figure itself out and broke shit that cant be fixed
- enableUps = false;
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
+ ./filesystems.nix
+ ./boot.nix
+ ./apps.nix
+ ./networking.nix
+ ./ups.nix
+ ./samba.nix
+ ./services.nix
../default.nix
];
@@ -47,100 +42,6 @@ in
nix.settings.trusted-users = [ "@wheel" ];
powerManagement.cpuFreqGovernor = "powersave";
- nas-apps = {
- collabora.enable = true;
-
- deluge.enable = true;
-
- homarr.enable = true;
-
- homepage.enable = false;
-
- jackett.enable = true;
-
- jellyfin.enable = true;
-
- jellyseerr.enable = true;
-
- mariadb.enable = true;
-
- mealie = {
- enable = true;
- baseUrl = "https://mealie.mjallen.dev";
- maxConcurrency = "4";
- maxWorkers = "4";
- allowSignup = "false";
- };
-
- nextcloud = {
- enable = true;
- httpPort = "9981";
- httpsPort = "9443";
- };
-
- ollama.enable = true;
-
- onlyoffice.enable = false;
-
- open-webui.enable = true;
-
- orca-slicer.enable = true;
-
- radarr.enable = true;
-
- redis.enable = true;
-
- sabnzbd.enable = true;
-
- sonarr.enable = true;
-
- swag.enable = true;
-
- tdarr.enable = true;
-
- vscode.enable = true;
- };
-
- nas-samba = {
- enable = true;
- hostsAllow = "10.0.1.";
- enableTimeMachine = true;
- timeMachinePath = "/media/nas/main/timemachine";
-
- shares = {
- "3d_printer" = {
- public = true;
- sharePath = "/media/nas/main/3d_printer";
- };
- Backup = {
- public = true;
- sharePath = "/media/nas/main/backup";
- };
- Documents = {
- public = true;
- sharePath = "/media/nas/main/documents";
- };
- isos = {
- public = true;
- sharePath = "/media/nas/main/isos";
- };
- TimeMachine = {
- public = false;
- sharePath = "/media/nas/main/timemachine";
- enableTimeMachine = true;
- timeMachineMaxSize = "1T";
- };
- app_data = {
- public = true;
- sharePath = "/media/nas/ssd/ssd_app_data";
- };
- nix-config = {
- public = true;
- sharePath = "/home/matt/nix-config";
- };
- };
- };
-
share.hardware.nvidia = {
enable = true;
enableBeta = false;
@@ -149,274 +50,15 @@ in
enableNvidiaDocker = true;
};
- # Configure bootloader with lanzaboot and secureboot
- boot = {
- loader = {
- systemd-boot = {
- enable = true;
- configurationLimit = 5;
- };
-
- efi = {
- canTouchEfiVariables = true;
- efiSysMountPoint = "/boot";
- };
- };
-
- # Override kernel to latest
- kernelPackages = pkgs.linuxPackages_latest;
-
- kernelParams = [
- "nohibernate"
- "amd_pstate=active"
- ];
-
- consoleLogLevel = 3;
- bootspec.enable = true;
-
- initrd = {
- kernelModules = [ "tpm" "tpm_tis" "tpm_crb" "tpm_infineon" ];
- systemd = {
- enable = true;
- enableTpm2 = true;
- };
- };
- };
-
security.tpm2 = {
enable = true;
};
- # Services configs
- services = {
- udisks2.enable = true;
-
- # Enable the X11 windowing system.
- xserver = {
- enable = enableDisplayManager;
-
- # Enable the Plasma 6 Desktop Environment.
- desktopManager.plasma5.enable = enableDisplayManager;
- };
-
- displayManager = {
- sddm.enable = enableDisplayManager;
- #defaultSession = "plasma";
- };
-
- # Set to enable Flatpak
- flatpak.enable = false;
-
- # Enable RDP
- xrdp = {
- enable = enableDisplayManager;
- defaultWindowManager = "startplasma-x11";
- openFirewall = enableDisplayManager;
- };
-
- avahi = {
- enable = true;
- nssmdns4 = true;
- publish = {
- enable = true;
- addresses = true;
- domain = true;
- hinfo = true;
- userServices = true;
- workstation = true;
- };
- extraServiceFiles = {
- # TODO is this needed?
- smb = ''
-
-
-
- %h
-
- _smb._tcp
- 445
-
-
- '';
- };
- };
-
- apcupsd = {
- enable = true;
- };
-
- grafana = {
- enable = true;
- settings.server = {
- http_port = 2342;
- domain = hostname;
- serve_from_sub_path = true;
- http_addr = "";
- };
- dataDir = "/media/nas/ssd/nix-app-data/grafana";
- };
-
- prometheus = {
- enable = true;
- port = 9001;
- exporters = {
- node = {
- enable = true;
- enabledCollectors = [
- "diskstats"
- "systemd"
- ];
- port = 9002;
- };
- smartctl = {
- enable = true;
- group = "disk";
- devices = [
- "/dev/sda"
- "/dev/sdb"
- "/dev/sdc"
- "/dev/sdd"
- "/dev/sde"
- "/dev/sdf"
- "/dev/sdg"
- "/dev/sdh"
- "/dev/sdi"
- "/dev/nvme0n1"
- "/dev/nvme1n1"
- ];
- };
- };
-
- scrapeConfigs = [
- {
- job_name = hostname;
- static_configs = [
- {
- targets = [
- "127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
- "127.0.0.1:${toString config.services.prometheus.exporters.smartctl.port}"
- ];
- }
- ];
- }
- ];
- };
-
- tailscale = {
- enable = true;
- openFirewall = true;
- useRoutingFeatures = "client";
- extraUpFlags = [ "--advertise-exit-node" ];
- };
-
- btrfs = {
- autoScrub.enable = true;
- autoScrub.fileSystems = [
- "/nix"
- "/root"
- "/etc"
- "/var/log"
- "/home"
- "/media/nas/ssd/nix-app-data"
- "/media/nas/ssd/ssd_app_data"
- "/media/nas/ssd/mariadb"
- "/media/nas/main/3d_printer"
- "/media/nas/main/backup"
- "/media/nas/main/documents"
- "/media/nas/main/nextcloud"
- "/media/nas/main/movies"
- "/media/nas/main/tv"
- "/media/nas/main/isos"
- ];
- };
- };
-
- systemd.services = {
-
- tailscale-autoconnect = {
- description = "Automatic connection to Tailscale";
-
- # make sure tailscale is running before trying to connect to tailscale
- after = [ "network-pre.target" "tailscale.service" ];
- wants = [ "network-pre.target" "tailscale.service" ];
- wantedBy = [ "multi-user.target" ];
-
- # set this service as a oneshot job
- serviceConfig.Type = "oneshot";
-
- # have the job run this shell script
- script = with pkgs; ''
- # wait for tailscaled to settle
- sleep 2
-
- # check if we are already authenticated to tailscale
- status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
- if [ $status = "Running" ]; then # if so, then do nothing
- exit 0
- fi
-
- # otherwise authenticate with tailscale
- ${tailscale}/bin/tailscale up -authkey nodekey:e4557e761f8fa2cb51a189d32484092036d3954b61502b7e19688869a5107707
- '';
- };
-
- glances-server = {
- path = [
- pkgs.bash
- pkgs.glances
- ];
- script = ''
- glances -w
- '';
- wantedBy = [ "multi-user.target" ];
- };
- };
-
- # Networking configs enp7s0
- networking = {
- hostName = hostname;
-
- hostId = "4b501480";
-
- # Enable Network Manager
- networkmanager.enable = false;
-
- interfaces = {
- wlp6s0.ipv4.addresses = [ {
- address = "10.0.1.18";
- prefixLength = 24;
- } ];
- };
-
- defaultGateway.address = "10.0.1.1";
- nameservers = [ "10.0.1.1" ];
-
- wireless = {
- enable = true;
- networks = {
- "Joey’s Jungle" = {
- psk = "kR8v&3Qd";
- };
- };
- };
-
- firewall = {
- enable = true;
- allowPing = true;
- extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed?
- allowedTCPPorts = allowedPorts;
- allowedUDPPorts = allowedPorts;
-
- # always allow traffic from your Tailscale network
- trustedInterfaces = [ "tailscale0" ];
- };
- };
-
# Configure environment
environment = {
-# etc."nut/upsd.conf".source = /home/matt/upsd.conf;
-# etc."nut/upsd.users".source = /home/matt/upsd.users;
-# etc."nut/upsmon.conf".source = /home/matt/upsmon.conf;
+ # etc."nut/upsd.conf".source = /home/matt/upsd.conf;
+ # etc."nut/upsd.users".source = /home/matt/upsd.users;
+ # etc."nut/upsmon.conf".source = /home/matt/upsmon.conf;
etc.crypttab.text = ''
ssd1 UUID=eff4b19c-aba7-41ab-b452-a8c6654d8754 none tpm2-device=auto
@@ -481,51 +123,6 @@ in
screen.enable = true;
};
- power.ups = {
- ups = {
- enable = enableUps;
- mode = "netserver";
- ups."nasups" = {
- driver = "usbhid-ups";
- port = "auto";
- description = "NAS UPS";
- };
- upsmon = {
- monitor = "nasups@localhost 1 upsuser BogieDudie1 primary";
- };
- upsd = {
- enable = enableUps;
- listen = {
- address = 0.0 0.0 0.0;
- port = 3493;
- };
- };
-# users = {
-# actions = [ "SET" ];
-# instcmds = [ "ALL" ];
-##* upsmon = "primary";
-# passwordFile = "/home/matt/ups.conf";
-# };
- };
-
- # Add UPS monitoring service
- upsmon = {
- enable = true;
- # Configure UPS device
- device = "/dev/usb/hiddev1"; # Change this to your UPS device
- driver = "usbhid-ups"; # Change this if your UPS uses a different driver
- # Set UPS monitoring options
- options = {
- # NOTIFYCMD = "/path/to/notify-script.sh"; # Path to your notification script
- POLLFREQ = 5;
- POLLFREQALERT = 5;
- HOSTSYNC = "on";
- DEADTIME = 15;
- FINALDELAY = 5;
- };
- };
- };
-
# Configure nixpkgs
nixpkgs = {
overlays = [ outputs.overlays.nixpkgs-unstable ];
@@ -616,159 +213,6 @@ in
libvirtd.enable = true;
};
- fileSystems."/media/nas/ssd/nix-app-data" = {
- device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
- fsType = "btrfs";
- options = [
- "subvol=nix-app-data"
- "compress=zstd"
- ];
- };
-
- fileSystems."/media/nas/ssd/ssd_app_data" = {
- device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
- fsType = "btrfs";
- options = [
- "subvol=ssd_app_data"
- "compress=zstd"
- ];
- };
-
- fileSystems."/media/nas/ssd/mariadb" = {
- device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
- fsType = "btrfs";
- options = [
- "subvol=mariadb"
- "compress=zstd"
- ];
- };
-
- fileSystems."/media/nas/ssd/VMs" = {
- device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
- fsType = "btrfs";
- options = [
- "subvol=VMs"
- "compress=zstd"
- ];
- };
-
- fileSystems."/media/nas/main/3d_printer" = {
- device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
- fsType = "btrfs";
- options = [
- "subvol=3d_printer"
- "compress=zstd"
- ];
- };
-
- fileSystems."/media/nas/main/backup" = {
- device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
- fsType = "btrfs";
- options = [
- "subvol=backup"
- "compress=zstd"
- ];
- };
-
- fileSystems."/media/nas/main/books" = {
- device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
- fsType = "btrfs";
- options = [
- "subvol=books"
- "compress=zstd"
- ];
- };
-
- fileSystems."/media/nas/main/documents" = {
- device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
- fsType = "btrfs";
- options = [
- "subvol=documents"
- "compress=zstd"
- ];
- };
-
- fileSystems."/media/nas/main/homeassistant" = {
- device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
- fsType = "btrfs";
- options = [
- "subvol=homeassistant"
- "compress=zstd"
- ];
- };
-
- fileSystems."/media/nas/main/isos" = {
- device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
- fsType = "btrfs";
- options = [
- "subvol=isos"
- "compress=zstd"
- ];
- };
-
- fileSystems."/media/nas/main/movies" = {
- device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
- fsType = "btrfs";
- options = [
- "subvol=movies"
- "compress=zstd"
- ];
- };
-
- fileSystems."/media/nas/main/nextcloud" = {
- device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
- fsType = "btrfs";
- options = [
- "subvol=nextcloud"
- "compress=zstd"
- ];
- };
-
- fileSystems."/media/nas/main/photos" = {
- device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
- fsType = "btrfs";
- options = [
- "subvol=photos"
- "compress=zstd"
- ];
- };
-
- fileSystems."/media/nas/main/switch" = {
- device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
- fsType = "btrfs";
- options = [
- "subvol=switch"
- "compress=zstd"
- ];
- };
-
- fileSystems."/media/nas/main/tv" = {
- device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
- fsType = "btrfs";
- options = [
- "subvol=tv"
- "compress=zstd"
- ];
- };
-
- fileSystems."/media/nas/main/timemachine" = {
- device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
- fsType = "btrfs";
- options = [
- "subvol=timemachine"
- "compress=zstd"
- ];
- };
-
- # fileSystems."/media/nas/main/vms" = {
- # device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
- # fsType = "btrfs";
- # options = [
- # "subvol=vms"
- # "compress=zstd"
- # ];
- # };
-
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
diff --git a/hosts/nas/filesystems.nix b/hosts/nas/filesystems.nix
new file mode 100644
index 0000000..6d2a1a7
--- /dev/null
+++ b/hosts/nas/filesystems.nix
@@ -0,0 +1,120 @@
+{
+ inputs,
+ config,
+ lib,
+ outputs,
+ pkgs,
+ ...
+}:
+let
+ btrfsOptions = [
+ "subvol=nix-app-data"
+ "compress=zstd"
+ ];
+in
+{
+ fileSystems."/media/nas/ssd/nix-app-data" = {
+ device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
+ fsType = "btrfs";
+ options = [
+ "subvol=nix-app-data"
+ "compress=zstd"
+ ];
+ };
+
+ fileSystems."/media/nas/ssd/ssd_app_data" = {
+ device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
+ fsType = "btrfs";
+ options = btrfsOptions;
+ };
+
+ fileSystems."/media/nas/ssd/mariadb" = {
+ device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
+ fsType = "btrfs";
+ options = btrfsOptions;
+ };
+
+ fileSystems."/media/nas/ssd/VMs" = {
+ device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
+ fsType = "btrfs";
+ options = btrfsOptions;
+ };
+
+ fileSystems."/media/nas/main/3d_printer" = {
+ device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
+ fsType = "btrfs";
+ options = btrfsOptions;
+ };
+
+ fileSystems."/media/nas/main/backup" = {
+ device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
+ fsType = "btrfs";
+ options = btrfsOptions;
+ };
+
+ fileSystems."/media/nas/main/books" = {
+ device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
+ fsType = "btrfs";
+ options = btrfsOptions;
+ };
+
+ fileSystems."/media/nas/main/documents" = {
+ device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
+ fsType = "btrfs";
+ options = btrfsOptions;
+ };
+
+ fileSystems."/media/nas/main/homeassistant" = {
+ device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
+ fsType = "btrfs";
+ options = btrfsOptions;
+ };
+
+ fileSystems."/media/nas/main/isos" = {
+ device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
+ fsType = "btrfs";
+ options = btrfsOptions;
+ };
+
+ fileSystems."/media/nas/main/movies" = {
+ device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
+ fsType = "btrfs";
+ options = btrfsOptions;
+ };
+
+ fileSystems."/media/nas/main/nextcloud" = {
+ device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
+ fsType = "btrfs";
+ options = btrfsOptions;
+ };
+
+ fileSystems."/media/nas/main/photos" = {
+ device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
+ fsType = "btrfs";
+ options = btrfsOptions;
+ };
+
+ fileSystems."/media/nas/main/switch" = {
+ device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
+ fsType = "btrfs";
+ options = btrfsOptions;
+ };
+
+ fileSystems."/media/nas/main/tv" = {
+ device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
+ fsType = "btrfs";
+ options = btrfsOptions;
+ };
+
+ fileSystems."/media/nas/main/timemachine" = {
+ device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
+ fsType = "btrfs";
+ options = btrfsOptions;
+ };
+
+ # fileSystems."/media/nas/main/vms" = {
+ # device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
+ # fsType = "btrfs";
+ # options = btrfsOptions;
+ # };
+}
diff --git a/hosts/nas/networking.nix b/hosts/nas/networking.nix
new file mode 100644
index 0000000..fa1197a
--- /dev/null
+++ b/hosts/nas/networking.nix
@@ -0,0 +1,66 @@
+{
+ inputs,
+ outputs,
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+let
+ hostname = "jallen-nas";
+ ipAddress = "10.0.1.18";
+ gateway = "10.0.1.1";
+ ssid = "Joey’s Jungle";
+ password = "kR8v&3Qd";
+ allowedPorts = [
+ 2342
+ 3493
+ 61208
+ 9090
+ # config.services.tailscale.port
+ # 22
+ ];
+in
+{
+ # Networking configs enp7s0
+ networking = {
+ hostName = hostname;
+
+ hostId = "4b501480";
+
+ # Enable Network Manager
+ networkmanager.enable = false;
+
+ interfaces = {
+ wlp6s0.ipv4.addresses = [
+ {
+ address = ipAddress;
+ prefixLength = 24;
+ }
+ ];
+ };
+
+ defaultGateway.address = gateway;
+ nameservers = [ gateway ];
+
+ wireless = {
+ enable = true;
+ networks = {
+ ssid = {
+ psk = password;
+ };
+ };
+ };
+
+ firewall = {
+ enable = true;
+ allowPing = true;
+ extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed?
+ allowedTCPPorts = allowedPorts;
+ allowedUDPPorts = allowedPorts;
+
+ # always allow traffic from your Tailscale network
+ trustedInterfaces = [ "tailscale0" ];
+ };
+ };
+}
diff --git a/hosts/nas/samba.nix b/hosts/nas/samba.nix
new file mode 100644
index 0000000..8a38313
--- /dev/null
+++ b/hosts/nas/samba.nix
@@ -0,0 +1,49 @@
+{
+ inputs,
+ outputs,
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+{
+ nas-samba = {
+ enable = true;
+ hostsAllow = "10.0.1.";
+ enableTimeMachine = true;
+ timeMachinePath = "/media/nas/main/timemachine";
+
+ shares = {
+ "3d_printer" = {
+ public = true;
+ sharePath = "/media/nas/main/3d_printer";
+ };
+ Backup = {
+ public = true;
+ sharePath = "/media/nas/main/backup";
+ };
+ Documents = {
+ public = true;
+ sharePath = "/media/nas/main/documents";
+ };
+ isos = {
+ public = true;
+ sharePath = "/media/nas/main/isos";
+ };
+ TimeMachine = {
+ public = false;
+ sharePath = "/media/nas/main/timemachine";
+ enableTimeMachine = true;
+ timeMachineMaxSize = "1T";
+ };
+ app_data = {
+ public = true;
+ sharePath = "/media/nas/ssd/ssd_app_data";
+ };
+ nix-config = {
+ public = true;
+ sharePath = "/home/matt/nix-config";
+ };
+ };
+ };
+}
diff --git a/hosts/nas/services.nix b/hosts/nas/services.nix
new file mode 100644
index 0000000..d4e3a0a
--- /dev/null
+++ b/hosts/nas/services.nix
@@ -0,0 +1,204 @@
+{
+ inputs,
+ outputs,
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+let
+ enableDisplayManager = false;
+ hostname = "jallen-nas";
+in
+{
+ # Services configs
+ services = {
+ udisks2.enable = true;
+
+ # Enable the X11 windowing system.
+ xserver = {
+ enable = enableDisplayManager;
+
+ # Enable the Plasma 6 Desktop Environment.
+ desktopManager.plasma5.enable = enableDisplayManager;
+ };
+
+ displayManager = {
+ sddm.enable = enableDisplayManager;
+ #defaultSession = "plasma";
+ };
+
+ # Set to enable Flatpak
+ flatpak.enable = false;
+
+ # Enable RDP
+ xrdp = {
+ enable = enableDisplayManager;
+ defaultWindowManager = "startplasma-x11";
+ openFirewall = enableDisplayManager;
+ };
+
+ avahi = {
+ enable = true;
+ nssmdns4 = true;
+ publish = {
+ enable = true;
+ addresses = true;
+ domain = true;
+ hinfo = true;
+ userServices = true;
+ workstation = true;
+ };
+ extraServiceFiles = {
+ # TODO is this needed?
+ smb = ''
+
+
+
+ %h
+
+ _smb._tcp
+ 445
+
+
+ '';
+ };
+ };
+
+ apcupsd = {
+ enable = true;
+ };
+
+ grafana = {
+ enable = true;
+ settings.server = {
+ http_port = 2342;
+ domain = hostname;
+ serve_from_sub_path = true;
+ http_addr = "";
+ };
+ dataDir = "/media/nas/ssd/nix-app-data/grafana";
+ };
+
+ prometheus = {
+ enable = true;
+ port = 9001;
+ exporters = {
+ node = {
+ enable = true;
+ enabledCollectors = [
+ "diskstats"
+ "systemd"
+ ];
+ port = 9002;
+ };
+ smartctl = {
+ enable = true;
+ group = "disk";
+ devices = [
+ "/dev/sda"
+ "/dev/sdb"
+ "/dev/sdc"
+ "/dev/sdd"
+ "/dev/sde"
+ "/dev/sdf"
+ "/dev/sdg"
+ "/dev/sdh"
+ "/dev/sdi"
+ "/dev/nvme0n1"
+ "/dev/nvme1n1"
+ ];
+ };
+ };
+
+ scrapeConfigs = [
+ {
+ job_name = hostname;
+ static_configs = [
+ {
+ targets = [
+ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
+ "127.0.0.1:${toString config.services.prometheus.exporters.smartctl.port}"
+ ];
+ }
+ ];
+ }
+ ];
+ };
+
+ tailscale = {
+ enable = true;
+ openFirewall = true;
+ useRoutingFeatures = "client";
+ extraUpFlags = [ "--advertise-exit-node" ];
+ };
+
+ btrfs = {
+ autoScrub.enable = true;
+ autoScrub.fileSystems = [
+ "/nix"
+ "/root"
+ "/etc"
+ "/var/log"
+ "/home"
+ "/media/nas/ssd/nix-app-data"
+ "/media/nas/ssd/ssd_app_data"
+ "/media/nas/ssd/mariadb"
+ "/media/nas/main/3d_printer"
+ "/media/nas/main/backup"
+ "/media/nas/main/documents"
+ "/media/nas/main/nextcloud"
+ "/media/nas/main/movies"
+ "/media/nas/main/tv"
+ "/media/nas/main/isos"
+ ];
+ };
+ };
+
+ systemd.services = {
+
+ tailscale-autoconnect = {
+ description = "Automatic connection to Tailscale";
+
+ # make sure tailscale is running before trying to connect to tailscale
+ after = [
+ "network-pre.target"
+ "tailscale.service"
+ ];
+ wants = [
+ "network-pre.target"
+ "tailscale.service"
+ ];
+ wantedBy = [ "multi-user.target" ];
+
+ # set this service as a oneshot job
+ serviceConfig.Type = "oneshot";
+
+ # have the job run this shell script
+ script = with pkgs; ''
+ # wait for tailscaled to settle
+ sleep 2
+
+ # check if we are already authenticated to tailscale
+ status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
+ if [ $status = "Running" ]; then # if so, then do nothing
+ exit 0
+ fi
+
+ # otherwise authenticate with tailscale
+ ${tailscale}/bin/tailscale up -authkey nodekey:e4557e761f8fa2cb51a189d32484092036d3954b61502b7e19688869a5107707
+ '';
+ };
+
+ glances-server = {
+ path = [
+ pkgs.bash
+ pkgs.glances
+ ];
+ script = ''
+ glances -w
+ '';
+ wantedBy = [ "multi-user.target" ];
+ };
+ };
+}
diff --git a/hosts/nas/ups.nix b/hosts/nas/ups.nix
new file mode 100644
index 0000000..114a737
--- /dev/null
+++ b/hosts/nas/ups.nix
@@ -0,0 +1,59 @@
+{
+ inputs,
+ outputs,
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+let
+ enableUps = true;
+ upsmonCmd = "nasups@localhost 1 upsuser BogieDudie1 primary";
+ upsName = "nasups";
+in
+{
+ power.ups = {
+ ups = {
+ enable = enableUps;
+ mode = "netserver";
+ ups.upsName = {
+ driver = "usbhid-ups";
+ port = "auto";
+ description = "NAS UPS";
+ };
+ upsmon = {
+ monitor = upsmonCmd;
+ };
+ upsd = {
+ enable = enableUps;
+ listen = {
+ address = 0.0 0.0 0.0;
+ port = 3493;
+ };
+ };
+ # users = {
+ # actions = [ "SET" ];
+ # instcmds = [ "ALL" ];
+ ##* upsmon = "primary";
+ # passwordFile = "/home/matt/ups.conf";
+ # };
+ };
+
+ # Add UPS monitoring service
+ upsmon = {
+ enable = true;
+ # Configure UPS device
+ device = "/dev/usb/hiddev1"; # Change this to your UPS device
+ driver = "usbhid-ups"; # Change this if your UPS uses a different driver
+ # Set UPS monitoring options
+ options = {
+ # NOTIFYCMD = "/path/to/notify-script.sh"; # Path to your notification script
+ POLLFREQ = 5;
+ POLLFREQALERT = 5;
+ HOSTSYNC = "on";
+ DEADTIME = 15;
+ FINALDELAY = 5;
+ };
+ };
+ };
+}
diff --git a/hosts/pi4/hardware-configuration.nix b/hosts/pi4/hardware-configuration.nix
index 5291b0c..71ddd68 100644
--- a/hosts/pi4/hardware-configuration.nix
+++ b/hosts/pi4/hardware-configuration.nix
@@ -1,74 +1,88 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+}:
{
- imports =
- [ (modulesPath + "/installer/scan/not-detected.nix")
- ];
+ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
- boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ];
+ boot.initrd.availableKernelModules = [
+ "xhci_pci"
+ "uas"
+ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
- fileSystems."/" =
- { device = "none";
- fsType = "tmpfs";
- };
+ fileSystems."/" = {
+ device = "none";
+ fsType = "tmpfs";
+ };
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/1DE6-4D02";
- fsType = "vfat";
- options = [ "fmask=0022" "dmask=0022" ];
- };
-
- fileSystems."/boot/firmware" =
- { device = "/dev/disk/by-uuid/1BE6-CB10";
- fsType = "vfat";
- options = [ "fmask=0022" "dmask=0022" ];
- };
-
- fileSystems."/boot/uefi" =
- { device = "/dev/disk/by-uuid/1BE3-8523";
- fsType = "vfat";
- options = [ "fmask=0022" "dmask=0022" ];
- };
-
- fileSystems."/nix" =
- { device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
- fsType = "btrfs";
- options = [ "subvol=nix" ];
- };
-
- fileSystems."/etc" =
- { device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
- fsType = "btrfs";
- options = [ "subvol=etc" ];
- };
-
- fileSystems."/root" =
- { device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
- fsType = "btrfs";
- options = [ "subvol=root" ];
- };
-
- fileSystems."/var/log" =
- { device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
- fsType = "btrfs";
- options = [ "subvol=log" ];
- };
-
- fileSystems."/home" =
- { device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
- fsType = "btrfs";
- options = [ "subvol=home" ];
- };
-
- swapDevices =
- [ { device = "/dev/disk/by-uuid/8b5640bb-2fbf-4e69-9504-fb9508d49f01"; }
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/1DE6-4D02";
+ fsType = "vfat";
+ options = [
+ "fmask=0022"
+ "dmask=0022"
];
+ };
+
+ fileSystems."/boot/firmware" = {
+ device = "/dev/disk/by-uuid/1BE6-CB10";
+ fsType = "vfat";
+ options = [
+ "fmask=0022"
+ "dmask=0022"
+ ];
+ };
+
+ fileSystems."/boot/uefi" = {
+ device = "/dev/disk/by-uuid/1BE3-8523";
+ fsType = "vfat";
+ options = [
+ "fmask=0022"
+ "dmask=0022"
+ ];
+ };
+
+ fileSystems."/nix" = {
+ device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
+ fsType = "btrfs";
+ options = [ "subvol=nix" ];
+ };
+
+ fileSystems."/etc" = {
+ device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
+ fsType = "btrfs";
+ options = [ "subvol=etc" ];
+ };
+
+ fileSystems."/root" = {
+ device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
+ fsType = "btrfs";
+ options = [ "subvol=root" ];
+ };
+
+ fileSystems."/var/log" = {
+ device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
+ fsType = "btrfs";
+ options = [ "subvol=log" ];
+ };
+
+ fileSystems."/home" = {
+ device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a";
+ fsType = "btrfs";
+ options = [ "subvol=home" ];
+ };
+
+ swapDevices = [ { device = "/dev/disk/by-uuid/8b5640bb-2fbf-4e69-9504-fb9508d49f01"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
diff --git a/modules/apps/collabora/default.nix b/modules/apps/collabora/default.nix
index 5a04ebf..7e84419 100755
--- a/modules/apps/collabora/default.nix
+++ b/modules/apps/collabora/default.nix
@@ -15,7 +15,10 @@ in
virtualisation.oci-containers.containers."${cfg.name}" = {
autoStart = cfg.autoStart;
image = cfg.image;
- extraOptions = [ "--cap-add=MKNOD" "--privileged" ];
+ extraOptions = [
+ "--cap-add=MKNOD"
+ "--privileged"
+ ];
ports = [ "${cfg.port}:9980" ];
volumes = [
# ...
@@ -29,7 +32,7 @@ in
domain = "office.mjallen.dev";
aliasgroup1 = "https://cloud\.mjallen\.dev:443";
aliasgroup2 = "https://cloud\.mjallen\.dev:443";
-# DONT_GEN_SSL_CERT = cfg.dontGenSslCert;
+ # DONT_GEN_SSL_CERT = cfg.dontGenSslCert;
server_name = cfg.serverName;
dictionaries = cfg.dictionaries;
extra_params = cfg.extraParams;
diff --git a/modules/apps/mealie/default.nix b/modules/apps/mealie/default.nix
index 36c3f70..1763fff 100644
--- a/modules/apps/mealie/default.nix
+++ b/modules/apps/mealie/default.nix
@@ -16,9 +16,7 @@ in
autoStart = cfg.autoStart;
image = cfg.image;
ports = [ "${cfg.port}:9000" ];
- volumes = [
- "${cfg.dataPath}:/app/data"
- ];
+ volumes = [ "${cfg.dataPath}:/app/data" ];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
diff --git a/modules/apps/ollama/default.nix b/modules/apps/ollama/default.nix
index b1e5380..5e4c41d 100644
--- a/modules/apps/ollama/default.nix
+++ b/modules/apps/ollama/default.nix
@@ -17,9 +17,7 @@ in
autoStart = true;
image = cfg.image;
extraOptions = [ "--device=nvidia.com/gpu=0" ];
- volumes = [
- "${cfg.configPath}:/root/.ollama"
- ];
+ volumes = [ "${cfg.configPath}:/root/.ollama" ];
ports = [ "${cfg.port}:11434" ];
environment = {
NVIDIA_VISIBLE_DEVICES = "all";
diff --git a/modules/apps/redis/default.nix b/modules/apps/redis/default.nix
index f65c8a9..8396f6e 100644
--- a/modules/apps/redis/default.nix
+++ b/modules/apps/redis/default.nix
@@ -20,9 +20,7 @@ in
"--requirepass"
"BogieDudie1"
];
- ports = [
- "6379:6379"
- ];
+ ports = [ "6379:6379" ];
};
};
}
diff --git a/modules/apps/tdarr/default.nix b/modules/apps/tdarr/default.nix
index 7cac448..9f6dea7 100644
--- a/modules/apps/tdarr/default.nix
+++ b/modules/apps/tdarr/default.nix
@@ -25,7 +25,10 @@ in
"${cfg.moviesPath}:/data/movies"
"${cfg.tvPath}:/data/tv"
];
- ports = [ "${cfg.serverPort}:8266" "${cfg.webUIPort}:8265" ];
+ ports = [
+ "${cfg.serverPort}:8266"
+ "${cfg.webUIPort}:8265"
+ ];
environment = {
serverPort = "8266";
webUIPort = "8265";