From c5a9ff512c2ad1afbd657c3bb0dd473e330300d8 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Wed, 24 Jul 2024 21:43:55 -0500 Subject: [PATCH] formatting + organizing --- hosts/default.nix | 4 +- hosts/desktop/boot.nix | 16 +- hosts/desktop/configuration.nix | 12 +- hosts/desktop/filesystems.nix | 10 +- hosts/desktop/home.nix | 5 +- hosts/mac-nixos/configuration.nix | 4 +- hosts/nas/apps.nix | 63 +++ hosts/nas/boot.nix | 52 +++ hosts/nas/configuration.nix | 576 +-------------------------- hosts/nas/filesystems.nix | 120 ++++++ hosts/nas/networking.nix | 66 +++ hosts/nas/samba.nix | 49 +++ hosts/nas/services.nix | 204 ++++++++++ hosts/nas/ups.nix | 59 +++ hosts/pi4/hardware-configuration.nix | 132 +++--- modules/apps/collabora/default.nix | 7 +- modules/apps/mealie/default.nix | 4 +- modules/apps/ollama/default.nix | 4 +- modules/apps/redis/default.nix | 4 +- modules/apps/tdarr/default.nix | 5 +- 20 files changed, 744 insertions(+), 652 deletions(-) create mode 100644 hosts/nas/apps.nix create mode 100644 hosts/nas/boot.nix create mode 100644 hosts/nas/filesystems.nix create mode 100644 hosts/nas/networking.nix create mode 100644 hosts/nas/samba.nix create mode 100644 hosts/nas/services.nix create mode 100644 hosts/nas/ups.nix diff --git a/hosts/default.nix b/hosts/default.nix index 1ac8824..ad043e2 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -98,14 +98,14 @@ in # Security config security = { - + wrappers."mount.nfs" = { setuid = true; owner = "root"; group = "root"; source = "${pkgs.nfs-utils.out}/bin/mount.nfs"; }; - + rtkit.enable = lib.mkDefault true; # configure sudo diff --git a/hosts/desktop/boot.nix b/hosts/desktop/boot.nix index a29902a..0abb0ec 100644 --- a/hosts/desktop/boot.nix +++ b/hosts/desktop/boot.nix @@ -1,4 +1,10 @@ -{ config, lib, outputs, pkgs, ... }: +{ + config, + lib, + outputs, + pkgs, + ... +}: { # Configure bootloader with lanzaboot and secureboot boot = { @@ -27,14 +33,14 @@ # Override kernel to latest kernelPackages = pkgs.linuxPackages_latest; - kernelParams = [ + kernelParams = [ "quiet" # needed cause ssd powersaving is broken af I guess "nvme_core.default_ps_max_latency_us=0" - "pcie_aspm=off" - ]; + "pcie_aspm=off" + ]; consoleLogLevel = 3; bootspec.enable = true; }; -} \ No newline at end of file +} diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index cf49868..a0761e3 100644 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -115,11 +115,15 @@ in systemd.services = { fix-wifi = { - path = [ pkgs.bash pkgs.networkmanager pkgs.kmod ]; + path = [ + pkgs.bash + pkgs.networkmanager + pkgs.kmod + ]; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; serviceConfig = { - Type="oneshot"; + Type = "oneshot"; ExecStart = [ "${resetNetworkScript}/bin/reset-network" ]; }; }; @@ -138,6 +142,7 @@ in # Enable Network Manager networkmanager.enable = true; + networkmanager.wifi.powersave = false; networkmanager.settings.connectivity.uri = "http://nmcheck.gnome.org/check_network_status.txt"; }; @@ -165,6 +170,7 @@ in aspellDicts.en-science borgbackup clinfo + direnv efibootmgr gparted grsync @@ -185,7 +191,7 @@ in # native wayland support (unstable) wineWowPackages.waylandFull ]; - + sessionVariables = { STEAM_FORCE_DESKTOPUI_SCALING = "1"; }; diff --git a/hosts/desktop/filesystems.nix b/hosts/desktop/filesystems.nix index fe31915..1241173 100644 --- a/hosts/desktop/filesystems.nix +++ b/hosts/desktop/filesystems.nix @@ -1,4 +1,10 @@ -{ config, lib, outputs, pkgs, ... }: +{ + config, + lib, + outputs, + pkgs, + ... +}: { fileSystems."/media/nas/backup" = { device = "//10.0.1.18/Backup"; @@ -44,4 +50,4 @@ "gid=wheel" ]; }; -} \ No newline at end of file +} diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix index 87608d2..a9c4afc 100644 --- a/hosts/desktop/home.nix +++ b/hosts/desktop/home.nix @@ -107,7 +107,10 @@ "org/gnome/desktop/peripherals/mouse".accel-profile = "flat"; "org/gnome/desktop/peripherals/touchpad".two-finger-scrolling-enabled = true; "org/gnome/desktop/peripherals/touchpad".tap-to-click = true; - "org/gnome/mutter".experimental-features = [ "scale-monitor-framebuffer" "variable-refresh-rate" ]; + "org/gnome/mutter".experimental-features = [ + "scale-monitor-framebuffer" + "variable-refresh-rate" + ]; "org/gnome/tweaks".show-extensions-notice = false; "org/gnome/shell".enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" diff --git a/hosts/mac-nixos/configuration.nix b/hosts/mac-nixos/configuration.nix index 4ea4033..9aa0c35 100644 --- a/hosts/mac-nixos/configuration.nix +++ b/hosts/mac-nixos/configuration.nix @@ -46,7 +46,7 @@ # Enable the Plasma 6 Desktop Environment. displayManager.gdm.enable = false; }; - + displayManager.sddm.enable = true; desktopManager.plasma6.enable = true; @@ -92,7 +92,7 @@ ]; environment.sessionVariables = rec { - DBX_CONTAINER_MANAGER = "podman"; + DBX_CONTAINER_MANAGER = "podman"; }; # Copy the NixOS configuration file and link it from the resulting system diff --git a/hosts/nas/apps.nix b/hosts/nas/apps.nix new file mode 100644 index 0000000..2985b8e --- /dev/null +++ b/hosts/nas/apps.nix @@ -0,0 +1,63 @@ +{ + inputs, + outputs, + config, + lib, + pkgs, + ... +}: +{ + nas-apps = { + collabora.enable = true; + + deluge.enable = true; + + homarr.enable = true; + + homepage.enable = false; + + jackett.enable = true; + + jellyfin.enable = true; + + jellyseerr.enable = true; + + mariadb.enable = true; + + mealie = { + enable = true; + baseUrl = "https://mealie.mjallen.dev"; + maxConcurrency = "4"; + maxWorkers = "4"; + allowSignup = "false"; + }; + + nextcloud = { + enable = true; + httpPort = "9981"; + httpsPort = "9443"; + }; + + ollama.enable = true; + + onlyoffice.enable = false; + + open-webui.enable = true; + + orca-slicer.enable = true; + + radarr.enable = true; + + redis.enable = true; + + sabnzbd.enable = true; + + sonarr.enable = true; + + swag.enable = true; + + tdarr.enable = true; + + vscode.enable = true; + }; +} diff --git a/hosts/nas/boot.nix b/hosts/nas/boot.nix new file mode 100644 index 0000000..845d817 --- /dev/null +++ b/hosts/nas/boot.nix @@ -0,0 +1,52 @@ +{ + inputs, + outputs, + config, + lib, + pkgs, + ... +}: +let + configLimit = 5; + kernel = pkgs.linuxPackages_latest; +in +{ + # Configure bootloader with lanzaboot and secureboot + boot = { + loader = { + systemd-boot = { + enable = true; + configurationLimit = configLimit; + }; + + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; + }; + }; + + # Override kernel to latest + kernelPackages = kernel; + + kernelParams = [ + "nohibernate" + "amd_pstate=active" + ]; + + consoleLogLevel = 3; + bootspec.enable = true; + + initrd = { + kernelModules = [ + "tpm" + "tpm_tis" + "tpm_crb" + "tpm_infineon" + ]; + systemd = { + enable = true; + enableTpm2 = true; + }; + }; + }; +} diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index cef9f79..f46013f 100755 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -13,23 +13,18 @@ let user = "admin"; password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06"; - hostname = "jallen-nas"; - allowedPorts = [ - 2342 - 3493 - 61208 - 9090 -# config.services.tailscale.port -# 22 - ]; - enableDisplayManager = false; - # adding a flag cause nixos cant figure itself out and broke shit that cant be fixed - enableUps = false; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix + ./filesystems.nix + ./boot.nix + ./apps.nix + ./networking.nix + ./ups.nix + ./samba.nix + ./services.nix ../default.nix ]; @@ -47,100 +42,6 @@ in nix.settings.trusted-users = [ "@wheel" ]; powerManagement.cpuFreqGovernor = "powersave"; - nas-apps = { - collabora.enable = true; - - deluge.enable = true; - - homarr.enable = true; - - homepage.enable = false; - - jackett.enable = true; - - jellyfin.enable = true; - - jellyseerr.enable = true; - - mariadb.enable = true; - - mealie = { - enable = true; - baseUrl = "https://mealie.mjallen.dev"; - maxConcurrency = "4"; - maxWorkers = "4"; - allowSignup = "false"; - }; - - nextcloud = { - enable = true; - httpPort = "9981"; - httpsPort = "9443"; - }; - - ollama.enable = true; - - onlyoffice.enable = false; - - open-webui.enable = true; - - orca-slicer.enable = true; - - radarr.enable = true; - - redis.enable = true; - - sabnzbd.enable = true; - - sonarr.enable = true; - - swag.enable = true; - - tdarr.enable = true; - - vscode.enable = true; - }; - - nas-samba = { - enable = true; - hostsAllow = "10.0.1."; - enableTimeMachine = true; - timeMachinePath = "/media/nas/main/timemachine"; - - shares = { - "3d_printer" = { - public = true; - sharePath = "/media/nas/main/3d_printer"; - }; - Backup = { - public = true; - sharePath = "/media/nas/main/backup"; - }; - Documents = { - public = true; - sharePath = "/media/nas/main/documents"; - }; - isos = { - public = true; - sharePath = "/media/nas/main/isos"; - }; - TimeMachine = { - public = false; - sharePath = "/media/nas/main/timemachine"; - enableTimeMachine = true; - timeMachineMaxSize = "1T"; - }; - app_data = { - public = true; - sharePath = "/media/nas/ssd/ssd_app_data"; - }; - nix-config = { - public = true; - sharePath = "/home/matt/nix-config"; - }; - }; - }; - share.hardware.nvidia = { enable = true; enableBeta = false; @@ -149,274 +50,15 @@ in enableNvidiaDocker = true; }; - # Configure bootloader with lanzaboot and secureboot - boot = { - loader = { - systemd-boot = { - enable = true; - configurationLimit = 5; - }; - - efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "/boot"; - }; - }; - - # Override kernel to latest - kernelPackages = pkgs.linuxPackages_latest; - - kernelParams = [ - "nohibernate" - "amd_pstate=active" - ]; - - consoleLogLevel = 3; - bootspec.enable = true; - - initrd = { - kernelModules = [ "tpm" "tpm_tis" "tpm_crb" "tpm_infineon" ]; - systemd = { - enable = true; - enableTpm2 = true; - }; - }; - }; - security.tpm2 = { enable = true; }; - # Services configs - services = { - udisks2.enable = true; - - # Enable the X11 windowing system. - xserver = { - enable = enableDisplayManager; - - # Enable the Plasma 6 Desktop Environment. - desktopManager.plasma5.enable = enableDisplayManager; - }; - - displayManager = { - sddm.enable = enableDisplayManager; - #defaultSession = "plasma"; - }; - - # Set to enable Flatpak - flatpak.enable = false; - - # Enable RDP - xrdp = { - enable = enableDisplayManager; - defaultWindowManager = "startplasma-x11"; - openFirewall = enableDisplayManager; - }; - - avahi = { - enable = true; - nssmdns4 = true; - publish = { - enable = true; - addresses = true; - domain = true; - hinfo = true; - userServices = true; - workstation = true; - }; - extraServiceFiles = { - # TODO is this needed? - smb = '' - - - - %h - - _smb._tcp - 445 - - - ''; - }; - }; - - apcupsd = { - enable = true; - }; - - grafana = { - enable = true; - settings.server = { - http_port = 2342; - domain = hostname; - serve_from_sub_path = true; - http_addr = ""; - }; - dataDir = "/media/nas/ssd/nix-app-data/grafana"; - }; - - prometheus = { - enable = true; - port = 9001; - exporters = { - node = { - enable = true; - enabledCollectors = [ - "diskstats" - "systemd" - ]; - port = 9002; - }; - smartctl = { - enable = true; - group = "disk"; - devices = [ - "/dev/sda" - "/dev/sdb" - "/dev/sdc" - "/dev/sdd" - "/dev/sde" - "/dev/sdf" - "/dev/sdg" - "/dev/sdh" - "/dev/sdi" - "/dev/nvme0n1" - "/dev/nvme1n1" - ]; - }; - }; - - scrapeConfigs = [ - { - job_name = hostname; - static_configs = [ - { - targets = [ - "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" - "127.0.0.1:${toString config.services.prometheus.exporters.smartctl.port}" - ]; - } - ]; - } - ]; - }; - - tailscale = { - enable = true; - openFirewall = true; - useRoutingFeatures = "client"; - extraUpFlags = [ "--advertise-exit-node" ]; - }; - - btrfs = { - autoScrub.enable = true; - autoScrub.fileSystems = [ - "/nix" - "/root" - "/etc" - "/var/log" - "/home" - "/media/nas/ssd/nix-app-data" - "/media/nas/ssd/ssd_app_data" - "/media/nas/ssd/mariadb" - "/media/nas/main/3d_printer" - "/media/nas/main/backup" - "/media/nas/main/documents" - "/media/nas/main/nextcloud" - "/media/nas/main/movies" - "/media/nas/main/tv" - "/media/nas/main/isos" - ]; - }; - }; - - systemd.services = { - - tailscale-autoconnect = { - description = "Automatic connection to Tailscale"; - - # make sure tailscale is running before trying to connect to tailscale - after = [ "network-pre.target" "tailscale.service" ]; - wants = [ "network-pre.target" "tailscale.service" ]; - wantedBy = [ "multi-user.target" ]; - - # set this service as a oneshot job - serviceConfig.Type = "oneshot"; - - # have the job run this shell script - script = with pkgs; '' - # wait for tailscaled to settle - sleep 2 - - # check if we are already authenticated to tailscale - status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" - if [ $status = "Running" ]; then # if so, then do nothing - exit 0 - fi - - # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up -authkey nodekey:e4557e761f8fa2cb51a189d32484092036d3954b61502b7e19688869a5107707 - ''; - }; - - glances-server = { - path = [ - pkgs.bash - pkgs.glances - ]; - script = '' - glances -w - ''; - wantedBy = [ "multi-user.target" ]; - }; - }; - - # Networking configs enp7s0 - networking = { - hostName = hostname; - - hostId = "4b501480"; - - # Enable Network Manager - networkmanager.enable = false; - - interfaces = { - wlp6s0.ipv4.addresses = [ { - address = "10.0.1.18"; - prefixLength = 24; - } ]; - }; - - defaultGateway.address = "10.0.1.1"; - nameservers = [ "10.0.1.1" ]; - - wireless = { - enable = true; - networks = { - "Joey’s Jungle" = { - psk = "kR8v&3Qd"; - }; - }; - }; - - firewall = { - enable = true; - allowPing = true; - extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed? - allowedTCPPorts = allowedPorts; - allowedUDPPorts = allowedPorts; - - # always allow traffic from your Tailscale network - trustedInterfaces = [ "tailscale0" ]; - }; - }; - # Configure environment environment = { -# etc."nut/upsd.conf".source = /home/matt/upsd.conf; -# etc."nut/upsd.users".source = /home/matt/upsd.users; -# etc."nut/upsmon.conf".source = /home/matt/upsmon.conf; + # etc."nut/upsd.conf".source = /home/matt/upsd.conf; + # etc."nut/upsd.users".source = /home/matt/upsd.users; + # etc."nut/upsmon.conf".source = /home/matt/upsmon.conf; etc.crypttab.text = '' ssd1 UUID=eff4b19c-aba7-41ab-b452-a8c6654d8754 none tpm2-device=auto @@ -481,51 +123,6 @@ in screen.enable = true; }; - power.ups = { - ups = { - enable = enableUps; - mode = "netserver"; - ups."nasups" = { - driver = "usbhid-ups"; - port = "auto"; - description = "NAS UPS"; - }; - upsmon = { - monitor = "nasups@localhost 1 upsuser BogieDudie1 primary"; - }; - upsd = { - enable = enableUps; - listen = { - address = 0.0 0.0 0.0; - port = 3493; - }; - }; -# users = { -# actions = [ "SET" ]; -# instcmds = [ "ALL" ]; -##* upsmon = "primary"; -# passwordFile = "/home/matt/ups.conf"; -# }; - }; - - # Add UPS monitoring service - upsmon = { - enable = true; - # Configure UPS device - device = "/dev/usb/hiddev1"; # Change this to your UPS device - driver = "usbhid-ups"; # Change this if your UPS uses a different driver - # Set UPS monitoring options - options = { - # NOTIFYCMD = "/path/to/notify-script.sh"; # Path to your notification script - POLLFREQ = 5; - POLLFREQALERT = 5; - HOSTSYNC = "on"; - DEADTIME = 15; - FINALDELAY = 5; - }; - }; - }; - # Configure nixpkgs nixpkgs = { overlays = [ outputs.overlays.nixpkgs-unstable ]; @@ -616,159 +213,6 @@ in libvirtd.enable = true; }; - fileSystems."/media/nas/ssd/nix-app-data" = { - device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c"; - fsType = "btrfs"; - options = [ - "subvol=nix-app-data" - "compress=zstd" - ]; - }; - - fileSystems."/media/nas/ssd/ssd_app_data" = { - device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c"; - fsType = "btrfs"; - options = [ - "subvol=ssd_app_data" - "compress=zstd" - ]; - }; - - fileSystems."/media/nas/ssd/mariadb" = { - device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c"; - fsType = "btrfs"; - options = [ - "subvol=mariadb" - "compress=zstd" - ]; - }; - - fileSystems."/media/nas/ssd/VMs" = { - device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c"; - fsType = "btrfs"; - options = [ - "subvol=VMs" - "compress=zstd" - ]; - }; - - fileSystems."/media/nas/main/3d_printer" = { - device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; - fsType = "btrfs"; - options = [ - "subvol=3d_printer" - "compress=zstd" - ]; - }; - - fileSystems."/media/nas/main/backup" = { - device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; - fsType = "btrfs"; - options = [ - "subvol=backup" - "compress=zstd" - ]; - }; - - fileSystems."/media/nas/main/books" = { - device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; - fsType = "btrfs"; - options = [ - "subvol=books" - "compress=zstd" - ]; - }; - - fileSystems."/media/nas/main/documents" = { - device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; - fsType = "btrfs"; - options = [ - "subvol=documents" - "compress=zstd" - ]; - }; - - fileSystems."/media/nas/main/homeassistant" = { - device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; - fsType = "btrfs"; - options = [ - "subvol=homeassistant" - "compress=zstd" - ]; - }; - - fileSystems."/media/nas/main/isos" = { - device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; - fsType = "btrfs"; - options = [ - "subvol=isos" - "compress=zstd" - ]; - }; - - fileSystems."/media/nas/main/movies" = { - device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; - fsType = "btrfs"; - options = [ - "subvol=movies" - "compress=zstd" - ]; - }; - - fileSystems."/media/nas/main/nextcloud" = { - device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; - fsType = "btrfs"; - options = [ - "subvol=nextcloud" - "compress=zstd" - ]; - }; - - fileSystems."/media/nas/main/photos" = { - device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; - fsType = "btrfs"; - options = [ - "subvol=photos" - "compress=zstd" - ]; - }; - - fileSystems."/media/nas/main/switch" = { - device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; - fsType = "btrfs"; - options = [ - "subvol=switch" - "compress=zstd" - ]; - }; - - fileSystems."/media/nas/main/tv" = { - device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; - fsType = "btrfs"; - options = [ - "subvol=tv" - "compress=zstd" - ]; - }; - - fileSystems."/media/nas/main/timemachine" = { - device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; - fsType = "btrfs"; - options = [ - "subvol=timemachine" - "compress=zstd" - ]; - }; - - # fileSystems."/media/nas/main/vms" = { - # device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; - # fsType = "btrfs"; - # options = [ - # "subvol=vms" - # "compress=zstd" - # ]; - # }; - # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # diff --git a/hosts/nas/filesystems.nix b/hosts/nas/filesystems.nix new file mode 100644 index 0000000..6d2a1a7 --- /dev/null +++ b/hosts/nas/filesystems.nix @@ -0,0 +1,120 @@ +{ + inputs, + config, + lib, + outputs, + pkgs, + ... +}: +let + btrfsOptions = [ + "subvol=nix-app-data" + "compress=zstd" + ]; +in +{ + fileSystems."/media/nas/ssd/nix-app-data" = { + device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c"; + fsType = "btrfs"; + options = [ + "subvol=nix-app-data" + "compress=zstd" + ]; + }; + + fileSystems."/media/nas/ssd/ssd_app_data" = { + device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c"; + fsType = "btrfs"; + options = btrfsOptions; + }; + + fileSystems."/media/nas/ssd/mariadb" = { + device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c"; + fsType = "btrfs"; + options = btrfsOptions; + }; + + fileSystems."/media/nas/ssd/VMs" = { + device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c"; + fsType = "btrfs"; + options = btrfsOptions; + }; + + fileSystems."/media/nas/main/3d_printer" = { + device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; + fsType = "btrfs"; + options = btrfsOptions; + }; + + fileSystems."/media/nas/main/backup" = { + device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; + fsType = "btrfs"; + options = btrfsOptions; + }; + + fileSystems."/media/nas/main/books" = { + device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; + fsType = "btrfs"; + options = btrfsOptions; + }; + + fileSystems."/media/nas/main/documents" = { + device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; + fsType = "btrfs"; + options = btrfsOptions; + }; + + fileSystems."/media/nas/main/homeassistant" = { + device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; + fsType = "btrfs"; + options = btrfsOptions; + }; + + fileSystems."/media/nas/main/isos" = { + device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; + fsType = "btrfs"; + options = btrfsOptions; + }; + + fileSystems."/media/nas/main/movies" = { + device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; + fsType = "btrfs"; + options = btrfsOptions; + }; + + fileSystems."/media/nas/main/nextcloud" = { + device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; + fsType = "btrfs"; + options = btrfsOptions; + }; + + fileSystems."/media/nas/main/photos" = { + device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; + fsType = "btrfs"; + options = btrfsOptions; + }; + + fileSystems."/media/nas/main/switch" = { + device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; + fsType = "btrfs"; + options = btrfsOptions; + }; + + fileSystems."/media/nas/main/tv" = { + device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; + fsType = "btrfs"; + options = btrfsOptions; + }; + + fileSystems."/media/nas/main/timemachine" = { + device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; + fsType = "btrfs"; + options = btrfsOptions; + }; + + # fileSystems."/media/nas/main/vms" = { + # device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28"; + # fsType = "btrfs"; + # options = btrfsOptions; + # }; +} diff --git a/hosts/nas/networking.nix b/hosts/nas/networking.nix new file mode 100644 index 0000000..fa1197a --- /dev/null +++ b/hosts/nas/networking.nix @@ -0,0 +1,66 @@ +{ + inputs, + outputs, + config, + lib, + pkgs, + ... +}: +let + hostname = "jallen-nas"; + ipAddress = "10.0.1.18"; + gateway = "10.0.1.1"; + ssid = "Joey’s Jungle"; + password = "kR8v&3Qd"; + allowedPorts = [ + 2342 + 3493 + 61208 + 9090 + # config.services.tailscale.port + # 22 + ]; +in +{ + # Networking configs enp7s0 + networking = { + hostName = hostname; + + hostId = "4b501480"; + + # Enable Network Manager + networkmanager.enable = false; + + interfaces = { + wlp6s0.ipv4.addresses = [ + { + address = ipAddress; + prefixLength = 24; + } + ]; + }; + + defaultGateway.address = gateway; + nameservers = [ gateway ]; + + wireless = { + enable = true; + networks = { + ssid = { + psk = password; + }; + }; + }; + + firewall = { + enable = true; + allowPing = true; + extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed? + allowedTCPPorts = allowedPorts; + allowedUDPPorts = allowedPorts; + + # always allow traffic from your Tailscale network + trustedInterfaces = [ "tailscale0" ]; + }; + }; +} diff --git a/hosts/nas/samba.nix b/hosts/nas/samba.nix new file mode 100644 index 0000000..8a38313 --- /dev/null +++ b/hosts/nas/samba.nix @@ -0,0 +1,49 @@ +{ + inputs, + outputs, + config, + lib, + pkgs, + ... +}: +{ + nas-samba = { + enable = true; + hostsAllow = "10.0.1."; + enableTimeMachine = true; + timeMachinePath = "/media/nas/main/timemachine"; + + shares = { + "3d_printer" = { + public = true; + sharePath = "/media/nas/main/3d_printer"; + }; + Backup = { + public = true; + sharePath = "/media/nas/main/backup"; + }; + Documents = { + public = true; + sharePath = "/media/nas/main/documents"; + }; + isos = { + public = true; + sharePath = "/media/nas/main/isos"; + }; + TimeMachine = { + public = false; + sharePath = "/media/nas/main/timemachine"; + enableTimeMachine = true; + timeMachineMaxSize = "1T"; + }; + app_data = { + public = true; + sharePath = "/media/nas/ssd/ssd_app_data"; + }; + nix-config = { + public = true; + sharePath = "/home/matt/nix-config"; + }; + }; + }; +} diff --git a/hosts/nas/services.nix b/hosts/nas/services.nix new file mode 100644 index 0000000..d4e3a0a --- /dev/null +++ b/hosts/nas/services.nix @@ -0,0 +1,204 @@ +{ + inputs, + outputs, + config, + lib, + pkgs, + ... +}: +let + enableDisplayManager = false; + hostname = "jallen-nas"; +in +{ + # Services configs + services = { + udisks2.enable = true; + + # Enable the X11 windowing system. + xserver = { + enable = enableDisplayManager; + + # Enable the Plasma 6 Desktop Environment. + desktopManager.plasma5.enable = enableDisplayManager; + }; + + displayManager = { + sddm.enable = enableDisplayManager; + #defaultSession = "plasma"; + }; + + # Set to enable Flatpak + flatpak.enable = false; + + # Enable RDP + xrdp = { + enable = enableDisplayManager; + defaultWindowManager = "startplasma-x11"; + openFirewall = enableDisplayManager; + }; + + avahi = { + enable = true; + nssmdns4 = true; + publish = { + enable = true; + addresses = true; + domain = true; + hinfo = true; + userServices = true; + workstation = true; + }; + extraServiceFiles = { + # TODO is this needed? + smb = '' + + + + %h + + _smb._tcp + 445 + + + ''; + }; + }; + + apcupsd = { + enable = true; + }; + + grafana = { + enable = true; + settings.server = { + http_port = 2342; + domain = hostname; + serve_from_sub_path = true; + http_addr = ""; + }; + dataDir = "/media/nas/ssd/nix-app-data/grafana"; + }; + + prometheus = { + enable = true; + port = 9001; + exporters = { + node = { + enable = true; + enabledCollectors = [ + "diskstats" + "systemd" + ]; + port = 9002; + }; + smartctl = { + enable = true; + group = "disk"; + devices = [ + "/dev/sda" + "/dev/sdb" + "/dev/sdc" + "/dev/sdd" + "/dev/sde" + "/dev/sdf" + "/dev/sdg" + "/dev/sdh" + "/dev/sdi" + "/dev/nvme0n1" + "/dev/nvme1n1" + ]; + }; + }; + + scrapeConfigs = [ + { + job_name = hostname; + static_configs = [ + { + targets = [ + "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" + "127.0.0.1:${toString config.services.prometheus.exporters.smartctl.port}" + ]; + } + ]; + } + ]; + }; + + tailscale = { + enable = true; + openFirewall = true; + useRoutingFeatures = "client"; + extraUpFlags = [ "--advertise-exit-node" ]; + }; + + btrfs = { + autoScrub.enable = true; + autoScrub.fileSystems = [ + "/nix" + "/root" + "/etc" + "/var/log" + "/home" + "/media/nas/ssd/nix-app-data" + "/media/nas/ssd/ssd_app_data" + "/media/nas/ssd/mariadb" + "/media/nas/main/3d_printer" + "/media/nas/main/backup" + "/media/nas/main/documents" + "/media/nas/main/nextcloud" + "/media/nas/main/movies" + "/media/nas/main/tv" + "/media/nas/main/isos" + ]; + }; + }; + + systemd.services = { + + tailscale-autoconnect = { + description = "Automatic connection to Tailscale"; + + # make sure tailscale is running before trying to connect to tailscale + after = [ + "network-pre.target" + "tailscale.service" + ]; + wants = [ + "network-pre.target" + "tailscale.service" + ]; + wantedBy = [ "multi-user.target" ]; + + # set this service as a oneshot job + serviceConfig.Type = "oneshot"; + + # have the job run this shell script + script = with pkgs; '' + # wait for tailscaled to settle + sleep 2 + + # check if we are already authenticated to tailscale + status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" + if [ $status = "Running" ]; then # if so, then do nothing + exit 0 + fi + + # otherwise authenticate with tailscale + ${tailscale}/bin/tailscale up -authkey nodekey:e4557e761f8fa2cb51a189d32484092036d3954b61502b7e19688869a5107707 + ''; + }; + + glances-server = { + path = [ + pkgs.bash + pkgs.glances + ]; + script = '' + glances -w + ''; + wantedBy = [ "multi-user.target" ]; + }; + }; +} diff --git a/hosts/nas/ups.nix b/hosts/nas/ups.nix new file mode 100644 index 0000000..114a737 --- /dev/null +++ b/hosts/nas/ups.nix @@ -0,0 +1,59 @@ +{ + inputs, + outputs, + config, + lib, + pkgs, + ... +}: +let + enableUps = true; + upsmonCmd = "nasups@localhost 1 upsuser BogieDudie1 primary"; + upsName = "nasups"; +in +{ + power.ups = { + ups = { + enable = enableUps; + mode = "netserver"; + ups.upsName = { + driver = "usbhid-ups"; + port = "auto"; + description = "NAS UPS"; + }; + upsmon = { + monitor = upsmonCmd; + }; + upsd = { + enable = enableUps; + listen = { + address = 0.0 0.0 0.0; + port = 3493; + }; + }; + # users = { + # actions = [ "SET" ]; + # instcmds = [ "ALL" ]; + ##* upsmon = "primary"; + # passwordFile = "/home/matt/ups.conf"; + # }; + }; + + # Add UPS monitoring service + upsmon = { + enable = true; + # Configure UPS device + device = "/dev/usb/hiddev1"; # Change this to your UPS device + driver = "usbhid-ups"; # Change this if your UPS uses a different driver + # Set UPS monitoring options + options = { + # NOTIFYCMD = "/path/to/notify-script.sh"; # Path to your notification script + POLLFREQ = 5; + POLLFREQALERT = 5; + HOSTSYNC = "on"; + DEADTIME = 15; + FINALDELAY = 5; + }; + }; + }; +} diff --git a/hosts/pi4/hardware-configuration.nix b/hosts/pi4/hardware-configuration.nix index 5291b0c..71ddd68 100644 --- a/hosts/pi4/hardware-configuration.nix +++ b/hosts/pi4/hardware-configuration.nix @@ -1,74 +1,88 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "uas" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "none"; - fsType = "tmpfs"; - }; + fileSystems."/" = { + device = "none"; + fsType = "tmpfs"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/1DE6-4D02"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - fileSystems."/boot/firmware" = - { device = "/dev/disk/by-uuid/1BE6-CB10"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - fileSystems."/boot/uefi" = - { device = "/dev/disk/by-uuid/1BE3-8523"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - fileSystems."/nix" = - { device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a"; - fsType = "btrfs"; - options = [ "subvol=nix" ]; - }; - - fileSystems."/etc" = - { device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a"; - fsType = "btrfs"; - options = [ "subvol=etc" ]; - }; - - fileSystems."/root" = - { device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a"; - fsType = "btrfs"; - options = [ "subvol=root" ]; - }; - - fileSystems."/var/log" = - { device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a"; - fsType = "btrfs"; - options = [ "subvol=log" ]; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a"; - fsType = "btrfs"; - options = [ "subvol=home" ]; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/8b5640bb-2fbf-4e69-9504-fb9508d49f01"; } + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/1DE6-4D02"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" ]; + }; + + fileSystems."/boot/firmware" = { + device = "/dev/disk/by-uuid/1BE6-CB10"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + + fileSystems."/boot/uefi" = { + device = "/dev/disk/by-uuid/1BE3-8523"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a"; + fsType = "btrfs"; + options = [ "subvol=nix" ]; + }; + + fileSystems."/etc" = { + device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a"; + fsType = "btrfs"; + options = [ "subvol=etc" ]; + }; + + fileSystems."/root" = { + device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a"; + fsType = "btrfs"; + options = [ "subvol=root" ]; + }; + + fileSystems."/var/log" = { + device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a"; + fsType = "btrfs"; + options = [ "subvol=log" ]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/7df3c990-7e55-4140-adab-de8ddc4db21a"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + + swapDevices = [ { device = "/dev/disk/by-uuid/8b5640bb-2fbf-4e69-9504-fb9508d49f01"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/modules/apps/collabora/default.nix b/modules/apps/collabora/default.nix index 5a04ebf..7e84419 100755 --- a/modules/apps/collabora/default.nix +++ b/modules/apps/collabora/default.nix @@ -15,7 +15,10 @@ in virtualisation.oci-containers.containers."${cfg.name}" = { autoStart = cfg.autoStart; image = cfg.image; - extraOptions = [ "--cap-add=MKNOD" "--privileged" ]; + extraOptions = [ + "--cap-add=MKNOD" + "--privileged" + ]; ports = [ "${cfg.port}:9980" ]; volumes = [ # ... @@ -29,7 +32,7 @@ in domain = "office.mjallen.dev"; aliasgroup1 = "https://cloud\.mjallen\.dev:443"; aliasgroup2 = "https://cloud\.mjallen\.dev:443"; -# DONT_GEN_SSL_CERT = cfg.dontGenSslCert; + # DONT_GEN_SSL_CERT = cfg.dontGenSslCert; server_name = cfg.serverName; dictionaries = cfg.dictionaries; extra_params = cfg.extraParams; diff --git a/modules/apps/mealie/default.nix b/modules/apps/mealie/default.nix index 36c3f70..1763fff 100644 --- a/modules/apps/mealie/default.nix +++ b/modules/apps/mealie/default.nix @@ -16,9 +16,7 @@ in autoStart = cfg.autoStart; image = cfg.image; ports = [ "${cfg.port}:9000" ]; - volumes = [ - "${cfg.dataPath}:/app/data" - ]; + volumes = [ "${cfg.dataPath}:/app/data" ]; environment = { PUID = cfg.puid; PGID = cfg.pgid; diff --git a/modules/apps/ollama/default.nix b/modules/apps/ollama/default.nix index b1e5380..5e4c41d 100644 --- a/modules/apps/ollama/default.nix +++ b/modules/apps/ollama/default.nix @@ -17,9 +17,7 @@ in autoStart = true; image = cfg.image; extraOptions = [ "--device=nvidia.com/gpu=0" ]; - volumes = [ - "${cfg.configPath}:/root/.ollama" - ]; + volumes = [ "${cfg.configPath}:/root/.ollama" ]; ports = [ "${cfg.port}:11434" ]; environment = { NVIDIA_VISIBLE_DEVICES = "all"; diff --git a/modules/apps/redis/default.nix b/modules/apps/redis/default.nix index f65c8a9..8396f6e 100644 --- a/modules/apps/redis/default.nix +++ b/modules/apps/redis/default.nix @@ -20,9 +20,7 @@ in "--requirepass" "BogieDudie1" ]; - ports = [ - "6379:6379" - ]; + ports = [ "6379:6379" ]; }; }; } diff --git a/modules/apps/tdarr/default.nix b/modules/apps/tdarr/default.nix index 7cac448..9f6dea7 100644 --- a/modules/apps/tdarr/default.nix +++ b/modules/apps/tdarr/default.nix @@ -25,7 +25,10 @@ in "${cfg.moviesPath}:/data/movies" "${cfg.tvPath}:/data/tv" ]; - ports = [ "${cfg.serverPort}:8266" "${cfg.webUIPort}:8265" ]; + ports = [ + "${cfg.serverPort}:8266" + "${cfg.webUIPort}:8265" + ]; environment = { serverPort = "8266"; webUIPort = "8265";