mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

formatting + organizing

Browse Source
This commit is contained in:
mjallen18
2024-07-24 21:43:55 -05:00
parent 4b4b419873
commit c5a9ff512c
20 changed files with 744 additions and 652 deletions
Download Patch File Download Diff File Expand all files Collapse all files

576
hosts/nas/configuration.nix
View File

@@ -13,23 +13,18 @@
let
user = "admin";
password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
hostname = "jallen-nas";
allowedPorts = [
2342
3493
61208
9090
# config.services.tailscale.port
# 22
];
enableDisplayManager = false;
# adding a flag cause nixos cant figure itself out and broke shit that cant be fixed
enableUps = false;
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./filesystems.nix
./boot.nix
./apps.nix
./networking.nix
./ups.nix
./samba.nix
./services.nix
../default.nix
];
@@ -47,100 +42,6 @@ in
nix.settings.trusted-users = [ "@wheel" ];
powerManagement.cpuFreqGovernor = "powersave";
nas-apps = {
collabora.enable = true;
deluge.enable = true;
homarr.enable = true;
homepage.enable = false;
jackett.enable = true;
jellyfin.enable = true;
jellyseerr.enable = true;
mariadb.enable = true;
mealie = {
enable = true;
baseUrl = "https://mealie.mjallen.dev";
maxConcurrency = "4";
maxWorkers = "4";
allowSignup = "false";
};
nextcloud = {
enable = true;
httpPort = "9981";
httpsPort = "9443";
};
ollama.enable = true;
onlyoffice.enable = false;
open-webui.enable = true;
orca-slicer.enable = true;
radarr.enable = true;
redis.enable = true;
sabnzbd.enable = true;
sonarr.enable = true;
swag.enable = true;
tdarr.enable = true;
vscode.enable = true;
};
nas-samba = {
enable = true;
hostsAllow = "10.0.1.";
enableTimeMachine = true;
timeMachinePath = "/media/nas/main/timemachine";
shares = {
"3d_printer" = {
public = true;
sharePath = "/media/nas/main/3d_printer";
};
Backup = {
public = true;
sharePath = "/media/nas/main/backup";
};
Documents = {
public = true;
sharePath = "/media/nas/main/documents";
};
isos = {
public = true;
sharePath = "/media/nas/main/isos";
};
TimeMachine = {
public = false;
sharePath = "/media/nas/main/timemachine";
enableTimeMachine = true;
timeMachineMaxSize = "1T";
};
app_data = {
public = true;
sharePath = "/media/nas/ssd/ssd_app_data";
};
nix-config = {
public = true;
sharePath = "/home/matt/nix-config";
};
};
};
share.hardware.nvidia = {
enable = true;
enableBeta = false;
@@ -149,274 +50,15 @@ in
enableNvidiaDocker = true;
};
# Configure bootloader with lanzaboot and secureboot
boot = {
loader = {
systemd-boot = {
enable = true;
configurationLimit = 5;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
# Override kernel to latest
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [
"nohibernate"
"amd_pstate=active"
];
consoleLogLevel = 3;
bootspec.enable = true;
initrd = {
kernelModules = [ "tpm" "tpm_tis" "tpm_crb" "tpm_infineon" ];
systemd = {
enable = true;
enableTpm2 = true;
};
};
};
security.tpm2 = {
enable = true;
};
# Services configs
services = {
udisks2.enable = true;
# Enable the X11 windowing system.
xserver = {
enable = enableDisplayManager;
# Enable the Plasma 6 Desktop Environment.
desktopManager.plasma5.enable = enableDisplayManager;
};
displayManager = {
sddm.enable = enableDisplayManager;
#defaultSession = "plasma";
};
# Set to enable Flatpak
flatpak.enable = false;
# Enable RDP
xrdp = {
enable = enableDisplayManager;
defaultWindowManager = "startplasma-x11";
openFirewall = enableDisplayManager;
};
avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
extraServiceFiles = {
# TODO is this needed?
smb = ''
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
'';
};
};
apcupsd = {
enable = true;
};
grafana = {
enable = true;
settings.server = {
http_port = 2342;
domain = hostname;
serve_from_sub_path = true;
http_addr = "";
};
dataDir = "/media/nas/ssd/nix-app-data/grafana";
};
prometheus = {
enable = true;
port = 9001;
exporters = {
node = {
enable = true;
enabledCollectors = [
"diskstats"
"systemd"
];
port = 9002;
};
smartctl = {
enable = true;
group = "disk";
devices = [
"/dev/sda"
"/dev/sdb"
"/dev/sdc"
"/dev/sdd"
"/dev/sde"
"/dev/sdf"
"/dev/sdg"
"/dev/sdh"
"/dev/sdi"
"/dev/nvme0n1"
"/dev/nvme1n1"
];
};
};
scrapeConfigs = [
{
job_name = hostname;
static_configs = [
{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
"127.0.0.1:${toString config.services.prometheus.exporters.smartctl.port}"
];
}
];
}
];
};
tailscale = {
enable = true;
openFirewall = true;
useRoutingFeatures = "client";
extraUpFlags = [ "--advertise-exit-node" ];
};
btrfs = {
autoScrub.enable = true;
autoScrub.fileSystems = [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
"/media/nas/ssd/nix-app-data"
"/media/nas/ssd/ssd_app_data"
"/media/nas/ssd/mariadb"
"/media/nas/main/3d_printer"
"/media/nas/main/backup"
"/media/nas/main/documents"
"/media/nas/main/nextcloud"
"/media/nas/main/movies"
"/media/nas/main/tv"
"/media/nas/main/isos"
];
};
};
systemd.services = {
tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig.Type = "oneshot";
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up -authkey nodekey:e4557e761f8fa2cb51a189d32484092036d3954b61502b7e19688869a5107707
'';
};
glances-server = {
path = [
pkgs.bash
pkgs.glances
];
script = ''
glances -w
'';
wantedBy = [ "multi-user.target" ];
};
};
# Networking configs enp7s0
networking = {
hostName = hostname;
hostId = "4b501480";
# Enable Network Manager
networkmanager.enable = false;
interfaces = {
wlp6s0.ipv4.addresses = [ {
address = "10.0.1.18";
prefixLength = 24;
} ];
};
defaultGateway.address = "10.0.1.1";
nameservers = [ "10.0.1.1" ];
wireless = {
enable = true;
networks = {
"Joeys Jungle" = {
psk = "kR8v&3Qd";
};
};
};
firewall = {
enable = true;
allowPing = true;
extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; # TODO is this needed?
allowedTCPPorts = allowedPorts;
allowedUDPPorts = allowedPorts;
# always allow traffic from your Tailscale network
trustedInterfaces = [ "tailscale0" ];
};
};
# Configure environment
environment = {
# etc."nut/upsd.conf".source = /home/matt/upsd.conf;
# etc."nut/upsd.users".source = /home/matt/upsd.users;
# etc."nut/upsmon.conf".source = /home/matt/upsmon.conf;
# etc."nut/upsd.conf".source = /home/matt/upsd.conf;
# etc."nut/upsd.users".source = /home/matt/upsd.users;
# etc."nut/upsmon.conf".source = /home/matt/upsmon.conf;
etc.crypttab.text = ''
ssd1 UUID=eff4b19c-aba7-41ab-b452-a8c6654d8754 none tpm2-device=auto
@@ -481,51 +123,6 @@ in
screen.enable = true;
};
power.ups = {
ups = {
enable = enableUps;
mode = "netserver";
ups."nasups" = {
driver = "usbhid-ups";
port = "auto";
description = "NAS UPS";
};
upsmon = {
monitor = "nasups@localhost 1 upsuser BogieDudie1 primary";
};
upsd = {
enable = enableUps;
listen = {
address = 0.0 0.0 0.0;
port = 3493;
};
};
# users = {
# actions = [ "SET" ];
# instcmds = [ "ALL" ];
##* upsmon = "primary";
# passwordFile = "/home/matt/ups.conf";
# };
};
# Add UPS monitoring service
upsmon = {
enable = true;
# Configure UPS device
device = "/dev/usb/hiddev1"; # Change this to your UPS device
driver = "usbhid-ups"; # Change this if your UPS uses a different driver
# Set UPS monitoring options
options = {
# NOTIFYCMD = "/path/to/notify-script.sh"; # Path to your notification script
POLLFREQ = 5;
POLLFREQALERT = 5;
HOSTSYNC = "on";
DEADTIME = 15;
FINALDELAY = 5;
};
};
};
# Configure nixpkgs
nixpkgs = {
overlays = [ outputs.overlays.nixpkgs-unstable ];
@@ -616,159 +213,6 @@ in
libvirtd.enable = true;
};
fileSystems."/media/nas/ssd/nix-app-data" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [
"subvol=nix-app-data"
"compress=zstd"
];
};
fileSystems."/media/nas/ssd/ssd_app_data" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [
"subvol=ssd_app_data"
"compress=zstd"
];
};
fileSystems."/media/nas/ssd/mariadb" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [
"subvol=mariadb"
"compress=zstd"
];
};
fileSystems."/media/nas/ssd/VMs" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [
"subvol=VMs"
"compress=zstd"
];
};
fileSystems."/media/nas/main/3d_printer" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=3d_printer"
"compress=zstd"
];
};
fileSystems."/media/nas/main/backup" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=backup"
"compress=zstd"
];
};
fileSystems."/media/nas/main/books" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=books"
"compress=zstd"
];
};
fileSystems."/media/nas/main/documents" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=documents"
"compress=zstd"
];
};
fileSystems."/media/nas/main/homeassistant" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=homeassistant"
"compress=zstd"
];
};
fileSystems."/media/nas/main/isos" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=isos"
"compress=zstd"
];
};
fileSystems."/media/nas/main/movies" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=movies"
"compress=zstd"
];
};
fileSystems."/media/nas/main/nextcloud" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=nextcloud"
"compress=zstd"
];
};
fileSystems."/media/nas/main/photos" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=photos"
"compress=zstd"
];
};
fileSystems."/media/nas/main/switch" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=switch"
"compress=zstd"
];
};
fileSystems."/media/nas/main/tv" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=tv"
"compress=zstd"
];
};
fileSystems."/media/nas/main/timemachine" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=timemachine"
"compress=zstd"
];
};
# fileSystems."/media/nas/main/vms" = {
# device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
# fsType = "btrfs";
# options = [
# "subvol=vms"
# "compress=zstd"
# ];
# };
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#