mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

temm

Browse Source
This commit is contained in:
mjallen18
2024-10-24 11:08:13 -05:00
parent 768fafe442
commit ca8065c851
9 changed files with 266 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
flake.lock generated
View File

@@ -306,10 +306,10 @@
"type": "github"
}
},
"home-manager_2": {
"home-manager-stable": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
"nixpkgs-stable"
]
},
"locked": {
@@ -326,6 +326,27 @@
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1726989464,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1729068498,
@@ -576,6 +597,22 @@
}
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1729449015,
"narHash": "sha256-Gf04dXB0n4q0A9G5nTGH3zuMGr6jtJppqdeljxua1fo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "89172919243df199fe237ba0f776c3e3e3d72367",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_4": {
"locked": {
"lastModified": 1729357638,
"narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=",
@@ -749,11 +786,13 @@
"chaotic": "chaotic",
"cosmic": "cosmic",
"home-manager": "home-manager_2",
"home-manager-stable": "home-manager-stable",
"impermanence": "impermanence",
"lanzaboote": "lanzaboote",
"nix-darwin": "nix-darwin",
"nixos-apple-silicon": "nixos-apple-silicon",
"nixos-hardware": "nixos-hardware",
"nixpkgs-stable": "nixpkgs-stable_3",
"nixpkgs-unstable": "nixpkgs-unstable",
"nixpkgs-unstable-small": "nixpkgs-unstable-small",
"sops-nix": "sops-nix"
@@ -824,7 +863,7 @@
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_5",
"nixpkgs-stable": "nixpkgs-stable_3"
"nixpkgs-stable": "nixpkgs-stable_4"
},
"locked": {
"lastModified": 1729587807,

18
flake.nix
View File

@@ -9,7 +9,7 @@
nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
# nixpgs
# nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
# Authentik
authentik-nix.url = "github:nix-community/authentik-nix";
@@ -22,10 +22,15 @@
# Home Manager
home-manager = {
url = "github:nix-community/home-manager";
url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
home-manager-stable = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
# Lanzaboote
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.1";
@@ -55,11 +60,12 @@
self,
nixpkgs-unstable,
nixpkgs-unstable-small,
# nixpkgs-stable,
nixpkgs-stable,
chaotic,
lanzaboote,
impermanence,
home-manager,
home-manager-stable,
nixos-hardware,
nix-darwin,
nixos-apple-silicon,
@@ -106,7 +112,7 @@
};
# NAS
"jallen-nas" = nixpkgs-unstable.lib.nixosSystem {
"jallen-nas" = nixpkgs-stable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs outputs;
@@ -115,9 +121,9 @@
impermanence.nixosModules.impermanence
./hosts/nas/configuration.nix
./hosts/nas/impermanence.nix
home-manager.nixosModules.home-manager
home-manager-stable.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useGlobalPkgs = false;
home-manager.useUserPackages = true;
home-manager.users.admin = import ./hosts/nas/home.nix;
home-manager.backupFileExtension = "backup";

7
hosts/nas/boot.nix
View File

@@ -1,7 +1,7 @@
{ pkgs, ... }:
{ pkgs,... }:
let
configLimit = 5;
kernel = pkgs.linuxPackages_latest;
kernel = pkgs.unstable.linuxPackages_latest;
in
{
# Configure bootloader with lanzaboot and secureboot
@@ -45,7 +45,8 @@ in
];
systemd = {
enable = true;
tpm2.enable = true;
# tpm2.enable = true;
enableTpm2 = true;
};
};
};

1
hosts/nas/configuration.nix
View File

@@ -97,6 +97,7 @@ in
ninja
nix-inspect
nix-ld
networkmanagerapplet
nmon
nodejs-18_x
nut

181
hosts/nas/networking.nix
View File

@@ -23,62 +23,63 @@ in
hostId = "4b501480";
# Disable Network Manager
networkmanager.enable = false;
networkmanager.enable = true;
interfaces = {
wlp7s0 = {
useDHCP = true;
ipv4.addresses = [
{
address = ipAddress;
prefixLength = 24;
}
];
};
wlp6s0 = {
useDHCP = true;
ipv4.addresses = [
{
address = ipAddress2;
prefixLength = 24;
}
];
};
};
# interfaces = {
# wlp7s0 = {
# useDHCP = true;
# ipv4.addresses = [
# {
# address = ipAddress;
# prefixLength = 24;
# }
# ];
# };
# wlp6s0 = {
# useDHCP = true;
# ipv4.addresses = [
# {
# address = ipAddress2;
# prefixLength = 24;
# }
# ];
# };
# };
defaultGateway = {
interface = "wlp7s0";
address = gateway;
metric = 1;
};
# defaultGateway = {
# interface = "wlp7s0";
# address = gateway;
# metric = 1;
# };
nameservers = [ gateway ];
# nameservers = [ gateway ];
wireless = {
enable = true;
userControlled.enable = true;
secretsFile = config.sops.secrets."wifi".path;
allowAuxiliaryImperativeNetworks = true;
interfaces = [
"wlp6s0"
"wlp7s0"
];
networks = {
"Joey's Jungle 6G" = {
# pskRaw = "ext:PSK";
priority = 1000;
psk = "kR8v&3Qd";
extraConfig = ''
key_mgmt=SAE
ieee80211w=2
'';
};
# "Joey's Jungle 5G" = {
# pskRaw = "ext:PSK";
# priority = -100;
# };
};
};
# wireless = {
# enable = false;
# userControlled.enable = true;
# # secretsFile = config.sops.secrets."wifi".path;
# environmentFile = config.sops.secrets."wifi".path;
# allowAuxiliaryImperativeNetworks = true;
# interfaces = [
# "wlp6s0"
# "wlp7s0"
# ];
# networks = {
# "Joey's Jungle 6G" = {
# pskRaw = "ext:PSK";
# priority = 1000;
# # psk = "kR8v&3Qd";
# extraConfig = ''
# key_mgmt=SAE
# ieee80211w=2
# '';
# };
# "Joey's Jungle 5G" = {
# pskRaw = "ext:PSK";
# priority = -100;
# };
# };
# };
firewall = {
enable = true;
@@ -91,49 +92,49 @@ in
trustedInterfaces = [ "tailscale0" ];
};
nat = {
enable = true;
externalInterface = "wlp7s0";
internalInterfaces = [ "wg0" ];
};
# nat = {
# enable = true;
# externalInterface = "wlp7s0";
# internalInterfaces = [ "wg0" ];
# };
wireguard.interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily.
wg0 = {
# Determines the IP address and subnet of the server's end of the tunnel interface.
ips = [ "10.0.100.1/24" ];
# wireguard.interfaces = {
# # "wg0" is the network interface name. You can name the interface arbitrarily.
# wg0 = {
# # Determines the IP address and subnet of the server's end of the tunnel interface.
# ips = [ "10.0.100.1/24" ];
# The port that WireGuard listens to. Must be accessible by the client.
listenPort = 51820;
# # The port that WireGuard listens to. Must be accessible by the client.
# listenPort = 51820;
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE
'';
# # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
# postSetup = ''
# ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE
# '';
# This undoes the above command
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE
'';
# # This undoes the above command
# postShutdown = ''
# ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE
# '';
# Path to the private key file.
#
# Note: The private key can also be included inline via the privateKey option,
# but this makes the private key world-readable; thus, using privateKeyFile is
# recommended.
privateKeyFile = wireguard-private;
# # Path to the private key file.
# #
# # Note: The private key can also be included inline via the privateKey option,
# # but this makes the private key world-readable; thus, using privateKeyFile is
# # recommended.
# privateKeyFile = wireguard-private;
peers = [
# List of allowed peers.
{ # Feel free to give a meaning full name
# Public key of the peer (not a file path).
publicKey = wireguard-public;
# List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
allowedIPs = [ "10.0.100.2/32" ];
}
];
};
};
# peers = [
# # List of allowed peers.
# { # Feel free to give a meaning full name
# # Public key of the peer (not a file path).
# publicKey = wireguard-public;
# # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
# allowedIPs = [ "10.0.100.2/32" ];
# }
# ];
# };
# };
};
}

73
modules/samba/default-unstable.nix Normal file
View File

@@ -0,0 +1,73 @@
{ lib, config, ... }:
with lib;
let
cfg = config.nas-samba;
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
# make shares visible for Windows clients
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
services.netatalk = {
enable = cfg.enableTimeMachine;
settings = {
time-machine = {
path = cfg.timeMachinePath;
"valid users" = "whoever";
"time machine" = cfg.enableTimeMachine;
};
};
};
networking.firewall.enable = true;
networking.firewall.allowPing = true;
services.samba = {
enable = true;
openFirewall = true;
# settings = {
# create-mode = 664;
# force directory mode = 2770
# workgroup = WORKGROUP
# server string = jallen-nas
# netbios name = jallen-nas
# security = user
# #use sendfile = yes
# #max protocol = smb2
# # note: localhost is the ipv6 localhost ::1
# hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost
# hosts deny = 0.0.0.0/0
# guest account = nobody
# map to guest = bad user
# usershare allow guests = yes
# };
settings =
let
make =
name: share:
nameValuePair "${name}" {
path = share.sharePath;
public = if share.enableTimeMachine then "no" else "yes";
private = if !share.public || share.enableTimeMachine then "yes" else "no";
browseable = if share.browseable then "yes" else "no";
writable = "yes";
"force group" = "jallen-nas";
"read only" = if share.readOnly then "yes" else "no";
"guest ok" = if share.guestOk then "yes" else "no";
"create mask" = share.createMask;
"directory mask" = share.directoryMask;
"fruit:aapl" = if share.enableTimeMachine then "yes" else "no";
"fruit:time machine" = if share.enableTimeMachine then "yes" else "no";
"vfs objects" = "catia fruit streams_xattr";
"fruit:time machine max size" = share.timeMachineMaxSize;
};
in
mapAttrs' make cfg.shares;
};
};
}

83
modules/samba/default.nix
View File

@@ -1,9 +1,7 @@
{ lib, config, ... }:
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.nas-samba;
in
{
let cfg = config.nas-samba;
in {
imports = [ ./options.nix ];
config = mkIf cfg.enable {
@@ -24,50 +22,41 @@ in
};
};
networking.firewall.enable = true;
networking.firewall.allowPing = true;
services.samba = {
enable = true;
securityType = "user";
openFirewall = true;
# settings = {
# create-mode = 664;
# force directory mode = 2770
# workgroup = WORKGROUP
# server string = jallen-nas
# netbios name = jallen-nas
# security = user
# #use sendfile = yes
# #max protocol = smb2
# # note: localhost is the ipv6 localhost ::1
# hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost
# hosts deny = 0.0.0.0/0
# guest account = nobody
# map to guest = bad user
# usershare allow guests = yes
# };
settings =
let
make =
name: share:
nameValuePair "${name}" {
path = share.sharePath;
public = if share.enableTimeMachine then "no" else "yes";
private = if !share.public || share.enableTimeMachine then "yes" else "no";
browseable = if share.browseable then "yes" else "no";
writable = "yes";
"force group" = "jallen-nas";
"read only" = if share.readOnly then "yes" else "no";
"guest ok" = if share.guestOk then "yes" else "no";
"create mask" = share.createMask;
"directory mask" = share.directoryMask;
"fruit:aapl" = if share.enableTimeMachine then "yes" else "no";
"fruit:time machine" = if share.enableTimeMachine then "yes" else "no";
"vfs objects" = "catia fruit streams_xattr";
"fruit:time machine max size" = share.timeMachineMaxSize;
};
in
mapAttrs' make cfg.shares;
extraConfig = ''
workgroup = WORKGROUP
server string = smbnix
netbios name = smbnix
security = user
#use sendfile = yes
#max protocol = smb2
# note: localhost is the ipv6 localhost ::1
hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = let
make = name: share:
nameValuePair "${name}" {
path = share.sharePath;
public = if share.enableTimeMachine then "no" else "yes";
private = if !share.public || share.enableTimeMachine then "yes" else "no";
browseable = if share.browseable then "yes" else "no";
writable = "yes";
"read only" = if share.readOnly then "yes" else "no";
"guest ok" = if share.guestOk then "yes" else "no";
"create mask" = share.createMask;
"directory mask" = share.directoryMask;
"fruit:aapl" = if share.enableTimeMachine then "yes" else "no";
"fruit:time machine" = if share.enableTimeMachine then "yes" else "no";
"vfs objects" = "catia fruit streams_xattr";
"fruit:time machine max size" = share.timeMachineMaxSize;
};
in mapAttrs' make cfg.shares;
};
};
}
}

2
share/default.nix
View File

@@ -1,7 +1,7 @@
{ ... }:
{
imports = [
./amd
# ./amd
./nvidia
./gaming
];

8
share/nvidia/default.nix
View File

@@ -1,6 +1,7 @@
{
lib,
config,
pkgs,
...
}:
with lib;
@@ -17,8 +18,10 @@ in
package =
if cfg.enableBeta then
config.boot.kernelPackages.nvidiaPackages.beta
# pkgs.unstable.kernelPackages.nvidiaPackages.beta
else
config.boot.kernelPackages.nvidiaPackages.latest;
# pkgs.unstable.kernelPackages.nvidiaPackages.latest;
# Modesetting is required.
modesetting.enable = true;
@@ -45,9 +48,10 @@ in
};
# Enable OpenGL
graphics = {
opengl = {
enable = true;
enable32Bit = true;
driSupport = true;
driSupport32Bit = true;
};
};