diff --git a/flake.lock b/flake.lock index efda428..5b44ee6 100644 --- a/flake.lock +++ b/flake.lock @@ -306,10 +306,10 @@ "type": "github" } }, - "home-manager_2": { + "home-manager-stable": { "inputs": { "nixpkgs": [ - "nixpkgs-unstable" + "nixpkgs-stable" ] }, "locked": { @@ -326,6 +326,27 @@ "type": "github" } }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "home-manager", + "type": "github" + } + }, "impermanence": { "locked": { "lastModified": 1729068498, @@ -576,6 +597,22 @@ } }, "nixpkgs-stable_3": { + "locked": { + "lastModified": 1729449015, + "narHash": "sha256-Gf04dXB0n4q0A9G5nTGH3zuMGr6jtJppqdeljxua1fo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "89172919243df199fe237ba0f776c3e3e3d72367", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_4": { "locked": { "lastModified": 1729357638, "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=", @@ -749,11 +786,13 @@ "chaotic": "chaotic", "cosmic": "cosmic", "home-manager": "home-manager_2", + "home-manager-stable": "home-manager-stable", "impermanence": "impermanence", "lanzaboote": "lanzaboote", "nix-darwin": "nix-darwin", "nixos-apple-silicon": "nixos-apple-silicon", "nixos-hardware": "nixos-hardware", + "nixpkgs-stable": "nixpkgs-stable_3", "nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable-small": "nixpkgs-unstable-small", "sops-nix": "sops-nix" @@ -824,7 +863,7 @@ "sops-nix": { "inputs": { "nixpkgs": "nixpkgs_5", - "nixpkgs-stable": "nixpkgs-stable_3" + "nixpkgs-stable": "nixpkgs-stable_4" }, "locked": { "lastModified": 1729587807, diff --git a/flake.nix b/flake.nix index 24051ff..be1f441 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; # nixpgs - # nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; # Authentik authentik-nix.url = "github:nix-community/authentik-nix"; @@ -22,10 +22,15 @@ # Home Manager home-manager = { - url = "github:nix-community/home-manager"; + url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; + home-manager-stable = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs-stable"; + }; + # Lanzaboote lanzaboote = { url = "github:nix-community/lanzaboote/v0.4.1"; @@ -55,11 +60,12 @@ self, nixpkgs-unstable, nixpkgs-unstable-small, - # nixpkgs-stable, + nixpkgs-stable, chaotic, lanzaboote, impermanence, home-manager, + home-manager-stable, nixos-hardware, nix-darwin, nixos-apple-silicon, @@ -106,7 +112,7 @@ }; # NAS - "jallen-nas" = nixpkgs-unstable.lib.nixosSystem { + "jallen-nas" = nixpkgs-stable.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs outputs; @@ -115,9 +121,9 @@ impermanence.nixosModules.impermanence ./hosts/nas/configuration.nix ./hosts/nas/impermanence.nix - home-manager.nixosModules.home-manager + home-manager-stable.nixosModules.home-manager { - home-manager.useGlobalPkgs = true; + home-manager.useGlobalPkgs = false; home-manager.useUserPackages = true; home-manager.users.admin = import ./hosts/nas/home.nix; home-manager.backupFileExtension = "backup"; diff --git a/hosts/nas/boot.nix b/hosts/nas/boot.nix index e53ebfd..019daba 100644 --- a/hosts/nas/boot.nix +++ b/hosts/nas/boot.nix @@ -1,7 +1,7 @@ -{ pkgs, ... }: +{ pkgs,... }: let configLimit = 5; - kernel = pkgs.linuxPackages_latest; + kernel = pkgs.unstable.linuxPackages_latest; in { # Configure bootloader with lanzaboot and secureboot @@ -45,7 +45,8 @@ in ]; systemd = { enable = true; - tpm2.enable = true; + # tpm2.enable = true; + enableTpm2 = true; }; }; }; diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index 3deacc8..65ecb45 100755 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -97,6 +97,7 @@ in ninja nix-inspect nix-ld + networkmanagerapplet nmon nodejs-18_x nut diff --git a/hosts/nas/networking.nix b/hosts/nas/networking.nix index 2718ba5..9ecee6c 100644 --- a/hosts/nas/networking.nix +++ b/hosts/nas/networking.nix @@ -23,62 +23,63 @@ in hostId = "4b501480"; # Disable Network Manager - networkmanager.enable = false; + networkmanager.enable = true; - interfaces = { - wlp7s0 = { - useDHCP = true; - ipv4.addresses = [ - { - address = ipAddress; - prefixLength = 24; - } - ]; - }; - wlp6s0 = { - useDHCP = true; - ipv4.addresses = [ - { - address = ipAddress2; - prefixLength = 24; - } - ]; - }; - }; + # interfaces = { + # wlp7s0 = { + # useDHCP = true; + # ipv4.addresses = [ + # { + # address = ipAddress; + # prefixLength = 24; + # } + # ]; + # }; + # wlp6s0 = { + # useDHCP = true; + # ipv4.addresses = [ + # { + # address = ipAddress2; + # prefixLength = 24; + # } + # ]; + # }; + # }; - defaultGateway = { - interface = "wlp7s0"; - address = gateway; - metric = 1; - }; + # defaultGateway = { + # interface = "wlp7s0"; + # address = gateway; + # metric = 1; + # }; - nameservers = [ gateway ]; + # nameservers = [ gateway ]; - wireless = { - enable = true; - userControlled.enable = true; - secretsFile = config.sops.secrets."wifi".path; - allowAuxiliaryImperativeNetworks = true; - interfaces = [ - "wlp6s0" - "wlp7s0" - ]; - networks = { - "Joey's Jungle 6G" = { - # pskRaw = "ext:PSK"; - priority = 1000; - psk = "kR8v&3Qd"; - extraConfig = '' - key_mgmt=SAE - ieee80211w=2 - ''; - }; - # "Joey's Jungle 5G" = { - # pskRaw = "ext:PSK"; - # priority = -100; - # }; - }; - }; + # wireless = { + # enable = false; + # userControlled.enable = true; + # # secretsFile = config.sops.secrets."wifi".path; + # environmentFile = config.sops.secrets."wifi".path; + # allowAuxiliaryImperativeNetworks = true; + # interfaces = [ + # "wlp6s0" + # "wlp7s0" + # ]; + # networks = { + # "Joey's Jungle 6G" = { + # pskRaw = "ext:PSK"; + # priority = 1000; + # # psk = "kR8v&3Qd"; + # extraConfig = '' + # key_mgmt=SAE + # ieee80211w=2 + # ''; + # }; + # "Joey's Jungle 5G" = { + # pskRaw = "ext:PSK"; + # priority = -100; + # }; + # }; + # }; firewall = { enable = true; @@ -91,49 +92,49 @@ in trustedInterfaces = [ "tailscale0" ]; }; - nat = { - enable = true; - externalInterface = "wlp7s0"; - internalInterfaces = [ "wg0" ]; - }; + # nat = { + # enable = true; + # externalInterface = "wlp7s0"; + # internalInterfaces = [ "wg0" ]; + # }; - wireguard.interfaces = { - # "wg0" is the network interface name. You can name the interface arbitrarily. - wg0 = { - # Determines the IP address and subnet of the server's end of the tunnel interface. - ips = [ "10.0.100.1/24" ]; + # wireguard.interfaces = { + # # "wg0" is the network interface name. You can name the interface arbitrarily. + # wg0 = { + # # Determines the IP address and subnet of the server's end of the tunnel interface. + # ips = [ "10.0.100.1/24" ]; - # The port that WireGuard listens to. Must be accessible by the client. - listenPort = 51820; + # # The port that WireGuard listens to. Must be accessible by the client. + # listenPort = 51820; - # This allows the wireguard server to route your traffic to the internet and hence be like a VPN - # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients - postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE - ''; + # # This allows the wireguard server to route your traffic to the internet and hence be like a VPN + # # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients + # postSetup = '' + # ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE + # ''; - # This undoes the above command - postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE - ''; + # # This undoes the above command + # postShutdown = '' + # ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE + # ''; - # Path to the private key file. - # - # Note: The private key can also be included inline via the privateKey option, - # but this makes the private key world-readable; thus, using privateKeyFile is - # recommended. - privateKeyFile = wireguard-private; + # # Path to the private key file. + # # + # # Note: The private key can also be included inline via the privateKey option, + # # but this makes the private key world-readable; thus, using privateKeyFile is + # # recommended. + # privateKeyFile = wireguard-private; - peers = [ - # List of allowed peers. - { # Feel free to give a meaning full name - # Public key of the peer (not a file path). - publicKey = wireguard-public; - # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing. - allowedIPs = [ "10.0.100.2/32" ]; - } - ]; - }; - }; + # peers = [ + # # List of allowed peers. + # { # Feel free to give a meaning full name + # # Public key of the peer (not a file path). + # publicKey = wireguard-public; + # # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing. + # allowedIPs = [ "10.0.100.2/32" ]; + # } + # ]; + # }; + # }; }; } diff --git a/modules/samba/default-unstable.nix b/modules/samba/default-unstable.nix new file mode 100644 index 0000000..a685559 --- /dev/null +++ b/modules/samba/default-unstable.nix @@ -0,0 +1,73 @@ +{ lib, config, ... }: +with lib; +let + cfg = config.nas-samba; +in +{ + imports = [ ./options.nix ]; + + config = mkIf cfg.enable { + # make shares visible for Windows clients + services.samba-wsdd = { + enable = true; + openFirewall = true; + }; + + services.netatalk = { + enable = cfg.enableTimeMachine; + settings = { + time-machine = { + path = cfg.timeMachinePath; + "valid users" = "whoever"; + "time machine" = cfg.enableTimeMachine; + }; + }; + }; + + networking.firewall.enable = true; + networking.firewall.allowPing = true; + + services.samba = { + enable = true; + openFirewall = true; + # settings = { + # create-mode = 664; + # force directory mode = 2770 + # workgroup = WORKGROUP + # server string = jallen-nas + # netbios name = jallen-nas + # security = user + # #use sendfile = yes + # #max protocol = smb2 + # # note: localhost is the ipv6 localhost ::1 + # hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost + # hosts deny = 0.0.0.0/0 + # guest account = nobody + # map to guest = bad user + # usershare allow guests = yes + # }; + settings = + let + make = + name: share: + nameValuePair "${name}" { + path = share.sharePath; + public = if share.enableTimeMachine then "no" else "yes"; + private = if !share.public || share.enableTimeMachine then "yes" else "no"; + browseable = if share.browseable then "yes" else "no"; + writable = "yes"; + "force group" = "jallen-nas"; + "read only" = if share.readOnly then "yes" else "no"; + "guest ok" = if share.guestOk then "yes" else "no"; + "create mask" = share.createMask; + "directory mask" = share.directoryMask; + "fruit:aapl" = if share.enableTimeMachine then "yes" else "no"; + "fruit:time machine" = if share.enableTimeMachine then "yes" else "no"; + "vfs objects" = "catia fruit streams_xattr"; + "fruit:time machine max size" = share.timeMachineMaxSize; + }; + in + mapAttrs' make cfg.shares; + }; + }; +} diff --git a/modules/samba/default.nix b/modules/samba/default.nix index a685559..5233373 100644 --- a/modules/samba/default.nix +++ b/modules/samba/default.nix @@ -1,9 +1,7 @@ -{ lib, config, ... }: +{ lib, pkgs, config, ... }: with lib; -let - cfg = config.nas-samba; -in -{ +let cfg = config.nas-samba; +in { imports = [ ./options.nix ]; config = mkIf cfg.enable { @@ -24,50 +22,41 @@ in }; }; - networking.firewall.enable = true; - networking.firewall.allowPing = true; - services.samba = { enable = true; + securityType = "user"; openFirewall = true; - # settings = { - # create-mode = 664; - # force directory mode = 2770 - # workgroup = WORKGROUP - # server string = jallen-nas - # netbios name = jallen-nas - # security = user - # #use sendfile = yes - # #max protocol = smb2 - # # note: localhost is the ipv6 localhost ::1 - # hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost - # hosts deny = 0.0.0.0/0 - # guest account = nobody - # map to guest = bad user - # usershare allow guests = yes - # }; - settings = - let - make = - name: share: - nameValuePair "${name}" { - path = share.sharePath; - public = if share.enableTimeMachine then "no" else "yes"; - private = if !share.public || share.enableTimeMachine then "yes" else "no"; - browseable = if share.browseable then "yes" else "no"; - writable = "yes"; - "force group" = "jallen-nas"; - "read only" = if share.readOnly then "yes" else "no"; - "guest ok" = if share.guestOk then "yes" else "no"; - "create mask" = share.createMask; - "directory mask" = share.directoryMask; - "fruit:aapl" = if share.enableTimeMachine then "yes" else "no"; - "fruit:time machine" = if share.enableTimeMachine then "yes" else "no"; - "vfs objects" = "catia fruit streams_xattr"; - "fruit:time machine max size" = share.timeMachineMaxSize; - }; - in - mapAttrs' make cfg.shares; + extraConfig = '' + workgroup = WORKGROUP + server string = smbnix + netbios name = smbnix + security = user + #use sendfile = yes + #max protocol = smb2 + # note: localhost is the ipv6 localhost ::1 + hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost + hosts deny = 0.0.0.0/0 + guest account = nobody + map to guest = bad user + ''; + shares = let + make = name: share: + nameValuePair "${name}" { + path = share.sharePath; + public = if share.enableTimeMachine then "no" else "yes"; + private = if !share.public || share.enableTimeMachine then "yes" else "no"; + browseable = if share.browseable then "yes" else "no"; + writable = "yes"; + "read only" = if share.readOnly then "yes" else "no"; + "guest ok" = if share.guestOk then "yes" else "no"; + "create mask" = share.createMask; + "directory mask" = share.directoryMask; + "fruit:aapl" = if share.enableTimeMachine then "yes" else "no"; + "fruit:time machine" = if share.enableTimeMachine then "yes" else "no"; + "vfs objects" = "catia fruit streams_xattr"; + "fruit:time machine max size" = share.timeMachineMaxSize; + }; + in mapAttrs' make cfg.shares; }; }; -} +} \ No newline at end of file diff --git a/share/default.nix b/share/default.nix index 7fd2a9c..e22b739 100644 --- a/share/default.nix +++ b/share/default.nix @@ -1,7 +1,7 @@ { ... }: { imports = [ - ./amd + # ./amd ./nvidia ./gaming ]; diff --git a/share/nvidia/default.nix b/share/nvidia/default.nix index dfdc81d..46f0597 100644 --- a/share/nvidia/default.nix +++ b/share/nvidia/default.nix @@ -1,6 +1,7 @@ { lib, config, + pkgs, ... }: with lib; @@ -17,8 +18,10 @@ in package = if cfg.enableBeta then config.boot.kernelPackages.nvidiaPackages.beta + # pkgs.unstable.kernelPackages.nvidiaPackages.beta else config.boot.kernelPackages.nvidiaPackages.latest; + # pkgs.unstable.kernelPackages.nvidiaPackages.latest; # Modesetting is required. modesetting.enable = true; @@ -45,9 +48,10 @@ in }; # Enable OpenGL - graphics = { + opengl = { enable = true; - enable32Bit = true; + driSupport = true; + driSupport32Bit = true; }; };