mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

move stuff

Browse Source
This commit is contained in:
mjallen18
2025-08-26 17:20:27 -05:00
parent f66c0726b0
commit d15762b199
68 changed files with 24 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

307
systems/x86_64-linux/jallen-nas/services.nix Executable file
View File

@@ -0,0 +1,307 @@
{ pkgs, config, ... }:
let
enableDisplayManager = false;
in
{
# Services configs
services = {
minecraft-server = {
enable = false;
eula = true;
declarative = true;
openFirewall = true;
dataDir = "/media/nas/main/ssd_app_data/minecraft";
serverProperties = {
enforce-whitelist = true;
white-list = true;
"enable-rcon" = true;
"rcon.password" = config.sops.secrets."jallen-nas/admin_password".path;
};
whitelist = {
mjallen18 = "03d9fba9-4453-4ad1-afa6-c67738685189";
AlpineScent = "76ff084d-2e66-4877-aec2-d6b278431bda";
Fortltude = "61a01913-8b10-4d64-b7ce-7958088cd6d3";
SpicyNick = "8bb5976f-6fd9-4fa5-8697-6ecb4ee38427";
};
jvmOpts = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10";
};
udisks2.enable = true;
# Enable the Desktop Environment.
desktopManager.plasma6.enable = enableDisplayManager;
displayManager = {
sddm.enable = enableDisplayManager;
defaultSession = "plasma";
};
gnome.gnome-keyring.enable = true;
# Enable RDP
xrdp = {
enable = true;
openFirewall = true;
};
avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
extraServiceFiles = {
# TODO is this needed?
smb = ''
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
'';
};
};
tailscale = {
enable = true;
openFirewall = true;
useRoutingFeatures = "client";
extraUpFlags = [
"--advertise-exit-node"
"--accept-dns=false"
"--advertise-routes=10.0.1.0/24"
"--hostname=jallen-nas"
];
extraSetFlags = [
"--advertise-exit-node"
"--hostname=jallen-nas"
"--webclient"
];
# authKeyFile = "/media/nas/main/nix-app-data/tailscale/auth";
};
btrfs = {
autoScrub.enable = false;
autoScrub.fileSystems = [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
"/media/nas/main/nix-app-data"
"/media/nas/main/ssd_app_data"
"/media/nas/main/mariadb"
"/media/nas/main/3d_printer"
"/media/nas/main/backup"
"/media/nas/main/documents"
"/media/nas/main/nextcloud"
"/media/nas/main/movies"
"/media/nas/main/tv"
"/media/nas/main/isos"
];
};
# nixai = {
# enable = true;
# mcp = {
# enable = true;
# # Optional: custom socket path
# socketPath = "/run/nixai/mcp.sock";
# };
# };
postgresql = {
enable = true;
package = pkgs.postgresql_16;
dataDir = "/media/nas/main/nix-app-data/postgresql";
ensureDatabases = [ "authentik" ];
ensureUsers = [
{
name = "authentik";
ensureDBOwnership = true;
}
];
};
redis = {
servers = {
authentik = {
enable = true;
port = 6379;
};
manyfold = {
enable = true;
port = 6380;
};
};
};
};
# TODO move to normal samba settings
services.samba.settings.global = {
"workgroup" = "WORKGROUP";
"server string" = "Jallen-NAS";
"netbios name" = "Jallen-NAS";
"security" = "user";
#"use sendfile" = "yes";
#"max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1
"hosts allow" = "10.0.1. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
};
systemd.services = {
btrfs-balance = {
description = "BTRFS Balance Service";
# This ensures the service only runs when the filesystem is mounted
requires = [ "local-fs.target" ];
after = [ "local-fs.target" ];
# The actual balance command
script = ''
# Start with lower usage to handle the most fragmented blocks first
${pkgs.btrfs-progs}/bin/btrfs balance start -dusage=5 -musage=5 /mount/point
${pkgs.btrfs-progs}/bin/btrfs balance start -dusage=10 -musage=10 /mount/point
${pkgs.btrfs-progs}/bin/btrfs balance start -dusage=20 -musage=20 /mount/point
'';
serviceConfig = {
Type = "oneshot";
Nice = 19; # Lowest CPU priority
IOSchedulingClass = "idle"; # Lowest I/O priority
# Prevent multiple instances from running simultaneously
ExecStartPre = "${pkgs.coreutils}/bin/rm -f /var/run/btrfs-balance.stamp";
ExecStopPost = "${pkgs.coreutils}/bin/touch /var/run/btrfs-balance.stamp";
};
};
system-update-check = {
description = "Check for system configuration updates";
# Required packages for the service
path = with pkgs; [
git
nixos-rebuild
openssh
];
# Service configuration
serviceConfig = {
Type = "oneshot";
User = "root";
WorkingDirectory = "/etc/nixos"; # Adjust this path to your config location
};
# The script that runs to check for updates
script = ''
# Store the current commit hash
OLD_HASH=$(git rev-parse HEAD)
# Fetch updates from remote
git fetch origin main # Adjust branch name if needed
# Get the new commit hash
NEW_HASH=$(git rev-parse origin/main)
# If there are changes, pull and rebuild
if [ "$OLD_HASH" != "$NEW_HASH" ]; then
echo "Updates found, pulling changes..."
git pull origin main
# Get commit message and timestamp for the tag
COMMIT_MSG=$(git log -1 --pretty=%B | head -n1 | tr -dc '[:alnum:][:space:]-' | tr '[:space:]' '-')
TIMESTAMP=$(date +%Y%m%d-%H%M)
SHORT_HASH=$(git rev-parse --short HEAD)
# Create a profile name using the timestamp, short hash, and commit message
PROFILE_NAME="$TIMESTAMP-$SHORT_HASH-$COMMIT_MSG"
# Rebuild the system
nixos-rebuild boot --profile-name "$PROFILE_NAME"
echo "System rebuilt with profile: $PROFILE_NAME"
else
echo "No updates found"
fi
'';
};
rsync-ssd = {
path = [
pkgs.bash
pkgs.rsync
];
script = ''
rsync -rtpogvPlHzs --ignore-existing /media/nas/main /media/nas/main/backup/ssd
'';
};
hd-idle = {
enable = false;
environment = {
HD_IDLE_OPTS = "-a /dev/disk/by-id/ata-Samsung_SSD_860_EVO_500GB_S3Z1NW0KA10457X,/dev/disk/by-id/ata-SSD2SC240G1SA754D117-820_PNY29140000558890457,/dev/disk/by-id/ata-ST3000DM007-1WY10G_ZFN28XXS,/dev/disk/by-id/ata-ST3000DM007-1WY10G_ZFQ052KN,/dev/disk/by-id/ata-ST3000DM007-1WY10G_ZFQ052NN,/dev/disk/by-id/ata-ST3000VN007-2E4166_Z731JVZJ,/dev/disk/by-id/ata-ST4000VN008-2DR166_ZDHBNBGP,/dev/disk/by-id/ata-ST8000AS0002-1NA17Z_Z8411RMB";
};
path = [
pkgs.bash
pkgs.hd-idle
];
script = ''
hd-idle $HD_IDLE_OPTS
'';
serviceConfig = {
Type = "oneshot";
};
};
};
security.pam.services.login.enableGnomeKeyring = true;
# Configure gpg-agent to cache keys
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
# Set how long to cache the passphrase (in seconds)
# defaultCacheTtl = 34560;
# maxCacheTtl = 34560;
};
# Create a timer to run the service periodically
systemd.timers = {
btrfs-balance = {
description = "Timer for BTRFS Balance Service";
wantedBy = [ "timers.target" ];
timerConfig = {
# Run weekly on Sunday at 2am
OnCalendar = "Sun *-*-* 02:00:00";
# Add randomized delay to prevent multiple systems from starting at exactly the same time
RandomizedDelaySec = "1h";
# Ensure we don't start multiple times if the system was off
Persistent = true;
};
};
system-update-check = {
description = "Timer for system configuration updates";
wantedBy = [ "timers.target" ];
# Timer configuration
timerConfig = {
OnCalendar = "daily"; # Check every day
Persistent = true; # Run immediately if last run was missed
Unit = "system-update-check.service";
};
};
};
}