mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

organization

Browse Source
This commit is contained in:
mjallen18
2024-02-24 23:08:52 -06:00
parent dc6ebf3cbb
commit f0e5baea4b
22 changed files with 811 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

343
hosts/desktop/configuration.nix Normal file
View File

@@ -0,0 +1,343 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
let
user = "matt";
password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
hostname = "matt-nixos";
timezone = "America/Chicago";
# discover-wrapper is needed as of 1/24/24 since PackageKit does not work correctly so this removes error messages.
discover-wrapped = pkgs.symlinkJoin
{
name = "discover-flatpak-backend";
paths = [ pkgs.libsForQt5.discover ];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/plasma-discover --add-flags "--backends flatpak"
'';
};
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./cachix/cachix.nix
];
# Enable nix flakes and nix-command tools
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Configure bootloader with lanzaboot and secureboot
boot = {
loader = {
systemd-boot = {
enable = false;
configurationLimit = 2;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
settings = {
default = "@saved";
console-mode = "max";
};
configurationLimit = 2;
};
# Override kernel to latest
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [
"quiet" "amdgpu.ppfeaturemask=0xffffffff"
];
consoleLogLevel = 3;
bootspec.enable = true;
# Network option required using sysctl to let Ubisoft Connect work as of 7-12-2023
kernel.sysctl."net.ipv4.tcp_mtu_probing" = 1;
# Enable AppImage
binfmt.registrations.appimage = {
wrapInterpreterInShell = false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff'';
magicOrExtension = ''\x7fELF....AI\x02'';
};
};
# Hardware configs
hardware = {
# Bluetooth
bluetooth.enable = true;
# Xbox controllers
xpadneo.enable = true;
# Steam udev rules for remote play
steam-hardware.enable = true;
# Enable all firmware
enableAllFirmware = true;
# Disable pulse audio in favor of pipewire
pulseaudio.enable = false;
opengl.enable = true;
# Enables support for 32bit libs that steam uses
opengl.driSupport32Bit = true;
};
# Services configs
services = {
# Enable firmware updates
fwupd.enable = true;
# Enable the X11 windowing system.
xserver = {
enable = true;
# Enable the Plasma 6 Desktop Environment.
displayManager = {
sddm.enable = true;
defaultSession = "plasma";
};
desktopManager.plasma6.enable = true;
};
# Enable CUPS to print documents.
printing.enable = true;
# configure pipewire
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# enable auto discovery of printers
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
# Enable Flatpak
flatpak.enable = true;
flatpak.packages = [
"com.discordapp.Discord"
"com.spotify.Client"
"com.visualstudio.code"
"it.mijorus.gearlever"
"org.libreoffice.LibreOffice"
"net.davidotek.pupgui2" # Proton-Up Qt
"io.github.prateekmedia.appimagepool"
];
};
systemd.services.fix-wifi = {
path = [ pkgs.bash ];
script = ''
sleep 5
if ping -q -c1 10.0.1.1 &>/dev/null; then
echo "No need to fix wifi"
else
echo 1 | tee /sys/bus/pci/devices/0000\:09\:00.0/reset
rmmod iwlwifi
modprobe iwlwifi
fi
'';
wantedBy = [ "multi-user.target" ];
};
# Networking configs
networking = {
hostName = hostname;
# Enable Network Manager
networkmanager.enable = true;
};
# Time config
time = {
# Set your time zone.
timeZone = timezone;
hardwareClockInLocalTime = true;
};
# xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ];
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
# Security config
security = {
rtkit.enable = true;
# configure sudo
sudo = {
enable = true;
extraRules = [{
commands = [
{
command = "${pkgs.systemd}/bin/systemctl suspend";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
{
command = "/home/matt/nix-config/reset_wifi";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}];
};
# Configure polkit
polkit = {
enable = true;
extraConfig = ''
polkit.addRule(function(action, subject) {
if ((action.id == "org.corectrl.helper.init" ||
action.id == "org.corectrl.helperkiller.init") &&
subject.local == true &&
subject.active == true &&
subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
'';
};
};
# Configure environment
environment = {
# List packages installed in system profile. To search, run:
# $ nix search wget
systemPackages = with pkgs; [
vim
wget
nano
os-prober
efibootmgr
git
sbctl
gparted
discover-wrapped
pciutils
papirus-icon-theme
vulkan-tools
aspell
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
aha
clinfo
neofetch
gamescope
mangohud
goverlay
heroic
];
# Force radv
variables.AMD_VULKAN_ICD = "RADV";
};
# Configure programs
programs = {
fish.enable = true;
java.enable = true;
corectrl.enable = true;
# Steam
steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
};
};
# Configure nixpkgs
nixpkgs = {
config = {
# Enable non free
allowUnfree = true;
permittedInsecurePackages = [
# allow insecure electron for etcher
"electron-19.1.9"
];
packageOverrides = pkgs: {
steam = pkgs.steam.override {
extraPkgs = pkgs: with pkgs; [
xorg.libXcursor
xorg.libXi
xorg.libXinerama
xorg.libXScrnSaver
libpng
libpulseaudio
libvorbis
stdenv.cc.cc.lib
libkrb5
keyutils
];
};
};
};
};
# Define a user account. Don't forget to set a password with passwd.
users.users."${user}" = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" ]; # Enable sudo for the user.
shell = pkgs.fish;
packages = with pkgs; [
firefox
tree
lm_sensors
vmware-horizon-client
etcher
freerdp
];
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

79
hosts/desktop/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,79 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "ahci" "usbhid" "uas" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [ "subvol=etc" "compress=zstd" "noatime" ];
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" "noatime" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" "noatime" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/c6cf43cb-d0d2-4111-bc81-994e41b2632d";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/1058-F967";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/1db92c49-aa8d-4ca2-b453-83bfcd1d36dd"; }
];
fileSystems."/home/matt/Games" =
{ device = "/dev/disk/by-uuid/1adb3161-ef9e-45d9-be5f-dd718186f1b3";
fsType = "ext4";
};
fileSystems."/home/matt/1TB" =
{ device = "/dev/disk/by-uuid/7f9c2d1e-64ee-d901-2084-2d1e64eed901";
fsType = "ext4";
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp10s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp9s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

41
hosts/desktop/home.nix Normal file
View File

@@ -0,0 +1,41 @@
# Matt home.nix
{ pkgs, ... }: {
home.username = "matt";
home.homeDirectory = "/home/matt";
home.stateVersion = "23.11";
programs.home-manager.enable = true;
programs.fish.enable = true;
programs.mangohud.enable = true;
programs.git = {
enable = true;
userName = "mjallen18";
userEmail = "matt.l.jallen@gmail.com";
};
home.packages = [
# Other packages
];
# custom systemd services
# systemd.user.services.fix-wifi = {
# Unit = {
# Description = "Reset wifi adapter so that it works on boot consistently.";
# };
# Install = {
# WantedBy = [ "default.target" ];
# };
# Service = {
# ExecStart = "/home/matt/nix-config/scripts/reset_wifi";
# # ExecStart = "${pkgs.writeShellScript "fix-wifi" ''
# # #!/usr/bin/env bash
# # echo 1 | sudo -u root tee /sys/bus/pci/devices/0000\:09\:00.0/reset
# # sudo rmmod iwlwifi
# # sudo modprobe iwlwifi
# # ''}";
# };
# };
}

21
hosts/desktop/impermanence.nix Normal file
View File

@@ -0,0 +1,21 @@
{ pkgs, lib, LT, config, utils, inputs, ... }@args:
{
# Set up impernance configuration for things like bluetooth
# In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
environment.persistence."/nix/persist/system" = {
hideMounts = true;
directories = [
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
"/etc/secureboot"
{ directory = "/var/lib/colord"; user = "colord"; group = "colord"; mode = "u=rwx,g=rx,o="; }
];
files = [
{ file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
];
};
}

358
hosts/nas/configuration.nix Normal file
View File

@@ -0,0 +1,358 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
let
user = "admin";
password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
hostname = "jallen-nas";
timezone = "America/Chicago";
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../nas-samba/samba.nix
../../nas-apps/nas-apps.nix
];
# Enable nix flakes and nix-command tools
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nas-apps = {
jellyfin.enable = true;
jellyseerr.enable = true;
sabnzbd.enable = true;
radarr.enable = true;
sonarr.enable = true;
collabora.enable = true;
mariadb.enable = true;
nextcloud = {
enable = true;
httpPort = "9980";
httpsPort = "9443";
};
swag.enable = true;
};
# Configure bootloader with lanzaboot and secureboot
boot = {
loader = {
systemd-boot = {
enable = true;
configurationLimit = 2;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
# Override kernel to latest
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
kernelParams = [
"nohibernate"
];
consoleLogLevel = 3;
bootspec.enable = true;
supportedFilesystems = [ "zfs" ];
zfs.extraPools = [ "junk" ];
zfs.requestEncryptionCredentials = false;
};
# Hardware configs
hardware = {
# Bluetooth
bluetooth.enable = true;
# Enable all firmware
enableAllFirmware = true;
# Disable pulse audio in favor of pipewire
pulseaudio.enable = false;
# Nvidia
nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.beta;
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
};
# Enable OpenGL
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
};
# Services configs
services = {
openssh.enable = true;
# Enable firmware updates
fwupd.enable = true;
# Enable the X11 windowing system.
xserver = {
enable = true;
# Load nvidia driver for Xorg and Wayland
videoDrivers = ["nvidia"];
# Enable the Plasma 6 Desktop Environment.
displayManager = {
sddm.enable = true;
defaultSession = "plasmawayland";
};
desktopManager.plasma5.enable = true;
};
# Enable CUPS to print documents.
printing.enable = true;
# configure pipewire
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# Set to enable Flatpak
flatpak.enable = false;
# Enable RDP
xrdp = {
enable = true;
defaultWindowManager = "startplasma-x11";
openFirewall = true;
};
avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
extraServiceFiles = { # TODO is this needed?
smb = ''
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
'';
};
};
};
systemd.services = {
nas-mounts = {
path = [ pkgs.zfs pkgs.bash ];
script = ''
if test -d /mnt/ssd/ssd_app_data; then
echo "NAS ZFS Pools Mounted."
else
zpool import -f "MainPool"
zpool import -f "SSD"
zfs load-key -L file:///root/main-pool.key "MainPool"
zfs load-key -L file:///root/ssd.key "SSD"
zfs mount -a
echo "NAS ZFS Pools Mounted."
fi
'';
wantedBy = [ "multi-user.target" ];
};
glances-server = {
path = [ pkgs.bash pkgs.glances ];
script = ''
#!/user/bin/env bash
glances -w
'';
wantedBy = [ "multi-user.target" ];
};
};
# Networking configs enp7s0
networking = {
hostName = hostname;
hostId = "4b501480";
# Enable Network Manager
networkmanager.enable = true;
firewall = {
enable = true;
allowPing = true;
extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns''; # TODO is this needed?
allowedTCPPorts = [ 61208 ];
allowedUDPPorts = [ 61208 ];
};
};
# Time config
time = {
# Set your time zone.
timeZone = timezone;
};
# Configure environment
environment = {
# List packages installed in system profile. To search, run:
# $ nix search wget
systemPackages = with pkgs; [
vim
wget
nano
efibootmgr
sbctl
pciutils
vulkan-tools
clinfo
glances
python3
nix-ld
binutils
gcc
nodejs-18_x
];
};
# Configure programs
programs = {
fish.enable = true;
virt-manager.enable = true;
nix-ld.enable = true;
};
# Configure nixpkgs
nixpkgs = {
config = {
# Enable non free
allowUnfree = true;
permittedInsecurePackages = [
# ...
];
};
};
# Define a user account. Don't forget to set a password with passwd.
users = {
# See https://search.nixos.org/options?channel=unstable&show=users.mutableUsers&from=0&size=50&sort=relevance&type=packages&query=users.users
mutableUsers = false;
groups.jallen-nas.gid = 1000; # create nas group cause truenas perms
# Admin account
users."${user}" = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "docker" "podman" "libvirtd" "nas-apps" "jallen-nas" ]; # Enable sudo for the user.
initialHashedPassword = password;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
# macBook
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
# desktop windows
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
];
packages = with pkgs; [
neofetch
git
parted
aspell
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
aha
papirus-icon-theme
firefox
];
};
# Nix app account
users.nix-apps = {
isSystemUser = true;
uid = 911;
group = "jallen-nas";
extraGroups = [ "jallen-nas" ]; # Enable sudo for the user.
hashedPassword = password;
};
};
# Virtualisation
virtualisation = {
docker = {
enable = true;
enableNvidia = true;
enableOnBoot = true;
};
libvirtd.enable = true;
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

81
hosts/nas/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,81 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "mpt3sas" "xhci_pci" "ahci" "uas" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/C6E9-7371";
fsType = "vfat";
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3";
fsType = "btrfs";
options = [ "subvol=nix" "compress-force=zstd" "noatime" ];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3";
fsType = "btrfs";
options = [ "subvol=etc" "compress-force=zstd" "noatime" ];
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3";
fsType = "btrfs";
options = [ "subvol=root" "compress-force=zstd" "noatime" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3";
fsType = "btrfs";
options = [ "subvol=log" "compress-force=zstd" "noatime" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3";
fsType = "btrfs";
options = [ "subvol=home" "compress-force=zstd"];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/c08ba901-a8a9-4006-9688-002bb24da1b6"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
# networking.interfaces.podman0.useDHCP = lib.mkDefault true;
# networking.interfaces.veth0.useDHCP = lib.mkDefault true;
# networking.interfaces.veth1.useDHCP = lib.mkDefault true;
# networking.interfaces.veth2.useDHCP = lib.mkDefault true;
# networking.interfaces.veth3.useDHCP = lib.mkDefault true;
# networking.interfaces.veth4.useDHCP = lib.mkDefault true;
# networking.interfaces.veth5.useDHCP = lib.mkDefault true;
# networking.interfaces.veth6.useDHCP = lib.mkDefault true;
# networking.interfaces.veth7.useDHCP = lib.mkDefault true;
# networking.interfaces.vethd3ca67e.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

86
hosts/pi4/configuration.nix Normal file
View File

@@ -0,0 +1,86 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
let
user = "matt";
password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
SSID = "Joeys Jungle";
SSIDpassword = "kR8v&3Qd";
interface = "wlan0";
timezone = "America/Chicago";
hostname = "nixos-pi4";
in {
imports =
[ # Include the results of the hardware scan.
./hardware-configuration-pi4.nix
./docker-pi4.nix
];
# Enable nix flakes and nix-command tools
nix.settings.experimental-features = [ "nix-command" "flakes" ];
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
# Set your time zone.
time.timeZone = "America/Chicago";
networking = {
hostName = hostname;
wireless = {
enable = true;
networks."${SSID}".psk = SSIDpassword;
interfaces = [ interface ];
};
};
environment.systemPackages = with pkgs; [
vim
raspberrypi-eeprom
htop
git
];
services.openssh.enable = true;
users = {
mutableUsers = false;
users."${user}" = {
isNormalUser = true;
initialHashedPassword = password;
extraGroups = [ "wheel" "docker" ];
};
};
virtualisation.docker.enable = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.05"; # Did you read the comment?
}

33
hosts/pi4/docker-pi4.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, pkgs, ... }:
{
# Portainer
virtualisation.oci-containers.containers."portainer" = {
autoStart = true;
image = "portainer/portainer-ce";
ports = [ "8000:8000" "9443:9443" ];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
"/media/T5/docker/config/portainer:/data"
];
};
# Jellyfin
virtualisation.oci-containers.containers."jellyfin" = {
autoStart = true;
image = "jellyfin/jellyfin";
volumes = [
"/media/T5/containers/jellyfin/config:/config"
"/media/T5/containers/jellyfin/cache:/cache"
"/media/T5/containers/jellyfin/log:/log"
"/media/T5/movies:/movies"
"/media/T5/tv:/tv"
];
ports = [ "8096:8096" ];
environment = {
JELLYFIN_LOG_DIR = "/log";
};
};
}

44
hosts/pi4/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,44 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/ec969af6-d557-408a-a149-ba23d31fd8a2";
fsType = "ext4";
};
fileSystems."/media/T5" =
{ device = "/dev/disk/by-uuid/191ce486-899d-4718-81e3-5c9b3ea860e4";
fsType = "ext4";
};
fileSystems."/FIRMWARE" =
{ device = "/dev/disk/by-uuid/5A9F-FC90";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/d9909ef7-c345-48f7-b210-ad7cbe72224b"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}