mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

organization

Browse Source
This commit is contained in:
mjallen18
2024-02-24 23:08:52 -06:00
parent dc6ebf3cbb
commit f0e5baea4b
22 changed files with 811 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

358
hosts/nas/configuration.nix Normal file
View File

@@ -0,0 +1,358 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
let
user = "admin";
password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
hostname = "jallen-nas";
timezone = "America/Chicago";
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../nas-samba/samba.nix
../../nas-apps/nas-apps.nix
];
# Enable nix flakes and nix-command tools
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nas-apps = {
jellyfin.enable = true;
jellyseerr.enable = true;
sabnzbd.enable = true;
radarr.enable = true;
sonarr.enable = true;
collabora.enable = true;
mariadb.enable = true;
nextcloud = {
enable = true;
httpPort = "9980";
httpsPort = "9443";
};
swag.enable = true;
};
# Configure bootloader with lanzaboot and secureboot
boot = {
loader = {
systemd-boot = {
enable = true;
configurationLimit = 2;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
# Override kernel to latest
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
kernelParams = [
"nohibernate"
];
consoleLogLevel = 3;
bootspec.enable = true;
supportedFilesystems = [ "zfs" ];
zfs.extraPools = [ "junk" ];
zfs.requestEncryptionCredentials = false;
};
# Hardware configs
hardware = {
# Bluetooth
bluetooth.enable = true;
# Enable all firmware
enableAllFirmware = true;
# Disable pulse audio in favor of pipewire
pulseaudio.enable = false;
# Nvidia
nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.beta;
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
};
# Enable OpenGL
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
};
# Services configs
services = {
openssh.enable = true;
# Enable firmware updates
fwupd.enable = true;
# Enable the X11 windowing system.
xserver = {
enable = true;
# Load nvidia driver for Xorg and Wayland
videoDrivers = ["nvidia"];
# Enable the Plasma 6 Desktop Environment.
displayManager = {
sddm.enable = true;
defaultSession = "plasmawayland";
};
desktopManager.plasma5.enable = true;
};
# Enable CUPS to print documents.
printing.enable = true;
# configure pipewire
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# Set to enable Flatpak
flatpak.enable = false;
# Enable RDP
xrdp = {
enable = true;
defaultWindowManager = "startplasma-x11";
openFirewall = true;
};
avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
extraServiceFiles = { # TODO is this needed?
smb = ''
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
'';
};
};
};
systemd.services = {
nas-mounts = {
path = [ pkgs.zfs pkgs.bash ];
script = ''
if test -d /mnt/ssd/ssd_app_data; then
echo "NAS ZFS Pools Mounted."
else
zpool import -f "MainPool"
zpool import -f "SSD"
zfs load-key -L file:///root/main-pool.key "MainPool"
zfs load-key -L file:///root/ssd.key "SSD"
zfs mount -a
echo "NAS ZFS Pools Mounted."
fi
'';
wantedBy = [ "multi-user.target" ];
};
glances-server = {
path = [ pkgs.bash pkgs.glances ];
script = ''
#!/user/bin/env bash
glances -w
'';
wantedBy = [ "multi-user.target" ];
};
};
# Networking configs enp7s0
networking = {
hostName = hostname;
hostId = "4b501480";
# Enable Network Manager
networkmanager.enable = true;
firewall = {
enable = true;
allowPing = true;
extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns''; # TODO is this needed?
allowedTCPPorts = [ 61208 ];
allowedUDPPorts = [ 61208 ];
};
};
# Time config
time = {
# Set your time zone.
timeZone = timezone;
};
# Configure environment
environment = {
# List packages installed in system profile. To search, run:
# $ nix search wget
systemPackages = with pkgs; [
vim
wget
nano
efibootmgr
sbctl
pciutils
vulkan-tools
clinfo
glances
python3
nix-ld
binutils
gcc
nodejs-18_x
];
};
# Configure programs
programs = {
fish.enable = true;
virt-manager.enable = true;
nix-ld.enable = true;
};
# Configure nixpkgs
nixpkgs = {
config = {
# Enable non free
allowUnfree = true;
permittedInsecurePackages = [
# ...
];
};
};
# Define a user account. Don't forget to set a password with passwd.
users = {
# See https://search.nixos.org/options?channel=unstable&show=users.mutableUsers&from=0&size=50&sort=relevance&type=packages&query=users.users
mutableUsers = false;
groups.jallen-nas.gid = 1000; # create nas group cause truenas perms
# Admin account
users."${user}" = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "docker" "podman" "libvirtd" "nas-apps" "jallen-nas" ]; # Enable sudo for the user.
initialHashedPassword = password;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
# macBook
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
# desktop windows
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
];
packages = with pkgs; [
neofetch
git
parted
aspell
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
aha
papirus-icon-theme
firefox
];
};
# Nix app account
users.nix-apps = {
isSystemUser = true;
uid = 911;
group = "jallen-nas";
extraGroups = [ "jallen-nas" ]; # Enable sudo for the user.
hashedPassword = password;
};
};
# Virtualisation
virtualisation = {
docker = {
enable = true;
enableNvidia = true;
enableOnBoot = true;
};
libvirtd.enable = true;
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

81
hosts/nas/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,81 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "mpt3sas" "xhci_pci" "ahci" "uas" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/C6E9-7371";
fsType = "vfat";
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3";
fsType = "btrfs";
options = [ "subvol=nix" "compress-force=zstd" "noatime" ];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3";
fsType = "btrfs";
options = [ "subvol=etc" "compress-force=zstd" "noatime" ];
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3";
fsType = "btrfs";
options = [ "subvol=root" "compress-force=zstd" "noatime" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3";
fsType = "btrfs";
options = [ "subvol=log" "compress-force=zstd" "noatime" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/85e2fa30-816f-4457-80a1-9f88b9ab77b3";
fsType = "btrfs";
options = [ "subvol=home" "compress-force=zstd"];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/c08ba901-a8a9-4006-9688-002bb24da1b6"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
# networking.interfaces.podman0.useDHCP = lib.mkDefault true;
# networking.interfaces.veth0.useDHCP = lib.mkDefault true;
# networking.interfaces.veth1.useDHCP = lib.mkDefault true;
# networking.interfaces.veth2.useDHCP = lib.mkDefault true;
# networking.interfaces.veth3.useDHCP = lib.mkDefault true;
# networking.interfaces.veth4.useDHCP = lib.mkDefault true;
# networking.interfaces.veth5.useDHCP = lib.mkDefault true;
# networking.interfaces.veth6.useDHCP = lib.mkDefault true;
# networking.interfaces.veth7.useDHCP = lib.mkDefault true;
# networking.interfaces.vethd3ca67e.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}