mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

nas builds

Browse Source
This commit is contained in:
mjallen18
2025-07-22 12:35:00 -05:00
parent 1e5f1db195
commit f11a40370b
5 changed files with 77 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
flake.lock generated
View File

@@ -86,11 +86,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1753035671, "lastModified": 1753146705,
"narHash": "sha256-F1EAebqC+De5rog6rK/jVTetEGrCKHR7q8wQHx3VqAM=", "narHash": "sha256-WzmXODUzg8jeEsAhpmp55zk5I2fmv3kv+RofZ/+FYlg=",
"owner": "chaotic-cx", "owner": "chaotic-cx",
"repo": "nyx", "repo": "nyx",
"rev": "57509273a21933c184eb1985efc06381879c09f1", "rev": "02b3c2a45f6ddbd704f797c5730bc2d161f10ce0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -504,11 +504,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1752783339, "lastModified": 1753132348,
"narHash": "sha256-RXxejsGIWtJ5rJKLAm8Kh159euZHPMi7CtbOoHLsm2c=", "narHash": "sha256-0i3jU9AHuNXb0wYGzImnVwaw+miE0yW13qfjC0F+fIE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "7c78e592a895f2f1921f0024848fe193e2f8518e", "rev": "e4bf85da687027cfc4a8853ca11b6b86ce41d732",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -524,11 +524,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753056897, "lastModified": 1753180535,
"narHash": "sha256-AVVMBFcuOXqIgmShvRv9TED3fkiZhQ0ZvlhsPoFfkNE=", "narHash": "sha256-KEtlzMs2O7FDvciFtjk9W4hyau013Pj9qZNK9a0PxEc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "13a83d1b6545b7f0e8f7689bad62e7a3b1d63771", "rev": "847711c7ffa9944b0c5c39a8342ac8eb6a9f9abc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -540,11 +540,11 @@
"homebrew-cask": { "homebrew-cask": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1753115487, "lastModified": 1753192390,
"narHash": "sha256-3uZaS9DHqZxfE57aAPDAsepLRU140RV6FYDUREXK47c=", "narHash": "sha256-B/MI7F4IliXNY6QEKCmIEsO4A0Qt9jUZXfMfrX9/5hE=",
"owner": "homebrew", "owner": "homebrew",
"repo": "homebrew-cask", "repo": "homebrew-cask",
"rev": "3b67ce4096f29acf817bf666b5a4dfc98733ed6b", "rev": "4f64bf7953d412b473d1f459208c725861646a6d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -556,11 +556,11 @@
"homebrew-core": { "homebrew-core": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1753113580, "lastModified": 1753194897,
"narHash": "sha256-lKbdUt+//YX4bC5OpLTY6dGKb4Z84Gbr2sMB6V6TuRk=", "narHash": "sha256-jo7SLfGCgQbLKK9kbHXgLJY8bbzESn1K6Sr2x7EFzKY=",
"owner": "homebrew", "owner": "homebrew",
"repo": "homebrew-core", "repo": "homebrew-core",
"rev": "551941d43131806a6c9332ac1a1d85d28ecc52c9", "rev": "a427a5a802b98591899d4bda471a7a14ed5ff2fd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -764,11 +764,11 @@
"nixpkgs": "nixpkgs_8" "nixpkgs": "nixpkgs_8"
}, },
"locked": { "locked": {
"lastModified": 1753064291, "lastModified": 1753150460,
"narHash": "sha256-SthlGBO9W1NXCAHBxV5DrWOt3daYXlSR8lAtOaKWCPw=", "narHash": "sha256-q2dkvuIfEb5fWBF6TJePJbcP1hqxARAUddfPGVGvD38=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "9648256bb966f178586cb96cc397985c82e514b8", "rev": "d13827556415f4050b510e9cfb9873c1ce9aaec4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -802,11 +802,11 @@
"nixpkgs": "nixpkgs_10" "nixpkgs": "nixpkgs_10"
}, },
"locked": { "locked": {
"lastModified": 1753029310, "lastModified": 1753175937,
"narHash": "sha256-GqH4hhdpWnaKR2Zl1rYXXdX2acw6pGQH65VCWF3D6Uc=", "narHash": "sha256-DtDt87Gld0RCI2qHb7uUb1eWB16FFC4aNDfxZpic/Nw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-apple-silicon", "repo": "nixos-apple-silicon",
"rev": "fe61e1be8f134efe47b290c26e8496a3a03ae8ec", "rev": "5ddfff8387edf7c92ce36effb06fb2c52624fece",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -817,11 +817,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1752666637, "lastModified": 1753122741,
"narHash": "sha256-P8J72psdc/rWliIvp8jUpoQ6qRDlVzgSDDlgkaXQ0Fw=", "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "d1bfa8f6ccfb5c383e1eba609c1eb67ca24ed153", "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -942,11 +942,11 @@
}, },
"nixpkgs-stable_3": { "nixpkgs-stable_3": {
"locked": { "locked": {
"lastModified": 1752866191, "lastModified": 1753115646,
"narHash": "sha256-NV4S2Lf2hYmZQ3Qf4t/YyyBaJNuxLPyjzvDma0zPp/M=", "narHash": "sha256-yLuz5cz5Z+sn8DRAfNkrd2Z1cV6DaYO9JMrEz4KZo/c=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f01fe91b0108a7aff99c99f2e9abbc45db0adc2a", "rev": "92c2e04a475523e723c67ef872d8037379073681",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -990,11 +990,11 @@
}, },
"nixpkgs_12": { "nixpkgs_12": {
"locked": { "locked": {
"lastModified": 1752950548, "lastModified": 1752427638,
"narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", "narHash": "sha256-ANNyaXW/cnZLszjXB4LXGxaWZ2cRz7Ar06WjYoawgFo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c87b95e25065c028d31a94f06a62927d18763fdf", "rev": "b2e5044b3e79793df83d01c9983c054cae5ea6ff",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1298,11 +1298,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1752720268, "lastModified": 1753066249,
"narHash": "sha256-XCiJdtXIN09Iv0i1gs5ajJ9CVHk537Gy1iG/4nIdpVI=", "narHash": "sha256-j2UBrfDRIePGx3532Bbb9UeosNX2F73hfOAHtmACfnM=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "dc221f842e9ddc8c0416beae8d77f2ea356b91ae", "rev": "0751b65633a1785743ca44fd7c14a633c54c1f91",
"type": "github" "type": "github"
}, },
"original": { "original": {

28
modules/nixos/impermanence/default.nix
View File

@@ -31,6 +31,34 @@
group = "root"; group = "root";
mode = "u=rwx,g=rx,o=rx"; mode = "u=rwx,g=rx,o=rx";
} }
{
directory = "/var/lib/private/authentik/media";
user = "authentik";
group = "authentik";
mode = "u=rwx,g=,o=";
}
{
directory = "/var/lib/private";
mode = "u=rwx,g=rx,o=";
}
{
directory = "/media/nas";
user = "nas-apps";
group = "jallen-nas";
mode = "u=rwx,g=rx,o=rx";
}
{
directory = "/var/lib/crowdsec";
user = "crowdsec";
group = "crowdsec";
mode = "u=rwx,g=rwx,o=rx";
}
{
directory = "/plugins-storage";
user = "traefik";
group = "traefik";
mode = "u=rwx,g=rwx,o=rx";
}
]; ];
files = [ files = [
"/etc/machine-id" "/etc/machine-id"

22
systems/x86_64-linux/deck/sops.nix
View File

@@ -1,6 +1,6 @@
{ config, ... }: { config, lib, namespace, ... }:
let let
user = "deck"; user = config.${namespace}.user.name;
in in
{ {
# Permission modes are in octal representation (same as chmod), # Permission modes are in octal representation (same as chmod),
@@ -18,7 +18,7 @@ in
# Either the group id or group name representation of the secret group # Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration # It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = { sops = {
defaultSopsFile = ../../../secrets/steamdeck-secrets.yaml; defaultSopsFile = (lib.snowfall.fs.get-file "secrets/steamdeck-secrets.yaml");
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------ # ------------------------------
@@ -33,7 +33,7 @@ in
}; };
"wifi" = { "wifi" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
}; };
# ------------------------------ # ------------------------------
@@ -66,37 +66,37 @@ in
# Secureboot keys # Secureboot keys
# ------------------------------ # ------------------------------
"secureboot/GUID" = { "secureboot/GUID" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
# path = "/etc/secureboot/GUID"; # path = "/etc/secureboot/GUID";
mode = "0600"; mode = "0600";
}; };
"secureboot/keys/db-key" = { "secureboot/keys/db-key" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
# path = "/etc/secureboot/keys/db/db.key"; # path = "/etc/secureboot/keys/db/db.key";
mode = "0600"; mode = "0600";
}; };
"secureboot/keys/db-pem" = { "secureboot/keys/db-pem" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
# path = "/etc/secureboot/keys/db/db.pem"; # path = "/etc/secureboot/keys/db/db.pem";
mode = "0600"; mode = "0600";
}; };
"secureboot/keys/KEK-key" = { "secureboot/keys/KEK-key" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
# path = "/etc/secureboot/keys/KEK/KEK.key"; # path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0600"; mode = "0600";
}; };
"secureboot/keys/KEK-pem" = { "secureboot/keys/KEK-pem" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
# path = "/etc/secureboot/keys/KEK/KEK.pem"; # path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0600"; mode = "0600";
}; };
"secureboot/keys/PK-key" = { "secureboot/keys/PK-key" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
# path = "/etc/secureboot/keys/PK/PK.key"; # path = "/etc/secureboot/keys/PK/PK.key";
mode = "0600"; mode = "0600";
}; };
"secureboot/keys/PK-pem" = { "secureboot/keys/PK-pem" = {
sopsFile = ../../../secrets/secrets.yaml; sopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
# path = "/etc/secureboot/keys/PK/PK.pem"; # path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0600"; mode = "0600";
}; };

4
systems/x86_64-linux/nas/apps/nextcloud/default.nix
View File

@@ -6,14 +6,14 @@ let
jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path; jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
nextcloudUserId = config.users.users.nix-apps.uid; nextcloudUserId = config.users.users.nix-apps.uid;
nextcloudGroupId = config.users.groups.jallen-nas.gid; nextcloudGroupId = config.users.groups.jallen-nas.gid;
nextcloudPackage = pkgs.stable.nextcloud31; nextcloudPackage = pkgs.nextcloud31;
hostAddress = settings.hostAddress; hostAddress = settings.hostAddress;
localAddress = "10.0.2.18"; localAddress = "10.0.2.18";
nextcloudPortExtHttp = 9988; nextcloudPortExtHttp = 9988;
nextcloudPortExtHttps = 9943; nextcloudPortExtHttps = 9943;
onlyofficePortExt = 9943; onlyofficePortExt = 9943;
systemPackages = with pkgs.stable; [ systemPackages = with pkgs; [
cudaPackages.cudnn cudaPackages.cudnn
cudatoolkit cudatoolkit
ffmpeg ffmpeg

7
systems/x86_64-linux/nas/default.nix
View File

@@ -27,10 +27,6 @@
./sops.nix ./sops.nix
]; ];
snowfallorg.users.admin.home.config = {
mjallen.sops.enable = true;
};
powerManagement.cpuFreqGovernor = "powersave"; powerManagement.cpuFreqGovernor = "powersave";
${namespace} = { ${namespace} = {
@@ -43,6 +39,9 @@
nvidiaSettings = true; nvidiaSettings = true;
enableNvidiaDocker = true; enableNvidiaDocker = true;
}; };
user = {
name = "admin";
};
}; };
security.tpm2 = { security.tpm2 = {