# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { config, pkgs, namespace, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ./filesystems.nix ./boot.nix ./apps.nix ./grafana.nix # ./networking.nix - moved to modules/nixos/network ./ups.nix ./users.nix ./samba.nix ./services.nix ./sops.nix ]; services.kmscon.enable = true; powerManagement.cpuFreqGovernor = "powersave"; ${namespace} = { bootloader.lanzaboote.enable = true; desktop.cosmic.enable = false; development = { enable = true; includeLanguages = [ "python" "c" ]; includeContainers = true; }; monitoring.enable = true; hardware.nvidia = { enable = true; enableBeta = true; enableOpen = true; nvidiaSettings = true; enableNvidiaDocker = true; }; network = { hostName = "jallen-nas"; ipv4 = { address = "10.0.1.3/24"; method = "manual"; gateway = "10.0.1.1"; interface = "wlp6s0"; }; useNetworkd = true; hostId = "4b501480"; nat = { enable = true; internalInterfaces = [ "ve-+" ]; externalInterface = "wlp6s0"; enableIPv6 = true; }; firewall = { enable = true; allowPing = true; allowedTCPPorts = [ 8008 # restic 9000 # authentik 2342 # grafana 51820 # wireguard 1025 1143 10200 10300 8127 9980 # onlyoffice 4000 # netbootxyz 4080 # netbootxyz 3000 # gitea 2222 # gitea ssh 3300 9898 6754 # lubelogger 2283 # immich 4444 # code-server 9012 8192 ]; allowedUDPPorts = [ 8008 # restic 9000 # authentik 2342 # grafana 51820 # wireguard 1025 1143 10200 10300 8127 9980 # onlyoffice 4000 # netbootxyz 4080 # netbootxyz 3000 # gitea 2222 # gitea ssh 3300 9898 6754 # lubelogger 2283 # immich 4444 # code-server 9012 8192 ]; trustedInterfaces = [ "tailscale0" ]; }; }; user = { name = "admin"; linger = true; }; }; security.tpm2 = { enable = true; }; # Configure environment environment = { etc.machine-id.text = '' 57cdf5fc27f3469f80d0a339f1238aeb ''; systemPackages = with pkgs; [ attic-client bcachefs-tools cryptsetup clevis deconz duperemove efibootmgr ffmpeg ipset llama-cpp # inputs.nas-nixai.packages.x86_64-linux.nixai networkmanagerapplet nut packagekit pass protonmail-bridge protonvpn-cli python3Packages.llama-cpp-python qrencode rcon sbctl tigervnc tpm2-tools tpm2-tss ]; }; # Configure programs programs = { virt-manager.enable = true; coolercontrol = { enable = true; nvidiaSupport = true; }; msmtp = { enable = false; accounts = { default = { auth = true; tls_starttls = false; host = "smtp.gmail.com"; user = "matt.l.jallen"; from = "matt.l.jallen@gmail.com"; passwordeval = "cat ${config.sops.secrets."jallen-nas/gitea/mail-key".path}"; }; }; defaults = { port = 465; tls = true; }; }; }; hardware.fancontrol = { enable = false; config = '' # Configuration file generated by pwmconfig, changes will be lost # hwmon6/temp9_input -- chipset temp? # hwmon2/temp1_input -- cpu temp? # hwmon6/pwm5 -- chipset fan? # hwmon6/pwm2, hwmon6/pwm3 -- cpu fans? # hwmon6/pwm4 -- case fans? INTERVAL=10 DEVPATH=hwmon2=devices/pci0000:00/0000:00:18.3 hwmon6=devices/platform/nct6775.656 DEVNAME=hwmon2=k10temp hwmon6=nct6798 FCTEMPS=hwmon6/pwm5=hwmon6/temp9_input hwmon6/pwm2=hwmon2/temp1_input hwmon6/pwm3=hwmon2/temp1_input hwmon6/pwm4=hwmon2/temp1_input FCFANS=hwmon6/pwm5=hwmon6/fan5_input hwmon6/pwm2=hwmon6/fan2_input hwmon6/pwm3=hwmon6/fan3_input hwmon6/pwm4=hwmon6/fan4_input MINTEMP=hwmon6/pwm5=20 hwmon6/pwm2=20 hwmon6/pwm3=20 hwmon6/pwm4=20 MAXTEMP=hwmon6/pwm5=60 hwmon6/pwm2=90 hwmon6/pwm3=90 hwmon6/pwm4=90 MINSTART=hwmon6/pwm5=16 hwmon6/pwm2=90 hwmon6/pwm3=45 hwmon6/pwm4=60 MINSTOP=hwmon6/pwm5=14 hwmon6/pwm2=0 hwmon6/pwm3=30 hwmon6/pwm4=45 MINPWM=hwmon6/pwm5=14 hwmon6/pwm2=0 hwmon6/pwm3=0 hwmon6/pwm4=0 MAXPWM=hwmon6/pwm5=255 hwmon6/pwm2=255 hwmon6/pwm3=255 hwmon6/pwm4=255 ''; }; # Additional virtualization beyond what's in development module virtualisation.libvirtd.enable = true; }