# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { outputs, config, pkgs, ... }: let user = "admin"; passwordFile = config.sops.secrets."jallen-nas/admin_password".path; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ./filesystems.nix ./boot.nix ./apps.nix ./grafana.nix ./networking.nix ./ups.nix ./samba.nix ./services.nix ./sops.nix ../default.nix ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Cockpit services.cockpit = { enable = false; port = 9090; settings = { WebService = { AllowUnencrypted = true; }; }; }; nix.settings.trusted-users = [ "@wheel" ]; powerManagement.cpuFreqGovernor = "powersave"; share.hardware.nvidia = { enable = true; enableBeta = true; enableOpen = true; nvidiaSettings = true; enableNvidiaDocker = true; }; security.tpm2 = { enable = true; }; # Configure environment environment = { etc.crypttab.text = '' ssd1 UUID=eff4b19c-aba7-41ab-b452-a8c6654d8754 none tpm2-device=auto ssd2 UUID=c8640e19-6cd9-49d0-a355-bac09d17ea0d none tpm2-device=auto hdd1 UUID=8d7dd657-d9b0-47ed-97e1-a9d1eba12b56 none tpm2-device=auto hdd2 UUID=11ee92b0-6334-4be7-bb2d-d85f5a3f51a6 none tpm2-device=auto hdd3 UUID=4463ea6f-3fcf-4e49-80c8-ba7f424471f0 none tpm2-device=auto hdd4 UUID=13fe7737-b72b-4d5f-a79d-1ca0d438f8f0 none tpm2-device=auto hdd5 UUID=2b4be219-613d-4512-8277-0260989d5377 none tpm2-device=auto ''; etc.machine-id.source = ./machine-id; # List packages installed in system profile. To search, run: # $ nix search wget sessionVariables = { CACHIX_AGENT_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJkYmNkZWNjYi04ZTI4LTQwOTAtYWIxOC02MTU5OTYwZTgxMTAiLCJzY29wZXMiOiJjYWNoZSJ9.G-9wCfKc3d8ld_zDJNjTxNWlkS3_yojI-6gaRpUT-i0"; }; systemPackages = with pkgs; [ authentik binutils cryptsetup clinfo cmake coolercontrol.coolercontrol-gui deconz duperemove efibootmgr ffmpeg gcc git glances gparted htop jq lm_sensors nano ninja nixfmt-rfc-style nix-inspect nix-ld networkmanagerapplet nmon nodejs-18_x nut packagekit pass pciutils protonmail-bridge protonvpn-cli python3 qrencode rcon sbctl speedtest-cli tailscale tpm2-tools tpm2-tss usbutils vim vulkan-tools wget ]; }; # Configure programs programs = { fish.enable = false; virt-manager.enable = true; nix-ld.enable = true; screen.enable = true; coolercontrol = { enable = true; nvidiaSupport = true; }; }; # Configure nixpkgs nixpkgs = { overlays = [ outputs.overlays.nixpkgs-unstable outputs.overlays.nixpkgs-stable ]; config = { # Enable non free allowUnfree = true; permittedInsecurePackages = [ # ... "authentik-2024.6.4" # todo: remove these "python3.12-authentik-django-2024.6.4" "authentik-webui-2024.6.4" "authentik-client-api-2024.6.4" "authentik-website-2024.6.4" "authentik-proxy-2024.6.4" "aspnetcore-runtime-6.0.36" "aspnetcore-runtime-wrapped-6.0.36" "dotnet-sdk-6.0.428" "dotnet-sdk-wrapped-6.0.428" ]; }; }; # Define a user account. Don't forget to set a password with ‘passwd’. users = { # See https://search.nixos.org/options?channel=unstable&show=users.mutableUsers&from=0&size=50&sort=relevance&type=packages&query=users.users mutableUsers = false; groups.jallen-nas.gid = 1000; # create nas group cause truenas perms # Admin account users."${user}" = { isNormalUser = true; linger = true; extraGroups = [ "wheel" "networkmanager" "docker" "podman" "libvirtd" "nix-apps" "jallen-nas" "media" "nscd" ]; # Enable ‘sudo’ for the user. hashedPasswordFile = passwordFile; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ # macBook "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local" # desktop windows "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC" # desktop nixos "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos" ]; packages = with pkgs; [ cachix fastfetch git parted aspell aspellDicts.en aspellDicts.en-computers aspellDicts.en-science aha papirus-icon-theme firefox swtpm ]; }; # Nix app account users.nix-apps = { isSystemUser = true; uid = 911; group = "jallen-nas"; extraGroups = [ "jallen-nas" "docker" "podman" ]; # Enable ‘sudo’ for the user. hashedPasswordFile = passwordFile; }; groups.nut.name = "nut"; users.upsuser = { group = "nut"; isNormalUser = false; isSystemUser = true; createHome = true; home = "/var/lib/nut"; homeMode = "750"; hashedPasswordFile = passwordFile; }; users.nextcloud = { isNormalUser = true; extraGroups = [ "jallen-nas" "nix-apps" ]; hashedPasswordFile = passwordFile; }; }; hardware.fancontrol = { enable = false; config = '' # Configuration file generated by pwmconfig, changes will be lost # hwmon6/temp9_input -- chipset temp? # hwmon2/temp1_input -- cpu temp? # hwmon6/pwm5 -- chipset fan? # hwmon6/pwm2, hwmon6/pwm3 -- cpu fans? # hwmon6/pwm4 -- case fans? INTERVAL=10 DEVPATH=hwmon2=devices/pci0000:00/0000:00:18.3 hwmon6=devices/platform/nct6775.656 DEVNAME=hwmon2=k10temp hwmon6=nct6798 FCTEMPS=hwmon6/pwm5=hwmon6/temp9_input hwmon6/pwm2=hwmon2/temp1_input hwmon6/pwm3=hwmon2/temp1_input hwmon6/pwm4=hwmon2/temp1_input FCFANS=hwmon6/pwm5=hwmon6/fan5_input hwmon6/pwm2=hwmon6/fan2_input hwmon6/pwm3=hwmon6/fan3_input hwmon6/pwm4=hwmon6/fan4_input MINTEMP=hwmon6/pwm5=20 hwmon6/pwm2=20 hwmon6/pwm3=20 hwmon6/pwm4=20 MAXTEMP=hwmon6/pwm5=60 hwmon6/pwm2=90 hwmon6/pwm3=90 hwmon6/pwm4=90 MINSTART=hwmon6/pwm5=16 hwmon6/pwm2=90 hwmon6/pwm3=45 hwmon6/pwm4=60 MINSTOP=hwmon6/pwm5=14 hwmon6/pwm2=0 hwmon6/pwm3=30 hwmon6/pwm4=45 MINPWM=hwmon6/pwm5=14 hwmon6/pwm2=0 hwmon6/pwm3=0 hwmon6/pwm4=0 MAXPWM=hwmon6/pwm5=255 hwmon6/pwm2=255 hwmon6/pwm3=255 hwmon6/pwm4=255 ''; }; # Virtualisation virtualisation = { podman = { enable = true; dockerCompat = true; autoPrune.enable = true; defaultNetwork.settings = { dns_enabled = true; }; }; libvirtd.enable = true; # tpm.enable = true; # useSecureBoot = true; }; # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # # Most users should NEVER change this value after the initial install, for any reason, # even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, # so changing it will NOT upgrade your system. # # This value being lower than the current NixOS release does NOT mean your system is # out of date, out of support, or vulnerable. # # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, # and migrated your data accordingly. # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "23.11"; # Did you read the comment? }