nix-config/hosts/nas/configuration.nix

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{
  config,
  pkgs,
  lib,
  inputs,
  ...
}:
{
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
    ./filesystems.nix
    ./boot.nix
    ./apps.nix
    ./grafana.nix
    ./networking.nix
    ./nixpkgs.nix
    ./ups.nix
    ./users.nix
    ./samba.nix
    ./services.nix
    ./sops.nix
  ];

  powerManagement.cpuFreqGovernor = "powersave";

  share.hardware.nvidia = {
    enable = true;
    enableBeta = true;
    enableOpen = true;
    nvidiaSettings = true;
    enableNvidiaDocker = true;
  };

  security.tpm2 = {
    enable = true;
  };

  # Configure environment
  environment = {
    etc.crypttab.text = ''
      ssd1 UUID=eff4b19c-aba7-41ab-b452-a8c6654d8754 none tpm2-device=auto
      ssd2 UUID=c8640e19-6cd9-49d0-a355-bac09d17ea0d none tpm2-device=auto
      hdd1 UUID=8d7dd657-d9b0-47ed-97e1-a9d1eba12b56 none tpm2-device=auto
      hdd2 UUID=11ee92b0-6334-4be7-bb2d-d85f5a3f51a6 none tpm2-device=auto
      hdd3 UUID=4463ea6f-3fcf-4e49-80c8-ba7f424471f0 none tpm2-device=auto
      hdd4 UUID=13fe7737-b72b-4d5f-a79d-1ca0d438f8f0 none tpm2-device=auto
      hdd5 UUID=2b4be219-613d-4512-8277-0260989d5377 none tpm2-device=auto
    '';

    etc.machine-id.text = ''
      57cdf5fc27f3469f80d0a339f1238aeb
    '';

    systemPackages = with pkgs; [
      attic-client
      binutils
      cryptsetup
      cmake
      deconz
      duperemove
      efibootmgr
      ffmpeg
      gcc
      glances
      ipset
      jq
      llama-cpp
      ninja
      inputs.nas-nixai.packages.x86_64-linux.nixai
      networkmanagerapplet
      nmon
      nut
      packagekit
      pass
      protonmail-bridge
      protonvpn-cli
      python3
      unstable.python3Packages.llama-cpp-python
      qrencode
      rcon
      sbctl
      speedtest-cli
      tigervnc
      tpm2-tools
      tpm2-tss
    ];
  };

  # Configure programs
  programs = {
    virt-manager.enable = true;
    nix-ld.enable = true;
    screen.enable = true;
    coolercontrol = {
      enable = true;
      nvidiaSupport = true;
    };

    msmtp = {
      enable = true;
      accounts = {
        default = {
          auth = true;
          tls_starttls = false;
          host = "smtp.gmail.com";
          user = "matt.l.jallen";
          from = "matt.l.jallen@gmail.com";
          passwordeval = "cat ${config.sops.secrets."jallen-nas/gitea/mail-key".path}";
        };
      };
      defaults = {
        port = 465;
        tls = true;
      };
    };
  };

  hardware.fancontrol = {
    enable = false;
    config = ''
      # Configuration file generated by pwmconfig, changes will be lost
      # hwmon6/temp9_input -- chipset temp?
      # hwmon2/temp1_input -- cpu temp?
      # hwmon6/pwm5 -- chipset fan?
      # hwmon6/pwm2, hwmon6/pwm3 -- cpu fans?
      # hwmon6/pwm4 -- case fans?

      INTERVAL=10
      DEVPATH=hwmon2=devices/pci0000:00/0000:00:18.3 hwmon6=devices/platform/nct6775.656
      DEVNAME=hwmon2=k10temp hwmon6=nct6798
      FCTEMPS=hwmon6/pwm5=hwmon6/temp9_input hwmon6/pwm2=hwmon2/temp1_input hwmon6/pwm3=hwmon2/temp1_input hwmon6/pwm4=hwmon2/temp1_input
      FCFANS=hwmon6/pwm5=hwmon6/fan5_input hwmon6/pwm2=hwmon6/fan2_input hwmon6/pwm3=hwmon6/fan3_input hwmon6/pwm4=hwmon6/fan4_input
      MINTEMP=hwmon6/pwm5=20 hwmon6/pwm2=20 hwmon6/pwm3=20 hwmon6/pwm4=20
      MAXTEMP=hwmon6/pwm5=60 hwmon6/pwm2=90 hwmon6/pwm3=90 hwmon6/pwm4=90
      MINSTART=hwmon6/pwm5=16 hwmon6/pwm2=90 hwmon6/pwm3=45 hwmon6/pwm4=60
      MINSTOP=hwmon6/pwm5=14 hwmon6/pwm2=0 hwmon6/pwm3=30 hwmon6/pwm4=45
      MINPWM=hwmon6/pwm5=14 hwmon6/pwm2=0 hwmon6/pwm3=0 hwmon6/pwm4=0
      MAXPWM=hwmon6/pwm5=255 hwmon6/pwm2=255 hwmon6/pwm3=255 hwmon6/pwm4=255
    '';
  };

  # Virtualisation
  virtualisation = {
    podman = {
      enable = true;
      dockerCompat = true;
      autoPrune.enable = true;
      defaultNetwork.settings = {
        dns_enabled = true;
      };
    };

    libvirtd.enable = true;
  };

  # Enable nix flakes and nix-command tools
  nix = {
    settings = {
      substituters = [
        "https://nix-community.cachix.org"
        "https://cache.nixos.org/"
      ];
      trusted-public-keys = [
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      warn-dirty = lib.mkForce false;
      experimental-features = lib.mkForce [
        "nix-command"
        "flakes"
      ];
      trusted-users = [ "@wheel" ];
    };

    # Garbage collect automatically every week
    gc.automatic = lib.mkDefault true;
    gc.options = lib.mkDefault "--delete-older-than 30d";

    optimise.automatic = lib.mkDefault true;
  };

  # Nixpkgs configuration
  nixpkgs = {
    config = {
      allowUnfree = lib.mkForce true;
      allowUnsupportedSystem = true;
      permittedInsecurePackages = [
        # ...
      ];
    };
  };
  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
    "vscode-extension-github-copilot"
  ];
}