264 lines
6.5 KiB
Nix
Executable File
264 lines
6.5 KiB
Nix
Executable File
# Edit this configuration file to define what should be installed on
|
|
# your system. Help is available in the configuration.nix(5) man page, on
|
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
|
|
|
{
|
|
config,
|
|
pkgs,
|
|
namespace,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
./boot.nix
|
|
./apps.nix
|
|
./users.nix
|
|
./services.nix
|
|
./sops.nix
|
|
];
|
|
|
|
services.kmscon.enable = true;
|
|
|
|
powerManagement.cpuFreqGovernor = "powersave";
|
|
|
|
${namespace} = {
|
|
# ###################################################
|
|
# # Boot # #
|
|
# ###################################################
|
|
|
|
bootloader.lanzaboote.enable = true;
|
|
|
|
# ###################################################
|
|
# # Desktop # #
|
|
# ###################################################
|
|
|
|
desktop.cosmic.enable = false;
|
|
|
|
# ###################################################
|
|
# # Development # #
|
|
# ###################################################
|
|
|
|
development = {
|
|
enable = true;
|
|
includeLanguages = [
|
|
"python"
|
|
"c"
|
|
];
|
|
includeContainers = true;
|
|
};
|
|
|
|
# ###################################################
|
|
# # Hardware # #
|
|
# ###################################################
|
|
|
|
hardware = {
|
|
disko = {
|
|
enable = true;
|
|
enableSwap = true;
|
|
};
|
|
|
|
nvidia = {
|
|
enable = true;
|
|
enableBeta = true;
|
|
enableOpen = true;
|
|
nvidiaSettings = true;
|
|
enableNvidiaDocker = true;
|
|
};
|
|
};
|
|
|
|
# ###################################################
|
|
# # Impermanence # #
|
|
# ###################################################
|
|
|
|
impermanence.enable = true;
|
|
|
|
# ###################################################
|
|
# # Monitoring # #
|
|
# ###################################################
|
|
|
|
monitoring.enable = true;
|
|
|
|
# ###################################################
|
|
# # Network # #
|
|
# ###################################################
|
|
|
|
network = {
|
|
hostName = "jallen-nas";
|
|
ipv4 = {
|
|
address = "10.0.1.3/24";
|
|
method = "manual";
|
|
gateway = "10.0.1.1";
|
|
interface = "wlp6s0";
|
|
};
|
|
hostId = "4b501480";
|
|
nat = {
|
|
enable = true;
|
|
internalInterfaces = [ "ve-+" ];
|
|
externalInterface = "wlp6s0";
|
|
enableIPv6 = true;
|
|
};
|
|
firewall = {
|
|
enable = true;
|
|
allowPing = true;
|
|
trustedInterfaces = [ "tailscale0" ];
|
|
allowedTCPPorts = [
|
|
8008 # restic
|
|
9000 # authentik
|
|
2342 # grafana
|
|
51820 # wireguard
|
|
1025
|
|
1143
|
|
10200
|
|
10300
|
|
8127
|
|
9943 # onlyoffice
|
|
4000 # netbootxyz
|
|
4080 # netbootxyz
|
|
3000 # gitea
|
|
2222 # gitea ssh
|
|
3300
|
|
9898
|
|
6754 # lubelogger
|
|
2283 # immich
|
|
4444 # code-server
|
|
9012
|
|
|
|
8192
|
|
];
|
|
allowedUDPPorts = config.${namespace}.network.firewall.allowedTCPPorts;
|
|
};
|
|
};
|
|
|
|
# ###################################################
|
|
# # Power # #
|
|
# ###################################################
|
|
|
|
power.ups.enable = true;
|
|
|
|
# ###################################################
|
|
# # Samba # #
|
|
# ###################################################
|
|
|
|
samba = {
|
|
enable = true;
|
|
hostsAllow = "10.0.1.";
|
|
enableTimeMachine = true;
|
|
timeMachinePath = "/media/nas/main/timemachine";
|
|
|
|
shares = {
|
|
"3d_printer" = {
|
|
public = true;
|
|
sharePath = "/media/nas/main/3d_printer";
|
|
};
|
|
Backup = {
|
|
public = true;
|
|
sharePath = "/media/nas/main/backup";
|
|
};
|
|
Documents = {
|
|
public = true;
|
|
sharePath = "/media/nas/main/documents";
|
|
};
|
|
isos = {
|
|
public = true;
|
|
sharePath = "/media/nas/main/isos";
|
|
};
|
|
TimeMachine = {
|
|
public = false;
|
|
sharePath = "/media/nas/main/timemachine";
|
|
enableTimeMachine = true;
|
|
timeMachineMaxSize = "1T";
|
|
};
|
|
app_data = {
|
|
public = true;
|
|
sharePath = "/media/nas/main/ssd_app_data";
|
|
};
|
|
nix-config = {
|
|
public = true;
|
|
sharePath = "/home/matt/nix-config";
|
|
};
|
|
};
|
|
};
|
|
|
|
# ###################################################
|
|
# # Security # #
|
|
# ###################################################
|
|
|
|
security.tpm.enable = true;
|
|
|
|
# ###################################################
|
|
# # Services # #
|
|
# ###################################################
|
|
|
|
services = {
|
|
grafana.enable = true;
|
|
};
|
|
|
|
# ###################################################
|
|
# # User # #
|
|
# ###################################################
|
|
|
|
user = {
|
|
name = "admin";
|
|
hashedPasswordFile = config.sops.secrets."jallen-nas/admin_password".path;
|
|
linger = true;
|
|
extraGroups = [
|
|
"nix-apps"
|
|
"jallen-nas"
|
|
"grafana"
|
|
"traefik"
|
|
"62900"
|
|
"1001"
|
|
];
|
|
};
|
|
};
|
|
|
|
# ###################################################
|
|
# # Mounts # #
|
|
# ###################################################
|
|
fileSystems."/media/nas/main" = {
|
|
label = "nas_pool";
|
|
# device = "/dev/sde:/dev/sdf:/dev/sdh:/dev/sdi:/dev/sdj:/dev/nmve0n1:/dev/nvme1n1";
|
|
fsType = "bcachefs";
|
|
mountPoint = "/media/nas/main";
|
|
};
|
|
|
|
# Configure environment
|
|
environment = {
|
|
systemPackages = with pkgs; [
|
|
attic-client
|
|
bcachefs-tools
|
|
cryptsetup
|
|
clevis
|
|
deconz
|
|
duperemove
|
|
efibootmgr
|
|
ffmpeg
|
|
ipset
|
|
keyutils
|
|
llama-cpp
|
|
networkmanagerapplet
|
|
nut
|
|
packagekit
|
|
pass
|
|
protonmail-bridge
|
|
protonvpn-cli
|
|
python3Packages.llama-cpp-python
|
|
qrencode
|
|
rcon
|
|
sbctl
|
|
tigervnc
|
|
tpm2-tools
|
|
tpm2-tss
|
|
];
|
|
};
|
|
|
|
# Configure programs
|
|
programs = {
|
|
virt-manager.enable = true;
|
|
coolercontrol = {
|
|
enable = true;
|
|
nvidiaSupport = true;
|
|
};
|
|
};
|
|
}
|