193 lines
4.5 KiB
Nix
Executable File
193 lines
4.5 KiB
Nix
Executable File
# Edit this configuration file to define what should be installed on
|
|
# your system. Help is available in the configuration.nix(5) man page, on
|
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
|
|
|
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
namespace,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
# Include the results of the hardware scan.
|
|
./hardware-configuration.nix
|
|
./filesystems.nix
|
|
./boot.nix
|
|
./apps.nix
|
|
./grafana.nix
|
|
./networking.nix
|
|
./ups.nix
|
|
./users.nix
|
|
./samba.nix
|
|
./services.nix
|
|
./sops.nix
|
|
];
|
|
|
|
services.kmscon.enable = true;
|
|
|
|
powerManagement.cpuFreqGovernor = "powersave";
|
|
|
|
${namespace} = {
|
|
bootloader.lanzaboote.enable = true;
|
|
desktop.cosmic.enable = false;
|
|
hardware.nvidia = {
|
|
enable = true;
|
|
enableBeta = true;
|
|
enableOpen = true;
|
|
nvidiaSettings = true;
|
|
enableNvidiaDocker = true;
|
|
};
|
|
network = {
|
|
hostName = "jallen-nas";
|
|
ipv4 = {
|
|
address = "10.0.1.3/24";
|
|
method = "manual";
|
|
};
|
|
};
|
|
user = {
|
|
name = "admin";
|
|
};
|
|
};
|
|
|
|
security.tpm2 = {
|
|
enable = true;
|
|
};
|
|
|
|
# Configure environment
|
|
environment = {
|
|
etc.machine-id.text = ''
|
|
57cdf5fc27f3469f80d0a339f1238aeb
|
|
'';
|
|
|
|
systemPackages = with pkgs; [
|
|
attic-client
|
|
bcachefs-tools
|
|
binutils
|
|
cryptsetup
|
|
clevis
|
|
cmake
|
|
deconz
|
|
duperemove
|
|
efibootmgr
|
|
ffmpeg
|
|
gcc
|
|
glances
|
|
ipset
|
|
jq
|
|
llama-cpp
|
|
ninja
|
|
# inputs.nas-nixai.packages.x86_64-linux.nixai
|
|
networkmanagerapplet
|
|
nmon
|
|
nut
|
|
packagekit
|
|
pass
|
|
protonmail-bridge
|
|
protonvpn-cli
|
|
python3
|
|
python3Packages.llama-cpp-python
|
|
qrencode
|
|
rcon
|
|
sbctl
|
|
speedtest-cli
|
|
tigervnc
|
|
tpm2-tools
|
|
tpm2-tss
|
|
];
|
|
};
|
|
|
|
# Configure programs
|
|
programs = {
|
|
virt-manager.enable = true;
|
|
nix-ld.enable = true;
|
|
screen.enable = true;
|
|
coolercontrol = {
|
|
enable = true;
|
|
nvidiaSupport = true;
|
|
};
|
|
|
|
msmtp = {
|
|
enable = false;
|
|
accounts = {
|
|
default = {
|
|
auth = true;
|
|
tls_starttls = false;
|
|
host = "smtp.gmail.com";
|
|
user = "matt.l.jallen";
|
|
from = "matt.l.jallen@gmail.com";
|
|
passwordeval = "cat ${config.sops.secrets."jallen-nas/gitea/mail-key".path}";
|
|
};
|
|
};
|
|
defaults = {
|
|
port = 465;
|
|
tls = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
hardware.fancontrol = {
|
|
enable = false;
|
|
config = ''
|
|
# Configuration file generated by pwmconfig, changes will be lost
|
|
# hwmon6/temp9_input -- chipset temp?
|
|
# hwmon2/temp1_input -- cpu temp?
|
|
# hwmon6/pwm5 -- chipset fan?
|
|
# hwmon6/pwm2, hwmon6/pwm3 -- cpu fans?
|
|
# hwmon6/pwm4 -- case fans?
|
|
|
|
INTERVAL=10
|
|
DEVPATH=hwmon2=devices/pci0000:00/0000:00:18.3 hwmon6=devices/platform/nct6775.656
|
|
DEVNAME=hwmon2=k10temp hwmon6=nct6798
|
|
FCTEMPS=hwmon6/pwm5=hwmon6/temp9_input hwmon6/pwm2=hwmon2/temp1_input hwmon6/pwm3=hwmon2/temp1_input hwmon6/pwm4=hwmon2/temp1_input
|
|
FCFANS=hwmon6/pwm5=hwmon6/fan5_input hwmon6/pwm2=hwmon6/fan2_input hwmon6/pwm3=hwmon6/fan3_input hwmon6/pwm4=hwmon6/fan4_input
|
|
MINTEMP=hwmon6/pwm5=20 hwmon6/pwm2=20 hwmon6/pwm3=20 hwmon6/pwm4=20
|
|
MAXTEMP=hwmon6/pwm5=60 hwmon6/pwm2=90 hwmon6/pwm3=90 hwmon6/pwm4=90
|
|
MINSTART=hwmon6/pwm5=16 hwmon6/pwm2=90 hwmon6/pwm3=45 hwmon6/pwm4=60
|
|
MINSTOP=hwmon6/pwm5=14 hwmon6/pwm2=0 hwmon6/pwm3=30 hwmon6/pwm4=45
|
|
MINPWM=hwmon6/pwm5=14 hwmon6/pwm2=0 hwmon6/pwm3=0 hwmon6/pwm4=0
|
|
MAXPWM=hwmon6/pwm5=255 hwmon6/pwm2=255 hwmon6/pwm3=255 hwmon6/pwm4=255
|
|
'';
|
|
};
|
|
|
|
# Virtualisation
|
|
virtualisation = {
|
|
podman = {
|
|
enable = true;
|
|
dockerCompat = true;
|
|
autoPrune.enable = true;
|
|
defaultNetwork.settings = {
|
|
dns_enabled = true;
|
|
};
|
|
};
|
|
|
|
libvirtd.enable = true;
|
|
};
|
|
|
|
# Enable nix flakes and nix-command tools
|
|
nix = {
|
|
settings = {
|
|
substituters = [
|
|
"https://nix-community.cachix.org"
|
|
"https://cache.nixos.org/"
|
|
];
|
|
trusted-public-keys = [
|
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
];
|
|
warn-dirty = lib.mkForce false;
|
|
experimental-features = lib.mkForce [
|
|
"nix-command"
|
|
"flakes"
|
|
];
|
|
trusted-users = [ "@wheel" ];
|
|
};
|
|
|
|
# Garbage collect automatically every week
|
|
gc.automatic = lib.mkDefault true;
|
|
gc.options = lib.mkDefault "--delete-older-than 30d";
|
|
|
|
optimise.automatic = lib.mkDefault true;
|
|
};
|
|
}
|