mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
bdfd5e92b7695ff297cfcfe27814709b2efc8b93
nix-config/hosts/nas/configuration.nix
mjallen18 bfe165b6b2 fix nas config
2024-02-28 21:19:50 -06:00

403 lines
11 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
let
user = "admin";
password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
hostname = "jallen-nas";
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../default.nix
];
nas-apps = {
jellyfin.enable = true;
jellyseerr.enable = true;
sabnzbd.enable = true;
radarr.enable = true;
sonarr.enable = true;
collabora.enable = true;
mariadb.enable = true;
nextcloud = {
enable = true;
httpPort = "9980";
httpsPort = "9443";
};
swag.enable = true;
};
nas-samba = {
enable = true;
hostsAllow = "10.0.1.";
enableTimeMachine = true;
timeMachinePath = "/mnt/mainpool/TimeMachine";
shares = {
"3d_printer" = {
public = true;
sharePath = "/mnt/mainpool/3d_printer";
};
Backup = {
public = true;
sharePath = "/mnt/mainpool/Backup";
};
Documents = {
public = true;
sharePath = "/mnt/mainpool/Documents";
};
isos = {
public = true;
sharePath = "/mnt/mainpool/isos";
};
TimeMachine = {
public = true;
sharePath = "/mnt/mainpool/TimeMachine";
enableTimeMachine = true;
timeMachineMaxSize = "1T";
};
};
};
services.grafana = {
enable = true;
settings.server = {
http_port = 2342;
domain = hostname;
serve_from_sub_path = true;
http_addr = "";
};
dataDir = "/mnt/ssd/nix-app-data/grafana";
};
services.prometheus = {
enable = true;
port = 9001;
exporters = {
node = {
enable = true;
enabledCollectors = [ "diskstats" "systemd" ];
port = 9002;
};
smartctl = {
enable = true;
group = "disk";
devices = [ "/dev/sda" "/dev/sdb" "/dev/sdc" "/dev/sdd" "/dev/sde" "/dev/sdf" "/dev/sdg" "/dev/sdh" "/dev/sdi" "/dev/nvme0n1" "/dev/nvme1n1" ];
};
};
scrapeConfigs = [
{
job_name = hostname;
static_configs = [{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
"127.0.0.1:${toString config.services.prometheus.exporters.smartctl.port}"];
}];
}
];
};
share.hardware.nvidia = {
enable = true;
enableBeta = true;
nvidiaSettings = true;
enableNvidiaDocker = true;
};
# Configure bootloader with lanzaboot and secureboot
boot = {
loader = {
systemd-boot = {
enable = true;
configurationLimit = 2;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
# Override kernel to latest
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
kernelParams = [
"nohibernate"
];
consoleLogLevel = 3;
bootspec.enable = true;
supportedFilesystems = [ "zfs" ];
zfs.extraPools = [ "junk" ];
zfs.requestEncryptionCredentials = false;
};
# # Hardware configs
# hardware = {
# # Nvidia
# nvidia = {
# package = config.boot.kernelPackages.nvidiaPackages.beta;
# # Modesetting is required.
# modesetting.enable = true;
# # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# powerManagement.enable = false;
# # Fine-grained power management. Turns off GPU when not in use.
# # Experimental and only works on modern Nvidia GPUs (Turing or newer).
# powerManagement.finegrained = false;
# # Use the NVidia open source kernel module (not to be confused with the
# # independent third-party "nouveau" open source driver).
# # Support is limited to the Turing and later architectures. Full list of
# # supported GPUs is at:
# # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# # Only available from driver 515.43.04+
# # Currently alpha-quality/buggy, so false is currently the recommended setting.
# open = false;
# # Enable the Nvidia settings menu,
# # accessible via `nvidia-settings`.
# nvidiaSettings = true;
# };
# # Enable OpenGL
# opengl = {
# enable = true;
# driSupport = true;
# driSupport32Bit = true;
# };
# };
# Services configs
services = {
# Enable the X11 windowing system.
xserver = {
enable = true;
# # Load nvidia driver for Xorg and Wayland
# videoDrivers = ["nvidia"];
# Enable the Plasma 6 Desktop Environment.
displayManager = {
sddm.enable = true;
defaultSession = "plasmawayland";
};
desktopManager.plasma5.enable = true;
};
# Set to enable Flatpak
flatpak.enable = false;
# Enable RDP
xrdp = {
enable = true;
defaultWindowManager = "startplasma-x11";
openFirewall = true;
};
avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
extraServiceFiles = { # TODO is this needed?
smb = ''
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
'';
};
};
};
systemd.services = {
nas-mounts = {
path = [ pkgs.zfs pkgs.bash ];
script = ''
if test -d /mnt/ssd/ssd_app_data; then
echo "NAS ZFS Pools Mounted."
else
zpool import -f "MainPool"
zpool import -f "SSD"
zfs load-key -L file:///root/main-pool.key "MainPool"
zfs load-key -L file:///root/ssd.key "SSD"
zfs mount -a
echo "NAS ZFS Pools Mounted."
fi
'';
wantedBy = [ "multi-user.target" ];
};
glances-server = {
path = [ pkgs.bash pkgs.glances ];
script = ''
#!/user/bin/env bash
glances -w
'';
wantedBy = [ "multi-user.target" ];
};
};
# Networking configs enp7s0
networking = {
hostName = hostname;
hostId = "4b501480";
# Enable Network Manager
networkmanager.enable = true;
firewall = {
enable = true;
allowPing = true;
extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns''; # TODO is this needed?
allowedTCPPorts = [ 2342 61208 ];
allowedUDPPorts = [ 2342 61208 ];
};
};
# Configure environment
environment = {
# List packages installed in system profile. To search, run:
# $ nix search wget
systemPackages = with pkgs; [
vim
wget
nano
efibootmgr
sbctl
pciutils
vulkan-tools
clinfo
glances
python3
nix-ld
binutils
gcc
nodejs-18_x
];
};
# Configure programs
programs = {
fish.enable = true;
virt-manager.enable = true;
nix-ld.enable = true;
};
# Configure nixpkgs
nixpkgs = {
config = {
# Enable non free
allowUnfree = true;
permittedInsecurePackages = [
# ...
];
};
};
# Define a user account. Don't forget to set a password with passwd.
users = {
# See https://search.nixos.org/options?channel=unstable&show=users.mutableUsers&from=0&size=50&sort=relevance&type=packages&query=users.users
mutableUsers = false;
groups.jallen-nas.gid = 1000; # create nas group cause truenas perms
# Admin account
users."${user}" = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "docker" "podman" "libvirtd" "nas-apps" "jallen-nas" ]; # Enable sudo for the user.
initialHashedPassword = password;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
# macBook
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
# desktop windows
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
# desktop nixos
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
];
packages = with pkgs; [
neofetch
git
parted
aspell
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
aha
papirus-icon-theme
firefox
];
};
# Nix app account
users.nix-apps = {
isSystemUser = true;
uid = 911;
group = "jallen-nas";
extraGroups = [ "jallen-nas" ]; # Enable sudo for the user.
hashedPassword = password;
};
};
# Virtualisation
virtualisation = {
docker = {
enable = true;
# enableNvidia = true;
enableOnBoot = true;
};
libvirtd.enable = true;
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink