mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
f5e6943e9df95369d91ca831654e9e43eaf80d3c
nix-config/hosts/nas/configuration.nix
mjallen18 f5e6943e9d udpate 24.11
2024-11-18 15:12:29 -06:00

293 lines
8.7 KiB
Nix
Executable File
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
outputs,
config,
pkgs,
...
}:
let
user = "admin";
passwordFile = config.sops.secrets."jallen-nas/admin_password".path;
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./filesystems.nix
./boot.nix
./apps.nix
./networking.nix
./ups.nix
./samba.nix
./services.nix
./sops.nix
../default.nix
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# Cockpit
services.cockpit = {
enable = true;
port = 9090;
settings = {
WebService = {
AllowUnencrypted = true;
};
};
};
nix.settings.trusted-users = [ "@wheel" ];
powerManagement.cpuFreqGovernor = "powersave";
share.hardware.nvidia = {
enable = true;
enableBeta = false;
enableOpen = true;
nvidiaSettings = true;
enableNvidiaDocker = true;
};
security.tpm2 = {
enable = true;
};
# Configure environment
environment = {
etc.crypttab.text = ''
ssd1 UUID=eff4b19c-aba7-41ab-b452-a8c6654d8754 none tpm2-device=auto
ssd2 UUID=c8640e19-6cd9-49d0-a355-bac09d17ea0d none tpm2-device=auto
hdd1 UUID=8d7dd657-d9b0-47ed-97e1-a9d1eba12b56 none tpm2-device=auto
hdd2 UUID=11ee92b0-6334-4be7-bb2d-d85f5a3f51a6 none tpm2-device=auto
hdd3 UUID=4463ea6f-3fcf-4e49-80c8-ba7f424471f0 none tpm2-device=auto
hdd4 UUID=13fe7737-b72b-4d5f-a79d-1ca0d438f8f0 none tpm2-device=auto
hdd5 UUID=2b4be219-613d-4512-8277-0260989d5377 none tpm2-device=auto
'';
etc.machine-id.source = ./machine-id;
# List packages installed in system profile. To search, run:
# $ nix search wget
sessionVariables = {
CACHIX_AGENT_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJkYmNkZWNjYi04ZTI4LTQwOTAtYWIxOC02MTU5OTYwZTgxMTAiLCJzY29wZXMiOiJjYWNoZSJ9.G-9wCfKc3d8ld_zDJNjTxNWlkS3_yojI-6gaRpUT-i0";
};
systemPackages = with pkgs; [
authentik
binutils
cryptsetup
clinfo
cmake
coolercontrol.coolercontrol-gui
deconz
duperemove
efibootmgr
ffmpeg
gcc
glances
gparted
htop
jq
lm_sensors
nano
ninja
nix-inspect
nix-ld
networkmanagerapplet
nmon
nodejs-18_x
nut
packagekit
pass
pciutils
protonmail-bridge
protonvpn-cli
python3
qrencode
rcon
sbctl
speedtest-cli
tailscale
tpm2-tools
tpm2-tss
usbutils
vim
vulkan-tools
wget
];
};
# Configure programs
programs = {
fish.enable = false;
virt-manager.enable = true;
nix-ld.enable = true;
screen.enable = true;
coolercontrol = {
enable = true;
nvidiaSupport = true;
};
};
# Configure nixpkgs
nixpkgs = {
overlays = [ outputs.overlays.nixpkgs-unstable ];
config = {
# Enable non free
allowUnfree = true;
permittedInsecurePackages = [
# ...
];
};
};
# Define a user account. Don't forget to set a password with passwd.
users = {
# See https://search.nixos.org/options?channel=unstable&show=users.mutableUsers&from=0&size=50&sort=relevance&type=packages&query=users.users
mutableUsers = false;
groups.jallen-nas.gid = 1000; # create nas group cause truenas perms
# Admin account
users."${user}" = {
isNormalUser = true;
linger = true;
extraGroups = [
"wheel"
"networkmanager"
"docker"
"podman"
"libvirtd"
"nix-apps"
"jallen-nas"
"media"
"nscd"
]; # Enable sudo for the user.
hashedPasswordFile = passwordFile;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
# macBook
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
# desktop windows
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
# desktop nixos
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
];
packages = with pkgs; [
cachix
fastfetch
git
parted
aspell
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
aha
papirus-icon-theme
firefox
swtpm
];
};
# Nix app account
users.nix-apps = {
isSystemUser = true;
uid = 911;
group = "jallen-nas";
extraGroups = [
"jallen-nas"
"docker"
"podman"
]; # Enable sudo for the user.
hashedPasswordFile = passwordFile;
};
groups.nut.name = "nut";
users.upsuser = {
group = "nut";
isNormalUser = false;
isSystemUser = true;
createHome = true;
home = "/var/lib/nut";
homeMode = "750";
hashedPasswordFile = passwordFile;
};
users.nextcloud = {
isNormalUser = true;
extraGroups = [
"jallen-nas"
"nix-apps"
];
hashedPasswordFile = passwordFile;
};
};
hardware.fancontrol = {
enable = false;
config = ''
# Configuration file generated by pwmconfig, changes will be lost
# hwmon6/temp9_input -- chipset temp?
# hwmon2/temp1_input -- cpu temp?
# hwmon6/pwm5 -- chipset fan?
# hwmon6/pwm2, hwmon6/pwm3 -- cpu fans?
# hwmon6/pwm4 -- case fans?
INTERVAL=10
DEVPATH=hwmon2=devices/pci0000:00/0000:00:18.3 hwmon6=devices/platform/nct6775.656
DEVNAME=hwmon2=k10temp hwmon6=nct6798
FCTEMPS=hwmon6/pwm5=hwmon6/temp9_input hwmon6/pwm2=hwmon2/temp1_input hwmon6/pwm3=hwmon2/temp1_input hwmon6/pwm4=hwmon2/temp1_input
FCFANS=hwmon6/pwm5=hwmon6/fan5_input hwmon6/pwm2=hwmon6/fan2_input hwmon6/pwm3=hwmon6/fan3_input hwmon6/pwm4=hwmon6/fan4_input
MINTEMP=hwmon6/pwm5=20 hwmon6/pwm2=20 hwmon6/pwm3=20 hwmon6/pwm4=20
MAXTEMP=hwmon6/pwm5=60 hwmon6/pwm2=90 hwmon6/pwm3=90 hwmon6/pwm4=90
MINSTART=hwmon6/pwm5=16 hwmon6/pwm2=90 hwmon6/pwm3=45 hwmon6/pwm4=60
MINSTOP=hwmon6/pwm5=14 hwmon6/pwm2=0 hwmon6/pwm3=30 hwmon6/pwm4=45
MINPWM=hwmon6/pwm5=14 hwmon6/pwm2=0 hwmon6/pwm3=0 hwmon6/pwm4=0
MAXPWM=hwmon6/pwm5=255 hwmon6/pwm2=255 hwmon6/pwm3=255 hwmon6/pwm4=255
'';
};
# Virtualisation
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
autoPrune.enable = true;
defaultNetwork.settings = {
dns_enabled = true;
};
};
libvirtd.enable = true;
# tpm.enable = true;
# useSecureBoot = true;
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink