2024-09-03 20:56:49 -05:00
|
|
|
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
|
|
|
# and may be overwritten by future invocations. Please make changes
|
|
|
|
|
# to /etc/nixos/configuration.nix instead.
|
2024-11-23 08:46:26 -06:00
|
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
inputs,
|
|
|
|
|
...
|
|
|
|
|
}:
|
2024-09-03 21:46:29 -05:00
|
|
|
|
let
|
|
|
|
|
sanoidConfig = import ./config/sanoid.nix { };
|
2024-09-07 05:40:58 -05:00
|
|
|
|
disks = import ./config/disks.nix;
|
|
|
|
|
smartdDevices = map (device: { inherit device; }) disks;
|
2024-09-03 21:46:29 -05:00
|
|
|
|
in
|
2024-09-03 20:56:49 -05:00
|
|
|
|
{
|
2024-11-23 08:46:26 -06:00
|
|
|
|
imports = [
|
|
|
|
|
inputs.disko.nixosModules.disko
|
|
|
|
|
(import ../../profiles/disko-nixos.nix {
|
|
|
|
|
disks = [ "/dev/sda|/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E" ];
|
|
|
|
|
})
|
|
|
|
|
inputs.nix-minecraft.nixosModules.minecraft-servers
|
|
|
|
|
];
|
2024-09-03 20:56:49 -05:00
|
|
|
|
|
|
|
|
|
boot = {
|
|
|
|
|
initrd = {
|
|
|
|
|
kernelModules = [ "nfs" ];
|
|
|
|
|
supportedFilesystems = [ "nfs" ];
|
|
|
|
|
};
|
|
|
|
|
|
2024-11-23 08:46:26 -06:00
|
|
|
|
kernelModules = [
|
|
|
|
|
"vfio"
|
|
|
|
|
"vfio_iommu_type1"
|
|
|
|
|
"vfio_pci"
|
|
|
|
|
"vfio_virqfd"
|
|
|
|
|
];
|
2024-09-03 20:56:49 -05:00
|
|
|
|
extraModulePackages = [ ];
|
2024-09-04 22:09:43 -05:00
|
|
|
|
kernelParams = [ "zfs.zfs_arc_max=107374182400" ]; # 100GB
|
2024-09-03 20:56:49 -05:00
|
|
|
|
};
|
|
|
|
|
|
2024-10-21 17:07:48 -05:00
|
|
|
|
swapDevices = [ ];
|
|
|
|
|
|
2024-11-21 17:05:29 -06:00
|
|
|
|
hardware = {
|
|
|
|
|
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
|
|
|
nvidia.open = true;
|
2024-11-21 17:26:28 -06:00
|
|
|
|
# TODO: Swap these once I switch to 24.11
|
|
|
|
|
# graphics.enable = true;
|
|
|
|
|
opengl.enable = true;
|
2024-11-21 17:05:29 -06:00
|
|
|
|
nvidia-container-toolkit.enable = true;
|
|
|
|
|
};
|
2024-10-21 17:07:48 -05:00
|
|
|
|
|
2024-09-03 20:56:49 -05:00
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
|
|
|
|
|
];
|
|
|
|
|
|
2024-10-21 17:07:48 -05:00
|
|
|
|
# Network settings
|
|
|
|
|
networking = {
|
|
|
|
|
hostName = "shadowfax";
|
|
|
|
|
hostId = "a885fabe";
|
|
|
|
|
useDHCP = false; # needed for bridge
|
|
|
|
|
networkmanager.enable = true;
|
|
|
|
|
firewall.enable = false;
|
|
|
|
|
interfaces = {
|
|
|
|
|
"enp36s0f0".useDHCP = true;
|
|
|
|
|
"enp36s0f1".useDHCP = true;
|
2024-09-14 18:43:15 -05:00
|
|
|
|
};
|
2024-10-21 17:07:48 -05:00
|
|
|
|
};
|
2024-09-14 18:43:15 -05:00
|
|
|
|
|
2024-10-21 17:07:48 -05:00
|
|
|
|
sops = {
|
|
|
|
|
secrets = { };
|
2024-09-03 20:56:49 -05:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Home Manager
|
|
|
|
|
home-manager.users.jahanson = {
|
|
|
|
|
# Git settings
|
|
|
|
|
# TODO: Move to config module.
|
|
|
|
|
programs.git = {
|
|
|
|
|
enable = true;
|
|
|
|
|
userName = "Joseph Hanson";
|
|
|
|
|
userEmail = "joe@veri.dev";
|
|
|
|
|
|
|
|
|
|
extraConfig = {
|
|
|
|
|
core.autocrlf = "input";
|
|
|
|
|
init.defaultBranch = "main";
|
|
|
|
|
pull.rebase = true;
|
|
|
|
|
rebase.autoStash = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-10-21 17:07:48 -05:00
|
|
|
|
programs = {
|
|
|
|
|
# 1Password cli
|
|
|
|
|
_1password.enable = true;
|
2024-09-03 20:56:49 -05:00
|
|
|
|
|
2024-10-21 17:07:48 -05:00
|
|
|
|
# VSCode Compatibility Settings
|
|
|
|
|
nix-ld.enable = true;
|
2024-09-03 20:56:49 -05:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services = {
|
2024-11-21 17:05:29 -06:00
|
|
|
|
xserver.videoDrivers = [ "nvidia" ];
|
2024-10-21 17:07:48 -05:00
|
|
|
|
|
2024-11-23 08:46:26 -06:00
|
|
|
|
# # Minecraft
|
|
|
|
|
# minecraft-servers = {
|
|
|
|
|
# # Me cc858467-2744-4c22-8514-86568fefd03b
|
|
|
|
|
# enable = true;
|
|
|
|
|
# eula = true;
|
|
|
|
|
# servers.eregion = {
|
|
|
|
|
# enable = true;
|
|
|
|
|
# package = pkgs.fabricServers.fabric;
|
|
|
|
|
# serverProperties = {
|
|
|
|
|
# motd = "§6§lEregion§r §7- §6§lMinecraft§r";
|
|
|
|
|
# };
|
|
|
|
|
# symlinks = {
|
|
|
|
|
# mods = pkgs.linkFarmFromDrvs "mods" (
|
|
|
|
|
# builtins.attrValues {
|
|
|
|
|
# LanAnnouncer = pkgs.fetchurl {
|
|
|
|
|
# url = "https://cdn.modrinth.com/data/eVUWDaxc/versions/ZKZr8EfM/lanannouncer-1.0.2.jar";
|
|
|
|
|
# sha512 = "f2833b12a2e07390c4969ce95c5c9b759e3ddff0b9610054ff4e731a287789280b2c1b801bd08efe685da0d16daebf0562f15af2c86edd481c62f47ec21699c6";
|
|
|
|
|
# };
|
|
|
|
|
# }
|
|
|
|
|
# );
|
|
|
|
|
# };
|
|
|
|
|
# };
|
|
|
|
|
# };
|
2024-10-21 17:07:48 -05:00
|
|
|
|
|
|
|
|
|
# Smart daemon for monitoring disk health.
|
2024-09-07 06:14:26 -05:00
|
|
|
|
smartd = {
|
|
|
|
|
devices = smartdDevices;
|
2024-09-20 09:13:22 -05:00
|
|
|
|
# Short test every day at 2:00 AM and long test every Sunday at 4:00 AM.
|
|
|
|
|
defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
|
2024-09-03 20:56:49 -05:00
|
|
|
|
};
|
|
|
|
|
|
2024-10-21 17:07:48 -05:00
|
|
|
|
# Soft Serve - SSH git server
|
|
|
|
|
soft-serve = {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings = import ./config/soft-serve.nix { };
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# VSCode Compatibility Settings
|
|
|
|
|
vscode-server = {
|
2024-10-09 15:17:48 -05:00
|
|
|
|
enable = true;
|
|
|
|
|
};
|
2024-10-21 17:07:48 -05:00
|
|
|
|
|
|
|
|
|
# ZFS Exporter
|
|
|
|
|
prometheus.exporters.zfs.enable = true;
|
2024-10-09 15:17:48 -05:00
|
|
|
|
};
|
|
|
|
|
|
2024-11-07 17:01:21 -06:00
|
|
|
|
# sops
|
|
|
|
|
sops.secrets = {
|
|
|
|
|
"syncthing/publicCert" = {
|
|
|
|
|
sopsFile = ./secrets.sops.yaml;
|
2024-11-07 22:21:32 -06:00
|
|
|
|
owner = "jahanson";
|
2024-11-07 17:01:21 -06:00
|
|
|
|
mode = "400";
|
|
|
|
|
restartUnits = [ "syncthing.service" ];
|
|
|
|
|
};
|
|
|
|
|
"syncthing/privateKey" = {
|
|
|
|
|
sopsFile = ./secrets.sops.yaml;
|
2024-11-07 22:21:32 -06:00
|
|
|
|
owner = "jahanson";
|
2024-11-07 17:01:21 -06:00
|
|
|
|
mode = "400";
|
|
|
|
|
restartUnits = [ "syncthing.service" ];
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-09-03 20:56:49 -05:00
|
|
|
|
# System settings and services.
|
|
|
|
|
mySystem = {
|
|
|
|
|
purpose = "Production";
|
2024-11-19 21:11:07 -06:00
|
|
|
|
|
|
|
|
|
# Containers
|
|
|
|
|
containers = {
|
2024-11-23 11:13:42 -06:00
|
|
|
|
jellyfin.enable = true;
|
|
|
|
|
ollama.enable = true;
|
2024-11-21 17:05:29 -06:00
|
|
|
|
plex.enable = true;
|
|
|
|
|
scrypted.enable = true;
|
2024-11-19 21:11:07 -06:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# System
|
2024-09-03 20:56:49 -05:00
|
|
|
|
system = {
|
2024-09-12 12:21:05 -05:00
|
|
|
|
motd.networkInterfaces = [ "enp36s0f0" ];
|
2024-09-03 20:56:49 -05:00
|
|
|
|
# Incus
|
|
|
|
|
incus = {
|
|
|
|
|
enable = true;
|
2024-09-04 16:36:43 -05:00
|
|
|
|
preseed = import ./config/incus-preseed.nix { };
|
2024-09-03 20:56:49 -05:00
|
|
|
|
};
|
2024-09-03 21:46:29 -05:00
|
|
|
|
|
2024-09-03 20:56:49 -05:00
|
|
|
|
# ZFS
|
|
|
|
|
zfs.enable = true;
|
2024-09-12 13:33:08 -05:00
|
|
|
|
zfs.mountPoolsAtBoot = [
|
|
|
|
|
"nahar"
|
|
|
|
|
"moria"
|
|
|
|
|
];
|
2024-09-03 21:46:29 -05:00
|
|
|
|
|
2024-09-03 20:56:49 -05:00
|
|
|
|
# NFS
|
|
|
|
|
nfs.enable = true;
|
2024-09-03 21:46:29 -05:00
|
|
|
|
|
2024-09-03 20:56:49 -05:00
|
|
|
|
resticBackup = {
|
|
|
|
|
local.enable = false;
|
|
|
|
|
remote.enable = false;
|
|
|
|
|
local.noWarning = true;
|
|
|
|
|
remote.noWarning = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-09-03 21:46:29 -05:00
|
|
|
|
|
2024-11-19 21:11:07 -06:00
|
|
|
|
# Services
|
2024-09-03 20:56:49 -05:00
|
|
|
|
services = {
|
|
|
|
|
podman.enable = true;
|
|
|
|
|
libvirt-qemu.enable = true;
|
|
|
|
|
|
2024-11-07 17:01:21 -06:00
|
|
|
|
# Syncthing
|
|
|
|
|
syncthing = {
|
|
|
|
|
enable = true;
|
2024-11-07 22:21:32 -06:00
|
|
|
|
user = "jahanson";
|
2024-11-07 17:01:21 -06:00
|
|
|
|
publicCertPath = config.sops.secrets."syncthing/publicCert".path;
|
|
|
|
|
privateKeyPath = config.sops.secrets."syncthing/privateKey".path;
|
|
|
|
|
};
|
|
|
|
|
|
2024-09-07 05:40:58 -05:00
|
|
|
|
# Scrutiny
|
|
|
|
|
scrutiny = {
|
|
|
|
|
enable = true;
|
|
|
|
|
devices = disks;
|
|
|
|
|
extraCapabilities = [ "SYS_RAWIO" ];
|
|
|
|
|
containerVolumeLocation = "/nahar/containers/volumes/scrutiny";
|
|
|
|
|
port = 8585;
|
|
|
|
|
};
|
|
|
|
|
|
2024-09-03 20:56:49 -05:00
|
|
|
|
# Sanoid
|
|
|
|
|
sanoid = {
|
|
|
|
|
enable = true;
|
|
|
|
|
inherit (sanoidConfig.outputs) templates datasets;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|