2024-11-23 08:46:26 -06:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
inputs,
|
2024-12-10 14:26:44 -06:00
|
|
|
pkgs,
|
2024-11-23 08:46:26 -06:00
|
|
|
...
|
2025-02-04 11:18:05 -06:00
|
|
|
}: let
|
|
|
|
|
sanoidConfig = import ./config/sanoid.nix {};
|
2024-09-07 05:40:58 -05:00
|
|
|
disks = import ./config/disks.nix;
|
2025-02-04 11:18:05 -06:00
|
|
|
smartdDevices = map (device: {inherit device;}) disks;
|
|
|
|
|
pushoverNotify = pkgs.writeShellApplication {
|
|
|
|
|
name = "pushover-notify";
|
|
|
|
|
|
|
|
|
|
runtimeInputs = with pkgs; [
|
|
|
|
|
curl
|
|
|
|
|
jo
|
|
|
|
|
jq
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
excludeShellChecks = ["SC2154"];
|
|
|
|
|
|
|
|
|
|
text = ''
|
|
|
|
|
${builtins.readFile ./scripts/pushover-notify.sh}
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
refreshSeries = pkgs.writeShellApplication {
|
|
|
|
|
name = "refresh-series";
|
|
|
|
|
|
|
|
|
|
runtimeInputs = with pkgs; [
|
|
|
|
|
curl
|
|
|
|
|
jq
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
excludeShellChecks = ["SC2154"];
|
|
|
|
|
|
|
|
|
|
text = ''
|
|
|
|
|
${builtins.readFile ./scripts/refresh-series.sh}
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
in {
|
2024-11-23 08:46:26 -06:00
|
|
|
imports = [
|
|
|
|
|
inputs.disko.nixosModules.disko
|
|
|
|
|
(import ../../profiles/disko-nixos.nix {
|
2025-02-04 11:18:05 -06:00
|
|
|
disks = ["/dev/sda|/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E"];
|
2024-11-23 08:46:26 -06:00
|
|
|
})
|
|
|
|
|
inputs.nix-minecraft.nixosModules.minecraft-servers
|
|
|
|
|
];
|
2024-09-03 20:56:49 -05:00
|
|
|
|
|
|
|
|
boot = {
|
|
|
|
|
initrd = {
|
2025-02-04 11:18:05 -06:00
|
|
|
kernelModules = ["nfs"];
|
|
|
|
|
supportedFilesystems = ["nfs"];
|
2024-09-03 20:56:49 -05:00
|
|
|
};
|
|
|
|
|
|
2025-02-04 11:18:05 -06:00
|
|
|
binfmt.emulatedSystems = ["aarch64-linux"]; # Enabled for arm compilation
|
2024-12-09 20:43:26 -06:00
|
|
|
|
2024-11-23 08:46:26 -06:00
|
|
|
kernelModules = [
|
|
|
|
|
"vfio"
|
|
|
|
|
"vfio_iommu_type1"
|
|
|
|
|
"vfio_pci"
|
|
|
|
|
"vfio_virqfd"
|
|
|
|
|
];
|
2025-02-04 11:18:05 -06:00
|
|
|
extraModulePackages = [];
|
|
|
|
|
kernelParams = ["zfs.zfs_arc_max=107374182400"]; # 100GB
|
2024-09-03 20:56:49 -05:00
|
|
|
};
|
|
|
|
|
|
2025-02-04 11:18:05 -06:00
|
|
|
swapDevices = [];
|
2024-10-21 17:07:48 -05:00
|
|
|
|
2024-11-21 17:05:29 -06:00
|
|
|
hardware = {
|
|
|
|
|
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
|
|
|
nvidia.open = true;
|
2024-12-03 13:21:04 -06:00
|
|
|
graphics.enable = true;
|
|
|
|
|
# opengl.enable = true;
|
2024-11-21 17:05:29 -06:00
|
|
|
nvidia-container-toolkit.enable = true;
|
|
|
|
|
};
|
2024-10-21 17:07:48 -05:00
|
|
|
|
2025-02-04 11:18:05 -06:00
|
|
|
users.users.root.openssh.authorizedKeys.keys = [];
|
2024-10-21 17:07:48 -05:00
|
|
|
# Network settings
|
|
|
|
|
networking = {
|
|
|
|
|
hostName = "shadowfax";
|
|
|
|
|
hostId = "a885fabe";
|
|
|
|
|
};
|
2024-09-14 18:43:15 -05:00
|
|
|
|
2024-09-03 20:56:49 -05:00
|
|
|
# Home Manager
|
|
|
|
|
home-manager.users.jahanson = {
|
|
|
|
|
# Git settings
|
|
|
|
|
# TODO: Move to config module.
|
|
|
|
|
programs.git = {
|
|
|
|
|
enable = true;
|
|
|
|
|
userName = "Joseph Hanson";
|
|
|
|
|
userEmail = "joe@veri.dev";
|
|
|
|
|
|
|
|
|
|
extraConfig = {
|
|
|
|
|
core.autocrlf = "input";
|
|
|
|
|
init.defaultBranch = "main";
|
|
|
|
|
pull.rebase = true;
|
|
|
|
|
rebase.autoStash = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2025-02-04 11:18:05 -06:00
|
|
|
# System packages
|
2025-01-31 19:20:15 -06:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
libva-utils # to view graphics capabilities
|
|
|
|
|
greetd.tuigreet
|
|
|
|
|
rofi-wayland
|
|
|
|
|
grim
|
|
|
|
|
inxi
|
|
|
|
|
nvtopPackages.full
|
|
|
|
|
pyprland
|
|
|
|
|
swaynotificationcenter
|
|
|
|
|
swww
|
|
|
|
|
wallust
|
|
|
|
|
wl-clipboard
|
|
|
|
|
wlogout
|
|
|
|
|
# fun
|
|
|
|
|
fastfetch
|
2025-02-04 11:18:05 -06:00
|
|
|
# Scripts
|
|
|
|
|
pushoverNotify
|
|
|
|
|
refreshSeries
|
2025-01-31 19:20:15 -06:00
|
|
|
];
|
2025-02-04 11:18:05 -06:00
|
|
|
|
2024-10-21 17:07:48 -05:00
|
|
|
programs = {
|
|
|
|
|
# 1Password cli
|
|
|
|
|
_1password.enable = true;
|
2024-09-03 20:56:49 -05:00
|
|
|
|
2024-12-28 15:11:42 -06:00
|
|
|
# Mosh
|
|
|
|
|
mosh.enable = true;
|
|
|
|
|
|
2024-10-21 17:07:48 -05:00
|
|
|
# VSCode Compatibility Settings
|
|
|
|
|
nix-ld.enable = true;
|
2024-12-10 14:26:44 -06:00
|
|
|
|
|
|
|
|
# Hyprland
|
|
|
|
|
hyprland = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
|
|
|
|
|
portalPackage =
|
|
|
|
|
inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
|
|
|
|
|
withUWSM = true;
|
2025-01-31 19:20:15 -06:00
|
|
|
# xwayland.enable = true;
|
2024-12-10 14:26:44 -06:00
|
|
|
};
|
2025-01-31 19:20:15 -06:00
|
|
|
waybar.enable = true;
|
|
|
|
|
thunar.enable = true;
|
|
|
|
|
thunar.plugins = with pkgs.xfce; [
|
|
|
|
|
exo
|
|
|
|
|
mousepad
|
|
|
|
|
thunar-archive-plugin
|
|
|
|
|
thunar-volman
|
|
|
|
|
tumbler
|
|
|
|
|
];
|
2024-09-03 20:56:49 -05:00
|
|
|
};
|
|
|
|
|
|
2025-01-22 18:38:44 -06:00
|
|
|
# Open ports in the firewall.
|
2024-12-31 09:29:59 -06:00
|
|
|
networking.firewall = {
|
|
|
|
|
allowedTCPPorts = [
|
2025-01-22 18:38:44 -06:00
|
|
|
# Caddy
|
|
|
|
|
80 # http
|
|
|
|
|
443 # https
|
|
|
|
|
2019 # caddy admin api
|
|
|
|
|
# Minio
|
2024-12-31 09:29:59 -06:00
|
|
|
9000 # console web interface
|
|
|
|
|
9001 # api interface
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
2024-09-03 20:56:49 -05:00
|
|
|
services = {
|
2024-12-23 15:39:10 -06:00
|
|
|
# Minio
|
|
|
|
|
minio = {
|
|
|
|
|
enable = true;
|
2025-02-04 11:18:05 -06:00
|
|
|
dataDir = ["/eru/minio"];
|
2024-12-23 15:52:58 -06:00
|
|
|
rootCredentialsFile = config.sops.secrets."minio".path;
|
2024-12-23 15:39:10 -06:00
|
|
|
};
|
|
|
|
|
|
2024-12-16 21:45:52 -06:00
|
|
|
# Netdata
|
|
|
|
|
netdata = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
2024-12-17 22:04:18 -06:00
|
|
|
|
2024-12-27 03:25:38 -06:00
|
|
|
# Prometheus exporters
|
|
|
|
|
prometheus.exporters = {
|
|
|
|
|
# Node Exporter - port 9100
|
|
|
|
|
node.enable = true;
|
|
|
|
|
# ZFS Exporter - port 9134
|
|
|
|
|
zfs.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
2024-10-21 17:07:48 -05:00
|
|
|
# Smart daemon for monitoring disk health.
|
2024-09-07 06:14:26 -05:00
|
|
|
smartd = {
|
|
|
|
|
devices = smartdDevices;
|
2024-09-20 09:13:22 -05:00
|
|
|
# Short test every day at 2:00 AM and long test every Sunday at 4:00 AM.
|
|
|
|
|
defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
|
2024-09-03 20:56:49 -05:00
|
|
|
};
|
|
|
|
|
|
2024-10-21 17:07:48 -05:00
|
|
|
# Soft Serve - SSH git server
|
|
|
|
|
soft-serve = {
|
|
|
|
|
enable = true;
|
2025-02-04 11:18:05 -06:00
|
|
|
settings = import ./config/soft-serve.nix {};
|
2024-10-21 17:07:48 -05:00
|
|
|
};
|
|
|
|
|
|
2025-01-31 19:20:15 -06:00
|
|
|
sunshine = {
|
|
|
|
|
enable = true;
|
|
|
|
|
autoStart = true;
|
|
|
|
|
capSysAdmin = true; # only needed for Wayland
|
|
|
|
|
openFirewall = true;
|
|
|
|
|
package = pkgs.unstable.sunshine;
|
|
|
|
|
};
|
|
|
|
|
|
2025-01-10 01:19:25 -06:00
|
|
|
# Tailscale
|
|
|
|
|
tailscale = {
|
|
|
|
|
enable = true;
|
|
|
|
|
openFirewall = true;
|
|
|
|
|
};
|
|
|
|
|
|
2024-10-21 17:07:48 -05:00
|
|
|
# VSCode Compatibility Settings
|
2024-12-10 14:26:44 -06:00
|
|
|
vscode-server.enable = true;
|
2024-12-27 03:25:38 -06:00
|
|
|
|
2025-02-04 11:18:05 -06:00
|
|
|
xserver.videoDrivers = ["nvidia"];
|
2025-01-31 19:20:15 -06:00
|
|
|
greetd = {
|
|
|
|
|
enable = true;
|
|
|
|
|
vt = 3;
|
|
|
|
|
settings = {
|
|
|
|
|
default_session = {
|
|
|
|
|
user = "jahanson";
|
|
|
|
|
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd Hyprland"; # start Hyprland with a TUI login manager
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-10-09 15:17:48 -05:00
|
|
|
};
|
|
|
|
|
|
2024-11-07 17:01:21 -06:00
|
|
|
# sops
|
2025-02-04 11:18:05 -06:00
|
|
|
sops = import ./config/sops-secrets.nix {};
|
2024-12-10 14:26:44 -06:00
|
|
|
|
2024-09-03 20:56:49 -05:00
|
|
|
# System settings and services.
|
|
|
|
|
mySystem = {
|
2025-01-31 19:20:15 -06:00
|
|
|
# VS Code
|
|
|
|
|
editor.vscode.enable = true;
|
2024-11-19 21:11:07 -06:00
|
|
|
# Containers
|
|
|
|
|
containers = {
|
2024-11-23 11:13:42 -06:00
|
|
|
jellyfin.enable = true;
|
|
|
|
|
ollama.enable = true;
|
2024-11-21 17:05:29 -06:00
|
|
|
plex.enable = true;
|
|
|
|
|
scrypted.enable = true;
|
2024-11-19 21:11:07 -06:00
|
|
|
};
|
2024-12-27 03:25:38 -06:00
|
|
|
purpose = "Production";
|
2024-11-19 21:11:07 -06:00
|
|
|
# Services
|
2024-09-03 20:56:49 -05:00
|
|
|
services = {
|
2024-12-27 03:25:38 -06:00
|
|
|
# Misc
|
2024-09-03 20:56:49 -05:00
|
|
|
libvirt-qemu.enable = true;
|
2024-12-27 03:25:38 -06:00
|
|
|
podman.enable = true;
|
2025-01-31 19:20:15 -06:00
|
|
|
# Prowlarr
|
|
|
|
|
prowlarr = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = pkgs.unstable.prowlarr;
|
|
|
|
|
dataDir = "/nahar/prowlarr";
|
|
|
|
|
port = 9696;
|
2025-02-02 15:49:41 -06:00
|
|
|
openFirewall = true;
|
|
|
|
|
hardening = true;
|
|
|
|
|
apiKeyFile = config.sops.secrets."arr/prowlarr/apiKey".path;
|
|
|
|
|
db = {
|
|
|
|
|
enable = true;
|
|
|
|
|
hostFile = config.sops.secrets."arr/prowlarr/postgres/host".path;
|
|
|
|
|
port = 5432;
|
|
|
|
|
userFile = config.sops.secrets."arr/prowlarr/postgres/user".path;
|
|
|
|
|
passwordFile = config.sops.secrets."arr/prowlarr/postgres/password".path;
|
|
|
|
|
};
|
2025-01-31 19:20:15 -06:00
|
|
|
};
|
2025-02-03 15:07:44 -06:00
|
|
|
# Radarr
|
|
|
|
|
radarr = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = pkgs.unstable.radarr;
|
|
|
|
|
dataDir = "/nahar/radarr";
|
2025-02-04 11:18:05 -06:00
|
|
|
extraEnvVarFile = config.sops.secrets."arr/radarr/extraEnvVars".path;
|
2025-02-03 15:07:44 -06:00
|
|
|
moviesDir = "/moria/media/Movies";
|
|
|
|
|
user = "radarr";
|
|
|
|
|
group = "kah";
|
|
|
|
|
port = 7878;
|
|
|
|
|
openFirewall = true;
|
|
|
|
|
hardening = true;
|
|
|
|
|
apiKeyFile = config.sops.secrets."arr/radarr/apiKey".path;
|
|
|
|
|
db = {
|
|
|
|
|
enable = true;
|
|
|
|
|
hostFile = config.sops.secrets."arr/radarr/postgres/host".path;
|
|
|
|
|
port = 5432;
|
|
|
|
|
userFile = config.sops.secrets."arr/radarr/postgres/user".path;
|
|
|
|
|
passwordFile = config.sops.secrets."arr/radarr/postgres/password".path;
|
|
|
|
|
};
|
|
|
|
|
};
|
2025-02-03 16:13:03 -06:00
|
|
|
# Sonarr
|
|
|
|
|
sonarr = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = pkgs.unstable.sonarr;
|
|
|
|
|
dataDir = "/nahar/sonarr";
|
2025-02-04 11:18:05 -06:00
|
|
|
extraEnvVarFile = config.sops.secrets."arr/sonarr/extraEnvVars".path;
|
2025-02-03 16:13:03 -06:00
|
|
|
tvDir = "/moria/media/TV";
|
|
|
|
|
user = "sonarr";
|
|
|
|
|
group = "kah";
|
|
|
|
|
port = 8989;
|
|
|
|
|
openFirewall = true;
|
2025-02-04 11:18:05 -06:00
|
|
|
hardening = false;
|
2025-02-03 16:13:03 -06:00
|
|
|
apiKeyFile = config.sops.secrets."arr/sonarr/apiKey".path;
|
|
|
|
|
db = {
|
|
|
|
|
enable = true;
|
|
|
|
|
hostFile = config.sops.secrets."arr/sonarr/postgres/host".path;
|
|
|
|
|
port = 5432;
|
|
|
|
|
userFile = config.sops.secrets."arr/sonarr/postgres/user".path;
|
|
|
|
|
passwordFile = config.sops.secrets."arr/sonarr/postgres/password".path;
|
|
|
|
|
};
|
|
|
|
|
};
|
2025-01-24 17:41:49 -06:00
|
|
|
# Sabnzbd
|
|
|
|
|
sabnzbd = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = pkgs.unstable.sabnzbd;
|
|
|
|
|
configFile = "/nahar/sabnzbd/sabnzbd.ini";
|
|
|
|
|
port = 8457;
|
2025-02-04 11:18:05 -06:00
|
|
|
user = "sabnzbd";
|
|
|
|
|
group = "kah";
|
2025-01-24 17:41:49 -06:00
|
|
|
# Security hardening.
|
|
|
|
|
dataDir = "/nahar/sabnzbd";
|
|
|
|
|
downloadsDir = "/eru/media/sabnzbd";
|
|
|
|
|
hardening = true;
|
|
|
|
|
openFirewall = true;
|
|
|
|
|
};
|
2025-02-04 11:18:05 -06:00
|
|
|
unpackerr = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = pkgs.unstable.unpackerr;
|
|
|
|
|
configFile = "/tmp/unpackerr/config.yaml";
|
|
|
|
|
extraEnvVarsFile = config.sops.secrets."arr/unpackerr/extraEnvVars".path;
|
|
|
|
|
user = "unpackerr";
|
|
|
|
|
group = "kah";
|
|
|
|
|
};
|
2024-12-27 03:25:38 -06:00
|
|
|
# Sanoid
|
|
|
|
|
sanoid = {
|
2024-11-07 17:01:21 -06:00
|
|
|
enable = true;
|
2024-12-27 03:25:38 -06:00
|
|
|
inherit (sanoidConfig.outputs) templates datasets;
|
2024-11-07 17:01:21 -06:00
|
|
|
};
|
2024-09-07 05:40:58 -05:00
|
|
|
# Scrutiny
|
|
|
|
|
scrutiny = {
|
|
|
|
|
enable = true;
|
|
|
|
|
devices = disks;
|
2024-12-27 21:30:25 -06:00
|
|
|
extraCapabilities = [
|
|
|
|
|
"SYS_RAWIO"
|
|
|
|
|
"SYS_ADMIN"
|
|
|
|
|
];
|
2024-09-07 05:40:58 -05:00
|
|
|
containerVolumeLocation = "/nahar/containers/volumes/scrutiny";
|
|
|
|
|
port = 8585;
|
|
|
|
|
};
|
2024-12-27 03:25:38 -06:00
|
|
|
# Syncthing
|
|
|
|
|
syncthing = {
|
|
|
|
|
enable = false;
|
|
|
|
|
user = "jahanson";
|
|
|
|
|
publicCertPath = config.sops.secrets."syncthing/publicCert".path;
|
|
|
|
|
privateKeyPath = config.sops.secrets."syncthing/privateKey".path;
|
|
|
|
|
};
|
2025-01-24 10:29:19 -06:00
|
|
|
# qBittorrent
|
|
|
|
|
qbittorrent = {
|
|
|
|
|
enable = true;
|
2025-02-04 11:18:05 -06:00
|
|
|
package = pkgs.unstable.qbittorrent.override {guiSupport = false;};
|
|
|
|
|
user = "qbittorrent";
|
|
|
|
|
group = "kah";
|
2025-01-24 10:29:19 -06:00
|
|
|
dataDir = "/nahar/qbittorrent";
|
2025-01-24 17:41:49 -06:00
|
|
|
downloadsDir = "/eru/media/qb/downloads";
|
2025-01-24 10:29:19 -06:00
|
|
|
webuiPort = 8456;
|
|
|
|
|
openFirewall = true;
|
|
|
|
|
hardening = true;
|
|
|
|
|
qbittorrentPort = 50413;
|
|
|
|
|
};
|
2024-12-27 03:25:38 -06:00
|
|
|
# ZFS nightly snapshot of container volumes
|
|
|
|
|
zfs-nightly-snap = {
|
2024-09-03 20:56:49 -05:00
|
|
|
enable = true;
|
2024-12-27 03:25:38 -06:00
|
|
|
mountPath = "/mnt/restic_nightly_backup";
|
|
|
|
|
zfsDataset = "nahar/containers/volumes";
|
|
|
|
|
snapshotName = "restic_nightly_snap";
|
2025-01-06 06:24:06 -06:00
|
|
|
startAt = "*-*-* 06:30:00 America/Chicago";
|
2024-12-27 03:25:38 -06:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
# System
|
|
|
|
|
system = {
|
|
|
|
|
incus = {
|
|
|
|
|
enable = true;
|
2025-02-04 11:18:05 -06:00
|
|
|
preseed = import ./config/incus-preseed.nix {};
|
2024-09-03 20:56:49 -05:00
|
|
|
};
|
2025-02-04 11:18:05 -06:00
|
|
|
motd.networkInterfaces = ["bond0"];
|
2024-12-27 03:25:38 -06:00
|
|
|
nfs.enable = true;
|
|
|
|
|
zfs.enable = true;
|
|
|
|
|
zfs.mountPoolsAtBoot = [
|
|
|
|
|
"eru"
|
|
|
|
|
"moria"
|
|
|
|
|
"nahar"
|
|
|
|
|
];
|
2024-09-03 20:56:49 -05:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
