234 lines
5.3 KiB
Nix
234 lines
5.3 KiB
Nix
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||
# and may be overwritten by future invocations. Please make changes
|
||
# to /etc/nixos/configuration.nix instead.
|
||
{
|
||
config,
|
||
lib,
|
||
inputs,
|
||
pkgs,
|
||
...
|
||
}:
|
||
let
|
||
sanoidConfig = import ./config/sanoid.nix { };
|
||
disks = import ./config/disks.nix;
|
||
smartdDevices = map (device: { inherit device; }) disks;
|
||
in
|
||
{
|
||
imports = [
|
||
inputs.disko.nixosModules.disko
|
||
(import ../../profiles/disko-nixos.nix {
|
||
disks = [ "/dev/sda|/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E" ];
|
||
})
|
||
inputs.nix-minecraft.nixosModules.minecraft-servers
|
||
];
|
||
|
||
boot = {
|
||
initrd = {
|
||
kernelModules = [ "nfs" ];
|
||
supportedFilesystems = [ "nfs" ];
|
||
};
|
||
|
||
binfmt.emulatedSystems = [ "aarch64-linux" ]; # Enabled for arm compilation
|
||
|
||
kernelModules = [
|
||
"vfio"
|
||
"vfio_iommu_type1"
|
||
"vfio_pci"
|
||
"vfio_virqfd"
|
||
];
|
||
extraModulePackages = [ ];
|
||
kernelParams = [ "zfs.zfs_arc_max=107374182400" ]; # 100GB
|
||
};
|
||
|
||
swapDevices = [ ];
|
||
|
||
hardware = {
|
||
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||
nvidia.open = true;
|
||
graphics.enable = true;
|
||
# opengl.enable = true;
|
||
nvidia-container-toolkit.enable = true;
|
||
};
|
||
|
||
users.users.root.openssh.authorizedKeys.keys = [
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
|
||
];
|
||
|
||
# Network settings
|
||
networking = {
|
||
hostName = "shadowfax";
|
||
hostId = "a885fabe";
|
||
useDHCP = false; # needed for bridge
|
||
networkmanager.enable = true;
|
||
firewall.enable = false;
|
||
interfaces = {
|
||
"enp36s0f0".useDHCP = true;
|
||
"enp36s0f1".useDHCP = false;
|
||
};
|
||
};
|
||
|
||
sops = {
|
||
secrets = { };
|
||
};
|
||
|
||
# Home Manager
|
||
home-manager.users.jahanson = {
|
||
# Git settings
|
||
# TODO: Move to config module.
|
||
programs.git = {
|
||
enable = true;
|
||
userName = "Joseph Hanson";
|
||
userEmail = "joe@veri.dev";
|
||
|
||
extraConfig = {
|
||
core.autocrlf = "input";
|
||
init.defaultBranch = "main";
|
||
pull.rebase = true;
|
||
rebase.autoStash = true;
|
||
};
|
||
};
|
||
};
|
||
|
||
programs = {
|
||
# 1Password cli
|
||
_1password.enable = true;
|
||
|
||
# VSCode Compatibility Settings
|
||
nix-ld.enable = true;
|
||
|
||
# Hyprland
|
||
hyprland = {
|
||
enable = true;
|
||
package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
|
||
portalPackage =
|
||
inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
|
||
withUWSM = true;
|
||
};
|
||
};
|
||
|
||
services = {
|
||
xserver.videoDrivers = [ "nvidia" ];
|
||
|
||
# Prometheus exporters
|
||
prometheus.exporters = {
|
||
# Node Exporter - port 9100
|
||
node.enable = true;
|
||
# ZFS Exporter - port 9134
|
||
zfs.enable = true;
|
||
};
|
||
|
||
# Netdata
|
||
netdata = {
|
||
enable = true;
|
||
};
|
||
# Smart daemon for monitoring disk health.
|
||
smartd = {
|
||
devices = smartdDevices;
|
||
# Short test every day at 2:00 AM and long test every Sunday at 4:00 AM.
|
||
defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
|
||
};
|
||
|
||
# Soft Serve - SSH git server
|
||
soft-serve = {
|
||
enable = true;
|
||
settings = import ./config/soft-serve.nix { };
|
||
};
|
||
|
||
# VSCode Compatibility Settings
|
||
vscode-server.enable = true;
|
||
|
||
};
|
||
|
||
# sops
|
||
sops.secrets = {
|
||
"syncthing/publicCert" = {
|
||
sopsFile = ./secrets.sops.yaml;
|
||
owner = "jahanson";
|
||
mode = "400";
|
||
restartUnits = [ "syncthing.service" ];
|
||
};
|
||
"syncthing/privateKey" = {
|
||
sopsFile = ./secrets.sops.yaml;
|
||
owner = "jahanson";
|
||
mode = "400";
|
||
restartUnits = [ "syncthing.service" ];
|
||
};
|
||
"restic/password" = {
|
||
sopsFile = ./secrets.sops.yaml;
|
||
owner = "jahanson";
|
||
mode = "400";
|
||
# restartUnits = [ "restic-backup.service" ];
|
||
};
|
||
};
|
||
|
||
# System settings and services.
|
||
mySystem = {
|
||
purpose = "Production";
|
||
|
||
# Containers
|
||
containers = {
|
||
jellyfin.enable = true;
|
||
ollama.enable = true;
|
||
plex.enable = true;
|
||
scrypted.enable = true;
|
||
};
|
||
|
||
# System
|
||
system = {
|
||
motd.networkInterfaces = [ "enp36s0f0" ];
|
||
# Incus
|
||
incus = {
|
||
enable = true;
|
||
preseed = import ./config/incus-preseed.nix { };
|
||
};
|
||
|
||
# ZFS
|
||
zfs.enable = true;
|
||
zfs.mountPoolsAtBoot = [
|
||
"nahar"
|
||
"moria"
|
||
"eru"
|
||
];
|
||
|
||
# NFS
|
||
nfs.enable = true;
|
||
|
||
resticBackup = {
|
||
local.enable = false;
|
||
remote.enable = false;
|
||
local.noWarning = true;
|
||
remote.noWarning = true;
|
||
};
|
||
};
|
||
|
||
# Services
|
||
services = {
|
||
podman.enable = true;
|
||
libvirt-qemu.enable = true;
|
||
|
||
# Syncthing
|
||
syncthing = {
|
||
enable = true;
|
||
user = "jahanson";
|
||
publicCertPath = config.sops.secrets."syncthing/publicCert".path;
|
||
privateKeyPath = config.sops.secrets."syncthing/privateKey".path;
|
||
};
|
||
|
||
# Scrutiny
|
||
scrutiny = {
|
||
enable = true;
|
||
devices = disks;
|
||
extraCapabilities = [ "SYS_RAWIO" ];
|
||
containerVolumeLocation = "/nahar/containers/volumes/scrutiny";
|
||
port = 8585;
|
||
};
|
||
|
||
# Sanoid
|
||
sanoid = {
|
||
enable = true;
|
||
inherit (sanoidConfig.outputs) templates datasets;
|
||
};
|
||
};
|
||
};
|
||
}
|