cdombroski/nix-configs
1
0
Fork 0
Code Activity Actions

Reformat

Browse source
This commit is contained in:
Chris Dombroski 2024-05-11 12:51:25 -04:00
parent 0c88fb118b
commit 8ce6f14447
8 changed files with 226 additions and 206 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -95,6 +95,7 @@
buildInputs = [ pkgs.deploy-rs pkgs.sops ]; buildInputs = [ pkgs.deploy-rs pkgs.sops ];
}; };
checks = deployLib.deployChecks self.deploy; checks = deployLib.deployChecks self.deploy;
formatter = pkgs.nixfmt;
} }
); );
} }

42
systems/orangepihole/configuration.nix
View file

@ -1,12 +1,11 @@
{ config, lib, pkgs, sops, ... }: { config, lib, pkgs, sops, ... }:
{ {
imports = imports = [ # Include the results of the hardware scan.
[ # Include the results of the hardware scan. ./hardware-configuration.nix
./hardware-configuration.nix ../../modules/common.nix
../../modules/common.nix ../../modules/networkd-base.nix
../../modules/networkd-base.nix ];
];
boot.loader.grub.enable = false; boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true; boot.loader.generic-extlinux-compatible.enable = true;
@ -34,11 +33,14 @@
networkConfig.IPv6SendRA = true; networkConfig.IPv6SendRA = true;
ipv6SendRAConfig.RouterLifetimeSec = 0; ipv6SendRAConfig.RouterLifetimeSec = 0;
ipv6SendRAConfig.EmitDNS = false; ipv6SendRAConfig.EmitDNS = false;
ipv6Prefixes = [ { ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; } ]; ipv6Prefixes = [{ ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; }];
}; };
sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
zramSwap.enable = true; zramSwap.enable = true;
swapDevices = [ {device="/persist/swapfile"; size=1024;}]; swapDevices = [{
device = "/persist/swapfile";
size = 1024;
}];
services.unbound = { services.unbound = {
enable = true; enable = true;
settings = { settings = {
@ -50,25 +52,24 @@
include = [ "/etc/unbound/ads.conf" "${./unbound-local.conf}" ]; include = [ "/etc/unbound/ads.conf" "${./unbound-local.conf}" ];
}; };
}; };
systemd = { systemd = {
services.adblock = { services.adblock = {
startAt = "daily"; startAt = "daily";
postStop = "systemctl try-reload-or-restart unbound"; postStop = "systemctl try-reload-or-restart unbound";
path = with pkgs; [ gawk wget ]; path = with pkgs; [ gawk wget ];
script = '' script = ''
wget -nv -O - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/tif.blacklist.conf > /etc/unbound/new.conf wget -nv -O - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/tif.blacklist.conf > /etc/unbound/new.conf
echo 'local-zone: "iogames.space." always_nxdomain' >> /etc/unbound/new.conf echo 'local-zone: "iogames.space." always_nxdomain' >> /etc/unbound/new.conf
echo 'local-zone: "taming.io." always_nxdomain' >> /etc/unbound/new.conf echo 'local-zone: "taming.io." always_nxdomain' >> /etc/unbound/new.conf
awk '!seen[$0]++' /etc/unbound/new.conf > /etc/unbound/ads.conf awk '!seen[$0]++' /etc/unbound/new.conf > /etc/unbound/ads.conf
rm /etc/unbound/new.conf rm /etc/unbound/new.conf
''; '';
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
before = [ "unbound.service" ]; before = [ "unbound.service" ];
}; };
}; };
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
@ -76,12 +77,7 @@
]; ];
persistence."/persist" = { persistence."/persist" = {
hideMounts = true; hideMounts = true;
directories = [ directories = [ "/var/lib/nixos" "/var/log" "/var/lib/systemd" "/tmp" ];
"/var/lib/nixos"
"/var/log"
"/var/lib/systemd"
"/tmp"
];
files = [ files = [
"/etc/machine-id" "/etc/machine-id"
"/etc/adjtime" "/etc/adjtime"
@ -99,8 +95,8 @@
}; };
system.stateVersion = "23.11"; # Did you read the comment? system.stateVersion = "23.11"; # Did you read the comment?
sops.secrets."nixremote/sshkey" = {}; sops.secrets."nixremote/sshkey" = { };
nix.buildMachines = [ { nix.buildMachines = [{
hostName = "zeus"; hostName = "zeus";
systems = [ "x86_64-linux" "aarch64-linux" ]; systems = [ "x86_64-linux" "aarch64-linux" ];
protocol = "ssh-ng"; protocol = "ssh-ng";

46
systems/orangepihole/hardware-configuration.nix
View file

@ -1,31 +1,29 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
[ (modulesPath + "/installer/scan/not-detected.nix")
];
fileSystems."/" = { fileSystems."/" = {
device = "none"; device = "none";
fsType = "tmpfs"; fsType = "tmpfs";
options = [ "defaults" "mode=755" ]; options = [ "defaults" "mode=755" ];
}; };
fileSystems."/persist" = fileSystems."/persist" = {
{ device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b"; device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b";
fsType = "btrfs"; fsType = "btrfs";
neededForBoot = true; neededForBoot = true;
options = [ "compress=lzo" "autodefrag" "defaults" "subvol=@nixos/root" ]; options = [ "compress=lzo" "autodefrag" "defaults" "subvol=@nixos/root" ];
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/a4d76da9-b8eb-4615-9d64-a36e1383da80"; device = "/dev/disk/by-uuid/a4d76da9-b8eb-4615-9d64-a36e1383da80";
fsType = "ext4"; fsType = "ext4";
options = [ "defaults" ]; options = [ "defaults" ];
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b"; device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=lzo" "autodefrag" "defaults" "subvol=@nixos/nix" ]; options = [ "compress=lzo" "autodefrag" "defaults" "subvol=@nixos/nix" ];
}; };
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;

63
systems/smolboi/configuration.nix
View file

@ -1,8 +1,7 @@
{ config, lib, pkgs, sops, ... }: { config, lib, pkgs, sops, ... }:
{ {
imports = imports = [ # Include the results of the hardware scan.
[ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/common.nix ../../modules/common.nix
../../modules/aarch64-emu.nix ../../modules/aarch64-emu.nix
@ -20,8 +19,8 @@
interpreter = "${pkgs.appimage-run}/bin/appimage-run"; interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic"; recognitionType = "magic";
offset = 0; offset = 0;
mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff''; mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
magicOrExtension = ''\x7fELF....AI\x02''; magicOrExtension = "\\x7fELF....AI\\x02";
}; };
tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
}; };
@ -34,35 +33,33 @@
networking = { networking = {
hostName = "smolboi"; # Define your hostname. hostName = "smolboi"; # Define your hostname.
networkmanager.enable = true; # Easiest to use and most distros use this by default. networkmanager.enable =
true; # Easiest to use and most distros use this by default.
firewall.allowedTCPPorts = [ 22000 ]; firewall.allowedTCPPorts = [ 22000 ];
}; };
nixpkgs.config = { nixpkgs.config = {
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = [ permittedInsecurePackages = [ "electron-25.9.0" "nix-2.16.2" ];
"electron-25.9.0"
"nix-2.16.2"
];
packageOverrides = pkgs: { packageOverrides = pkgs: {
steam = pkgs.steam.override { steam = pkgs.steam.override {
extraPkgs = pkgs: with pkgs; [ extraPkgs = pkgs:
xorg.libXcursor with pkgs; [
xorg.libXi xorg.libXcursor
xorg.libXinerama xorg.libXi
xorg.libXScrnSaver xorg.libXinerama
libpng xorg.libXScrnSaver
libpulseaudio libpng
libvorbis libpulseaudio
stdenv.cc.cc.lib libvorbis
libkrb5 stdenv.cc.cc.lib
keyutils libkrb5
winetricks keyutils
]; winetricks
];
}; };
}; };
}; };
services = { services = {
xserver = { xserver = {
enable = true; enable = true;
@ -164,7 +161,10 @@
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
gamescopeSession.enable = true; gamescopeSession.enable = true;
}; };
firefox.nativeMessagingHosts.packages = with pkgs; [keepassxc libsForQt5.plasma-browser-integration ]; firefox.nativeMessagingHosts.packages = with pkgs; [
keepassxc
libsForQt5.plasma-browser-integration
];
gamemode = { gamemode = {
enable = true; enable = true;
settings = { settings = {
@ -184,14 +184,19 @@
}; };
zramSwap = { zramSwap = {
enable = true; enable = true;
writebackDevice = "/dev/disk/by-partuuid/e8f5eaf8-46ca-40de-854a-f6dfe964b92d"; writebackDevice =
"/dev/disk/by-partuuid/e8f5eaf8-46ca-40de-854a-f6dfe964b92d";
}; };
fileSystems = { fileSystems = {
"/persist".options = [ "compress=lzo" "autodefrag" "discard=async" "defaults" ]; "/persist".options =
"/nix".options = [ "compress=lzo" "autodefrag" "discard=async" "noatime" "defaults" ]; [ "compress=lzo" "autodefrag" "discard=async" "defaults" ];
"/steam-library".options = [ "compress=lzo" "autodefrag" "discard=async" "defaults" ]; "/nix".options =
"/home".options = [ "compress=lzo" "autodefrag" "discard=async" "defaults" ]; [ "compress=lzo" "autodefrag" "discard=async" "noatime" "defaults" ];
"/steam-library".options =
[ "compress=lzo" "autodefrag" "discard=async" "defaults" ];
"/home".options =
[ "compress=lzo" "autodefrag" "discard=async" "defaults" ];
}; };
system.stateVersion = "23.11"; # Did you read the comment? system.stateVersion = "23.11"; # Did you read the comment?

62
systems/smolboi/hardware-configuration.nix
View file

@ -4,11 +4,10 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@ -18,36 +17,36 @@
fsType = "tmpfs"; fsType = "tmpfs";
options = [ "defaults" "size=2g" "mode=755" ]; options = [ "defaults" "size=2g" "mode=755" ];
}; };
fileSystems."/persist" =
{ device = "/dev/disk/by-uuid/d0eb1b09-7fba-49e3-b802-d6fdd9073516";
neededForBoot = true;
fsType = "btrfs";
options = [ "subvol=@nixos/root" ];
};
fileSystems."/steam-library" = fileSystems."/persist" = {
{ device = "/dev/disk/by-uuid/d0eb1b09-7fba-49e3-b802-d6fdd9073516"; device = "/dev/disk/by-uuid/d0eb1b09-7fba-49e3-b802-d6fdd9073516";
fsType = "btrfs"; neededForBoot = true;
options = [ "subvol=@steam-library" ]; fsType = "btrfs";
}; options = [ "subvol=@nixos/root" ];
};
fileSystems."/boot" = fileSystems."/steam-library" = {
{ device = "/dev/disk/by-uuid/1ADE-808D"; device = "/dev/disk/by-uuid/d0eb1b09-7fba-49e3-b802-d6fdd9073516";
fsType = "vfat"; fsType = "btrfs";
}; options = [ "subvol=@steam-library" ];
};
fileSystems."/home" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/8597952f-be42-4361-9be1-2c4af6ede9b8"; device = "/dev/disk/by-uuid/1ADE-808D";
fsType = "btrfs"; fsType = "vfat";
options = [ "subvol=@home" ]; };
};
fileSystems."/nix" = fileSystems."/home" = {
{ device = "/dev/disk/by-uuid/d0eb1b09-7fba-49e3-b802-d6fdd9073516"; device = "/dev/disk/by-uuid/8597952f-be42-4361-9be1-2c4af6ede9b8";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@nixos/nix" ]; options = [ "subvol=@home" ];
}; };
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/d0eb1b09-7fba-49e3-b802-d6fdd9073516";
fsType = "btrfs";
options = [ "subvol=@nixos/nix" ];
};
swapDevices = [ ]; swapDevices = [ ];
@ -60,5 +59,6 @@
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

25
systems/smolboi/home.nix
View file

@ -56,7 +56,6 @@
]; ];
}) })
# # Adds the 'hello' command to your environment. It prints a friendly # # Adds the 'hello' command to your environment. It prints a friendly
# # "Hello, world!" when run. # # "Hello, world!" when run.
# pkgs.hello # pkgs.hello
@ -76,14 +75,11 @@
]; ];
nixpkgs.config = { nixpkgs.config = {
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "discord" ];
"discord" permittedInsecurePackages = [ "electron-25.9.0" ];
];
permittedInsecurePackages = [
"electron-25.9.0"
];
}; };
xdg.configFile."autostart/yakuake.desktop".source = "${pkgs.yakuake.outPath}/share/applications/org.kde.yakuake.desktop"; xdg.configFile."autostart/yakuake.desktop".source =
"${pkgs.yakuake.outPath}/share/applications/org.kde.yakuake.desktop";
# Home Manager is pretty good at managing dotfiles. The primary way to manage # Home Manager is pretty good at managing dotfiles. The primary way to manage
# plain files is through 'home.file'. # plain files is through 'home.file'.
@ -134,7 +130,18 @@
vim = { vim = {
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;
plugins = with pkgs.vimPlugins; [ vim-sensible vim-fugitive vim-eunuch vim-endwise vim-lsp vim-lsp-settings nerdtree nerdtree-git-plugin vim-devicons editorconfig-vim ]; plugins = with pkgs.vimPlugins; [
vim-sensible
vim-fugitive
vim-eunuch
vim-endwise
vim-lsp
vim-lsp-settings
nerdtree
nerdtree-git-plugin
vim-devicons
editorconfig-vim
];
}; };
vscode = { vscode = {
enable = true; enable = true;

127
systems/zeus/configuration.nix
View file

@ -1,19 +1,19 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = imports = [ # Include the results of the hardware scan.
[ # Include the results of the hardware scan. ./hardware-configuration.nix
./hardware-configuration.nix ../../modules/common.nix
../../modules/common.nix ../../modules/aarch64-emu.nix
../../modules/aarch64-emu.nix ../../modules/networkd-base.nix
../../modules/networkd-base.nix ../../modules/smartd.nix
../../modules/smartd.nix ];
];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.zfsSupport = true; boot.loader.grub.zfsSupport = true;
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" "/dev/sdc" "/dev/sdd" "/dev/sde" "/dev/sdf" ]; boot.loader.grub.devices =
[ "/dev/sda" "/dev/sdb" "/dev/sdc" "/dev/sdd" "/dev/sde" "/dev/sdf" ];
networking.hostName = "zeus"; # Define your hostname. networking.hostName = "zeus"; # Define your hostname.
networking.hostId = "9e95b576"; networking.hostId = "9e95b576";
@ -23,9 +23,7 @@
Name = "bond0"; Name = "bond0";
Kind = "bond"; Kind = "bond";
}; };
bondConfig = { bondConfig = { Mode = "active-backup"; };
Mode = "active-backup";
};
}; };
lan-shim = { lan-shim = {
netdevConfig = { netdevConfig = {
@ -33,9 +31,7 @@
Kind = "macvlan"; Kind = "macvlan";
MACAddress = "3e:53:37:25:08:ef"; MACAddress = "3e:53:37:25:08:ef";
}; };
macvlanConfig = { macvlanConfig = { Mode = "bridge"; };
Mode = "bridge";
};
}; };
}; };
systemd.network.networks = { systemd.network.networks = {
@ -49,14 +45,14 @@
}; };
lan-shim = { lan-shim = {
name = "lan-shim"; name = "lan-shim";
address = [ "10.42.69.100/24" "fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64" ]; address =
[ "10.42.69.100/24" "fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64" ];
dns = [ "10.42.69.2" ]; dns = [ "10.42.69.2" ];
domains = [ "icanttype.org" ]; domains = [ "icanttype.org" ];
gateway = [ "10.42.69.1" ]; gateway = [ "10.42.69.1" ];
}; };
}; };
virtualisation = { virtualisation = {
containers.enable = true; containers.enable = true;
podman = { podman = {
@ -69,37 +65,44 @@
image = "ghcr.io/tecnativa/docker-socket-proxy:latest"; image = "ghcr.io/tecnativa/docker-socket-proxy:latest";
volumes = [ "/var/run/podman/podman.sock:/var/run/docker.sock:ro" ]; volumes = [ "/var/run/podman/podman.sock:/var/run/docker.sock:ro" ];
environment = { environment = {
CONTAINERS="1"; CONTAINERS = "1";
POST="0"; POST = "0";
}; };
extraOptions = [ "--pull=newer" "--network=www"]; extraOptions = [ "--pull=newer" "--network=www" ];
}; };
swag = { swag = {
image = "lscr.io/linuxserver/swag:2.9.0-ls292"; image = "lscr.io/linuxserver/swag:2.9.0-ls292";
volumes = [ "swag-config:/config" ]; volumes = [ "swag-config:/config" ];
environment = { environment = {
TZ="America/New_York"; TZ = "America/New_York";
URL="icanttype.org"; URL = "icanttype.org";
VALIDATION="dns"; VALIDATION = "dns";
SUBDOMAINS="wildcard"; SUBDOMAINS = "wildcard";
DNSPLUGIN="cloudflare"; DNSPLUGIN = "cloudflare";
DOCKER_HOST="dockerproxy"; DOCKER_HOST = "dockerproxy";
DOCKER_MODS="linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-proxy|linuxserver/mods:universal-docker|linuxserver/mods:universal-cloudflared"; DOCKER_MODS =
CF_ZONE_ID="4e68852334290a922718696a0986e75a"; "linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-proxy|linuxserver/mods:universal-docker|linuxserver/mods:universal-cloudflared";
CF_ACCOUNT_ID="5c1c252b9d9a9af6ea3a5de8590f36fa"; CF_ZONE_ID = "4e68852334290a922718696a0986e75a";
CF_API_TOKEN="mRfY8ubtFUxzVuehI6WFipSQFIcstCNds7RF5FTQ"; CF_ACCOUNT_ID = "5c1c252b9d9a9af6ea3a5de8590f36fa";
CF_TUNNEL_NAME="icanttype.org"; CF_API_TOKEN = "mRfY8ubtFUxzVuehI6WFipSQFIcstCNds7RF5FTQ";
CF_TUNNEL_PASSWORD="iZh4UYxVSo3S2H3XwwboM2z@mJEqYJkQ5yMTfd5p"; CF_TUNNEL_NAME = "icanttype.org";
FILE__CF_TUNNEL_CONFIG="/config/tunnelconfig.yml"; CF_TUNNEL_PASSWORD = "iZh4UYxVSo3S2H3XwwboM2z@mJEqYJkQ5yMTfd5p";
EMAIL="cdombroski@gmail.com"; FILE__CF_TUNNEL_CONFIG = "/config/tunnelconfig.yml";
EMAIL = "cdombroski@gmail.com";
}; };
ports = [ "80:80" "443:443" ]; ports = [ "80:80" "443:443" ];
extraOptions = [ "--pull=newer" "--network=www" "--cap-add" "NET_ADMIN" "--network-alias=icanttype.org" ]; extraOptions = [
"--pull=newer"
"--network=www"
"--cap-add"
"NET_ADMIN"
"--network-alias=icanttype.org"
];
}; };
jellyfin = { jellyfin = {
image = "lscr.io/linuxserver/jellyfin:latest"; image = "lscr.io/linuxserver/jellyfin:latest";
volumes = [ "jellyfin-config:/config" "/video-data/media:/data/media" ]; volumes = [ "jellyfin-config:/config" "/video-data/media:/data/media" ];
environment.TZ="America/New_York"; environment.TZ = "America/New_York";
labels.swag = "enable"; labels.swag = "enable";
ports = [ "1900:1900/udp" "7359:7359/udp" ]; ports = [ "1900:1900/udp" "7359:7359/udp" ];
extraOptions = [ "--pull=newer" "--network=www" ]; extraOptions = [ "--pull=newer" "--network=www" ];
@ -108,8 +111,12 @@
image = "docker.io/zwavejs/zwave-js-ui:latest"; image = "docker.io/zwavejs/zwave-js-ui:latest";
volumes = [ "zwave-config:/usr/src/app/store" ]; volumes = [ "zwave-config:/usr/src/app/store" ];
environment.TZ = "America/New_York"; environment.TZ = "America/New_York";
labels = { swag = "enable"; swag_url = "zwave.icanttype.org"; }; labels = {
extraOptions = [ "--pull=newer" "--network=www" "--device=/dev/ttyACM0:/dev/zwave" ]; swag = "enable";
swag_url = "zwave.icanttype.org";
};
extraOptions =
[ "--pull=newer" "--network=www" "--device=/dev/ttyACM0:/dev/zwave" ];
}; };
homeassistant = { homeassistant = {
image = "lscr.io/linuxserver/homeassistant:latest"; image = "lscr.io/linuxserver/homeassistant:latest";
@ -144,7 +151,8 @@
}; };
qbittorrent = { qbittorrent = {
image = "lscr.io/linuxserver/qbittorrent:latest"; image = "lscr.io/linuxserver/qbittorrent:latest";
volumes = [ "qbittorrent-config:/config" "/video-data/torrent:/data/torrent" ]; volumes =
[ "qbittorrent-config:/config" "/video-data/torrent:/data/torrent" ];
environment = { environment = {
TZ = "America/New_York"; TZ = "America/New_York";
UMASK_SET = "000"; UMASK_SET = "000";
@ -184,7 +192,10 @@
}; };
static = { static = {
image = "docker.io/library/nginx:alpine"; image = "docker.io/library/nginx:alpine";
volumes = [ "/srv/docker/nginx/static:/usr/share/nginx/html:ro" "/srv/docker/nginx/config/static/default.conf:/etc/nginx/config.d/default.conf:ro" ]; volumes = [
"/srv/docker/nginx/static:/usr/share/nginx/html:ro"
"/srv/docker/nginx/config/static/default.conf:/etc/nginx/config.d/default.conf:ro"
];
labels = { labels = {
swag = "enable"; swag = "enable";
swag_url = "www.icanttype.org"; swag_url = "www.icanttype.org";
@ -200,7 +211,7 @@
swag_port = "3000"; swag_port = "3000";
}; };
ports = [ "10022:22" ]; ports = [ "10022:22" ];
extraOptions = [ "--pull=newer" "--network=www" ]; extraOptions = [ "--pull=newer" "--network=www" ];
}; };
docker_dind = { docker_dind = {
image = "docker.io/library/docker:dind"; image = "docker.io/library/docker:dind";
@ -230,15 +241,17 @@
description = "User for remote builds"; description = "User for remote builds";
isNormalUser = true; isNormalUser = true;
uid = 1100; uid = 1100;
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole" ]; openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole"
];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
dive dive
podman-tui podman-tui
docker-compose docker-compose
tcpdump tcpdump
ethtool ethtool
]; ];
services = { services = {
@ -259,15 +272,15 @@
openFirewall = true; openFirewall = true;
extraServiceFiles = { extraServiceFiles = {
smb = '' smb = ''
<?xml version="1.0" standalone='no'?><!--*-nxml-*--> <?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group> <service-group>
<name replace-wildcards="yes">%h</name> <name replace-wildcards="yes">%h</name>
<service> <service>
<type>_smb._tcp</type> <type>_smb._tcp</type>
<port>445</port> <port>445</port>
</service> </service>
</service-group> </service-group>
''; '';
}; };
}; };

66
systems/zeus/hardware-configuration.nix
View file

@ -4,49 +4,48 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ohci_pci" "ehci_pci" "sata_nv" "sd_mod" ]; boot.initrd.availableKernelModules =
[ "ohci_pci" "ehci_pci" "sata_nv" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "zroot/root"; device = "zroot/root";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "zboot/boot"; device = "zboot/boot";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/home" = fileSystems."/home" = {
{ device = "zroot/home"; device = "zroot/home";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "zroot/nix"; device = "zroot/nix";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var" = fileSystems."/var" = {
{ device = "zroot/var"; device = "zroot/var";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/video-data" = fileSystems."/video-data" = {
{ device = "rpool/video-data"; device = "rpool/video-data";
fsType = "zfs"; fsType = "zfs";
}; };
swapDevices = swapDevices = [
[ { device = "/dev/disk/by-uuid/aecf6400-9c9f-43f9-8c57-08f3c8a633e7"; } { device = "/dev/disk/by-uuid/aecf6400-9c9f-43f9-8c57-08f3c8a633e7"; }
{ device = "/dev/disk/by-uuid/3fca7d18-441c-4f39-adad-ffd882b1f210"; } { device = "/dev/disk/by-uuid/3fca7d18-441c-4f39-adad-ffd882b1f210"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
@ -55,5 +54,6 @@
networking.useDHCP = lib.mkDefault false; networking.useDHCP = lib.mkDefault false;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
} }