Compare commits
2 commits
57144478d8
...
476a143db5
Author | SHA1 | Date | |
---|---|---|---|
476a143db5 | |||
479e6101b2 |
4 changed files with 490 additions and 0 deletions
|
@ -41,6 +41,10 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
zeus = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
modules = [ ./systems/zeus/configuration.nix ];
|
||||||
|
};
|
||||||
orangepihole = nixpkgs.lib.nixosSystem {
|
orangepihole = nixpkgs.lib.nixosSystem {
|
||||||
system = "aarch64-linux";
|
system = "aarch64-linux";
|
||||||
modules = [ ./systems/orangepihole/configuration.nix ];
|
modules = [ ./systems/orangepihole/configuration.nix ];
|
||||||
|
@ -54,6 +58,10 @@
|
||||||
hostname = "smolboi";
|
hostname = "smolboi";
|
||||||
profiles.system.path = deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.smolboi;
|
profiles.system.path = deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.smolboi;
|
||||||
};
|
};
|
||||||
|
zeus = {
|
||||||
|
hostname = "zeus";
|
||||||
|
profiles.system.path = deployPkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.zeus;
|
||||||
|
};
|
||||||
orangepihole = {
|
orangepihole = {
|
||||||
hostname = "orangepihole";
|
hostname = "orangepihole";
|
||||||
profiles.system.path = deployAarch64Pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.orangepihole;
|
profiles.system.path = deployAarch64Pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.orangepihole;
|
||||||
|
|
|
@ -28,6 +28,7 @@
|
||||||
DNS = "10.42.69.2";
|
DNS = "10.42.69.2";
|
||||||
EmitRouter = true;
|
EmitRouter = true;
|
||||||
Router = "10.42.69.1";
|
Router = "10.42.69.1";
|
||||||
|
SendOption = [ "15:string:icanttype.org" "119:string:icanttype.org" ];
|
||||||
};
|
};
|
||||||
networkConfig.IPv6SendRA = true;
|
networkConfig.IPv6SendRA = true;
|
||||||
ipv6SendRAConfig.RouterLifetimeSec = 0;
|
ipv6SendRAConfig.RouterLifetimeSec = 0;
|
||||||
|
|
422
systems/zeus/configuration.nix
Normal file
422
systems/zeus/configuration.nix
Normal file
|
@ -0,0 +1,422 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page, on
|
||||||
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
||||||
|
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ # Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Use the GRUB 2 boot loader.
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.zfsSupport = true;
|
||||||
|
boot.loader.grub.extraEntries = ''
|
||||||
|
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-/dev/sda4_/dev/sdb4_/dev/sdc4_/dev/sdd4' {
|
||||||
|
load_video
|
||||||
|
insmod gzio
|
||||||
|
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
|
||||||
|
insmod part_gpt
|
||||||
|
insmod part_gpt
|
||||||
|
insmod part_gpt
|
||||||
|
insmod part_gpt
|
||||||
|
insmod zfs
|
||||||
|
set root='hd3,gpt3'
|
||||||
|
if [ x$feature_platform_search_hint = xy ]; then
|
||||||
|
search --no-floppy --fs-uuid --set=root --hint-bios=hd3,gpt3 --hint-efi=hd3,gpt3 --hint-baremetal=ahci3,gpt3 --hint-bios=hd1,gpt3 --hint-efi=hd1,gpt3 --hint-baremetal=ahci1,gpt3 --hint-bios=hd2,gpt3 --hint-efi=hd2,gpt3 --hint-baremetal=ahci2,gpt3 --hint-bios=hd0,gpt3 --hint-efi=hd0,gpt3 --hint-baremetal=ahci0,gpt3 f8ecb74936118c7a
|
||||||
|
else
|
||||||
|
search --no-floppy --fs-uuid --set=root f8ecb74936118c7a
|
||||||
|
fi
|
||||||
|
echo 'Loading Linux 6.1.0-20-amd64 ...'
|
||||||
|
linux /BOOT/debian@/vmlinuz-6.1.0-20-amd64 root=ZFS=/ROOT/debian ro root=ZFS=rpool/ROOT/debian quiet splash
|
||||||
|
echo 'Loading initial ramdisk ...'
|
||||||
|
initrd /BOOT/debian@/initrd.img-6.1.0-20-amd64
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||||
|
# boot.loader.grub.efiSupport = true;
|
||||||
|
# boot.loader.grub.efiInstallAsRemovable = true;
|
||||||
|
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||||||
|
# Define on which hard drive you want to install Grub.
|
||||||
|
# boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
|
||||||
|
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" "/dev/sdc" "/dev/sdd" "/dev/sde" "/dev/sdf" ];
|
||||||
|
|
||||||
|
networking.hostName = "zeus"; # Define your hostname.
|
||||||
|
networking.hostId = (builtins.substring 0 8 (builtins.readFile "/etc/machine-id"));
|
||||||
|
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||||
|
# Pick only one of the below networking options.
|
||||||
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||||
|
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
|
||||||
|
networking.useNetworkd = true;
|
||||||
|
systemd.network.enable = true;
|
||||||
|
services.resolved.enable = true;
|
||||||
|
services.resolved.fallbackDns = [ "8.8.8.8" ];
|
||||||
|
systemd.network.netdevs = {
|
||||||
|
bond0 = {
|
||||||
|
netdevConfig = {
|
||||||
|
Name = "bond0";
|
||||||
|
Kind = "bond";
|
||||||
|
};
|
||||||
|
bondConfig = {
|
||||||
|
Mode = "active-backup";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
lan-shim = {
|
||||||
|
netdevConfig = {
|
||||||
|
Name = "lan-shim";
|
||||||
|
Kind = "macvlan";
|
||||||
|
MACAddress = "3e:53:37:25:08:ef";
|
||||||
|
};
|
||||||
|
macvlanConfig = {
|
||||||
|
Mode = "bridge";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wg0 = {
|
||||||
|
netdevConfig = {
|
||||||
|
Name = "wg0";
|
||||||
|
Kind = "wireguard";
|
||||||
|
};
|
||||||
|
wireguardConfig = {
|
||||||
|
PrivateKeyFile = /etc/nixos/wireguard.priv;
|
||||||
|
ListenPort = 51821;
|
||||||
|
};
|
||||||
|
wireguardPeers = [{
|
||||||
|
wireguardPeerConfig = {
|
||||||
|
PublicKey = "ZT+n0XONAZ6dkiIJR+2bmTT9y7WTxDNdnZo5S7b8vxE=";
|
||||||
|
AllowedIPs = [ "10.98.0.0/31" ];
|
||||||
|
PresharedKeyFile = /etc/nixos/wireguard.psk;
|
||||||
|
PersistentKeepalive = 25;
|
||||||
|
Endpoint = "remote.kow.is:51821";
|
||||||
|
};
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.network.networks = {
|
||||||
|
"00-bondage" = {
|
||||||
|
name = "en*";
|
||||||
|
networkConfig.Bond = "bond0";
|
||||||
|
};
|
||||||
|
bond0 = {
|
||||||
|
name = "bond0";
|
||||||
|
networkConfig.MACVLAN = "lan-shim";
|
||||||
|
};
|
||||||
|
lan-shim = {
|
||||||
|
name = "lan-shim";
|
||||||
|
address = [ "10.42.69.100/24" "fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64" ];
|
||||||
|
dns = [ "10.42.69.2" ];
|
||||||
|
domains = [ "icanttype.org" ];
|
||||||
|
gateway = [ "10.42.69.1" ];
|
||||||
|
};
|
||||||
|
wg0 = {
|
||||||
|
name = "wg0";
|
||||||
|
address = [ "10.98.0.0/31" "fd72:3dd5:21ae:ff1a::1/64" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "America/New_York";
|
||||||
|
|
||||||
|
# Configure network proxy if necessary
|
||||||
|
# networking.proxy.default = "http://user:password@proxy:port/";
|
||||||
|
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||||
|
|
||||||
|
# Select internationalisation properties.
|
||||||
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
# console = {
|
||||||
|
# font = "Lat2-Terminus16";
|
||||||
|
# keyMap = "us";
|
||||||
|
# useXkbConfig = true; # use xkb.options in tty.
|
||||||
|
# };
|
||||||
|
|
||||||
|
# Enable the X11 windowing system.
|
||||||
|
# services.xserver.enable = true;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Configure keymap in X11
|
||||||
|
# services.xserver.xkb.layout = "us";
|
||||||
|
# services.xserver.xkb.options = "eurosign:e,caps:escape";
|
||||||
|
|
||||||
|
# Enable CUPS to print documents.
|
||||||
|
# services.printing.enable = true;
|
||||||
|
|
||||||
|
# Enable sound.
|
||||||
|
# sound.enable = true;
|
||||||
|
# hardware.pulseaudio.enable = true;
|
||||||
|
|
||||||
|
# Enable touchpad support (enabled default in most desktopManager).
|
||||||
|
# services.xserver.libinput.enable = true;
|
||||||
|
|
||||||
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||||
|
# users.users.alice = {
|
||||||
|
# isNormalUser = true;
|
||||||
|
# extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||||
|
# packages = with pkgs; [
|
||||||
|
# firefox
|
||||||
|
# tree
|
||||||
|
# ];
|
||||||
|
# };
|
||||||
|
virtualisation = {
|
||||||
|
containers.enable = true;
|
||||||
|
podman = {
|
||||||
|
enable = true;
|
||||||
|
dockerCompat = true;
|
||||||
|
defaultNetwork.settings.dns_enabled = true;
|
||||||
|
};
|
||||||
|
oci-containers.containers = {
|
||||||
|
dockerproxy = {
|
||||||
|
image = "ghcr.io/tecnativa/docker-socket-proxy:latest";
|
||||||
|
volumes = [ "/var/run/podman/podman.sock:/var/run/docker.sock:ro" ];
|
||||||
|
environment = {
|
||||||
|
CONTAINERS="1";
|
||||||
|
POST="0";
|
||||||
|
};
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www"];
|
||||||
|
};
|
||||||
|
swag = {
|
||||||
|
image = "lscr.io/linuxserver/swag:2.9.0-ls292";
|
||||||
|
volumes = [ "swag-config:/config" ];
|
||||||
|
environment = {
|
||||||
|
TZ="America/New_York";
|
||||||
|
URL="icanttype.org";
|
||||||
|
VALIDATION="dns";
|
||||||
|
SUBDOMAINS="wildcard";
|
||||||
|
DNSPLUGIN="cloudflare";
|
||||||
|
DOCKER_HOST="dockerproxy";
|
||||||
|
DOCKER_MODS="linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-proxy|linuxserver/mods:universal-docker|linuxserver/mods:universal-cloudflared";
|
||||||
|
CF_ZONE_ID="4e68852334290a922718696a0986e75a";
|
||||||
|
CF_ACCOUNT_ID="5c1c252b9d9a9af6ea3a5de8590f36fa";
|
||||||
|
CF_API_TOKEN="mRfY8ubtFUxzVuehI6WFipSQFIcstCNds7RF5FTQ";
|
||||||
|
CF_TUNNEL_NAME="icanttype.org";
|
||||||
|
CF_TUNNEL_PASSWORD="iZh4UYxVSo3S2H3XwwboM2z@mJEqYJkQ5yMTfd5p";
|
||||||
|
FILE__CF_TUNNEL_CONFIG="/config/tunnelconfig.yml";
|
||||||
|
EMAIL="cdombroski@gmail.com";
|
||||||
|
};
|
||||||
|
ports = [ "80:80" "443:443" ];
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www" "--cap-add" "NET_ADMIN" "--network-alias=icanttype.org" ];
|
||||||
|
};
|
||||||
|
jellyfin = {
|
||||||
|
image = "lscr.io/linuxserver/jellyfin:latest";
|
||||||
|
volumes = [ "jellyfin-config:/config" "/video-data/media:/data/media" ];
|
||||||
|
environment.TZ="America/New_York";
|
||||||
|
labels.swag = "enable";
|
||||||
|
ports = [ "1900:1900/udp" "7359:7359/udp" ];
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www" ];
|
||||||
|
};
|
||||||
|
zwave-js-ui = {
|
||||||
|
image = "docker.io/zwavejs/zwave-js-ui:latest";
|
||||||
|
volumes = [ "zwave-config:/usr/src/app/store" ];
|
||||||
|
environment.TZ = "America/New_York";
|
||||||
|
labels = { swag = "enable"; swag_url = "zwave.icanttype.org"; };
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www" "--device=/dev/ttyACM0:/dev/zwave" ];
|
||||||
|
};
|
||||||
|
homeassistant = {
|
||||||
|
image = "lscr.io/linuxserver/homeassistant:latest";
|
||||||
|
volumes = [ "homeassistant-config:/config" ];
|
||||||
|
environment.TZ = "America/New_York";
|
||||||
|
labels.swag = "enable";
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www" "--network=lan" ];
|
||||||
|
};
|
||||||
|
postgres = {
|
||||||
|
image = "docker.io/library/postgres:15";
|
||||||
|
volumes = [ "postgres-15:/var/lib/postgresql/data" ];
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www" ];
|
||||||
|
};
|
||||||
|
# gogs = {
|
||||||
|
# image = "docker.io/gogs/gogs:latest";
|
||||||
|
# volumes = [ "gogs-data:/data" ];
|
||||||
|
# labels = {
|
||||||
|
# swag = "enable";
|
||||||
|
# swag_url = "git.icanttype.org";
|
||||||
|
# swag_port = "3000";
|
||||||
|
# };
|
||||||
|
# ports = [ "10022:22" ];
|
||||||
|
# extraOptions = [ "--pull=newer" "--network=www" ];
|
||||||
|
# };
|
||||||
|
calibre = {
|
||||||
|
image = "lscr.io/linuxserver/calibre:latest";
|
||||||
|
volumes = [ "calibre-config:/config" "/video-data:/data" ];
|
||||||
|
environment.TZ = "America/New_York";
|
||||||
|
labels.swag = "enable";
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www" ];
|
||||||
|
};
|
||||||
|
calibre-web = {
|
||||||
|
image = "lscr.io/linuxserver/calibre-web:latest";
|
||||||
|
volumes = [ "calibre-web-config:/config" "/video-data:/data" ];
|
||||||
|
environment.TZ = "America/New_York";
|
||||||
|
labels.swag = "enable";
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www" ];
|
||||||
|
};
|
||||||
|
flaresolverr = {
|
||||||
|
image = "ghcr.io/flaresolverr/flaresolverr:latest";
|
||||||
|
environment.LOG_LEVEL = "info";
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www" ];
|
||||||
|
};
|
||||||
|
qbittorrent = {
|
||||||
|
image = "lscr.io/linuxserver/qbittorrent:latest";
|
||||||
|
volumes = [ "qbittorrent-config:/config" "/video-data/torrent:/data/torrent" ];
|
||||||
|
environment = {
|
||||||
|
TZ = "America/New_York";
|
||||||
|
UMASK_SET = "000";
|
||||||
|
DELUGE_LOGLEVEL = "error";
|
||||||
|
};
|
||||||
|
labels.swag = "enable";
|
||||||
|
ports = [ "34996:34996" "34996:34996/udp" ];
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www" ];
|
||||||
|
};
|
||||||
|
prowlarr = {
|
||||||
|
image = "lscr.io/linuxserver/prowlarr:latest";
|
||||||
|
volumes = [ "prowlarr-config:/config" ];
|
||||||
|
environment.TZ = "America/New_York";
|
||||||
|
labels.swag = "enable";
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www" ];
|
||||||
|
};
|
||||||
|
readarr = {
|
||||||
|
image = "lscr.io/linuxserver/readarr:develop";
|
||||||
|
volumes = [ "readarr-config:/config" "/video-data:/data" ];
|
||||||
|
environment.TZ = "America/New_York";
|
||||||
|
labels.swag = "enable";
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www" ];
|
||||||
|
};
|
||||||
|
radarr = {
|
||||||
|
image = "lscr.io/linuxserver/radarr:latest";
|
||||||
|
volumes = [ "radarr-config:/config" "/video-data:/data" ];
|
||||||
|
environment.TZ = "America/New_York";
|
||||||
|
labels.swag = "enable";
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www" ];
|
||||||
|
};
|
||||||
|
sonarr = {
|
||||||
|
image = "lscr.io/linuxserver/sonarr:latest";
|
||||||
|
volumes = [ "sonarr-config:/config" "/video-data:/data" ];
|
||||||
|
environment.TZ = "America/New_York";
|
||||||
|
labels.swag = "enable";
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www" ];
|
||||||
|
};
|
||||||
|
static = {
|
||||||
|
image = "docker.io/library/nginx:alpine";
|
||||||
|
volumes = [ "/srv/docker/nginx/static:/usr/share/nginx/html:ro" "/srv/docker/nginx/config/static/default.conf:/etc/nginx/config.d/default.conf:ro" ];
|
||||||
|
labels = {
|
||||||
|
swag = "enable";
|
||||||
|
swag_url = "www.icanttype.org";
|
||||||
|
};
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www" ];
|
||||||
|
};
|
||||||
|
forgejo = {
|
||||||
|
image = "codeberg.org/forgejo/forgejo:7";
|
||||||
|
volumes = [ "forgejo-data:/data" "/etc/localtime:/etc/localtime:ro" ];
|
||||||
|
labels = {
|
||||||
|
swag = "enable";
|
||||||
|
swag_url = "git.icanttype.org";
|
||||||
|
swag_port = "3000";
|
||||||
|
};
|
||||||
|
ports = [ "10022:22" ];
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www" ];
|
||||||
|
};
|
||||||
|
docker_dind = {
|
||||||
|
image = "docker.io/library/docker:dind";
|
||||||
|
cmd = [ "dockerd" "-H" "tcp://0.0.0.0:2375" "--tls=false" ];
|
||||||
|
extraOptions = [ "--pull=newer" "--privileged" "--network=www" ];
|
||||||
|
};
|
||||||
|
runner = {
|
||||||
|
image = "code.forgejo.org/forgejo/runner:3.4.1";
|
||||||
|
dependsOn = [ "docker_dind" ];
|
||||||
|
environment.DOCKER_HOST = "tcp://docker_dind:2375";
|
||||||
|
volumes = [ "forgejo-runner:/data" ];
|
||||||
|
cmd = [ "forgejo-runner" "daemon" ];
|
||||||
|
extraOptions = [ "--pull=newer" "--network=www" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking.firewall.interfaces."podman+" = {
|
||||||
|
allowedUDPPorts = [ 53 ];
|
||||||
|
allowedTCPPorts = [ 53 ];
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEApZvmNao6HvjOI3NQ96+Hu+N4MTw20KSvrx7ml8/PD4zb5GXo2sXRROHy0VclIXBEPKPKq93QGCMhfCR0jvr2tSib5CwrCMDnjjRxGJV36jhCE1mOV6TKis1MDdigg/7NSVf+eszUW4ed6CSDNFu3ooVZSwdf4Tja2672ROk1W59rDbfgs0Et7pRNnmWM1q+sTbD0eRbY9+0DXBhx5u4OVjp6eNNmO59WGErVvAAjOnZR3rw2LSX7MDrtzeCe1sdR/28WGPIIUVL8eCorlhzPB6PfrTL1Y/fbWAOGdvs6h+wTPX3ivTlrs8J5AXERCymp/CXIA1mwVjnM9zOklFhun+VvCNNJsZPSM62jrHfD4bP11y1kSt87TORGW517nWdS80oUY6MwxRcN2salwWzZA0sVjIHmvc4FkAuPHhdlMQpkym9fpFfR9taWlxU2NMP/+Quj3NaAPKksPvUGwos8lP8Z+QF5ljedNZFsC5/S0u6Fqoa26zRTnVki4KhfGPyKHXIUp9kNV7PRz4oRizHibUfp05xVMACtVIn+pQU7CaQEJCdYfLpo9gMDZ+6ZanmQX0vCUEyiaimrF/eSCkzjBtqSKMRHLd6ADEFEDxSr5nfaqgkddQVkQiBvngCnKwYcKfINA5mYIIFJZyLxpki03SHT6qGT541iHT3OX9F4MBc="
|
||||||
|
];
|
||||||
|
|
||||||
|
users.users.nixremote = {
|
||||||
|
description = "User for remote builds";
|
||||||
|
isNormalUser = true;
|
||||||
|
uid = 1100;
|
||||||
|
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole" ];
|
||||||
|
};
|
||||||
|
# List packages installed in system profile. To search, run:
|
||||||
|
# $ nix search wget
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
|
||||||
|
dive
|
||||||
|
podman-tui
|
||||||
|
docker-compose
|
||||||
|
wireguard-tools
|
||||||
|
nix-output-monitor
|
||||||
|
];
|
||||||
|
|
||||||
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
|
# started in user sessions.
|
||||||
|
# programs.mtr.enable = true;
|
||||||
|
# programs.gnupg.agent = {
|
||||||
|
# enable = true;
|
||||||
|
# enableSSHSupport = true;
|
||||||
|
# };
|
||||||
|
# programs.msmtp.enable = true;
|
||||||
|
programs.vim.defaultEditor = true;
|
||||||
|
nix = {
|
||||||
|
settings.experimental-features = [ "nix-command" "flakes" ];
|
||||||
|
settings.trusted-users = [ "nixremote" ];
|
||||||
|
gc = {
|
||||||
|
automatic = true;
|
||||||
|
options = "--delete-older-than 30d";
|
||||||
|
dates = "weekly";
|
||||||
|
};
|
||||||
|
optimise.automatic = true;
|
||||||
|
};
|
||||||
|
# List services that you want to enable:
|
||||||
|
|
||||||
|
# Enable the OpenSSH daemon.
|
||||||
|
services.openssh.enable = true;
|
||||||
|
services.zfs.autoScrub.enable = true;
|
||||||
|
# services.zfs.zed.settings = {
|
||||||
|
# ZED_EMAIL_ADDR = [ "cdombroski@gmail.com" ];
|
||||||
|
# ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";
|
||||||
|
# ZED_EMAIL_OPTS = "@ADDRESS@";
|
||||||
|
# ZED_USE_ENCLOSURE_LEDS = true;
|
||||||
|
# ZED_SCRUB_AFTER_RESILVER = true;
|
||||||
|
# };
|
||||||
|
# services.zfs.zed.enableMail = false;
|
||||||
|
|
||||||
|
# Open ports in the firewall.
|
||||||
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
# Or disable the firewall altogether.
|
||||||
|
# networking.firewall.enable = false;
|
||||||
|
|
||||||
|
# Copy the NixOS configuration file and link it from the resulting system
|
||||||
|
# (/run/current-system/configuration.nix). This is useful in case you
|
||||||
|
# accidentally delete configuration.nix.
|
||||||
|
# system.copySystemConfiguration = true;
|
||||||
|
|
||||||
|
# This option defines the first version of NixOS you have installed on this particular machine,
|
||||||
|
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
|
||||||
|
#
|
||||||
|
# Most users should NEVER change this value after the initial install, for any reason,
|
||||||
|
# even if you've upgraded your system to a new NixOS release.
|
||||||
|
#
|
||||||
|
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
|
||||||
|
# so changing it will NOT upgrade your system.
|
||||||
|
#
|
||||||
|
# This value being lower than the current NixOS release does NOT mean your system is
|
||||||
|
# out of date, out of support, or vulnerable.
|
||||||
|
#
|
||||||
|
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
|
||||||
|
# and migrated your data accordingly.
|
||||||
|
#
|
||||||
|
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
|
||||||
|
system.stateVersion = "23.11"; # Did you read the comment?
|
||||||
|
zramSwap.enable = true;
|
||||||
|
}
|
||||||
|
|
59
systems/zeus/hardware-configuration.nix
Normal file
59
systems/zeus/hardware-configuration.nix
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ohci_pci" "ehci_pci" "sata_nv" "sd_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "zroot/root";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{ device = "zboot/boot";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/home" =
|
||||||
|
{ device = "zroot/home";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nix" =
|
||||||
|
{ device = "zroot/nix";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var" =
|
||||||
|
{ device = "zroot/var";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/video-data" =
|
||||||
|
{ device = "rpool/video-data";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[ { device = "/dev/disk/by-uuid/aecf6400-9c9f-43f9-8c57-08f3c8a633e7"; }
|
||||||
|
{ device = "/dev/disk/by-uuid/3fca7d18-441c-4f39-adad-ffd882b1f210"; }
|
||||||
|
];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault false;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
Loading…
Reference in a new issue