{ pkgs, inputs, ezModules, modulesPath, lib, ... }: let pkgs-unstable = import inputs.nixunstable { inherit (pkgs.stdenv) system; }; in { imports = [ "${modulesPath}/installer/scan/not-detected.nix" inputs.impermanence.nixosModules.impermanence inputs.nixos-hardware.nixosModules.supermicro inputs.nixos-hardware.nixosModules.common-cpu-amd inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower inputs.nixos-hardware.nixosModules.common-pc ezModules.aarch64-emu ezModules.dhcp ezModules.networkd-base ezModules.smartd ezModules.plymouth ezModules.docker-calibre ezModules.docker-calibre-web ezModules.docker-dind ezModules.docker-flaresolverr ezModules.docker-forgejo ezModules.docker-homeassistant ezModules.docker-jellyfin ezModules.docker-postgres ezModules.docker-prowlarr ezModules.docker-proxy ezModules.docker-qbittorrent ezModules.docker-radarr ezModules.docker-readarr ezModules.docker-romm ezModules.docker-runner ezModules.docker-sonarr ezModules.docker-static-web ezModules.docker-swag ezModules.docker-zwave ezModules.unbound ]; boot = { initrd.availableKernelModules = [ "ohci_pci" "ehci_pci" "sata_nv" "sd_mod" ]; loader = { grub = { enable = true; efiSupport = true; mirroredBoots = [ { devices = [ "nodev" ]; path = "/efi"; } { devices = [ "nodev" ]; path = "/efi1"; } ]; }; efi = { canTouchEfiVariables = true; efiSysMountPoint = "/efi"; }; }; kernelModules = [ "kvm-amd" ]; }; fileSystems = { "/" = { device = "none"; fsType = "tmpfs"; options = [ "defaults" "mode=755" ]; }; "/persist" = { device = "zroot/root"; fsType = "zfs"; neededForBoot = true; }; "/boot" = { device = "zboot/boot"; fsType = "zfs"; }; "/home" = { device = "zroot/home"; fsType = "zfs"; }; "/nix" = { device = "zroot/nix"; fsType = "zfs"; }; "/var" = { device = "zroot/var"; fsType = "zfs"; }; "/video-data" = { device = "rpool/video-data"; fsType = "zfs"; }; "/efi" = { device = "/dev/disk/by-uuid/6ED6-2ED0"; fsType = "vfat"; options = [ "nofail" ]; }; "/efi1" = { device = "/dev/disk/by-uuid/6A4C-BAFE"; fsType = "vfat"; options = [ "nofail" ]; }; }; swapDevices = [ { device = "/dev/disk/by-uuid/aecf6400-9c9f-43f9-8c57-08f3c8a633e7"; } { device = "/dev/disk/by-uuid/3fca7d18-441c-4f39-adad-ffd882b1f210"; } ]; mainInterface = "lan-shim"; mainInterfaceConfig = "lan-shim"; networking = { hostName = "zeus"; # Define your hostname. hostId = "9e95b576"; }; systemd.services = { recyclarr = { script = "${pkgs-unstable.recyclarr}/bin/recyclarr sync"; startAt = "daily"; }; }; systemd.network.netdevs = { bond0 = { netdevConfig = { Name = "bond0"; Kind = "bond"; }; bondConfig = { Mode = "active-backup"; }; }; lan-shim = { netdevConfig = { Name = "lan-shim"; Kind = "macvlan"; MACAddress = "3e:53:37:25:08:ef"; }; macvlanConfig = { Mode = "bridge"; }; }; }; systemd.network.networks = { "00-bondage" = { name = "eno*"; networkConfig.Bond = "bond0"; }; bond0 = { name = "bond0"; networkConfig.MACVLAN = "lan-shim"; }; lan-shim = { name = "lan-shim"; address = [ "10.42.69.100/24" "fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64" ]; dns = [ "10.42.69.100" "10.42.69.2" ]; domains = [ "icanttype.org" ]; gateway = [ "10.42.69.1" ]; dhcpServerConfig = { PoolOffset = 100; }; }; }; virtualisation = { podman = { defaultNetwork.settings.dns_enabled = true; autoPrune.enable = true; }; }; networking.firewall = { interfaces."podman+" = { allowedUDPPorts = [ 53 ]; allowedTCPPorts = [ 53 ]; }; allowedUDPPorts = [ 137 138 ]; allowedTCPPorts = [ 139 445 ]; }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; users.users.nixremote = { description = "User for remote builds"; isNormalUser = true; uid = 1100; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole" ]; }; nix.settings.trusted-users = [ "nixremote" ]; environment = { systemPackages = builtins.attrValues { inherit (pkgs) vim dive podman-tui docker-compose tcpdump ethtool ; inherit (pkgs-unstable) recyclarr; }; persistence."/persist" = { enableWarnings = false; hideMounts = true; directories = [ "/srv/docker" "/tmp" "/etc/containers/networks" ]; files = [ "/etc/machine-id" "/etc/adjtime" "/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key.pub" "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" ]; }; }; services = { samba = { enable = true; settings = { media = { path = "/video-data"; browseable = "yes"; "read only" = "no"; "guest ok" = "yes"; }; }; }; avahi = { enable = true; nssmdns4 = true; nssmdns6 = true; openFirewall = true; extraServiceFiles = { smb = '' %h _smb._tcp 445 ''; }; }; }; services.zfs.autoScrub.enable = true; services.zfs.zed.settings = { ZED_EMAIL_ADDR = [ "root" ]; ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp"; ZED_EMAIL_OPTS = "@ADDRESS@"; ZED_NOTIFY_INTERVAL_SECS = 3600; ZED_NOTIFY_VERBOSE = true; ZED_USE_ENCLOSURE_LEDS = true; ZED_SCRUB_AFTER_RESILVER = true; }; services.zfs.zed.enableMail = false; system.stateVersion = "23.11"; # Did you read the comment? zramSwap.enable = true; }