298 lines
6.5 KiB
Nix
298 lines
6.5 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
inputs,
|
|
ezModules,
|
|
modulesPath,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
pkgs-unstable = import inputs.nixunstable { inherit (pkgs.stdenv) system; };
|
|
in
|
|
{
|
|
imports = [
|
|
"${modulesPath}/installer/scan/not-detected.nix"
|
|
inputs.impermanence.nixosModules.impermanence
|
|
inputs.nixos-hardware.nixosModules.supermicro
|
|
inputs.nixos-hardware.nixosModules.common-cpu-amd
|
|
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
|
|
inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower
|
|
inputs.nixos-hardware.nixosModules.common-pc
|
|
ezModules.aarch64-emu
|
|
ezModules.networkd-base
|
|
ezModules.smartd
|
|
ezModules.plymouth
|
|
ezModules.docker-calibre
|
|
ezModules.docker-calibre-web
|
|
ezModules.docker-dind
|
|
ezModules.docker-flaresolverr
|
|
ezModules.forgejo
|
|
ezModules.docker-homeassistant
|
|
ezModules.docker-jellyfin
|
|
ezModules.docker-postgres
|
|
ezModules.docker-prowlarr
|
|
ezModules.docker-proxy
|
|
ezModules.docker-qbittorrent
|
|
ezModules.docker-radarr
|
|
ezModules.docker-readarr
|
|
ezModules.docker-runner
|
|
ezModules.docker-sonarr
|
|
ezModules.docker-static-web
|
|
ezModules.docker-swag
|
|
ezModules.docker-zwave
|
|
];
|
|
|
|
boot = {
|
|
initrd.availableKernelModules = [
|
|
"ohci_pci"
|
|
"ehci_pci"
|
|
"sata_nv"
|
|
"sd_mod"
|
|
];
|
|
loader = {
|
|
grub = {
|
|
enable = true;
|
|
efiSupport = true;
|
|
mirroredBoots = [
|
|
{
|
|
devices = [ "nodev" ];
|
|
path = "/efi";
|
|
}
|
|
{
|
|
devices = [ "nodev" ];
|
|
path = "/efi1";
|
|
}
|
|
];
|
|
};
|
|
|
|
efi = {
|
|
canTouchEfiVariables = true;
|
|
efiSysMountPoint = "/efi";
|
|
};
|
|
};
|
|
|
|
kernelModules = [ "kvm-amd" ];
|
|
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
|
};
|
|
|
|
fileSystems = {
|
|
"/" = {
|
|
device = "none";
|
|
fsType = "tmpfs";
|
|
options = [
|
|
"defaults"
|
|
"mode=755"
|
|
];
|
|
};
|
|
|
|
"/persist" = {
|
|
device = "zroot/root";
|
|
fsType = "zfs";
|
|
neededForBoot = true;
|
|
};
|
|
|
|
"/boot" = {
|
|
device = "zboot/boot";
|
|
fsType = "zfs";
|
|
};
|
|
|
|
"/home" = {
|
|
device = "zroot/home";
|
|
fsType = "zfs";
|
|
};
|
|
|
|
"/nix" = {
|
|
device = "zroot/nix";
|
|
fsType = "zfs";
|
|
};
|
|
|
|
"/var" = {
|
|
device = "zroot/var";
|
|
fsType = "zfs";
|
|
};
|
|
|
|
"/video-data" = {
|
|
device = "rpool/video-data";
|
|
fsType = "zfs";
|
|
};
|
|
|
|
"/efi" = {
|
|
device = "/dev/disk/by-uuid/6ED6-2ED0";
|
|
fsType = "vfat";
|
|
options = [ "nofail" ];
|
|
};
|
|
|
|
"/efi1" = {
|
|
device = "/dev/disk/by-uuid/6A4C-BAFE";
|
|
fsType = "vfat";
|
|
options = [ "nofail" ];
|
|
};
|
|
};
|
|
|
|
swapDevices = [
|
|
{ device = "/dev/disk/by-uuid/aecf6400-9c9f-43f9-8c57-08f3c8a633e7"; }
|
|
{ device = "/dev/disk/by-uuid/3fca7d18-441c-4f39-adad-ffd882b1f210"; }
|
|
];
|
|
networking = {
|
|
hostName = "zeus"; # Define your hostname.
|
|
hostId = "9e95b576";
|
|
};
|
|
systemd.services = {
|
|
recyclarr = {
|
|
script = "${pkgs-unstable.recyclarr}/bin/recyclarr sync";
|
|
startAt = "daily";
|
|
};
|
|
};
|
|
systemd.network.netdevs = {
|
|
bond0 = {
|
|
netdevConfig = {
|
|
Name = "bond0";
|
|
Kind = "bond";
|
|
};
|
|
bondConfig = {
|
|
Mode = "active-backup";
|
|
};
|
|
};
|
|
lan-shim = {
|
|
netdevConfig = {
|
|
Name = "lan-shim";
|
|
Kind = "macvlan";
|
|
MACAddress = "3e:53:37:25:08:ef";
|
|
};
|
|
macvlanConfig = {
|
|
Mode = "bridge";
|
|
};
|
|
};
|
|
};
|
|
systemd.network.networks = {
|
|
"00-bondage" = {
|
|
name = "eno*";
|
|
networkConfig.Bond = "bond0";
|
|
};
|
|
bond0 = {
|
|
name = "bond0";
|
|
networkConfig.MACVLAN = "lan-shim";
|
|
};
|
|
lan-shim = {
|
|
name = "lan-shim";
|
|
address = [
|
|
"10.42.69.100/24"
|
|
"fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64"
|
|
];
|
|
dns = [ "10.42.69.2" ];
|
|
domains = [ "icanttype.org" ];
|
|
gateway = [ "10.42.69.1" ];
|
|
};
|
|
};
|
|
|
|
virtualisation = {
|
|
podman = {
|
|
defaultNetwork.settings.dns_enabled = true;
|
|
autoPrune.enable = true;
|
|
};
|
|
oci-containers.containers = { };
|
|
};
|
|
networking.firewall = {
|
|
interfaces."podman+" = {
|
|
allowedUDPPorts = [ 53 ];
|
|
allowedTCPPorts = [ 53 ];
|
|
};
|
|
allowedUDPPorts = [
|
|
137
|
|
138
|
|
];
|
|
allowedTCPPorts = [
|
|
139
|
|
445
|
|
];
|
|
};
|
|
|
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
users.users.nixremote = {
|
|
description = "User for remote builds";
|
|
isNormalUser = true;
|
|
uid = 1100;
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole"
|
|
];
|
|
};
|
|
nix.settings.trusted-users = [ "nixremote" ];
|
|
environment = {
|
|
systemPackages = builtins.attrValues {
|
|
inherit (pkgs)
|
|
vim
|
|
dive
|
|
podman-tui
|
|
docker-compose
|
|
tcpdump
|
|
ethtool
|
|
;
|
|
inherit (pkgs-unstable) recyclarr;
|
|
};
|
|
persistence."/persist" = {
|
|
enableWarnings = false;
|
|
hideMounts = true;
|
|
directories = [
|
|
"/srv/docker"
|
|
"/tmp"
|
|
"/etc/containers/networks"
|
|
];
|
|
files = [
|
|
"/etc/machine-id"
|
|
"/etc/adjtime"
|
|
"/etc/ssh/ssh_host_rsa_key"
|
|
"/etc/ssh/ssh_host_rsa_key.pub"
|
|
"/etc/ssh/ssh_host_ed25519_key"
|
|
"/etc/ssh/ssh_host_ed25519_key.pub"
|
|
];
|
|
};
|
|
};
|
|
|
|
services = {
|
|
samba = {
|
|
enable = true;
|
|
shares = {
|
|
media = {
|
|
path = "/video-data";
|
|
browseable = "yes";
|
|
"read only" = "no";
|
|
"guest ok" = "yes";
|
|
};
|
|
};
|
|
};
|
|
avahi = {
|
|
enable = true;
|
|
nssmdns4 = true;
|
|
nssmdns6 = true;
|
|
openFirewall = true;
|
|
extraServiceFiles = {
|
|
smb = ''
|
|
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
|
|
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
|
|
<service-group>
|
|
<name replace-wildcards="yes">%h</name>
|
|
<service>
|
|
<type>_smb._tcp</type>
|
|
<port>445</port>
|
|
</service>
|
|
</service-group>
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
services.zfs.autoScrub.enable = true;
|
|
services.zfs.zed.settings = {
|
|
ZED_EMAIL_ADDR = [ "root" ];
|
|
ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";
|
|
ZED_EMAIL_OPTS = "@ADDRESS@";
|
|
ZED_NOTIFY_INTERVAL_SECS = 3600;
|
|
ZED_NOTIFY_VERBOSE = true;
|
|
ZED_USE_ENCLOSURE_LEDS = true;
|
|
ZED_SCRUB_AFTER_RESILVER = true;
|
|
};
|
|
services.zfs.zed.enableMail = false;
|
|
|
|
system.stateVersion = "23.11"; # Did you read the comment?
|
|
zramSwap.enable = true;
|
|
}
|