nix-configs/nixos-configurations/zeus.nix

307 lines
6.7 KiB
Nix

{
pkgs,
inputs,
ezModules,
modulesPath,
lib,
...
}:
let
pkgs-unstable = import inputs.nixunstable { inherit (pkgs.stdenv) system; };
in
{
imports = [
"${modulesPath}/installer/scan/not-detected.nix"
inputs.impermanence.nixosModules.impermanence
inputs.nixos-hardware.nixosModules.supermicro
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower
inputs.nixos-hardware.nixosModules.common-pc
ezModules.aarch64-emu
ezModules.dhcp
ezModules.networkd-base
ezModules.smartd
ezModules.plymouth
ezModules.docker-calibre
ezModules.docker-calibre-web
ezModules.docker-dind
ezModules.docker-flaresolverr
ezModules.docker-forgejo
ezModules.docker-homeassistant
ezModules.docker-jellyfin
ezModules.docker-postgres
ezModules.docker-prowlarr
ezModules.docker-proxy
ezModules.docker-qbittorrent
ezModules.docker-radarr
ezModules.docker-readarr
ezModules.docker-romm
ezModules.docker-runner
ezModules.docker-sonarr
ezModules.docker-static-web
ezModules.docker-swag
ezModules.docker-zwave
ezModules.unbound
];
boot = {
initrd.availableKernelModules = [
"ohci_pci"
"ehci_pci"
"sata_nv"
"sd_mod"
];
loader = {
grub = {
enable = true;
efiSupport = true;
mirroredBoots = [
{
devices = [ "nodev" ];
path = "/efi";
}
{
devices = [ "nodev" ];
path = "/efi1";
}
];
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/efi";
};
};
kernelModules = [ "kvm-amd" ];
};
fileSystems = {
"/" = {
device = "none";
fsType = "tmpfs";
options = [
"defaults"
"mode=755"
];
};
"/persist" = {
device = "zroot/root";
fsType = "zfs";
neededForBoot = true;
};
"/boot" = {
device = "zboot/boot";
fsType = "zfs";
};
"/home" = {
device = "zroot/home";
fsType = "zfs";
};
"/nix" = {
device = "zroot/nix";
fsType = "zfs";
};
"/var" = {
device = "zroot/var";
fsType = "zfs";
};
"/video-data" = {
device = "rpool/video-data";
fsType = "zfs";
};
"/efi" = {
device = "/dev/disk/by-uuid/6ED6-2ED0";
fsType = "vfat";
options = [ "nofail" ];
};
"/efi1" = {
device = "/dev/disk/by-uuid/6A4C-BAFE";
fsType = "vfat";
options = [ "nofail" ];
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/aecf6400-9c9f-43f9-8c57-08f3c8a633e7"; }
{ device = "/dev/disk/by-uuid/3fca7d18-441c-4f39-adad-ffd882b1f210"; }
];
mainInterface = "lan-shim";
mainInterfaceConfig = "lan-shim";
networking = {
hostName = "zeus"; # Define your hostname.
hostId = "9e95b576";
};
systemd.services = {
recyclarr = {
script = "${pkgs-unstable.recyclarr}/bin/recyclarr sync";
startAt = "daily";
};
};
systemd.network.netdevs = {
bond0 = {
netdevConfig = {
Name = "bond0";
Kind = "bond";
};
bondConfig = {
Mode = "active-backup";
};
};
lan-shim = {
netdevConfig = {
Name = "lan-shim";
Kind = "macvlan";
MACAddress = "3e:53:37:25:08:ef";
};
macvlanConfig = {
Mode = "bridge";
};
};
};
systemd.network.networks = {
"00-bondage" = {
name = "eno*";
networkConfig.Bond = "bond0";
};
bond0 = {
name = "bond0";
networkConfig.MACVLAN = "lan-shim";
};
lan-shim = {
name = "lan-shim";
address = [
"10.42.69.100/24"
"fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64"
];
dns = [
"10.42.69.100"
"10.42.69.2"
];
domains = [ "icanttype.org" ];
gateway = [ "10.42.69.1" ];
dhcpServerConfig = {
PoolOffset = 100;
};
};
};
virtualisation = {
podman = {
defaultNetwork.settings.dns_enabled = true;
autoPrune.enable = true;
};
};
networking.firewall = {
interfaces."podman+" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
allowedUDPPorts = [
137
138
];
allowedTCPPorts = [
139
445
];
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
users.users.nixremote = {
description = "User for remote builds";
isNormalUser = true;
uid = 1100;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole"
];
};
nix.settings.trusted-users = [ "nixremote" ];
environment = {
systemPackages = builtins.attrValues {
inherit (pkgs)
vim
dive
podman-tui
docker-compose
tcpdump
ethtool
;
inherit (pkgs-unstable) recyclarr;
};
persistence."/persist" = {
enableWarnings = false;
hideMounts = true;
directories = [
"/srv/docker"
"/tmp"
"/etc/containers/networks"
];
files = [
"/etc/unbound/ads.conf"
"/etc/machine-id"
"/etc/adjtime"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
};
services = {
samba = {
enable = true;
settings = {
media = {
path = "/video-data";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
};
};
};
avahi = {
enable = true;
nssmdns4 = true;
nssmdns6 = true;
openFirewall = true;
extraServiceFiles = {
smb = ''
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
'';
};
};
};
services.zfs.autoScrub.enable = true;
services.zfs.zed.settings = {
ZED_EMAIL_ADDR = [ "root" ];
ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";
ZED_EMAIL_OPTS = "@ADDRESS@";
ZED_NOTIFY_INTERVAL_SECS = 3600;
ZED_NOTIFY_VERBOSE = true;
ZED_USE_ENCLOSURE_LEDS = true;
ZED_SCRUB_AFTER_RESILVER = true;
};
services.zfs.zed.enableMail = false;
system.stateVersion = "23.11"; # Did you read the comment?
zramSwap.enable = true;
}