Faris/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bluh

Browse Source
This commit is contained in:
Faris 2026-04-01 22:30:48 +01:00
parent bf9ed72841
commit 22c2fbf629
4 changed files with 474 additions and 375 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
config/common.nix
View File

@ -102,4 +102,5 @@
tree tree
]; ];
powerManagement.powertop.enable = true;
} }

700
home/podman.nix
View File

File diff suppressed because it is too large Load Diff

19
hosts/server/hardware.nix
View File

@ -5,21 +5,27 @@
{ {
imports = imports =
[ (modulesPath + "/profiles/qemu-guest.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "mpt3sas" "xhci_pci" "sd_mod" "sr_mod" "virtio_blk" ]; boot.initrd.availableKernelModules = [ "mpt3sas" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/54d867b3-a9cf-42cd-bc1a-56fbd758ecc4"; { device = "/dev/disk/by-uuid/b9cc7972-36ae-4cb4-a6f4-e342eaca679e";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/542D-865C";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/b5e77330-ad8c-4c5b-99fc-aedfb6e0b145"; } [ { device = "/dev/disk/by-uuid/1032bbd9-0124-419f-a696-a977755aaf17"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -27,7 +33,8 @@
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp6s18.useDHCP = lib.mkDefault true; # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

127
hosts/server/settings.nix
View File

@ -11,10 +11,8 @@
age.identityPaths = [ "${config.users.users.admin.home}/.ssh/id_ed25519" ]; age.identityPaths = [ "${config.users.users.admin.home}/.ssh/id_ed25519" ];
boot.loader.grub.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.grub.device = "/dev/vda"; boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub.useOSProber = true;
#boot.loader.limine.biosDevice = "/dev/vda"; #boot.loader.limine.biosDevice = "/dev/vda";
#boot.loader.efi.efiSysMountPoint = "/boot"; #boot.loader.efi.efiSysMountPoint = "/boot";
@ -43,7 +41,7 @@ systemd.services.podman-network-vlan50 = {
vlans = { vlans = {
vlan50 = { vlan50 = {
id = 50; id = 50;
interface = "ens18"; interface = "enp7s0";
}; };
}; };
hostName = "nixos-server"; hostName = "nixos-server";
@ -57,7 +55,7 @@ systemd.services.podman-network-vlan50 = {
} }
]; ];
}; };
interfaces.ens18 = { interfaces.enp7s0 = {
ipv4.addresses = [ ipv4.addresses = [
{ {
address = "192.168.0.30"; address = "192.168.0.30";
@ -85,6 +83,16 @@ systemd.services.podman-network-vlan50 = {
# nvidia-container-toolkit.enable = true; # nvidia-container-toolkit.enable = true;
# }; # };
hardware.graphics = {
enable = true;
enable32Bit = true; # only needed if you run 32-bit apps
extraPackages = with pkgs; [
mesa.drivers
libva
libva-utils # provides vainfo
];
};
boot.kernel.sysctl = { boot.kernel.sysctl = {
"net.ipv4.ip_unprivileged_port_start" = 0; "net.ipv4.ip_unprivileged_port_start" = 0;
"net.ipv4.conf.all.src_valid_mark" = 1; "net.ipv4.conf.all.src_valid_mark" = 1;
@ -105,28 +113,28 @@ systemd.services.podman-network-vlan50 = {
}; };
}; };
# services.restic.backups.backup = { services.restic.backups.backup = {
# initialize = true; initialize = true;
# environmentFile = config.age.secrets."restic/environmentFile".path; environmentFile = "/pool/services/secrets/restic/environmentFile";
# repositoryFile = config.age.secrets."restic/repositoryFile".path; repositoryFile = "/pool/services/secrets/restic/repositoryFile";
# passwordFile = config.age.secrets."restic/passwordFile".path; passwordFile = "/pool/services/secrets/restic/passwordFile";
#
# paths = [ paths = [
# "/pool/services" "/pool/services"
# "/pool/data" "/pool/data"
# ]; ];
#
# exclude = [ exclude = [
# "/pool/services/cctv" "/pool/services/cctv"
# ]; ];
#
# pruneOpts = [ pruneOpts = [
# "--keep-daily 7" "--keep-daily 7"
# "--keep-weekly 5" "--keep-weekly 5"
# "--keep-monthly 12" "--keep-monthly 12"
# ]; ];
#
# }; };
# systemd.timers."prune-podman" = { # systemd.timers."prune-podman" = {
# wantedBy = [ "timers.target" ]; # wantedBy = [ "timers.target" ];
@ -158,10 +166,8 @@ systemd.services.podman-network-vlan50 = {
services.zfs.autoScrub = { services.zfs.autoScrub = {
enable = true; enable = true;
interval = "weekly";
}; };
services.zfs.autoSnapshot.enable = true; services.zfs.autoSnapshot.enable = true;
services.zfs.trim.enable = true;
services.smartd = { services.smartd = {
enable = true; enable = true;
@ -172,16 +178,53 @@ systemd.services.podman-network-vlan50 = {
#devices = [ "DEVICESCAN -a" ]; # autodetect all drives #devices = [ "DEVICESCAN -a" ]; # autodetect all drives
}; };
programs.msmtp = {
enable = true;
accounts.default = {
auth = true;
tls = true;
host = "smtp.protonmail.ch";
port = 587;
from = "faris@mektem.com";
user = "faris@mektem.com";
passwordeval = "cat /pool/services/secrets/mail.txt";
};
};
environment.etc."zfs/zed-notify.sh" = {
mode = "0755";
text = ''
#!/bin/sh
# ZED calls: ZED_EMAIL_PROG "subject" "recipient"
SUBJECT="$1"
TO="$2"
(echo "Subject: $SUBJECT"; echo "To: $TO"; echo ""; cat) | \
${pkgs.msmtp}/bin/msmtp "$TO"
'';
};
services.zfs.zed = {
enableMail = true;
settings = {
ZED_EMAIL_ADDR = [ "faris@mektem.com" ];
ZED_EMAIL_PROG = "/etc/zfs/zed-notify.sh"; # Or ssmtp
ZED_EMAIL_OPTS = "";
ZED_NOTIFY_INTERVAL_SECS = 3600;
ZED_NOTIFY_VERBOSE = true; # Set to false to only get alerts on degradation
};
};
services.samba = { services.samba = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings = { settings = {
global = { global = {
"server min protocol" = "SMB2_10";
"workgroup" = "WORKGROUP"; "workgroup" = "WORKGROUP";
"server string" = "smbnix"; "server string" = "smbnix";
"netbios name" = "smbnix"; "netbios name" = "smbnix";
"security" = "user"; "security" = "user";
"hosts allow" = "192.168.0. 127.0.0.1 localhost"; "hosts allow" = "192.168.0. 192.168.30. 192.168.40.10 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0"; "hosts deny" = "0.0.0.0/0";
"guest account" = "nobody"; "guest account" = "nobody";
"map to guest" = "never"; "map to guest" = "never";
@ -368,28 +411,6 @@ systemd.services.podman-network-vlan50 = {
# }; # };
}; };
vaultwarden = {
image = "docker.io/vaultwarden/server:latest";
autoStart = true;
#autoUpdate = "registry";
networks = [ "vlan50" ];
environmentFiles = [
"/pool/services/secrets/default"
"/pool/services/secrets/vaultwarden"
];
volumes = [
"/pool/services/podman/vaultwarden:/data/"
];
extraOptions = [
"--ip=192.168.50.37"
];
# extraConfig = {
# Service = {
# TimeoutStartSec = 900;
# };
# };
};
}; };
system.stateVersion = "24.11"; system.stateVersion = "24.11";