{ config, pkgs, ... }: { networking = { hostName = "nixos-server"; hostId = "bbe3b289"; firewall.enable = false; interfaces.ens18 = { ipv4.addresses = [ { address = "192.168.0.40"; prefixLength = 24; } ]; }; defaultGateway = "192.168.0.1"; nameservers = [ "192.168.0.1" "1.1.1.1" ]; }; age.secrets = { "restic/environmentFile".file = ../../secrets/restic/environmentFile.age; "restic/repositoryFile".file = ../../secrets/restic/repositoryFile.age; "restic/passwordFile".file = ../../secrets/restic/passwordFile.age; "zfs/pool.key".file = ../../secrets/zfs/pool.key.age }; users.users.admin.linger = true; age.identityPaths = [ "${config.users.users.admin.home}/.ssh/id_ed25519" ]; services.xserver.videoDrivers = [ "nvidia" ]; hardware = { graphics.enable = true; nvidia = { modesetting.enable = true; powerManagement.enable = true; powerManagement.finegrained = false; open = false; nvidiaSettings = false; package = config.boot.kernelPackages.nvidiaPackages.stable; }; nvidia-container-toolkit.enable = true; }; boot.kernel.sysctl = { "net.ipv4.ip_unprivileged_port_start" = 80; "net.ipv4.conf.all.src_valid_mark" = 1; "net.ipv4.conf.all.forwarding" = 1; "net.ipv4.ip_forward" = 1; }; virtualisation = { containers.enable = true; podman = { enable = true; autoPrune.enable = true; # Create a `docker` alias for podman, to use it as a drop-in replacement dockerCompat = true; # Required for containers under podman-compose to be able to talk to each other. defaultNetwork.settings.dns_enabled = true; }; }; services.restic.backups.backup = { initialize = true; environmentFile = config.age.secrets."restic/environmentFile".path; repositoryFile = config.age.secrets."restic/repositoryFile".path; passwordFile = config.age.secrets."restic/passwordFile".path; paths = [ "/pool/services" "/pool/data" ]; exclude = [ "/pool/services/cctv" ]; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" ]; }; # systemd.timers."prune-podman" = { # wantedBy = [ "timers.target" ]; # timerConfig = { # OnCalendar = "weekly"; # Persistent = true; # Unit = "podman-prune.service"; # }; # }; # systemd.services."prune-podman" = { # script = '' # set -eu # ${pkgs.podman}/bin/podman system prune -af # ''; # serviceConfig = { # Type = "oneshot"; # User = "admin"; # }; # }; # give permissions for zigbee USB transceiver system.activationScripts.script.text = ''chmod o+rw /dev/ttyACM0''; boot.supportedFilesystems = [ "zfs" ]; boot.zfs.forceImportRoot = false; boot.zfs.extraPools = [ "pool" ]; environment.etc."zfs/keys/pool.key".source = config.age.secrets."zfs/pool.key".path; services.zfs.autoScrub = { enable = true; interval = "weekly"; }; services.zfs.autoSnapshot.enable = true; services.zfs.trim.enable = true; services.smartd = { enable = true; notifications = { mail.enable = true; mail.recipient = "accelarion@protonmail.com"; }; devices = [ "DEVICESCAN -a" ]; # autodetect all drives }; services.samba = { enable = true; openFirewall = true; settings = { global = { "workgroup" = "WORKGROUP"; "server string" = "smbnix"; "netbios name" = "smbnix"; "security" = "user"; "hosts allow" = "192.168.0. 127.0.0.1 localhost"; "hosts deny" = "0.0.0.0/0"; "guest account" = "nobody"; "map to guest" = "never"; }; "data" = { "path" = "/pool/data"; "browseable" = "yes"; "read only" = "no"; "guest ok" = "no"; }; "media" = { "path" = "/pool/media"; "browseable" = "yes"; "read only" = "no"; "guest ok" = "no"; }; "services" = { "path" = "/pool/services"; "browseable" = "yes"; "read only" = "no"; "guest ok" = "no"; }; }; }; system.stateVersion = "24.11"; }