bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Reformat + swap odin SSD

Browse source
This commit is contained in:
Filippo Berto 2022-09-01 15:11:16 +02:00
parent 1bc27dde82
commit 2f3d05a802
No known key found for this signature in database
GPG key ID: FE98AE5EC52B1056
83 changed files with 1448 additions and 931 deletions
Download patch file Download diff file Expand all files Collapse all files

149
loki/configuration.nix
View file

@ -1,6 +1,5 @@
{ config, pkgs, lib, ... }:
with lib;
{
with lib; {
boot = {
binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ];
kernelPackages = pkgs.linuxPackages_5_18;
@ -34,7 +33,12 @@ with lib;
opengl = {
enable = true;
extraPackages = with pkgs; [ intel-media-driver libvdpau-va-gl vaapiIntel vaapiVdpau ];
extraPackages = with pkgs; [
intel-media-driver
libvdpau-va-gl
vaapiIntel
vaapiVdpau
];
};
bluetooth.enable = true;
@ -44,13 +48,22 @@ with lib;
programs = {
dconf.enable = true;
gnupg.agent = { enable = true; enableSSHSupport = true; };
zsh = { enable = true; syntaxHighlighting.enable = true; };
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
zsh = {
enable = true;
syntaxHighlighting.enable = true;
};
};
networking = {
hostName = "loki";
interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; };
interfaces = {
eno1.useDHCP = true;
wlp7s0.useDHCP = true;
};
networkmanager.enable = true;
useDHCP = false;
};
@ -73,21 +86,51 @@ with lib;
ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
};
};
bazarr = { enable = true; openFirewall = true; group = "users"; };
bazarr = {
enable = true;
openFirewall = true;
group = "users";
};
blueman.enable = true;
dbus.packages = with pkgs; [ dconf ];
fail2ban = { enable = true; bantime-increment.enable = true; };
fail2ban = {
enable = true;
bantime-increment.enable = true;
};
gnome.gnome-keyring.enable = true;
gvfs = { enable = true; package = mkForce pkgs.gnome3.gvfs; };
jackett = { enable = true; openFirewall = true; group = "users"; };
jellyfin = { enable = true; openFirewall = true; group = "users"; };
gvfs = {
enable = true;
package = mkForce pkgs.gnome3.gvfs;
};
jackett = {
enable = true;
openFirewall = true;
group = "users";
};
jellyfin = {
enable = true;
openFirewall = true;
group = "users";
};
logind.lidSwitch = "ignore";
# node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; };
openssh = { enable = true; openFirewall = true; permitRootLogin = "no"; passwordAuthentication = false; };
openssh = {
enable = true;
openFirewall = true;
permitRootLogin = "no";
passwordAuthentication = false;
};
# plex = { enable = true; openFirewall = true; group = "users"; };
power-profiles-daemon.enable = true;
radarr = { enable = true; openFirewall = true; group = "users"; };
samba-wsdd = { enable = true; discovery = true; };
radarr = {
enable = true;
openFirewall = true;
group = "users";
};
samba-wsdd = {
enable = true;
discovery = true;
};
samba = {
enable = true;
enableNmbd = true;
@ -156,8 +199,15 @@ with lib;
};
};
};
smartd = { enable = true; notifications.x11.enable = true; };
sonarr = { enable = true; openFirewall = true; group = "users"; };
smartd = {
enable = true;
notifications.x11.enable = true;
};
sonarr = {
enable = true;
openFirewall = true;
group = "users";
};
thermald.enable = true;
transmission = {
enable = true;
@ -181,24 +231,42 @@ with lib;
openFirewall = true;
cameras = 3;
hostname = "0.0.0.0";
database = { username = "zoneminder"; createLocally = true; };
database = {
username = "zoneminder";
createLocally = true;
};
};
mysql = {
# enable = true;
ensureUsers = [{ name = "bertof"; ensurePermissions = { "*.*" = "ALL PRIVILEGES"; }; }];
ensureUsers = [{
name = "bertof";
ensurePermissions = { "*.*" = "ALL PRIVILEGES"; };
}];
};
};
users.users = {
bertof = {
isNormalUser = true;
extraGroups = [ "audio" "input" "docker" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ];
extraGroups = [
"audio"
"input"
"docker"
"libvirtd"
"network"
"networkmanager"
"usb"
"video"
"wheel"
];
shell = pkgs.zsh;
};
tiziano = {
isNormalUser = true;
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k"
];
};
jellyfin.extraGroups = [ "video" ];
};
@ -237,7 +305,6 @@ with lib;
};
};
systemd.packages = with pkgs; [ syncthing ];
systemd.services =
let
@ -246,7 +313,10 @@ with lib;
startLimitIntervalSec = 60;
startLimitBurst = 4;
after = [ "network.target" ];
environment = { STNORESTART = "yes"; STNOUPGRADE = "yes"; };
environment = {
STNORESTART = "yes";
STNOUPGRADE = "yes";
};
wantedBy = [ "default.target" ];
serviceConfig = {
Restart = "on-failure";
@ -268,18 +338,34 @@ with lib;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
CapabilityBoundingSet = [ "~CAP_SYS_PTRACE" "~CAP_SYS_ADMIN" "~CAP_SETGID" "~CAP_SETUID" "~CAP_SETPCAP" "~CAP_SYS_TIME" "~CAP_KILL" ];
CapabilityBoundingSet = [
"~CAP_SYS_PTRACE"
"~CAP_SYS_ADMIN"
"~CAP_SETGID"
"~CAP_SETUID"
"~CAP_SETPCAP"
"~CAP_SYS_TIME"
"~CAP_KILL"
];
};
};
in
{
syncthing-bertof = recursiveUpdate common {
description = "Syncthing service bertof";
serviceConfig = { User = "bertof"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8384 -home=/mnt/raid0/bertof/Syncthing/.config"; };
serviceConfig = {
User = "bertof";
ExecStart =
"${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8384 -home=/mnt/raid0/bertof/Syncthing/.config";
};
};
syncthing-tiziano = recursiveUpdate common {
description = "Syncthing service tiziano";
serviceConfig = { User = "tiziano"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8385 -home=/mnt/raid0/tiziano/Syncthing/.config"; };
serviceConfig = {
User = "tiziano";
ExecStart =
"${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8385 -home=/mnt/raid0/tiziano/Syncthing/.config";
};
};
};
@ -299,7 +385,8 @@ with lib;
138 # SYNCTHING
3702 # SAMBA-WSDD
];
extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
extraCommands =
"iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns";
};
virtualisation = {
@ -312,20 +399,14 @@ with lib;
oci-containers.containers = {
hass = {
image = "ghcr.io/home-assistant/home-assistant:stable";
environment = {
TZ = "Europe/Rome";
};
environment = { TZ = "Europe/Rome"; };
extraOptions = [ "--privileged" "--network=host" "--pull=always" ];
ports = [ "8123:8123" ];
volumes = [
"/var/lib/hass:/config"
"/mnt/raid0/condiviso:/media"
];
volumes = [ "/var/lib/hass:/config" "/mnt/raid0/condiviso:/media" ];
};
};
};
security.sudo.extraConfig = ''
Defaults pwfeedback
'';

100
loki/hardware-configuration.nix
View file

@ -4,68 +4,65 @@
{ config, lib, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "uas" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"uas"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/44c53e75-a00d-47bc-a99b-2544fe513e51";
fsType = "btrfs";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/44c53e75-a00d-47bc-a99b-2544fe513e51";
fsType = "btrfs";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/8A71-E5EB";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/8A71-E5EB";
fsType = "vfat";
};
fileSystems."/mnt/raid1" =
{
device = "/dev/disk/by-uuid/c84a38dc-9cc7-4762-b509-8fce1c1d95c8";
fsType = "btrfs";
};
fileSystems."/mnt/raid1" = {
device = "/dev/disk/by-uuid/c84a38dc-9cc7-4762-b509-8fce1c1d95c8";
fsType = "btrfs";
};
fileSystems."/var/lib/docker/btrfs" =
{
device = "/var/lib/docker/btrfs";
fsType = "none";
options = [ "bind" ];
};
fileSystems."/var/lib/docker/btrfs" = {
device = "/var/lib/docker/btrfs";
fsType = "none";
options = [ "bind" ];
};
fileSystems."/mnt/raid0/bertof" =
{
device = "/dev/disk/by-uuid/7ca4d382-eed7-4b49-b7d8-4b5ca139dd9c";
fsType = "btrfs";
options = [ "subvol=@bertof" ];
};
fileSystems."/mnt/raid0/bertof" = {
device = "/dev/disk/by-uuid/7ca4d382-eed7-4b49-b7d8-4b5ca139dd9c";
fsType = "btrfs";
options = [ "subvol=@bertof" ];
};
fileSystems."/mnt/raid0/tiziano" =
{
device = "/dev/disk/by-uuid/7ca4d382-eed7-4b49-b7d8-4b5ca139dd9c";
fsType = "btrfs";
options = [ "subvol=@tiziano" ];
};
fileSystems."/mnt/raid0/tiziano" = {
device = "/dev/disk/by-uuid/7ca4d382-eed7-4b49-b7d8-4b5ca139dd9c";
fsType = "btrfs";
options = [ "subvol=@tiziano" ];
};
fileSystems."/mnt/raid0/condiviso" =
{
device = "/dev/disk/by-uuid/7ca4d382-eed7-4b49-b7d8-4b5ca139dd9c";
fsType = "btrfs";
options = [ "subvol=@condiviso" ];
};
fileSystems."/mnt/raid0/condiviso" = {
device = "/dev/disk/by-uuid/7ca4d382-eed7-4b49-b7d8-4b5ca139dd9c";
fsType = "btrfs";
options = [ "subvol=@condiviso" ];
};
fileSystems."/var/lib/zoneminder/events" =
{
device = "/dev/disk/by-uuid/7ca4d382-eed7-4b49-b7d8-4b5ca139dd9c";
fsType = "btrfs";
options = [ "subvol=@zoneminder" ];
};
fileSystems."/var/lib/zoneminder/events" = {
device = "/dev/disk/by-uuid/7ca4d382-eed7-4b49-b7d8-4b5ca139dd9c";
fsType = "btrfs";
options = [ "subvol=@zoneminder" ];
};
swapDevices = [ ];
@ -79,5 +76,6 @@
networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
# networking.interfaces.ztmjfdwjkp.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

3
loki/hm.nix
View file

@ -1,5 +1,4 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
nixpkgs.overlays = [
(_: _: {
devEnvironment = (import ./environment.nix) {