From d6a7cdf53147656469dd08eb9f24a4c77ea46e6d Mon Sep 17 00:00:00 2001 From: ArgentumCation Date: Sun, 12 Jan 2025 19:30:55 -0500 Subject: [PATCH] (auxin) I don't fucking know anymore --- auxin/configuration.nix | 130 ++++++++----------------------- auxin/hardware-configuration.nix | 79 +++++-------------- common.nix | 28 ++++--- flake.lock | 76 +++++++++--------- 4 files changed, 106 insertions(+), 207 deletions(-) diff --git a/auxin/configuration.nix b/auxin/configuration.nix index cf8a37f..94a2237 100644 --- a/auxin/configuration.nix +++ b/auxin/configuration.nix @@ -28,13 +28,6 @@ let 8842 # Crowdsec (-> 8842) 8888 # Kodi 9000 # Portainer (-> 9443) - 3300 # Ceph monitors - 6789 # Ceph monitors - 6800 # Ceph OSD - 6801 # Ceph OSD - 6802 # Ceph OSD - 6803 # Ceph OSD - 6804 # Ceph OSD ];#// lib.lists.range 6800 7568 ; in { @@ -50,7 +43,7 @@ in }; networking = { - interfaces.enp5s0f0u2c2.ipv4.addresses = [{ + interfaces.enp5s0f0u1c2.ipv4.addresses = [{ address = "192.168.2.153"; prefixLength = 24; }]; @@ -71,7 +64,6 @@ in czkawka gcc go - ceph hyperfine sof-firmware jellyfin-media-player @@ -81,15 +73,14 @@ in nil dig nmap + upower nodePackages.nodejs nodePackages.pnpm ]; # Define a user account. Don't forget to set a password with ‘passwd’. users = { - groups.ceph = { }; users = { # mesh = { isNormalUser = true; extraGroups = [ "wheel" "docker" ]; }; - # ceph = { isNormalUser = true; extraGroups = [ "wheel" "ceph" ]; }; dockremap = { isSystemUser = true; uid = 100000; @@ -109,6 +100,7 @@ in }; }; }; + i18n.defaultLocale = "en_US.UTF-8"; programs = { virt-manager.enable = true; fuse.userAllowOther = true; @@ -146,25 +138,6 @@ in }; services = { - openiscsi = { - enable = true; - name = "iqn.2024-12.com.argentumcation:auxin"; - discoverPortal = "192.168.1.146"; - }; - # ceph = { - # global.fsid = "7c57bbc5-fdbf-4023-bc45-2e708ebc8e3e"; - # osd = { - # enable = true; - # daemons = [ "0" ]; - # }; - # mon = { - # enable = false; - # extraConfig = { - # "mon initial members" = "auxin"; - # "mon host" = "192.168.1.153"; - # }; - # }; - # }; nfs = { idmapd.settings = { Mapping = { @@ -188,21 +161,11 @@ in }; x2goserver.enable = true; - k3s = { - enable = false; - role = "server"; - token = "uwubernetes"; # TODO: change this - extraFlags = toString [ - "--write-kubeconfig-mode \"0644\"" - "--cluster-init" - # "--disable localstorage" - ]; - }; # Enable the X11 windowing system. xserver = { enable = true; - - desktopManager.xfce.enable = true; + # videoDrivers = ["modesetting"]; + # desktopManager.xfce.enable = true; # Kodi desktopManager.kodi = { @@ -225,24 +188,11 @@ in inputstream-adaptive ]); }; - displayManager = { - autoLogin.enable = true; - autoLogin.user = "mira"; - lightdm.greeter.enable = false; - }; + displayManager.lightdm.greeter.enable = false; }; - # displayManager.sddm = { - # enable = false; - # settings = { - # Autologin = { - # Session = "kodi.desktop"; - # User = "mira"; - # }; - # }; - # }; + displayManager.autoLogin ={ enable = true; user="mira";}; btrbk = { }; # TODO: caddy = { }; # TODO: - ceph = { }; # TODO: fail2ban = { enable = true; ignoreIP = [ @@ -256,34 +206,33 @@ in enable = true; openFirewall = true; }; - # TODO: check security settings - samba = { - enable = true; - settings = { - global = { - "min protocol" = "SMB2"; - "max protocol" = "SMB3"; - "client min protocol" = "SMB2"; - "client max protocol" = "SMB3"; - "client ipc min protocol" = "SMB2"; - "client ipc max protocol" = "SMB3"; - "server min protocol" = "SMB2"; - "server max protocol" = "SMB3"; - }; - public = { - path = "/"; - browseable = "yes"; - "guest ok" = "yes"; - "read only" = "no"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = "dockremap"; - "force group" = "dockremap"; - }; - }; - }; + # samba = { + # enable = true; + # settings = { + # global = { + # "min protocol" = "SMB2"; + # "max protocol" = "SMB3"; + # "client min protocol" = "SMB2"; + # "client max protocol" = "SMB3"; + # "client ipc min protocol" = "SMB2"; + # "client ipc max protocol" = "SMB3"; + # "server min protocol" = "SMB2"; + # "server max protocol" = "SMB3"; + # }; + # public = { + # path = "/"; + # browseable = "yes"; + # "guest ok" = "yes"; + # "read only" = "no"; + # "create mask" = "0644"; + # "directory mask" = "0755"; + # "force user" = "dockremap"; + # "force group" = "dockremap"; + # }; + # }; + # }; pipewire = { - enable = false; + enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; @@ -319,19 +268,6 @@ in }; }; services = { - "iscsi-login" = { - description = "Login to iSCSI target iqn.2003-01.org.linux-iscsi.lipotropin.x8664:sn.8c9b8ea2ebc9"; - after = [ "network.target" "iscsid.service" ]; - wants = [ "iscsid.service" ]; - serviceConfig = { - ExecStartPre = "${pkgs.openiscsi}/bin/iscsiadm -m discovery -t sendtargets -p 192.168.2.146"; - ExecStart = "${pkgs.openiscsi}/bin/iscsiadm -m node -T iqn.2003-01.org.linux-iscsi.lipotropin.x8664:sn.8c9b8ea2ebc9 -p 192.168.2.146 --login"; - ExecStop = "${pkgs.openiscsi}/bin/iscsiadm -m node -T iqn.2003-01.org.linux-iscsi.lipotropin.x8664:sn.8c9b8ea2ebc9 -p 192.168.2.146 --logout"; - Restart = "on-failure"; - RemainAfterExit = true; - }; - wantedBy = [ "multi-user.target" ]; - }; "qbittorrent-healthcheck" = { script = '' ${pkgs.docker}/bin/docker exec qbittorrent ping -c 1 -w 5 -I protonwire0 8.8.8.8 || ${pkgs.docker}/bin/docker restart qbittorrent diff --git a/auxin/hardware-configuration.nix b/auxin/hardware-configuration.nix index edde222..c7cb71b 100644 --- a/auxin/hardware-configuration.nix +++ b/auxin/hardware-configuration.nix @@ -18,26 +18,25 @@ efi.canTouchEfiVariables = true; }; initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "uas" "usbcore" ]; - initrd.kernelModules = [ ]; + # initrd.kernelModules = ["i915" ]; kernelModules = [ "kvm-amd" "iscsi_tcp" ]; extraModulePackages = [ ]; + kernelPackages = pkgs.linuxPackages_latest; + # kernelParams = [ + # "i915.enable_guc=0" + # ]; }; fileSystems."/" = { device = "/dev/disk/by-label/SYSTEM"; fsType = "btrfs"; options = [ "subvol=@nixos" "noatime" ]; }; + fileSystems."/raid" = { + device = "//192.168.2.146/raid"; + fsType = "cifs"; + options = ["credentials=/etc/nixos/smb-secrets" "_netdev" "uid=1000" "gid=1000" "file_mode=0777" "dir_mode=0777" ]; - # fileSystems."/ceph/30_media" = { - # device = "none"; - # fsType = "fuse.ceph"; - # options = ["ceph.name=client.admin" "ceph.client_mds_namespace=media" "_netdev" "defaults"]; - # }; - # fileSystems."/ceph/10_roms" = { - # device = "none"; - # fsType = "fuse.ceph"; - # options = ["ceph.name=client.admin" "ceph.client_mds_namespace=roms" "_netdev" "defaults"]; - # }; + }; fileSystems."/nix" = { device = "/dev/disk/by-label/SYSTEM"; fsType = "btrfs"; @@ -49,55 +48,11 @@ fsType = "btrfs"; options = [ "subvol=@home" "noatime" "compress=zstd" ]; }; - fileSystems."/swap" = { - device = "/dev/disk/by-label/SYSTEM"; - fsType = "btrfs"; - options = [ "subvol=@swap" ]; - }; - fileSystems."/boot" = { device = "/dev/disk/by-label/ESP"; fsType = "vfat"; }; - fileSystems."/ceph" = { - device = "/dev/disk/by-label/MEDIA"; - fsType = "btrfs"; - options = [ "noatime" "ro" "degraded" "space_cache=v2" "compress=zstd" "_netdev"]; - }; - - fileSystems."/raid" = { - device = "/dev/disk/by-id/ata-WDC_WD40EZAZ-00SF3B0_WD-WX32DC0RL571"; - fsType = "btrfs"; - options = [ "noatime" "space_cache=v2" "compress=zstd" "_netdev" ]; - }; - # fileSystems."/raid" = { - # device = "overlay"; - # fsType = "overlay"; - # options = ["lowerdir=/ceph" "upperdir=/mnt/upperdir" "workdir=/mnt/workdir"]; - # }; - # fileSystems."/ceph/10_roms" = { - # device = "admin@2ab18802-7fa6-11ef-b66f-14ac604688a3.roms=/"; - # fsType = "ceph"; - # options = [ "_netdev" ]; - # }; - # - # fileSystems."/ceph/30_media" = { - # device = "admin@2ab18802-7fa6-11ef-b66f-14ac604688a3.media=/"; - # fsType = "ceph"; - # options = [ "_netdev" ]; - # }; - # fileSystems."/ceph/services" = { - # device = "admin@2ab18802-7fa6-11ef-b66f-14ac604688a3.services=/"; - # fsType = "ceph"; - # options = [ "_netdev" ]; - # }; - # - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; networking.networkmanager.enable = lib.mkDefault true; # Easiest to use and most distros use this by default. # BTRFS scrub @@ -105,9 +60,17 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware = { - cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - pulseaudio.enable = true; - pulseaudio.support32Bit = true; ## If compatibility with 32-bit applications is desired. + enableRedistributableFirmware = true; + # pulseaudio.enable = true; + # pulseaudio.support32Bit = true; ## If compatibility with 32-bit applications is desired. + # graphics = { + # enable = true; + # # extraPackages = with pkgs; [ + # # # intel-vaapi-driver + # # intel-media-driver + # # libvdpau-va-gl + # # ]; + # }; }; } diff --git a/common.nix b/common.nix index 85cf58a..aff145b 100644 --- a/common.nix +++ b/common.nix @@ -134,12 +134,16 @@ in }; }; environment.systemPackages = with pkgs; lib.lists.unique [ + + # zellij bat + brightnessctl btdu btop btrbk cargo chezmoi + cifs-utils delta difftastic duf @@ -147,30 +151,30 @@ in fd file fzf - ceph # TODO: remove after migrating away from ceph gdu + ghostty + glibcLocales hyfetch killall lsd + lsof mcfly neovim nushell + powertop python3 - starship ripgrep sheldon + starship statix tealdeer - viddy - wget - powertop - brightnessctl - zoxide - zellij - zsh - lsof unzip - + viddy + vivid + wget + xonsh + zoxide + zsh ] ++ [ alejandra lua-language-server @@ -191,7 +195,7 @@ in yazi.enable = true; zsh.enable = true; thefuck.enable = true; - direnv.enable = true; + # direnv.enable = true; neovim.enable = true; starship.enable = true; fzf.fuzzyCompletion = true; diff --git a/flake.lock b/flake.lock index 32acc92..a1c8b52 100644 --- a/flake.lock +++ b/flake.lock @@ -78,11 +78,11 @@ ] }, "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", "type": "github" }, "original": { @@ -137,18 +137,14 @@ "nixpkgs": [ "neovim-nightly-overlay", "nixpkgs" - ], - "nixpkgs-stable": [ - "neovim-nightly-overlay", - "nixpkgs" ] }, "locked": { - "lastModified": 1733665616, - "narHash": "sha256-+XTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd+lh2A=", + "lastModified": 1735882644, + "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "d8c02f0ffef0ef39f6063731fc539d8c71eb463a", + "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", "type": "github" }, "original": { @@ -188,11 +184,11 @@ ] }, "locked": { - "lastModified": 1733333617, - "narHash": "sha256-nMMQXREGvLOLvUa0ByhYFdaL0Jov0t1wzLbKjr05P2w=", + "lastModified": 1735695978, + "narHash": "sha256-cwk53OX1S1bCFY09zydubZNmmwcx9l5XEba8mVYuNE4=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "56f8ea8d502c87cf62444bec4ee04512e8ea24ea", + "rev": "f6233b5cfbada692d93a73d6ed35bdbfd0fdb9c4", "type": "github" }, "original": { @@ -240,11 +236,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1733962285, - "narHash": "sha256-djpjqhPZkqfe1USsuu+eT4ZyGO+dVvAf3l4FUCZEb6Y=", + "lastModified": 1736640403, + "narHash": "sha256-1rpSNc0RuUSzy/p+FSrKscnzkki9OY8fKJCOe7z8fDA=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "2025aef04baf723bfa4cb8225fc11a319a5681f1", + "rev": "e22b81280db26159447ea54ea06ea6d20435999a", "type": "github" }, "original": { @@ -256,11 +252,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1733924897, - "narHash": "sha256-Fxzl754uzyNebXW54LUliFliMbw30XG+bdb0AVtPSM0=", + "lastModified": 1736639038, + "narHash": "sha256-ezIZc9Y1m5ERCpVpl2Dx8DMEgTDe0eVU7Q5eXa0fMw8=", "owner": "neovim", "repo": "neovim", - "rev": "442d338cb50e4cf08c58cb82b6d33b6d5df9fb1b", + "rev": "88dca6a83593a0cf33866addf36cad2e847a2899", "type": "github" }, "original": { @@ -274,11 +270,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1733570843, - "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=", + "lastModified": 1736631212, + "narHash": "sha256-mG9lRZBcPiAGiVJ9B97BJoIGQcSBWIVlBiN30QYCtG0=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "a35b08d09efda83625bef267eb24347b446c80b8", + "rev": "6ace2f2d12bdf74235d5cbf9fbd34a71c9716685", "type": "github" }, "original": { @@ -289,11 +285,11 @@ }, "nixos-unstable": { "locked": { - "lastModified": 1733759999, - "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", + "lastModified": 1736523798, + "narHash": "sha256-Xb8mke6UCYjge9kPR9o4P1nVrhk7QBbKv3xQ9cj7h2s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", + "rev": "130595eba61081acde9001f43de3248d8888ac4a", "type": "github" }, "original": { @@ -321,11 +317,11 @@ }, "nixpkgs-darwin": { "locked": { - "lastModified": 1733776571, - "narHash": "sha256-mD1NyWpiHz9siylwga4oGZcdQWxxSEVJTWyLMltJMfw=", + "lastModified": 1735564410, + "narHash": "sha256-HB/FA0+1gpSs8+/boEavrGJH+Eq08/R2wWNph1sM1Dg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "976c39e1457c7c9f193b32d5dbe85da2ae608d03", + "rev": "1e7a8f391f1a490460760065fa0630b5520f9cf8", "type": "github" }, "original": { @@ -337,11 +333,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1733749988, - "narHash": "sha256-+5qdtgXceqhK5ZR1YbP1fAUsweBIrhL38726oIEAtDs=", + "lastModified": 1736657626, + "narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bc27f0fde01ce4e1bfec1ab122d72b7380278e68", + "rev": "2f9e2f85cb14a46410a1399aa9ea7ecf433e422e", "type": "github" }, "original": { @@ -353,11 +349,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1733749988, - "narHash": "sha256-+5qdtgXceqhK5ZR1YbP1fAUsweBIrhL38726oIEAtDs=", + "lastModified": 1736420959, + "narHash": "sha256-dMGNa5UwdtowEqQac+Dr0d2tFO/60ckVgdhZU9q2E2o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bc27f0fde01ce4e1bfec1ab122d72b7380278e68", + "rev": "32af3611f6f05655ca166a0b1f47b57c762b5192", "type": "github" }, "original": { @@ -383,11 +379,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1733730953, - "narHash": "sha256-dlK7n82FEyZlHH7BFHQAM5tua+lQO1Iv7aAtglc1O5s=", + "lastModified": 1735563628, + "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7109b680d161993918b0a126f38bc39763e5a709", + "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", "type": "github" }, "original": { @@ -458,11 +454,11 @@ ] }, "locked": { - "lastModified": 1733761991, - "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=", + "lastModified": 1736154270, + "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085", + "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", "type": "github" }, "original": {