mira/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

(auxin) I don't fucking know anymore

Browse source
This commit is contained in:
ArgentumCation 2025-01-12 19:30:55 -05:00
parent 50a8b6aa5d
commit d6a7cdf531
4 changed files with 106 additions and 207 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

130
auxin/configuration.nix
View file

@ -28,13 +28,6 @@ let
8842 # Crowdsec (-> 8842) 8842 # Crowdsec (-> 8842)
8888 # Kodi 8888 # Kodi
9000 # Portainer (-> 9443) 9000 # Portainer (-> 9443)
3300 # Ceph monitors
6789 # Ceph monitors
6800 # Ceph OSD
6801 # Ceph OSD
6802 # Ceph OSD
6803 # Ceph OSD
6804 # Ceph OSD
];#// lib.lists.range 6800 7568 ; ];#// lib.lists.range 6800 7568 ;
in in
{ {
@ -50,7 +43,7 @@ in
}; };
networking = { networking = {
interfaces.enp5s0f0u2c2.ipv4.addresses = [{ interfaces.enp5s0f0u1c2.ipv4.addresses = [{
address = "192.168.2.153"; address = "192.168.2.153";
prefixLength = 24; prefixLength = 24;
}]; }];
@ -71,7 +64,6 @@ in
czkawka czkawka
gcc gcc
go go
ceph
hyperfine hyperfine
sof-firmware sof-firmware
jellyfin-media-player jellyfin-media-player
@ -81,15 +73,14 @@ in
nil nil
dig dig
nmap nmap
upower
nodePackages.nodejs nodePackages.nodejs
nodePackages.pnpm nodePackages.pnpm
]; ];
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users = { users = {
groups.ceph = { };
users = { users = {
# mesh = { isNormalUser = true; extraGroups = [ "wheel" "docker" ]; }; # mesh = { isNormalUser = true; extraGroups = [ "wheel" "docker" ]; };
# ceph = { isNormalUser = true; extraGroups = [ "wheel" "ceph" ]; };
dockremap = { dockremap = {
isSystemUser = true; isSystemUser = true;
uid = 100000; uid = 100000;
@ -109,6 +100,7 @@ in
}; };
}; };
}; };
i18n.defaultLocale = "en_US.UTF-8";
programs = { programs = {
virt-manager.enable = true; virt-manager.enable = true;
fuse.userAllowOther = true; fuse.userAllowOther = true;
@ -146,25 +138,6 @@ in
}; };
services = { services = {
openiscsi = {
enable = true;
name = "iqn.2024-12.com.argentumcation:auxin";
discoverPortal = "192.168.1.146";
};
# ceph = {
# global.fsid = "7c57bbc5-fdbf-4023-bc45-2e708ebc8e3e";
# osd = {
# enable = true;
# daemons = [ "0" ];
# };
# mon = {
# enable = false;
# extraConfig = {
# "mon initial members" = "auxin";
# "mon host" = "192.168.1.153";
# };
# };
# };
nfs = { nfs = {
idmapd.settings = { idmapd.settings = {
Mapping = { Mapping = {
@ -188,21 +161,11 @@ in
}; };
x2goserver.enable = true; x2goserver.enable = true;
k3s = {
enable = false;
role = "server";
token = "uwubernetes"; # TODO: change this
extraFlags = toString [
"--write-kubeconfig-mode \"0644\""
"--cluster-init"
# "--disable localstorage"
];
};
# Enable the X11 windowing system. # Enable the X11 windowing system.
xserver = { xserver = {
enable = true; enable = true;
# videoDrivers = ["modesetting"];
desktopManager.xfce.enable = true; # desktopManager.xfce.enable = true;
# Kodi # Kodi
desktopManager.kodi = { desktopManager.kodi = {
@ -225,24 +188,11 @@ in
inputstream-adaptive inputstream-adaptive
]); ]);
}; };
displayManager = { displayManager.lightdm.greeter.enable = false;
autoLogin.enable = true;
autoLogin.user = "mira";
lightdm.greeter.enable = false;
};
}; };
# displayManager.sddm = { displayManager.autoLogin ={ enable = true; user="mira";};
# enable = false;
# settings = {
# Autologin = {
# Session = "kodi.desktop";
# User = "mira";
# };
# };
# };
btrbk = { }; # TODO: btrbk = { }; # TODO:
caddy = { }; # TODO: caddy = { }; # TODO:
ceph = { }; # TODO:
fail2ban = { fail2ban = {
enable = true; enable = true;
ignoreIP = [ ignoreIP = [
@ -256,34 +206,33 @@ in
enable = true; enable = true;
openFirewall = true; openFirewall = true;
}; };
# TODO: check security settings # samba = {
samba = { # enable = true;
enable = true; # settings = {
settings = { # global = {
global = { # "min protocol" = "SMB2";
"min protocol" = "SMB2"; # "max protocol" = "SMB3";
"max protocol" = "SMB3"; # "client min protocol" = "SMB2";
"client min protocol" = "SMB2"; # "client max protocol" = "SMB3";
"client max protocol" = "SMB3"; # "client ipc min protocol" = "SMB2";
"client ipc min protocol" = "SMB2"; # "client ipc max protocol" = "SMB3";
"client ipc max protocol" = "SMB3"; # "server min protocol" = "SMB2";
"server min protocol" = "SMB2"; # "server max protocol" = "SMB3";
"server max protocol" = "SMB3"; # };
}; # public = {
public = { # path = "/";
path = "/"; # browseable = "yes";
browseable = "yes"; # "guest ok" = "yes";
"guest ok" = "yes"; # "read only" = "no";
"read only" = "no"; # "create mask" = "0644";
"create mask" = "0644"; # "directory mask" = "0755";
"directory mask" = "0755"; # "force user" = "dockremap";
"force user" = "dockremap"; # "force group" = "dockremap";
"force group" = "dockremap"; # };
}; # };
}; # };
};
pipewire = { pipewire = {
enable = false; enable = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
@ -319,19 +268,6 @@ in
}; };
}; };
services = { services = {
"iscsi-login" = {
description = "Login to iSCSI target iqn.2003-01.org.linux-iscsi.lipotropin.x8664:sn.8c9b8ea2ebc9";
after = [ "network.target" "iscsid.service" ];
wants = [ "iscsid.service" ];
serviceConfig = {
ExecStartPre = "${pkgs.openiscsi}/bin/iscsiadm -m discovery -t sendtargets -p 192.168.2.146";
ExecStart = "${pkgs.openiscsi}/bin/iscsiadm -m node -T iqn.2003-01.org.linux-iscsi.lipotropin.x8664:sn.8c9b8ea2ebc9 -p 192.168.2.146 --login";
ExecStop = "${pkgs.openiscsi}/bin/iscsiadm -m node -T iqn.2003-01.org.linux-iscsi.lipotropin.x8664:sn.8c9b8ea2ebc9 -p 192.168.2.146 --logout";
Restart = "on-failure";
RemainAfterExit = true;
};
wantedBy = [ "multi-user.target" ];
};
"qbittorrent-healthcheck" = { "qbittorrent-healthcheck" = {
script = '' script = ''
${pkgs.docker}/bin/docker exec qbittorrent ping -c 1 -w 5 -I protonwire0 8.8.8.8 || ${pkgs.docker}/bin/docker restart qbittorrent ${pkgs.docker}/bin/docker exec qbittorrent ping -c 1 -w 5 -I protonwire0 8.8.8.8 || ${pkgs.docker}/bin/docker restart qbittorrent

79
auxin/hardware-configuration.nix
View file

@ -18,26 +18,25 @@
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "uas" "usbcore" ]; initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "uas" "usbcore" ];
initrd.kernelModules = [ ]; # initrd.kernelModules = ["i915" ];
kernelModules = [ "kvm-amd" "iscsi_tcp" ]; kernelModules = [ "kvm-amd" "iscsi_tcp" ];
extraModulePackages = [ ]; extraModulePackages = [ ];
kernelPackages = pkgs.linuxPackages_latest;
# kernelParams = [
# "i915.enable_guc=0"
# ];
}; };
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/SYSTEM"; device = "/dev/disk/by-label/SYSTEM";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@nixos" "noatime" ]; options = [ "subvol=@nixos" "noatime" ];
}; };
fileSystems."/raid" = {
device = "//192.168.2.146/raid";
fsType = "cifs";
options = ["credentials=/etc/nixos/smb-secrets" "_netdev" "uid=1000" "gid=1000" "file_mode=0777" "dir_mode=0777" ];
# fileSystems."/ceph/30_media" = { };
# device = "none";
# fsType = "fuse.ceph";
# options = ["ceph.name=client.admin" "ceph.client_mds_namespace=media" "_netdev" "defaults"];
# };
# fileSystems."/ceph/10_roms" = {
# device = "none";
# fsType = "fuse.ceph";
# options = ["ceph.name=client.admin" "ceph.client_mds_namespace=roms" "_netdev" "defaults"];
# };
fileSystems."/nix" = { fileSystems."/nix" = {
device = "/dev/disk/by-label/SYSTEM"; device = "/dev/disk/by-label/SYSTEM";
fsType = "btrfs"; fsType = "btrfs";
@ -49,55 +48,11 @@
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@home" "noatime" "compress=zstd" ]; options = [ "subvol=@home" "noatime" "compress=zstd" ];
}; };
fileSystems."/swap" = {
device = "/dev/disk/by-label/SYSTEM";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-label/ESP"; device = "/dev/disk/by-label/ESP";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/ceph" = {
device = "/dev/disk/by-label/MEDIA";
fsType = "btrfs";
options = [ "noatime" "ro" "degraded" "space_cache=v2" "compress=zstd" "_netdev"];
};
fileSystems."/raid" = {
device = "/dev/disk/by-id/ata-WDC_WD40EZAZ-00SF3B0_WD-WX32DC0RL571";
fsType = "btrfs";
options = [ "noatime" "space_cache=v2" "compress=zstd" "_netdev" ];
};
# fileSystems."/raid" = {
# device = "overlay";
# fsType = "overlay";
# options = ["lowerdir=/ceph" "upperdir=/mnt/upperdir" "workdir=/mnt/workdir"];
# };
# fileSystems."/ceph/10_roms" = {
# device = "admin@2ab18802-7fa6-11ef-b66f-14ac604688a3.roms=/";
# fsType = "ceph";
# options = [ "_netdev" ];
# };
#
# fileSystems."/ceph/30_media" = {
# device = "admin@2ab18802-7fa6-11ef-b66f-14ac604688a3.media=/";
# fsType = "ceph";
# options = [ "_netdev" ];
# };
# fileSystems."/ceph/services" = {
# device = "admin@2ab18802-7fa6-11ef-b66f-14ac604688a3.services=/";
# fsType = "ceph";
# options = [ "_netdev" ];
# };
#
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
networking.networkmanager.enable = lib.mkDefault true; # Easiest to use and most distros use this by default. networking.networkmanager.enable = lib.mkDefault true; # Easiest to use and most distros use this by default.
# BTRFS scrub # BTRFS scrub
@ -105,9 +60,17 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware = { hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; enableRedistributableFirmware = true;
pulseaudio.enable = true; # pulseaudio.enable = true;
pulseaudio.support32Bit = true; ## If compatibility with 32-bit applications is desired. # pulseaudio.support32Bit = true; ## If compatibility with 32-bit applications is desired.
# graphics = {
# enable = true;
# # extraPackages = with pkgs; [
# # # intel-vaapi-driver
# # intel-media-driver
# # libvdpau-va-gl
# # ];
# };
}; };
} }

28
common.nix
View file

@ -134,12 +134,16 @@ in
}; };
}; };
environment.systemPackages = with pkgs; lib.lists.unique [ environment.systemPackages = with pkgs; lib.lists.unique [
# zellij
bat bat
brightnessctl
btdu btdu
btop btop
btrbk btrbk
cargo cargo
chezmoi chezmoi
cifs-utils
delta delta
difftastic difftastic
duf duf
@ -147,30 +151,30 @@ in
fd fd
file file
fzf fzf
ceph # TODO: remove after migrating away from ceph
gdu gdu
ghostty
glibcLocales
hyfetch hyfetch
killall killall
lsd lsd
lsof
mcfly mcfly
neovim neovim
nushell nushell
powertop
python3 python3
starship
ripgrep ripgrep
sheldon sheldon
starship
statix statix
tealdeer tealdeer
viddy
wget
powertop
brightnessctl
zoxide
zellij
zsh
lsof
unzip unzip
viddy
vivid
wget
xonsh
zoxide
zsh
] ++ [ ] ++ [
alejandra alejandra
lua-language-server lua-language-server
@ -191,7 +195,7 @@ in
yazi.enable = true; yazi.enable = true;
zsh.enable = true; zsh.enable = true;
thefuck.enable = true; thefuck.enable = true;
direnv.enable = true; # direnv.enable = true;
neovim.enable = true; neovim.enable = true;
starship.enable = true; starship.enable = true;
fzf.fuzzyCompletion = true; fzf.fuzzyCompletion = true;

76
flake.lock generated
View file

@ -78,11 +78,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1733312601, "lastModified": 1736143030,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -137,18 +137,14 @@
"nixpkgs": [ "nixpkgs": [
"neovim-nightly-overlay", "neovim-nightly-overlay",
"nixpkgs" "nixpkgs"
],
"nixpkgs-stable": [
"neovim-nightly-overlay",
"nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1733665616, "lastModified": 1735882644,
"narHash": "sha256-+XTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd+lh2A=", "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "d8c02f0ffef0ef39f6063731fc539d8c71eb463a", "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -188,11 +184,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1733333617, "lastModified": 1735695978,
"narHash": "sha256-nMMQXREGvLOLvUa0ByhYFdaL0Jov0t1wzLbKjr05P2w=", "narHash": "sha256-cwk53OX1S1bCFY09zydubZNmmwcx9l5XEba8mVYuNE4=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "hercules-ci-effects", "repo": "hercules-ci-effects",
"rev": "56f8ea8d502c87cf62444bec4ee04512e8ea24ea", "rev": "f6233b5cfbada692d93a73d6ed35bdbfd0fdb9c4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -240,11 +236,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1733962285, "lastModified": 1736640403,
"narHash": "sha256-djpjqhPZkqfe1USsuu+eT4ZyGO+dVvAf3l4FUCZEb6Y=", "narHash": "sha256-1rpSNc0RuUSzy/p+FSrKscnzkki9OY8fKJCOe7z8fDA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "neovim-nightly-overlay", "repo": "neovim-nightly-overlay",
"rev": "2025aef04baf723bfa4cb8225fc11a319a5681f1", "rev": "e22b81280db26159447ea54ea06ea6d20435999a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -256,11 +252,11 @@
"neovim-src": { "neovim-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1733924897, "lastModified": 1736639038,
"narHash": "sha256-Fxzl754uzyNebXW54LUliFliMbw30XG+bdb0AVtPSM0=", "narHash": "sha256-ezIZc9Y1m5ERCpVpl2Dx8DMEgTDe0eVU7Q5eXa0fMw8=",
"owner": "neovim", "owner": "neovim",
"repo": "neovim", "repo": "neovim",
"rev": "442d338cb50e4cf08c58cb82b6d33b6d5df9fb1b", "rev": "88dca6a83593a0cf33866addf36cad2e847a2899",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -274,11 +270,11 @@
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1733570843, "lastModified": 1736631212,
"narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=", "narHash": "sha256-mG9lRZBcPiAGiVJ9B97BJoIGQcSBWIVlBiN30QYCtG0=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "a35b08d09efda83625bef267eb24347b446c80b8", "rev": "6ace2f2d12bdf74235d5cbf9fbd34a71c9716685",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -289,11 +285,11 @@
}, },
"nixos-unstable": { "nixos-unstable": {
"locked": { "locked": {
"lastModified": 1733759999, "lastModified": 1736523798,
"narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", "narHash": "sha256-Xb8mke6UCYjge9kPR9o4P1nVrhk7QBbKv3xQ9cj7h2s=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", "rev": "130595eba61081acde9001f43de3248d8888ac4a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -321,11 +317,11 @@
}, },
"nixpkgs-darwin": { "nixpkgs-darwin": {
"locked": { "locked": {
"lastModified": 1733776571, "lastModified": 1735564410,
"narHash": "sha256-mD1NyWpiHz9siylwga4oGZcdQWxxSEVJTWyLMltJMfw=", "narHash": "sha256-HB/FA0+1gpSs8+/boEavrGJH+Eq08/R2wWNph1sM1Dg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "976c39e1457c7c9f193b32d5dbe85da2ae608d03", "rev": "1e7a8f391f1a490460760065fa0630b5520f9cf8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -337,11 +333,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1733749988, "lastModified": 1736657626,
"narHash": "sha256-+5qdtgXceqhK5ZR1YbP1fAUsweBIrhL38726oIEAtDs=", "narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bc27f0fde01ce4e1bfec1ab122d72b7380278e68", "rev": "2f9e2f85cb14a46410a1399aa9ea7ecf433e422e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -353,11 +349,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1733749988, "lastModified": 1736420959,
"narHash": "sha256-+5qdtgXceqhK5ZR1YbP1fAUsweBIrhL38726oIEAtDs=", "narHash": "sha256-dMGNa5UwdtowEqQac+Dr0d2tFO/60ckVgdhZU9q2E2o=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bc27f0fde01ce4e1bfec1ab122d72b7380278e68", "rev": "32af3611f6f05655ca166a0b1f47b57c762b5192",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -383,11 +379,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1733730953, "lastModified": 1735563628,
"narHash": "sha256-dlK7n82FEyZlHH7BFHQAM5tua+lQO1Iv7aAtglc1O5s=", "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7109b680d161993918b0a126f38bc39763e5a709", "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -458,11 +454,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1733761991, "lastModified": 1736154270,
"narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=", "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085", "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b",
"type": "github" "type": "github"
}, },
"original": { "original": {