mira/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

(auxin) I don't fucking know anymore

Browse source
This commit is contained in:
ArgentumCation 2025-01-12 19:30:55 -05:00
parent 50a8b6aa5d
commit d6a7cdf531
4 changed files with 106 additions and 207 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

130
auxin/configuration.nix
View file

@ -28,13 +28,6 @@ let
8842 # Crowdsec (-> 8842)
8888 # Kodi
9000 # Portainer (-> 9443)
3300 # Ceph monitors
6789 # Ceph monitors
6800 # Ceph OSD
6801 # Ceph OSD
6802 # Ceph OSD
6803 # Ceph OSD
6804 # Ceph OSD
];#// lib.lists.range 6800 7568 ;
in
{
@ -50,7 +43,7 @@ in
};
networking = {
interfaces.enp5s0f0u2c2.ipv4.addresses = [{
interfaces.enp5s0f0u1c2.ipv4.addresses = [{
address = "192.168.2.153";
prefixLength = 24;
}];
@ -71,7 +64,6 @@ in
czkawka
gcc
go
ceph
hyperfine
sof-firmware
jellyfin-media-player
@ -81,15 +73,14 @@ in
nil
dig
nmap
upower
nodePackages.nodejs
nodePackages.pnpm
];
# Define a user account. Don't forget to set a password with passwd.
users = {
groups.ceph = { };
users = {
# mesh = { isNormalUser = true; extraGroups = [ "wheel" "docker" ]; };
# ceph = { isNormalUser = true; extraGroups = [ "wheel" "ceph" ]; };
dockremap = {
isSystemUser = true;
uid = 100000;
@ -109,6 +100,7 @@ in
};
};
};
i18n.defaultLocale = "en_US.UTF-8";
programs = {
virt-manager.enable = true;
fuse.userAllowOther = true;
@ -146,25 +138,6 @@ in
};
services = {
openiscsi = {
enable = true;
name = "iqn.2024-12.com.argentumcation:auxin";
discoverPortal = "192.168.1.146";
};
# ceph = {
# global.fsid = "7c57bbc5-fdbf-4023-bc45-2e708ebc8e3e";
# osd = {
# enable = true;
# daemons = [ "0" ];
# };
# mon = {
# enable = false;
# extraConfig = {
# "mon initial members" = "auxin";
# "mon host" = "192.168.1.153";
# };
# };
# };
nfs = {
idmapd.settings = {
Mapping = {
@ -188,21 +161,11 @@ in
};
x2goserver.enable = true;
k3s = {
enable = false;
role = "server";
token = "uwubernetes"; # TODO: change this
extraFlags = toString [
"--write-kubeconfig-mode \"0644\""
"--cluster-init"
# "--disable localstorage"
];
};
# Enable the X11 windowing system.
xserver = {
enable = true;
desktopManager.xfce.enable = true;
# videoDrivers = ["modesetting"];
# desktopManager.xfce.enable = true;
# Kodi
desktopManager.kodi = {
@ -225,24 +188,11 @@ in
inputstream-adaptive
]);
};
displayManager = {
autoLogin.enable = true;
autoLogin.user = "mira";
lightdm.greeter.enable = false;
displayManager.lightdm.greeter.enable = false;
};
};
# displayManager.sddm = {
# enable = false;
# settings = {
# Autologin = {
# Session = "kodi.desktop";
# User = "mira";
# };
# };
# };
displayManager.autoLogin ={ enable = true; user="mira";};
btrbk = { }; # TODO:
caddy = { }; # TODO:
ceph = { }; # TODO:
fail2ban = {
enable = true;
ignoreIP = [
@ -256,34 +206,33 @@ in
enable = true;
openFirewall = true;
};
# TODO: check security settings
samba = {
enable = true;
settings = {
global = {
"min protocol" = "SMB2";
"max protocol" = "SMB3";
"client min protocol" = "SMB2";
"client max protocol" = "SMB3";
"client ipc min protocol" = "SMB2";
"client ipc max protocol" = "SMB3";
"server min protocol" = "SMB2";
"server max protocol" = "SMB3";
};
public = {
path = "/";
browseable = "yes";
"guest ok" = "yes";
"read only" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "dockremap";
"force group" = "dockremap";
};
};
};
# samba = {
# enable = true;
# settings = {
# global = {
# "min protocol" = "SMB2";
# "max protocol" = "SMB3";
# "client min protocol" = "SMB2";
# "client max protocol" = "SMB3";
# "client ipc min protocol" = "SMB2";
# "client ipc max protocol" = "SMB3";
# "server min protocol" = "SMB2";
# "server max protocol" = "SMB3";
# };
# public = {
# path = "/";
# browseable = "yes";
# "guest ok" = "yes";
# "read only" = "no";
# "create mask" = "0644";
# "directory mask" = "0755";
# "force user" = "dockremap";
# "force group" = "dockremap";
# };
# };
# };
pipewire = {
enable = false;
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
@ -319,19 +268,6 @@ in
};
};
services = {
"iscsi-login" = {
description = "Login to iSCSI target iqn.2003-01.org.linux-iscsi.lipotropin.x8664:sn.8c9b8ea2ebc9";
after = [ "network.target" "iscsid.service" ];
wants = [ "iscsid.service" ];
serviceConfig = {
ExecStartPre = "${pkgs.openiscsi}/bin/iscsiadm -m discovery -t sendtargets -p 192.168.2.146";
ExecStart = "${pkgs.openiscsi}/bin/iscsiadm -m node -T iqn.2003-01.org.linux-iscsi.lipotropin.x8664:sn.8c9b8ea2ebc9 -p 192.168.2.146 --login";
ExecStop = "${pkgs.openiscsi}/bin/iscsiadm -m node -T iqn.2003-01.org.linux-iscsi.lipotropin.x8664:sn.8c9b8ea2ebc9 -p 192.168.2.146 --logout";
Restart = "on-failure";
RemainAfterExit = true;
};
wantedBy = [ "multi-user.target" ];
};
"qbittorrent-healthcheck" = {
script = ''
${pkgs.docker}/bin/docker exec qbittorrent ping -c 1 -w 5 -I protonwire0 8.8.8.8 || ${pkgs.docker}/bin/docker restart qbittorrent

79
auxin/hardware-configuration.nix
View file

@ -18,26 +18,25 @@
efi.canTouchEfiVariables = true;
};
initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "uas" "usbcore" ];
initrd.kernelModules = [ ];
# initrd.kernelModules = ["i915" ];
kernelModules = [ "kvm-amd" "iscsi_tcp" ];
extraModulePackages = [ ];
kernelPackages = pkgs.linuxPackages_latest;
# kernelParams = [
# "i915.enable_guc=0"
# ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/SYSTEM";
fsType = "btrfs";
options = [ "subvol=@nixos" "noatime" ];
};
fileSystems."/raid" = {
device = "//192.168.2.146/raid";
fsType = "cifs";
options = ["credentials=/etc/nixos/smb-secrets" "_netdev" "uid=1000" "gid=1000" "file_mode=0777" "dir_mode=0777" ];
# fileSystems."/ceph/30_media" = {
# device = "none";
# fsType = "fuse.ceph";
# options = ["ceph.name=client.admin" "ceph.client_mds_namespace=media" "_netdev" "defaults"];
# };
# fileSystems."/ceph/10_roms" = {
# device = "none";
# fsType = "fuse.ceph";
# options = ["ceph.name=client.admin" "ceph.client_mds_namespace=roms" "_netdev" "defaults"];
# };
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/SYSTEM";
fsType = "btrfs";
@ -49,55 +48,11 @@
fsType = "btrfs";
options = [ "subvol=@home" "noatime" "compress=zstd" ];
};
fileSystems."/swap" = {
device = "/dev/disk/by-label/SYSTEM";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/ESP";
fsType = "vfat";
};
fileSystems."/ceph" = {
device = "/dev/disk/by-label/MEDIA";
fsType = "btrfs";
options = [ "noatime" "ro" "degraded" "space_cache=v2" "compress=zstd" "_netdev"];
};
fileSystems."/raid" = {
device = "/dev/disk/by-id/ata-WDC_WD40EZAZ-00SF3B0_WD-WX32DC0RL571";
fsType = "btrfs";
options = [ "noatime" "space_cache=v2" "compress=zstd" "_netdev" ];
};
# fileSystems."/raid" = {
# device = "overlay";
# fsType = "overlay";
# options = ["lowerdir=/ceph" "upperdir=/mnt/upperdir" "workdir=/mnt/workdir"];
# };
# fileSystems."/ceph/10_roms" = {
# device = "admin@2ab18802-7fa6-11ef-b66f-14ac604688a3.roms=/";
# fsType = "ceph";
# options = [ "_netdev" ];
# };
#
# fileSystems."/ceph/30_media" = {
# device = "admin@2ab18802-7fa6-11ef-b66f-14ac604688a3.media=/";
# fsType = "ceph";
# options = [ "_netdev" ];
# };
# fileSystems."/ceph/services" = {
# device = "admin@2ab18802-7fa6-11ef-b66f-14ac604688a3.services=/";
# fsType = "ceph";
# options = [ "_netdev" ];
# };
#
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
networking.networkmanager.enable = lib.mkDefault true; # Easiest to use and most distros use this by default.
# BTRFS scrub
@ -105,9 +60,17 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
pulseaudio.enable = true;
pulseaudio.support32Bit = true; ## If compatibility with 32-bit applications is desired.
enableRedistributableFirmware = true;
# pulseaudio.enable = true;
# pulseaudio.support32Bit = true; ## If compatibility with 32-bit applications is desired.
# graphics = {
# enable = true;
# # extraPackages = with pkgs; [
# # # intel-vaapi-driver
# # intel-media-driver
# # libvdpau-va-gl
# # ];
# };
};
}

28
common.nix
View file

@ -134,12 +134,16 @@ in
};
};
environment.systemPackages = with pkgs; lib.lists.unique [
# zellij
bat
brightnessctl
btdu
btop
btrbk
cargo
chezmoi
cifs-utils
delta
difftastic
duf
@ -147,30 +151,30 @@ in
fd
file
fzf
ceph # TODO: remove after migrating away from ceph
gdu
ghostty
glibcLocales
hyfetch
killall
lsd
lsof
mcfly
neovim
nushell
powertop
python3
starship
ripgrep
sheldon
starship
statix
tealdeer
viddy
wget
powertop
brightnessctl
zoxide
zellij
zsh
lsof
unzip
viddy
vivid
wget
xonsh
zoxide
zsh
] ++ [
alejandra
lua-language-server
@ -191,7 +195,7 @@ in
yazi.enable = true;
zsh.enable = true;
thefuck.enable = true;
direnv.enable = true;
# direnv.enable = true;
neovim.enable = true;
starship.enable = true;
fzf.fuzzyCompletion = true;

76
flake.lock generated
View file

@ -78,11 +78,11 @@
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"lastModified": 1736143030,
"narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
"type": "github"
},
"original": {
@ -137,18 +137,14 @@
"nixpkgs": [
"neovim-nightly-overlay",
"nixpkgs"
],
"nixpkgs-stable": [
"neovim-nightly-overlay",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733665616,
"narHash": "sha256-+XTFXYlFJBxohhMGLDpYdEnhUNdxN8dyTA8WAd+lh2A=",
"lastModified": 1735882644,
"narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "d8c02f0ffef0ef39f6063731fc539d8c71eb463a",
"rev": "a5a961387e75ae44cc20f0a57ae463da5e959656",
"type": "github"
},
"original": {
@ -188,11 +184,11 @@
]
},
"locked": {
"lastModified": 1733333617,
"narHash": "sha256-nMMQXREGvLOLvUa0ByhYFdaL0Jov0t1wzLbKjr05P2w=",
"lastModified": 1735695978,
"narHash": "sha256-cwk53OX1S1bCFY09zydubZNmmwcx9l5XEba8mVYuNE4=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "56f8ea8d502c87cf62444bec4ee04512e8ea24ea",
"rev": "f6233b5cfbada692d93a73d6ed35bdbfd0fdb9c4",
"type": "github"
},
"original": {
@ -240,11 +236,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1733962285,
"narHash": "sha256-djpjqhPZkqfe1USsuu+eT4ZyGO+dVvAf3l4FUCZEb6Y=",
"lastModified": 1736640403,
"narHash": "sha256-1rpSNc0RuUSzy/p+FSrKscnzkki9OY8fKJCOe7z8fDA=",
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"rev": "2025aef04baf723bfa4cb8225fc11a319a5681f1",
"rev": "e22b81280db26159447ea54ea06ea6d20435999a",
"type": "github"
},
"original": {
@ -256,11 +252,11 @@
"neovim-src": {
"flake": false,
"locked": {
"lastModified": 1733924897,
"narHash": "sha256-Fxzl754uzyNebXW54LUliFliMbw30XG+bdb0AVtPSM0=",
"lastModified": 1736639038,
"narHash": "sha256-ezIZc9Y1m5ERCpVpl2Dx8DMEgTDe0eVU7Q5eXa0fMw8=",
"owner": "neovim",
"repo": "neovim",
"rev": "442d338cb50e4cf08c58cb82b6d33b6d5df9fb1b",
"rev": "88dca6a83593a0cf33866addf36cad2e847a2899",
"type": "github"
},
"original": {
@ -274,11 +270,11 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1733570843,
"narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=",
"lastModified": 1736631212,
"narHash": "sha256-mG9lRZBcPiAGiVJ9B97BJoIGQcSBWIVlBiN30QYCtG0=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "a35b08d09efda83625bef267eb24347b446c80b8",
"rev": "6ace2f2d12bdf74235d5cbf9fbd34a71c9716685",
"type": "github"
},
"original": {
@ -289,11 +285,11 @@
},
"nixos-unstable": {
"locked": {
"lastModified": 1733759999,
"narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=",
"lastModified": 1736523798,
"narHash": "sha256-Xb8mke6UCYjge9kPR9o4P1nVrhk7QBbKv3xQ9cj7h2s=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56",
"rev": "130595eba61081acde9001f43de3248d8888ac4a",
"type": "github"
},
"original": {
@ -321,11 +317,11 @@
},
"nixpkgs-darwin": {
"locked": {
"lastModified": 1733776571,
"narHash": "sha256-mD1NyWpiHz9siylwga4oGZcdQWxxSEVJTWyLMltJMfw=",
"lastModified": 1735564410,
"narHash": "sha256-HB/FA0+1gpSs8+/boEavrGJH+Eq08/R2wWNph1sM1Dg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "976c39e1457c7c9f193b32d5dbe85da2ae608d03",
"rev": "1e7a8f391f1a490460760065fa0630b5520f9cf8",
"type": "github"
},
"original": {
@ -337,11 +333,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1733749988,
"narHash": "sha256-+5qdtgXceqhK5ZR1YbP1fAUsweBIrhL38726oIEAtDs=",
"lastModified": 1736657626,
"narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bc27f0fde01ce4e1bfec1ab122d72b7380278e68",
"rev": "2f9e2f85cb14a46410a1399aa9ea7ecf433e422e",
"type": "github"
},
"original": {
@ -353,11 +349,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1733749988,
"narHash": "sha256-+5qdtgXceqhK5ZR1YbP1fAUsweBIrhL38726oIEAtDs=",
"lastModified": 1736420959,
"narHash": "sha256-dMGNa5UwdtowEqQac+Dr0d2tFO/60ckVgdhZU9q2E2o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bc27f0fde01ce4e1bfec1ab122d72b7380278e68",
"rev": "32af3611f6f05655ca166a0b1f47b57c762b5192",
"type": "github"
},
"original": {
@ -383,11 +379,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1733730953,
"narHash": "sha256-dlK7n82FEyZlHH7BFHQAM5tua+lQO1Iv7aAtglc1O5s=",
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7109b680d161993918b0a126f38bc39763e5a709",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github"
},
"original": {
@ -458,11 +454,11 @@
]
},
"locked": {
"lastModified": 1733761991,
"narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=",
"lastModified": 1736154270,
"narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085",
"rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b",
"type": "github"
},
"original": {