David Crompton
5ae9e2e777
This is a combination of 129 commits: Initial Server Configuration Add Caddy Add Jelly Bucket to Minio Remove Podman DNS Initialize Server Configuration Directory Also replace Minio Pod w/ Nix Derivation Remove Neko/WatchThingz User Configuration (Broken, See Issue) Disable WatchThingz Add cockpit TODO: Add Cockpit Plugins TODO: Add Performance Metrics https://github.com/performancecopilot/pcp Start adding Gitea TODO: Gitea specific postgres config, determine global postgres Add Second Mass Storage Drive Add Gitea in Full Mount Both Data Dirs for Minio Add CUDA to Nvidia Add OCI Based Servers TODO: Organize into server arcitecture Add Secrets Add some nice to have packages Massive Server Upgrade Jelly s3fs mount Stats for things like Minio Usage, Logs etc. VirtualHost & Pod Cleanup Move pod import inot oci services that use them Have services define what virtualhost of caddy they belong to Migrade homeassitant and jellyfin to new dir structure Headscale and static files Directory Reorganization New Module Structure Headscale is public facing Headscale User Generation Module Finish HeadScale PreAuth Module TODO: Activation Script sketch: (Tailscale & Container) Headscale integration Add Local DNS Resolver & Local Domains Add Path to Output of ensureUsers Fix Path Setting Add Services Dir Local Join to Tailnet w/ Auth Gen Togers Uses .tv ... Move networking config Add networking to configuration.nix Update to Brdiged Networking Requirement for nspawn Fix unit definitions Cleanup defs for container support Add Minio Containers to tailnet Disable PostGresql, seems to break things Migrate to LVM Disk Fix not Using Headscale Containers Re-add Nextcloud Re Auth Prometheus for Minio Pretty Graphs Init: pre-office servers Init: pre Pterodactyl server Fix Jelly VPN Disable Grafana for Now Add VaultWarden Add Anki Add GC and Store Optimization Correct Gitea's connection to postgresql Add Vaultwarden, Remove Anki Cleanup User Depsfor Recognize Pterodactyl: Add Nspawn Service Change to Flake System Fix flake path pugs Add Hydra Add Build Machine Wings: Migrate to Nix Directly... or do tun tap. Might do latter Try to get Anki to Work It passes args properly now, but not environment variables Add NAT Passthrough on Ports Disable for now, interferes b/c of NAT Tried to enable actions Nix Serve Cache Hydra DynRun Increase port range Stop Using Pod Patch Hydra Video Group & Patches libnvidia-container ldconfig patch More patching nvidia-podman fix && jellyfin nvidia Nix cache domain Update Flake Container Deployment User & Script Add Handy Helper Deploy-scheme Forgetten Flake Update 2023-03-12 -> 2023-03-21 Update Flake Update Nextcloud 25 -> 26 Update Flake & Nvidia-Podman Update of flake broke nvidia podman, this fixes it, hopefully Latest working version Update Time! Use new Gitea Config Use new Gitea Config, properly Currently borked, need to wait, or go back to earlier working version Working now Updates Change Hydra Port Whoops, Keyboard bad Convert to String Update Time NodeJS InSecure for Now OpenSSL1.1.1t InSecure Disable Hydra Tests More insecure Update and Ethan Basic AudioBookshelf impl Add AudioBookShelf Fix Group Test Env Var Environment Wrong Location Remove TMP Env Config Dir SystemDir: Audiobookshelf Audiobook: getopt ExecStart Args for Env Correct Port Add Domain: AudioBooks Git LFS Hauk Location Tracking TODO: Change domain to whereis.chris.crompton.cc Enable Hauk Correct Hauk Port Flake Update Docker-compat Disable Recognize Setup Nextcloud 26 -> 27 Disable Podman-Nvidia Environment is clouded for some reason™️ (nvidia-container-tools makes a "docker" command visible) OctoPrint & Prusa Samba server Reorganize for Config Merge Move Nvidia Fix to File Migrate to sops-nix servers -> server Remove Old Key Things for Agenix
162 lines
4.3 KiB
Nix
162 lines
4.3 KiB
Nix
# Edit this configuration file to define what should be installed on
|
||
# your system. Help is available in the configuration.nix(5) man page
|
||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||
|
||
{ config, pkgs, ... }:
|
||
|
||
{
|
||
imports =
|
||
[ # Include the results of the hardware scan.
|
||
./hardware-configuration.nix
|
||
|
||
# Network configuration
|
||
./networking.nix
|
||
|
||
# Enable Flakes
|
||
./flakes.nix
|
||
|
||
# Enable Secrets
|
||
./secrets.nix
|
||
|
||
# Nvidia Driver Config
|
||
./nvidia.nix
|
||
|
||
# Enable Containers
|
||
./oci.nix
|
||
|
||
# Servers: (Nextcloud, minio, and more)
|
||
./servers.nix
|
||
|
||
# Services: (tailscale, etc.)
|
||
./services.nix
|
||
];
|
||
nixpkgs.config.permittedInsecurePackages = [
|
||
"nodejs-14.21.3"
|
||
"openssl-1.1.1t"
|
||
"openssl-1.1.1u"
|
||
];
|
||
nix.gc = {
|
||
automatic = true;
|
||
dates = "weekly";
|
||
options = "--delete-older-than 30d";
|
||
};
|
||
nix.settings.auto-optimise-store = true;
|
||
|
||
# Bootloader.
|
||
boot.loader.systemd-boot.enable = true;
|
||
boot.loader.efi.canTouchEfiVariables = true;
|
||
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||
|
||
networking.hostName = "nixos"; # Define your hostname.
|
||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||
|
||
# Configure network proxy if necessary
|
||
# networking.proxy.default = "http://user:password@proxy:port/";
|
||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||
|
||
# Enable networking
|
||
networking.networkmanager.enable = true;
|
||
|
||
# Set your time zone.
|
||
time.timeZone = "America/Toronto";
|
||
|
||
# Select internationalisation properties.
|
||
i18n.defaultLocale = "en_CA.UTF-8";
|
||
|
||
# Enable the X11 windowing system.
|
||
services.xserver.enable = true;
|
||
|
||
# Enable the Pantheon Desktop Environment.
|
||
services.xserver.displayManager.sddm.enable = true;
|
||
services.xserver.desktopManager.plasma5.enable = true;
|
||
|
||
# Configure keymap in X11
|
||
services.xserver = {
|
||
layout = "us";
|
||
xkbVariant = "";
|
||
};
|
||
|
||
# Enable CUPS to print documents.
|
||
services.printing.enable = true;
|
||
|
||
# Enable sound with pipewire.
|
||
sound.enable = true;
|
||
hardware.pulseaudio.enable = false;
|
||
security.rtkit.enable = true;
|
||
services.pipewire = {
|
||
enable = true;
|
||
alsa.enable = true;
|
||
alsa.support32Bit = true;
|
||
pulse.enable = true;
|
||
# If you want to use JACK applications, uncomment this
|
||
#jack.enable = true;
|
||
|
||
# use the example session manager (no others are packaged yet so this is enabled by default,
|
||
# no need to redefine it in your config for now)
|
||
#media-session.enable = true;
|
||
};
|
||
|
||
# Enable touchpad support (enabled default in most desktopManager).
|
||
# services.xserver.libinput.enable = true;
|
||
|
||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||
users.users.server = {
|
||
isNormalUser = true;
|
||
description = "server";
|
||
extraGroups = [ "networkmanager" "wheel" "video" ];
|
||
packages = with pkgs; [
|
||
];
|
||
};
|
||
|
||
# Enable automatic login for the user.
|
||
services.xserver.displayManager.autoLogin.enable = true;
|
||
services.xserver.displayManager.autoLogin.user = "server";
|
||
|
||
# List packages installed in system profile. To search, run:
|
||
# $ nix search wget
|
||
environment.systemPackages = with pkgs; [
|
||
firefox
|
||
|
||
screen
|
||
btop
|
||
htop
|
||
|
||
git
|
||
git-lfs
|
||
|
||
emacs
|
||
|
||
prusa-slicer
|
||
|
||
sops
|
||
];
|
||
|
||
# Some programs need SUID wrappers, can be configured further or are
|
||
# started in user sessions.
|
||
# programs.mtr.enable = true;
|
||
# programs.gnupg.agent = {
|
||
# enable = true;
|
||
# enableSSHSupport = true;
|
||
# };
|
||
|
||
# List services that you want to enable:
|
||
|
||
# Enable the OpenSSH daemon.
|
||
services.openssh.enable = true;
|
||
|
||
# Open ports in the firewall.
|
||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||
# Or disable the firewall altogether.
|
||
networking.firewall.enable = false;
|
||
|
||
# This value determines the NixOS release from which the default
|
||
# settings for stateful data, like file locations and database versions
|
||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||
# this value at the release version of the first install of this system.
|
||
# Before changing this value read the documentation for this option
|
||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||
system.stateVersion = "22.11"; # Did you read the comment?
|
||
|
||
}
|