{ config, lib, pkgs, modulesPath, ... }: { nixpkgs.config.allowUnfree = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; ############################################################################## ############################################################################## ############################################################################## # Bootloader / Kernel boot.supportedFilesystems = [ "ntfs" ]; boot.loader.efi.canTouchEfiVariables = true; boot.loader.grub = { enable = true; zfsSupport = true; efiSupport = true; mirroredBoots = [ { devices = [ "nodev" ]; path = "/boot0"; } { devices = [ "nodev" ]; path = "/boot1"; } ]; }; # Activated at 1400 on April 10, 2024 powerManagement.cpuFreqGovernor = "performance"; boot.extraModprobeConfig = '' # Under low-write conditions, wait up to 30 seconds before committing data to disk options zfs zfs_txg_timeout=30 # Stupid silent data corruption bug (https://github.com/openzfs/zfs/issues/15933) options zfs zfs_bclone_enabled=0 options zfs zfs_dmu_offset_next_sync=0 ''; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.kernel.sysctl."net.ipv6.conf.all.disable_ipv6" = true; ############################################################################## ############################################################################## ############################################################################## # NVIDIA hardware.opengl.enable = true; hardware.opengl.driSupport32Bit = true; hardware.nvidia = { modesetting.enable = true; powerManagement.enable = false; powerManagement.finegrained = false; open = false; package = config.boot.kernelPackages.nvidiaPackages.stable; nvidiaSettings = true; }; services.xserver.videoDrivers = [ "nvidia" ]; virtualisation.docker = { enable = true; enableNvidia = true; }; ############################################################################## ############################################################################## ############################################################################## # Filesystems fileSystems = { "/" = { device = "blockhouse-root/root"; fsType = "zfs"; }; "/exports/Archive" = { device = "Archive/Archive"; fsType = "zfs"; }; "/exports/Archive/Frigate" = { device = "Archive/Frigate"; fsType = "zfs"; }; "/exports/Archive/Restic" = { device = "Archive/Restic"; fsType = "zfs"; }; "/exports/Archive/Multimedia" = { device = "Archive/Multimedia"; fsType = "zfs"; }; "/boot0" = { device = "/dev/disk/by-uuid/DD98-25C2"; fsType = "vfat"; options = [ "nofail" ]; }; "/boot1" = { device = "/dev/disk/by-uuid/2F9C-F902"; fsType = "vfat"; options = [ "nofail" ]; }; }; # TODO: Add back dotspace shares ############################################################################## ############################################################################## ############################################################################## # Services services.uptimed.enable = true; services.samba = { enable = true; openFirewall = true; shares = { Parlor = { path = "/exports/Parlor"; comment = "Fast Data Storage"; writable = "yes"; browseable = "yes"; "force user" = "nobody"; "force group" = "users"; "create mask" = "775"; "force create mode" = "775"; "security mask" = "775"; "force security mode" = "775"; "directory mask" = "2775"; "force directory mode" = "2775"; "directory security mask" = "2775"; "force directory security mode" = "2775"; }; Archive = { path = "/exports/Archive"; comment = "Vast Data Storage"; writable = "yes"; browseable = "yes"; "force user" = "nobody"; "force group" = "users"; "create mask" = "0775"; "force create mode" = "0664"; "directory mask" = "0775"; "force directory mode" = "0775"; }; }; }; services.apcupsd = { enable = true; configText = '' UPSTYPE net DEVICE bastion:3551 BATTERYLEVEL 50 MINUTES 10 ''; }; services.nix-serve = { enable = true; secretKeyFile = "/var/cache-priv-key.pem"; }; services.nginx = { enable = true; recommendedProxySettings = true; virtualHosts = { "nixos-cache.stronghold.mlaga97.space" = { locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; }; }; }; ############################################################################## ############################################################################## ############################################################################## # Users users.mutableUsers = false; users.users = { # System Users blockhouse = { isNormalUser = true; extraGroups = [ "wheel" ]; # TODO: Secret passwords? }; dotspace = { isNormalUser = true; shell = pkgs.shadow; # TODO: Secret passwords? }; # Human users lauren_lagarde = { isNormalUser = true; description = "Lauren Lagarde"; extraGroups = [ "wheel" "docker" "libvirtd" ]; initialHashedPassword = "$y$j9T$KqTFvSj9TYmRXugVbiSgj.$RbvxcGlY/DbLFioa64ntY5RO4Ym0CMswhegeQj5qHyD"; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCl881A1gvgCx+4ECrmJnO2QCTiqjaOLfAegKAAkvWNFKL0rDfsj8tZULUcyn87HYsRrdmqCOQ62GOjQyK803azq7QTxwY4vjczkJxico4LnIToTobcz+JkgF6Rf/h74bs9dHk4ZU853FRBz3wi/14rI10Iwckt37B1ayJacpELuzFobKYip2FjiL1vNH3tiAFR131z+YBByvNX+uJYEhpsI0xry9zbsSUWUq5/YFpmjezblzYRokfsReYiKJeQBeROSeRC/xFBSnikECSylNI4sw5VIpGXFIxL5xhss+s+3dnb+LFQ+zInOYxkVRydYc/In9Wz6Tu7v07K8bjvE7nQwHenoGtRW590Xu0rJApS+k8Cu16sCO2QFj/aI+gCrhU0ymM0aicr0hFAME6Y7j9HcR6PxYxnXZjI7cfqhO5TG8jot25SPzJcvH3EV5oPKtAkw9XA+8+nAI9czFlUgHnuMJAqw1IGOD3qozwqZ5yn1+kG7FZJRpvaPc5pK2HtqaAKJmnRuVaWcFuNALh86gr7Qn8IEp8Q+YyKmDqrMZ4KLJUMnVqn4y0HVS1eB5nVujaJZUGJWA4q3og0FE/2kH74WEp2ZtuJAoEPcgfZ6Ns7BmmXIZU7qu4kQoQ73b3mn6hCi5xlQ/sClzwHYkRPo4tST64ED/UIRPCYe1byNUWSww== lauren@lagarde.dev" ]; }; ashley_funkhouser = { isNormalUser = true; description = "Ashley Funkhouser"; extraGroups = [ "wheel" "docker" "libvirtd" ]; initialHashedPassword = "$y$j9T$b.JgT15KeFXOjWQ0gJ7Ae0$n1KSyoAa8E.zI.4WZ6ze.Sk0RqXayZRrZK2319C77W/"; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwgQE831tqVEbb5bhLH9XkhmiIxTJ4YlL0Yjha2MJ0uoXfC7y+twp2fJB0FjmXvrU5li2mAes5DVakq0RqG5MtkbGSFN9/lJPuis+k6OzTTihe3PGTkRqaC6JWAs5Db7yHlaq0a+qLpniXPH/9/W/IqjRB67EPvfPkZ7VefjeEkJ1aPSoobws8DJUGum5PAg1oLTGwgirGMSlpWNOCxt8h3dynjrRLbUG4afU/FvbQDy27J0ODIN5CPDj8ZiTgz1s0KsA702dXz8UiioDp8ES9gOOfLqye50lga3UuK47jNJXelwmIAvCdPj1LKpy4HvmdIH8F4CsCqwkzbF1/s55quWvf/olhcWofayKcjP6Vbs8k3M6cshjcXPKBbr2FnpznHZCPSDq0Htk6a/YfFGh3Jy96x5PJW29deKJ9pjEvTufWDBhU6Uqd/80QGpGg/VBNiMot5qPrcdKM3kN7aPxU1mlbF9ICG/T0E7mSGEQHYqKd2LGfbielvobE/pdPbErjTRzl9KeqYiN9NA8Um5r8KDj8w/E9oF6DMpqulFA9fdMYtMTeEVPXxt6c7S1+VzOkfSbRt/p5Ql5FF294f6lvN01gbbJrGrfAstXmyPKGmJ/OSYrTEX7hhpaDJytW9KgzAebdkP2C5CQnwyJHaTDr1dEDSieoB0JgRFMWuvBNUQ== ajfunk27@gmail.com" ]; }; }; ############################################################################## ############################################################################## ############################################################################## # Network networking = { hostName = "blockhouse"; hostId = "ed658529"; enableIPv6 = false; useNetworkd = true; firewall.enable = false; }; services.resolved.extraConfig = "ResolveUnicastSingleLabel=yes"; systemd.network = { enable = true; netdevs = { "20-br0".netdevConfig = { Kind = "bridge"; Name = "br0"; }; }; networks = { "30-eno1" = { matchConfig.Name = "eno1"; networkConfig.Bridge = "br0"; linkConfig.RequiredForOnline = "enslaved"; }; "30-enp37s0" = { matchConfig.Name = "enp37s0"; networkConfig.Bridge = "br0"; linkConfig.RequiredForOnline = "enslaved"; }; "30-enp40s0" = { matchConfig.Name = "enp40s0"; networkConfig.Bridge = "br0"; linkConfig.RequiredForOnline = "enslaved"; }; "40-br0" = { matchConfig.Name = "br0"; bridgeConfig = {}; linkConfig = { RequiredForOnline = "routable"; }; networkConfig = { DHCP = "ipv4"; IPv6AcceptRA = true; }; }; "90-tinc" = { matchConfig.Name = "tinc.mlaga97spa"; address = [ "10.86.84.104/32" ]; routes = [ { routeConfig = { Destination = "10.86.84.0/24"; }; } ]; }; }; }; services.tinc.networks.mlaga97space = { name = "blockhouse"; ed25519PrivateKeyFile = "/root/tinc/mlaga97space_ed25519_key.priv"; chroot = false; settings = { ConnectTo = [ "fortress" "casemate" "vm_docker_0" "vm_docker_1" "vm_docker_2" ]; }; # TODO: dotspace.nix }; # Set your time zone. time.timeZone = "America/Chicago"; ############################################################################## ############################################################################## ############################################################################## # Periodic Tasks # TODO: Systemd services and timers, one day services.cron = { enable = true; systemCronJobs = [ "* * * * * lauren_lagarde /home/lauren_lagarde/bin/DriveStats" "* * * * * lauren_lagarde /home/lauren_lagarde/bin/PublishStats" "0 */6 * * * lauren_lagarde /home/lauren_lagarde/bin/GetNWSMeteogram" "* * * * * lauren_lagarde /home/lauren_lagarde/bin/GetAllCameraImages" # Collate LongCam ]; }; ############################################################################## ############################################################################## ############################################################################## # Other Services virtualisation.libvirtd.enable = true; services.openssh.enable = true; services.openssh.settings = { PermitRootLogin = "no"; StreamLocalBindUnlink = "yes"; }; services.smartd.enable = true; environment.systemPackages = with pkgs; [ bc git vim btop tmux iotop byobu cifs-utils samba ffmpeg libvirt tinc_pre restic rclone nixos-generators ]; zramSwap.enable = true; zramSwap.algorithm = "zstd"; zramSwap.memoryPercent = 200; system.stateVersion = "23.11"; }