mlaga97/mlaga97-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
mlaga97-nix/systems/blockhouse/configuration.nix

245 lines
6.8 KiB
Nix
Executable file
Raw Blame History

{ config, lib, pkgs, modulesPath, ... }: {
imports = [
# Core Features
../../nixos/features/base.nix
../../nixos/features/tui-apps.nix
../../nixos/features/openssh-server.nix
# Core Tweaks
../../nixos/tweaks/zram.nix
../../nixos/tweaks/enable_flakes.nix
../../nixos/tweaks/disable_nixos_user.nix
../../nixos/tweaks/systemd-resolved_nonsense.nix
# Dotspace
../../secrets/dotspace.nix
../../secrets/dotspace_shares.nix
../../nixos/features/stronghold-binary-cache.nix
# Users
../../users/lauren_lagarde/lauren_lagarde.nix
../../users/ashley_funkhouser/ashley_funkhouser.nix
# Blockhouse Features
../../nixos/tweaks/aarch64-crosscompile.nix
../../nixos/features/gpu/nvidia.nix
../../nixos/features/networking/networkd-br0.nix
../../nixos/features/virtualization/dockge.nix
../../nixos/features/virtualization/docker.nix
../../nixos/features/virtualization/libvirt-host.nix
# Blockhouse
../../nixos/tweaks/zfs.nix
../../nixos/tweaks/disable_firewall.nix
];
##############################################################################
##############################################################################
##############################################################################
# Bootloader / Kernel
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub = {
enable = true;
zfsSupport = true;
efiSupport = true;
};
##############################################################################
##############################################################################
##############################################################################
# Local Filesystems
boot.loader.grub.mirroredBoots = [
{
devices = [ "nodev" ];
path = "/boot0";
}
{
devices = [ "nodev" ];
path = "/boot1";
}
];
fileSystems = {
"/" = {
device = "blockhouse-root/root";
fsType = "zfs";
};
"/exports/Archive" = {
device = "Archive/Archive";
fsType = "zfs";
};
"/exports/Archive/Frigate" = {
device = "Archive/Frigate";
fsType = "zfs";
};
"/exports/Archive/Restic" = {
device = "Archive/Restic";
fsType = "zfs";
};
"/exports/Archive/Multimedia" = {
device = "Archive/Multimedia";
fsType = "zfs";
};
"/boot0" = {
device = "/dev/disk/by-uuid/DD98-25C2";
fsType = "vfat";
options = [ "nofail" ];
};
"/boot1" = {
device = "/dev/disk/by-uuid/2F9C-F902";
fsType = "vfat";
options = [ "nofail" ];
};
};
##############################################################################
##############################################################################
##############################################################################
# Services
services.samba = {
enable = true;
openFirewall = true;
settings = {
Parlor = {
path = "/exports/Parlor";
comment = "Fast Data Storage";
writable = "yes";
browseable = "yes";
"force user" = "nobody";
"force group" = "users";
"create mask" = "775";
"force create mode" = "775";
"security mask" = "775";
"force security mode" = "775";
"directory mask" = "2775";
"force directory mode" = "2775";
"directory security mask" = "2775";
"force directory security mode" = "2775";
};
Archive = {
path = "/exports/Archive";
comment = "Vast Data Storage";
writable = "yes";
browseable = "yes";
"force user" = "nobody";
"force group" = "users";
"create mask" = "0775";
"force create mode" = "0664";
"directory mask" = "0775";
"force directory mode" = "0775";
};
};
};
services.apcupsd = {
enable = true;
configText = ''
UPSTYPE net
DEVICE bastion:3551
BATTERYLEVEL 50
MINUTES 10
'';
};
services.nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"nixos-cache.stronghold.mlaga97.space" = {
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
##############################################################################
##############################################################################
##############################################################################
# Users
users.users = {
# System Users
blockhouse = {
isNormalUser = true;
extraGroups = [ "wheel" ];
# TODO: Secret passwords?
};
dotspace = {
isNormalUser = true;
shell = pkgs.shadow;
# TODO: Secret passwords?
};
};
##############################################################################
##############################################################################
##############################################################################
# Network
# Disable IPv6?
networking.enableIPv6 = false;
boot.kernel.sysctl."net.ipv6.conf.all.disable_ipv6" = true;
systemd.network.networks = {
"30-eno1" = {
matchConfig.Name = "eno1";
networkConfig.Bridge = "br0";
linkConfig.RequiredForOnline = "enslaved";
};
"30-enp37s0" = {
matchConfig.Name = "enp37s0";
networkConfig.Bridge = "br0";
linkConfig.RequiredForOnline = "enslaved";
};
"30-enp40s0" = {
matchConfig.Name = "enp40s0";
networkConfig.Bridge = "br0";
linkConfig.RequiredForOnline = "enslaved";
};
"90-tinc" = {
matchConfig.Name = "tinc.dotspace";
address = [ "10.86.84.104/32" ];
routes = [ { Destination = "10.86.84.0/24"; } ];
};
};
services.tinc.networks.dotspace = {
name = "blockhouse";
ed25519PrivateKeyFile = "/root/tinc/mlaga97space_ed25519_key.priv";
chroot = false;
settings.ConnectTo = [ "fortress" "casemate" "vm_docker_0" "vm_docker_1" "vm_docker_2" ];
};
##############################################################################
##############################################################################
##############################################################################
# Periodic Tasks
# TODO: Systemd services and timers, one day
services.cron = {
enable = true;
mailto = "";
systemCronJobs = [
"* * * * * lauren_lagarde /home/lauren_lagarde/bin/DriveStats"
"* * * * * lauren_lagarde /home/lauren_lagarde/bin/PublishStats"
"0 */6 * * * lauren_lagarde /home/lauren_lagarde/bin/GetNWSMeteogram"
"* * * * * lauren_lagarde /home/lauren_lagarde/bin/GetAllCameraImages"
# Collate LongCam
];
};
}
Reference in a new issue View git blame Copy permalink