diff --git a/systems/nasty/configuration.nix b/systems/nasty/configuration.nix new file mode 100644 index 0000000..9fdd41d --- /dev/null +++ b/systems/nasty/configuration.nix @@ -0,0 +1,65 @@ +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ./modules/generic.nix + ./modules/physical.nix + ./modules/borg-serve.nix + ./modules/jellyfin.nix + ./modules/arrstack.nix + ./modules/authentik-proxy.nix + ./modules/stash.nix + #./modules/nextcloud-aio.nix + ./samba.nix + ./modules/navidrome.nix + ./modules/feishin.nix + ./modules/tvproxy.nix + ./modules/calibre-web.nix + ./modules/borg.nix + ]; + + system.autoUpgrade = { + allowReboot = false; + }; + + sops.secrets."authentik/proxy/nasty" = {}; + services.authentik-proxy.token = builtins.readFile config.sops.secrets."authentik/proxy/nasty".path; + + environment.systemPackages = with pkgs; [ + mediainfo + mergerfs + mergerfs-tools + filezilla + firefox + ffmpeg_6-full + _7zz + ]; + + programs.fuse.userAllowOther = true; + + users.users.mc-fucker.extraGroups = [ "render" ]; + + zramSwap.memoryPercent = 50; + + programs.atop.netatop.enable = false; + programs.java.enable = true; + + services.xserver = { + enable = true; + desktopManager = { + xterm.enable = false; + xfce.enable = true; + }; + }; + + services.xrdp = { + enable = true; + defaultWindowManager = "xfce4-session"; + }; + + #system.stateVersion = "24.11"; + +} +# vim: set et ts=2 sw=2 ai: diff --git a/systems/nasty/drives.nix b/systems/nasty/drives.nix new file mode 100644 index 0000000..36f593b --- /dev/null +++ b/systems/nasty/drives.nix @@ -0,0 +1,130 @@ +{ ... }: +{ + + environment.etc.crypttab = { + text = '' + 1EJZN6MZ UUID=8264b529-17a9-4167-8e34-3774b5074a4e /var/lib/keyfiles/8264b529-17a9-4167-8e34-3774b5074a4e nofail + 1EKR513Z UUID=80483157-7aa4-42a4-af5d-bbd7474a29b3 /var/lib/keyfiles/80483157-7aa4-42a4-af5d-bbd7474a29b3 nofail + 1EKVK21Z UUID=438e7e6b-4faa-4fc5-b7ba-3d7af0c9e184 /var/lib/keyfiles/438e7e6b-4faa-4fc5-b7ba-3d7af0c9e184 nofail + 43P0A00AFJDH UUID=eff697b4-86bc-4a0e-833f-cc40e6aa001e /var/lib/keyfiles/eff697b4-86bc-4a0e-833f-cc40e6aa001e nofail + 43P0A00FFJDH UUID=eae95261-2600-4935-93ba-6cd8e54773e0 /var/lib/keyfiles/eae95261-2600-4935-93ba-6cd8e54773e0 nofail + 53F0A0SBFJDH UUID=f443a535-ca5a-4093-9f29-6ab0699e3527 /var/lib/keyfiles/f443a535-ca5a-4093-9f29-6ab0699e3527 nofail + 53G0A2AXFJDH UUID=2fc7874c-ef0e-41d7-85f6-a8364041c51b /var/lib/keyfiles/2fc7874c-ef0e-41d7-85f6-a8364041c51b nofail + 53J0A016FJDH UUID=95f84b21-d3d3-4241-8a9b-5ac46afea1e1 /var/lib/keyfiles/95f84b21-d3d3-4241-8a9b-5ac46afea1e1 nofail + 92F0A079FJDH UUID=b915263e-082d-4954-845d-4bdf4fbf049a /var/lib/keyfiles/b915263e-082d-4954-845d-4bdf4fbf049a nofail + X2N0A0AXFJDH UUID=60e3e109-d7e0-4587-ba08-ba69eb6cd957 /var/lib/keyfiles/60e3e109-d7e0-4587-ba08-ba69eb6cd957 nofail + X2N0A0AZFJDH UUID=d57c6d8f-26cd-4387-8aaa-37dcedb1eadf /var/lib/keyfiles/d57c6d8f-26cd-4387-8aaa-37dcedb1eadf nofail + ZA1D9307 UUID=4d4621d3-0b75-4779-8548-a4836e68469e /var/lib/keyfiles/4d4621d3-0b75-4779-8548-a4836e68469e nofail + ''; + #unused + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/ad716602-9e0d-4c07-9fb5-e15cb6df3004"; + fsType = "ext4"; + #options = [ "compress-force=zstd" ]; + }; + + "/boot/efi" = { + device = "/dev/disk/by-uuid/2427-55B1"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + "/mnt/drives/1EJZN6MZ" = { + label = "1EJZN6MZ"; + fsType = "btrfs"; + options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ]; + }; + + "/mnt/drives/1EKR513Z" = { + label = "1EKR513Z"; + fsType = "btrfs"; + options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ]; + }; + + "/mnt/drives/1EKVK21Z" = { + label = "1EKVK21Z"; + fsType = "btrfs"; + options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ]; + }; + + "/mnt/drives/53F0A0SBFJDH" = { + label = "53F0A0SBFJDH"; + fsType = "btrfs"; + options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ]; + }; + + "/mnt/drives/53G0A2AXFJDH" = { + label = "53G0A2AXFJDH"; + fsType = "btrfs"; + options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ]; + }; + + "/mnt/drives/53J0A016FJDH" = { + label = "53J0A016FJDH"; + fsType = "btrfs"; + options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ]; + }; + + "/mnt/drives/92F0A079FJDH" = { + label = "92F0A079FJDH"; + fsType = "btrfs"; + options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ]; + }; + + "/mnt/drives/43P0A00FFJDH" = { + label = "43P0A00FFJDH"; + fsType = "btrfs"; + options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ]; + }; + + "/mnt/drives/43P0A00AFJDH" = { + label = "43P0A00AFJDH"; + fsType = "btrfs"; + options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ]; + }; + + "/mnt/drives/X2N0A0AXFJDH" = { + label = "X2N0A0AXFJDH"; + fsType = "ext4"; + options = [ "nofail" "x-systemd.mount-timeout=5m" ]; + }; + + "/mnt/drives/X2N0A0AZFJDH" = { + label = "X2N0A0AZFJDH"; + fsType = "btrfs"; + options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ]; + }; + + "/mnt/drives/ZA1D9307" = { + label = "ZA1D9307"; + fsType = "btrfs"; + options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ]; + }; + + "/mnt/mergerfs" = { + device = "/mnt/drives/X2N0A0AXFJDH:/mnt/drives/92F0A079FJDH:/mnt/drives/43P0A00FFJDH:/mnt/drives/43P0A00AFJDH:/mnt/drives/53J0A016FJDH:/mnt/drives/53F0A0SBFJDH:/mnt/drives/53G0A2AXFJDH:/mnt/drives/1EKVK21Z:/mnt/drives/1EJZN6MZ:/mnt/drives/1EKR513Z"; + fsType = "fuse.mergerfs"; + options = [ "cache.files=full,,dropcacheonclose=true,category.create=mfs" "nofail" ]; + depends = [ "/mnt/drives/X2N0A0AXFJDH" "/mnt/drives/92F0A079FJDH" "/mnt/drives/43P0A00FFJDH" "/mnt/drives/43P0A00AFJDH" "/mnt/drives/53J0A016FJDH" "/mnt/drives/53F0A0SBFJDH" "/mnt/drives/53G0A2AXFJDH" "/mnt/drives/1EKVK21Z" "/mnt/drives/1EJZN6MZ" "/mnt/drives/1EKR513Z" ]; + }; + + #"/mnt/box" = { + # device = "seedbox:"; + # fsType = "fuse.rclone"; + # options = [ "user_id=1000" "group_id=100" ]; + #}; + + }; + + services.nfs.server = { + enable = true; + exports = '' + /mnt/mergerfs 100.64.0.13(no_subtree_check,fsid=0) + ''; + }; + +} +# vim: set et ts=2 sw=2 ai: diff --git a/systems/nasty/hardware-configuration.nix b/systems/nasty/hardware-configuration.nix new file mode 100644 index 0000000..7a3d22b --- /dev/null +++ b/systems/nasty/hardware-configuration.nix @@ -0,0 +1,66 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + + system.stateVersion = "24.11"; + + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ./drives.nix + ./snapraid.nix + ]; + + boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "uas" "usbhid" "usb_storage" "sd_mod" "igc" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.efi.efiSysMountPoint = "/boot/efi"; + boot.loader.systemd-boot.enable = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + + boot.extraModprobeConfig = '' + options usb-storage quirks=174c:1356:u + ''; + + hardware.opengl = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver + vaapiIntel + vaapiVdpau + libvdpau-va-gl + ]; + }; + + networking.hostName = "nasty"; + + boot.initrd.network = { + enable = true; + ssh = { + enable = true; + port = 2222; + hostKeys = [ "/root/ssh_host_ed25519_key" ]; + }; + postCommands = '' + echo "cryptsetup-askpass" >> /root/.profile + ''; + udhcpc.extraArgs = [ "--timeout=10" ]; + }; + + boot.initrd.luks.devices."nixos".device = "/dev/disk/by-uuid/58fc6ad3-8b7c-4448-8f07-5fedac404442"; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp86s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + #hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} +# vim: set et ts=2 sw=2 ai: diff --git a/systems/nasty/samba.nix b/systems/nasty/samba.nix new file mode 100644 index 0000000..9239fcf --- /dev/null +++ b/systems/nasty/samba.nix @@ -0,0 +1,50 @@ +{ ... }: +{ + users.groups = { + dummesos = { gid = 1100; }; + }; + + users.users = { + dummesos = { + uid = 1100; + isSystemUser = true; + group = "dummesos"; + }; + }; + + services.samba-wsdd = { + enable = true; + openFirewall = true; + }; + + services.samba = { + enable = true; + openFirewall = true; + shares = { + "private" = { + path = "/mnt/mergerfs/smb/%u"; + "read only" = "no"; + "create mask" = "0600"; + "directory mask" = "0700"; + }; + "software" = { + path = "/mnt/mergerfs/media/software"; + "guest ok" = "yes"; + }; + "movies" = { + path = "/mnt/mergerfs/media/movies"; + "guest ok" = "yes"; + }; + "Serien" = { + path = "/mnt/mergerfs/media/Serien"; + "guest ok" = "yes"; + }; + #"software" = { + # path = "/mnt/mergerfs/media/software"; + # "guest ok" = "yes"; + #}; + }; + }; + +} +# vim: set et ts=2 sw=2 ai: diff --git a/systems/nasty/snapraid.nix b/systems/nasty/snapraid.nix new file mode 100644 index 0000000..b530abf --- /dev/null +++ b/systems/nasty/snapraid.nix @@ -0,0 +1,87 @@ +{ ... }: +let + excludes = [ + "/media/usenet/incomplete/" + ]; +in +{ + #systemd.timers."snapraid-sync".enable = false; #temporarily + #services.snapraid = { + # enable = true; + # scrub.plan = 5; + # parityFiles = [ + # "/mnt/drives/X2N0A0AZFJDH/snapraid.parity" + # ]; + # dataDisks = { + # d1 = "/mnt/drives/43P0A00AFJDH"; + # d2 = "/mnt/drives/43P0A00FFJDH"; + # d3 = "/mnt/drives/53F0A0SBFJDH"; + # d4 = "/mnt/drives/53G0A2AXFJDH"; + # d5 = "/mnt/drives/53J0A016FJDH"; + # d6 = "/mnt/drives/92F0A079FJDH"; + # d7 = "/mnt/drives/X2N0A0AXFJDH"; + # #d3 = "/mnt/drives/1EKVK21Z"; + # }; + # contentFiles = [ + # "/mnt/snapraid-18tb1.content" + # "/mnt/snapraid-18tb2.content" + # #"/mnt/drives/43P0A00AFJDH/snapraid.content" + # #"/mnt/drives/43P0A00FFJDH/snapraid.content" + # #"/mnt/drives/53F0A0SBFJDH/snapraid.content" + # #"/mnt/drives/53G0A2AXFJDH/snapraid.content" + # #"/mnt/drives/53J0A016FJDH/snapraid.content" + # #"/mnt/drives/92F0A079FJDH/snapraid.content" + # #"/mnt/drives/X2N0A0AXFJDH/snapraid.content" + # #"/mnt/drives/1EKVK21Z/snapraid.content" + # ]; + # exclude = [ + # "/media/usenet/incomplete/" + # ]; + #}; + + imports = [ ./modules/snapraid.nix ]; + + services.snapraidnew = { + "8tb" = { + arrayName = "8tb"; + enable = true; + scrub.plan = 5; + parityFiles = [ + "/mnt/drives/ZA1D9307/snapraid-8tb.parity" + ]; + dataDisks = { + d1 = "/mnt/drives/1EJZN6MZ"; + d2 = "/mnt/drives/1EKR513Z"; + d3 = "/mnt/drives/1EKVK21Z"; + }; + contentFiles = [ + "/mnt/snapraid-8tb1.content" + "/mnt/drives/X2N0A0AZFJDH/snapraid-8tb2.content" + ]; + exclude = excludes; + }; + "18tb" = { + enable = true; + scrub.plan = 5; + parityFiles = [ + "/mnt/drives/X2N0A0AZFJDH/snapraid.parity" + ]; + dataDisks = { + d1 = "/mnt/drives/43P0A00AFJDH"; + d2 = "/mnt/drives/43P0A00FFJDH"; + d3 = "/mnt/drives/53F0A0SBFJDH"; + d4 = "/mnt/drives/53G0A2AXFJDH"; + d5 = "/mnt/drives/53J0A016FJDH"; + d6 = "/mnt/drives/92F0A079FJDH"; + d7 = "/mnt/drives/X2N0A0AXFJDH"; + }; + contentFiles = [ + "/mnt/snapraid-18tb1.content" + "/mnt/drives/ZA1D9307/snapraid-18tb2.content" + ]; + exclude = excludes; + }; + }; + +} +# vim: set et ts=2 sw=2 ai: