added nasty system config

systems/nasty/configuration.nix

@@ -0,0 +1,65 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ 
+      ./hardware-configuration.nix
+      ./modules/generic.nix
+      ./modules/physical.nix
+      ./modules/borg-serve.nix
+      ./modules/jellyfin.nix
+      ./modules/arrstack.nix
+      ./modules/authentik-proxy.nix
+      ./modules/stash.nix
+      #./modules/nextcloud-aio.nix
+      ./samba.nix
+      ./modules/navidrome.nix
+      ./modules/feishin.nix
+      ./modules/tvproxy.nix
+      ./modules/calibre-web.nix
+      ./modules/borg.nix
+    ];
+
+  system.autoUpgrade = {
+    allowReboot = false;
+  };
+
+  sops.secrets."authentik/proxy/nasty" = {};
+  services.authentik-proxy.token = builtins.readFile config.sops.secrets."authentik/proxy/nasty".path;
+
+  environment.systemPackages = with pkgs; [
+    mediainfo
+    mergerfs
+    mergerfs-tools
+    filezilla
+    firefox
+    ffmpeg_6-full
+    _7zz
+  ];
+
+  programs.fuse.userAllowOther = true;
+
+  users.users.mc-fucker.extraGroups = [ "render" ];
+
+  zramSwap.memoryPercent = 50;
+
+  programs.atop.netatop.enable = false;
+  programs.java.enable = true;
+
+  services.xserver = {
+    enable = true;
+    desktopManager = {
+      xterm.enable = false;
+      xfce.enable = true;
+    };
+  };
+
+  services.xrdp = {
+    enable = true;
+    defaultWindowManager = "xfce4-session";
+  };
+
+  #system.stateVersion = "24.11";
+
+}
+# vim: set et ts=2 sw=2 ai:

systems/nasty/drives.nix

@@ -0,0 +1,130 @@
+{ ... }:
+{
+
+  environment.etc.crypttab = {
+    text = ''
+      1EJZN6MZ      UUID=8264b529-17a9-4167-8e34-3774b5074a4e /var/lib/keyfiles/8264b529-17a9-4167-8e34-3774b5074a4e nofail
+      1EKR513Z      UUID=80483157-7aa4-42a4-af5d-bbd7474a29b3 /var/lib/keyfiles/80483157-7aa4-42a4-af5d-bbd7474a29b3 nofail
+      1EKVK21Z      UUID=438e7e6b-4faa-4fc5-b7ba-3d7af0c9e184 /var/lib/keyfiles/438e7e6b-4faa-4fc5-b7ba-3d7af0c9e184 nofail
+      43P0A00AFJDH  UUID=eff697b4-86bc-4a0e-833f-cc40e6aa001e /var/lib/keyfiles/eff697b4-86bc-4a0e-833f-cc40e6aa001e nofail
+      43P0A00FFJDH  UUID=eae95261-2600-4935-93ba-6cd8e54773e0 /var/lib/keyfiles/eae95261-2600-4935-93ba-6cd8e54773e0 nofail
+      53F0A0SBFJDH  UUID=f443a535-ca5a-4093-9f29-6ab0699e3527 /var/lib/keyfiles/f443a535-ca5a-4093-9f29-6ab0699e3527 nofail
+      53G0A2AXFJDH  UUID=2fc7874c-ef0e-41d7-85f6-a8364041c51b /var/lib/keyfiles/2fc7874c-ef0e-41d7-85f6-a8364041c51b nofail
+      53J0A016FJDH  UUID=95f84b21-d3d3-4241-8a9b-5ac46afea1e1 /var/lib/keyfiles/95f84b21-d3d3-4241-8a9b-5ac46afea1e1 nofail
+      92F0A079FJDH  UUID=b915263e-082d-4954-845d-4bdf4fbf049a /var/lib/keyfiles/b915263e-082d-4954-845d-4bdf4fbf049a nofail
+      X2N0A0AXFJDH  UUID=60e3e109-d7e0-4587-ba08-ba69eb6cd957 /var/lib/keyfiles/60e3e109-d7e0-4587-ba08-ba69eb6cd957 nofail
+      X2N0A0AZFJDH  UUID=d57c6d8f-26cd-4387-8aaa-37dcedb1eadf /var/lib/keyfiles/d57c6d8f-26cd-4387-8aaa-37dcedb1eadf nofail
+      ZA1D9307      UUID=4d4621d3-0b75-4779-8548-a4836e68469e /var/lib/keyfiles/4d4621d3-0b75-4779-8548-a4836e68469e nofail
+    '';
+      #unused
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/ad716602-9e0d-4c07-9fb5-e15cb6df3004";
+      fsType = "ext4";
+      #options = [ "compress-force=zstd" ];
+    };
+
+    "/boot/efi" = {
+      device = "/dev/disk/by-uuid/2427-55B1";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+    "/mnt/drives/1EJZN6MZ" = {
+      label = "1EJZN6MZ";
+      fsType = "btrfs";
+      options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ];
+    };
+
+    "/mnt/drives/1EKR513Z" = {
+      label = "1EKR513Z";
+      fsType = "btrfs";
+      options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ];
+    };
+
+    "/mnt/drives/1EKVK21Z" = {
+      label = "1EKVK21Z";
+      fsType = "btrfs";
+      options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ];
+    };
+
+    "/mnt/drives/53F0A0SBFJDH" = {
+      label = "53F0A0SBFJDH";
+      fsType = "btrfs";
+      options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ];
+    };
+
+    "/mnt/drives/53G0A2AXFJDH" = {
+      label = "53G0A2AXFJDH";
+      fsType = "btrfs";
+      options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ];
+    };
+
+    "/mnt/drives/53J0A016FJDH" = {
+      label = "53J0A016FJDH";
+      fsType = "btrfs";
+      options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ];
+    };
+
+    "/mnt/drives/92F0A079FJDH" = {
+      label = "92F0A079FJDH";
+      fsType = "btrfs";
+      options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ];
+    };
+
+    "/mnt/drives/43P0A00FFJDH" = {
+      label = "43P0A00FFJDH";
+      fsType = "btrfs";
+      options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ];
+    };
+
+    "/mnt/drives/43P0A00AFJDH" = {
+      label = "43P0A00AFJDH";
+      fsType = "btrfs";
+      options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ];
+    };
+
+    "/mnt/drives/X2N0A0AXFJDH" = {
+      label = "X2N0A0AXFJDH";
+      fsType = "ext4";
+      options = [ "nofail" "x-systemd.mount-timeout=5m" ];
+    };
+
+    "/mnt/drives/X2N0A0AZFJDH" = {
+      label = "X2N0A0AZFJDH";
+      fsType = "btrfs";
+      options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ];
+    };
+
+    "/mnt/drives/ZA1D9307" = {
+      label = "ZA1D9307";
+      fsType = "btrfs";
+      options = [ "compress-force=zstd" "nofail" "x-systemd.mount-timeout=5m" ];
+    };
+
+    "/mnt/mergerfs" = {
+      device = "/mnt/drives/X2N0A0AXFJDH:/mnt/drives/92F0A079FJDH:/mnt/drives/43P0A00FFJDH:/mnt/drives/43P0A00AFJDH:/mnt/drives/53J0A016FJDH:/mnt/drives/53F0A0SBFJDH:/mnt/drives/53G0A2AXFJDH:/mnt/drives/1EKVK21Z:/mnt/drives/1EJZN6MZ:/mnt/drives/1EKR513Z";
+      fsType = "fuse.mergerfs";
+      options = [ "cache.files=full,,dropcacheonclose=true,category.create=mfs" "nofail" ];
+      depends = [ "/mnt/drives/X2N0A0AXFJDH" "/mnt/drives/92F0A079FJDH" "/mnt/drives/43P0A00FFJDH" "/mnt/drives/43P0A00AFJDH" "/mnt/drives/53J0A016FJDH" "/mnt/drives/53F0A0SBFJDH" "/mnt/drives/53G0A2AXFJDH" "/mnt/drives/1EKVK21Z" "/mnt/drives/1EJZN6MZ" "/mnt/drives/1EKR513Z" ];
+    };
+
+    #"/mnt/box" = {
+    #  device = "seedbox:";
+    #  fsType = "fuse.rclone";
+    #  options = [ "user_id=1000" "group_id=100" ];
+    #};
+
+  };
+
+  services.nfs.server = {
+    enable = true;
+    exports = ''
+      /mnt/mergerfs   100.64.0.13(no_subtree_check,fsid=0)
+    '';
+  };
+
+}
+# vim: set et ts=2 sw=2 ai:

systems/nasty/hardware-configuration.nix

@@ -0,0 +1,66 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+
+  system.stateVersion = "24.11";
+
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+      ./drives.nix
+      ./snapraid.nix
+    ];
+
+  boot.extraModulePackages = [ ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "uas" "usbhid" "usb_storage" "sd_mod" "igc" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  boot.loader.systemd-boot.enable = true;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  boot.extraModprobeConfig = ''
+    options usb-storage quirks=174c:1356:u
+  '';
+
+  hardware.opengl = {
+    enable = true;
+    extraPackages = with pkgs; [
+      intel-media-driver
+      vaapiIntel
+      vaapiVdpau
+      libvdpau-va-gl
+    ];
+  };
+
+  networking.hostName = "nasty";
+
+  boot.initrd.network = {
+    enable = true;
+    ssh = {
+      enable = true;
+      port = 2222;
+      hostKeys = [ "/root/ssh_host_ed25519_key" ];
+    };
+    postCommands = ''
+      echo "cryptsetup-askpass" >> /root/.profile
+    '';
+    udhcpc.extraArgs = [ "--timeout=10" ];
+  };
+
+  boot.initrd.luks.devices."nixos".device = "/dev/disk/by-uuid/58fc6ad3-8b7c-4448-8f07-5fedac404442";
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp86s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  #hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
+# vim: set et ts=2 sw=2 ai:

systems/nasty/samba.nix

@@ -0,0 +1,50 @@
+{ ... }:
+{
+  users.groups = {
+    dummesos = { gid = 1100; };
+  };
+
+  users.users = {
+    dummesos = {
+      uid = 1100;
+      isSystemUser = true;
+      group = "dummesos";
+    };
+  };
+
+  services.samba-wsdd = {
+    enable = true;
+    openFirewall = true;
+  };
+
+  services.samba = {
+    enable = true;
+    openFirewall = true;
+    shares = {
+      "private" = {
+        path = "/mnt/mergerfs/smb/%u";
+        "read only" = "no";
+        "create mask" = "0600";
+        "directory mask" = "0700";
+      };
+      "software" = {
+        path = "/mnt/mergerfs/media/software";
+        "guest ok" = "yes";
+      };
+      "movies" = {
+        path = "/mnt/mergerfs/media/movies";
+        "guest ok" = "yes";
+      };
+      "Serien" = {
+        path = "/mnt/mergerfs/media/Serien";
+        "guest ok" = "yes";
+      };
+      #"software" = {
+      #  path = "/mnt/mergerfs/media/software";
+      #  "guest ok" = "yes";
+      #};
+    };
+  };
+
+}
+# vim: set et ts=2 sw=2 ai:

systems/nasty/snapraid.nix

@@ -0,0 +1,87 @@
+{ ... }:
+let
+  excludes = [
+    "/media/usenet/incomplete/"
+  ];
+in
+{
+  #systemd.timers."snapraid-sync".enable = false; #temporarily
+  #services.snapraid = {
+  #  enable = true;
+  #  scrub.plan = 5;
+  #  parityFiles = [
+  #    "/mnt/drives/X2N0A0AZFJDH/snapraid.parity"
+  #  ];
+  #  dataDisks = {
+  #    d1 = "/mnt/drives/43P0A00AFJDH";
+  #    d2 = "/mnt/drives/43P0A00FFJDH";
+  #    d3 = "/mnt/drives/53F0A0SBFJDH";
+  #    d4 = "/mnt/drives/53G0A2AXFJDH";
+  #    d5 = "/mnt/drives/53J0A016FJDH";
+  #    d6 = "/mnt/drives/92F0A079FJDH";
+  #    d7 = "/mnt/drives/X2N0A0AXFJDH";
+  #    #d3 = "/mnt/drives/1EKVK21Z";
+  #  };
+  #  contentFiles = [
+  #    "/mnt/snapraid-18tb1.content"
+  #    "/mnt/snapraid-18tb2.content"
+  #    #"/mnt/drives/43P0A00AFJDH/snapraid.content"
+  #    #"/mnt/drives/43P0A00FFJDH/snapraid.content"
+  #    #"/mnt/drives/53F0A0SBFJDH/snapraid.content"
+  #    #"/mnt/drives/53G0A2AXFJDH/snapraid.content"
+  #    #"/mnt/drives/53J0A016FJDH/snapraid.content"
+  #    #"/mnt/drives/92F0A079FJDH/snapraid.content"
+  #    #"/mnt/drives/X2N0A0AXFJDH/snapraid.content"
+  #    #"/mnt/drives/1EKVK21Z/snapraid.content"
+  #  ];
+  #  exclude = [
+  #    "/media/usenet/incomplete/"
+  #  ];
+  #};
+
+  imports = [ ./modules/snapraid.nix ];
+
+  services.snapraidnew = {
+    "8tb" = {
+      arrayName = "8tb";
+      enable = true;
+      scrub.plan = 5;
+      parityFiles = [
+        "/mnt/drives/ZA1D9307/snapraid-8tb.parity"
+      ];
+      dataDisks = {
+        d1 = "/mnt/drives/1EJZN6MZ";
+        d2 = "/mnt/drives/1EKR513Z";
+        d3 = "/mnt/drives/1EKVK21Z";
+      };
+      contentFiles = [
+        "/mnt/snapraid-8tb1.content"
+        "/mnt/drives/X2N0A0AZFJDH/snapraid-8tb2.content"
+      ];
+      exclude = excludes;
+    };
+    "18tb" = {
+      enable = true;
+      scrub.plan = 5;
+      parityFiles = [
+        "/mnt/drives/X2N0A0AZFJDH/snapraid.parity"
+      ];
+      dataDisks = {
+        d1 = "/mnt/drives/43P0A00AFJDH";
+        d2 = "/mnt/drives/43P0A00FFJDH";
+        d3 = "/mnt/drives/53F0A0SBFJDH";
+        d4 = "/mnt/drives/53G0A2AXFJDH";
+        d5 = "/mnt/drives/53J0A016FJDH";
+        d6 = "/mnt/drives/92F0A079FJDH";
+        d7 = "/mnt/drives/X2N0A0AXFJDH";
+      };
+      contentFiles = [
+        "/mnt/snapraid-18tb1.content"
+        "/mnt/drives/ZA1D9307/snapraid-18tb2.content"
+      ];
+      exclude = excludes;
+    };
+  };
+
+}
+# vim: set et ts=2 sw=2 ai: