2024-04-29 15:42:44 -04:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
pkgs,
|
|
|
|
|
lib,
|
|
|
|
|
...
|
|
|
|
|
}:
|
2024-03-03 18:06:28 -05:00
|
|
|
{
|
2024-06-06 23:34:14 -04:00
|
|
|
imports = [
|
2024-12-01 00:56:29 -05:00
|
|
|
./acme.nix
|
2024-08-24 01:34:05 -04:00
|
|
|
./attic
|
2024-10-26 15:51:00 -04:00
|
|
|
./docker
|
|
|
|
|
./gitea.nix
|
2024-10-22 17:43:51 -04:00
|
|
|
./firewall.nix
|
2024-08-24 01:34:05 -04:00
|
|
|
./haproxy
|
2024-10-22 23:59:13 -04:00
|
|
|
./hardware-changes.nix
|
2025-03-26 02:43:56 -04:00
|
|
|
./hydra.nix
|
2024-06-24 20:22:39 -04:00
|
|
|
./minio.nix
|
2024-06-06 23:34:14 -04:00
|
|
|
./networking.nix
|
2024-06-11 20:55:14 -04:00
|
|
|
./nextcloud.nix
|
2025-06-01 15:16:17 -04:00
|
|
|
#./plex
|
2024-11-02 23:59:38 -04:00
|
|
|
./postgresql.nix
|
2025-03-26 02:05:17 -04:00
|
|
|
./samba.nix
|
2024-06-06 23:34:14 -04:00
|
|
|
./zfs.nix
|
|
|
|
|
];
|
2024-04-10 18:23:40 -04:00
|
|
|
|
2024-02-06 23:58:33 +01:00
|
|
|
programs.git.lfs.enable = false;
|
2024-02-05 22:45:43 +01:00
|
|
|
|
|
|
|
|
nixpkgs.config.packageOverrides = pkgs: {
|
2024-03-03 18:06:28 -05:00
|
|
|
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
|
2024-02-05 22:45:43 +01:00
|
|
|
};
|
|
|
|
|
|
2023-12-26 04:07:18 +01:00
|
|
|
boot = {
|
2023-12-27 10:03:13 +01:00
|
|
|
loader.grub.device = "/dev/sda";
|
|
|
|
|
useSystemdBoot = true;
|
2024-03-03 18:06:28 -05:00
|
|
|
kernelParams = [
|
|
|
|
|
"i915.force_probe=56a5"
|
|
|
|
|
"i915.enable_guc=2"
|
|
|
|
|
];
|
2024-02-18 00:27:02 -05:00
|
|
|
kernel.sysctl = {
|
2024-06-03 19:30:55 -04:00
|
|
|
"vm.overcommit_memory" = lib.mkForce 1;
|
2024-02-18 00:27:02 -05:00
|
|
|
"vm.swappiness" = 10;
|
|
|
|
|
};
|
2024-02-17 15:51:38 +01:00
|
|
|
binfmt.emulatedSystems = [ "aarch64-linux" ];
|
2024-02-03 22:00:35 +01:00
|
|
|
};
|
2024-02-02 06:31:40 +01:00
|
|
|
|
2024-02-01 05:24:04 +01:00
|
|
|
hardware = {
|
|
|
|
|
enableAllFirmware = true;
|
2024-06-21 19:41:34 -04:00
|
|
|
graphics = {
|
2024-02-01 05:24:04 +01:00
|
|
|
enable = true;
|
|
|
|
|
extraPackages = with pkgs; [
|
|
|
|
|
intel-media-driver # LIBVA_DRIVER_NAME=iHD
|
|
|
|
|
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
|
|
|
|
|
vaapiVdpau
|
|
|
|
|
libvdpau-va-gl
|
|
|
|
|
intel-compute-runtime
|
2025-08-01 00:16:57 -04:00
|
|
|
vpl-gpu-rt # replaces intel-media-sdk
|
2024-02-01 05:24:04 +01:00
|
|
|
];
|
|
|
|
|
};
|
2024-01-27 12:00:32 -05:00
|
|
|
};
|
|
|
|
|
|
2025-05-05 17:17:31 -04:00
|
|
|
environment = {
|
|
|
|
|
systemPackages = with pkgs; [
|
|
|
|
|
chromedriver
|
|
|
|
|
chromium
|
|
|
|
|
docker-compose
|
|
|
|
|
filebot
|
|
|
|
|
intel-gpu-tools
|
|
|
|
|
jellyfin-ffmpeg
|
|
|
|
|
jq
|
|
|
|
|
yt-dlp
|
|
|
|
|
yq
|
|
|
|
|
];
|
|
|
|
|
etc = {
|
|
|
|
|
# Creates /etc/lynis/custom.prf
|
|
|
|
|
"lynis/custom.prf" = {
|
|
|
|
|
text = ''
|
|
|
|
|
skip-test=BANN-7126
|
|
|
|
|
skip-test=BANN-7130
|
|
|
|
|
skip-test=DEB-0520
|
|
|
|
|
skip-test=DEB-0810
|
|
|
|
|
skip-test=FIRE-4513
|
|
|
|
|
skip-test=HRDN-7222
|
|
|
|
|
skip-test=KRNL-5820
|
|
|
|
|
skip-test=LOGG-2190
|
|
|
|
|
skip-test=LYNIS
|
|
|
|
|
skip-test=TOOL-5002
|
|
|
|
|
'';
|
|
|
|
|
mode = "0440";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-12-23 07:39:10 +01:00
|
|
|
|
|
|
|
|
services = {
|
|
|
|
|
samba.enable = true;
|
|
|
|
|
nfs.server.enable = true;
|
2023-12-25 13:30:28 -05:00
|
|
|
openssh.ports = [ 666 ];
|
2023-12-29 00:00:49 -05:00
|
|
|
smartd.enable = true;
|
2024-11-29 15:05:11 -05:00
|
|
|
calibre-server.enable = false;
|
2024-02-01 05:24:04 +01:00
|
|
|
|
2024-03-24 13:08:42 -04:00
|
|
|
};
|
|
|
|
|
|
2024-04-20 11:30:15 -04:00
|
|
|
nix.gc.options = "--delete-older-than 150d";
|
2024-04-19 14:17:41 -04:00
|
|
|
|
2024-04-29 19:58:38 -04:00
|
|
|
# TODO: revert this once UPS is plugged in
|
|
|
|
|
# Not reverting this before the merge as the UPS not being plugged in is
|
|
|
|
|
# causing upgrades to fail
|
2024-04-27 20:48:44 -04:00
|
|
|
power.ups = {
|
2024-04-29 17:16:21 -04:00
|
|
|
enable = false;
|
2024-04-27 20:48:44 -04:00
|
|
|
ups."LX1325GU3" = {
|
|
|
|
|
driver = "usbhid-ups";
|
|
|
|
|
port = "auto";
|
|
|
|
|
description = "CyberPower LX1325GU3";
|
|
|
|
|
};
|
|
|
|
|
users.upsmon = {
|
|
|
|
|
passwordFile = config.sops.secrets."upsmon/password".path;
|
|
|
|
|
upsmon = "primary";
|
|
|
|
|
};
|
|
|
|
|
upsmon.monitor."LX1325GU3".user = "upsmon";
|
|
|
|
|
};
|
|
|
|
|
|
2024-02-01 16:50:14 -05:00
|
|
|
sops = {
|
|
|
|
|
defaultSopsFile = ./secrets.yaml;
|
2024-04-29 15:42:44 -04:00
|
|
|
secrets = {
|
|
|
|
|
"postgres/init".owner = "postgres";
|
|
|
|
|
"upsmon/password".owner = "root";
|
|
|
|
|
};
|
2024-02-01 16:50:14 -05:00
|
|
|
};
|
|
|
|
|
|
2023-12-23 08:27:00 +01:00
|
|
|
system.stateVersion = "23.05";
|
2023-12-25 12:40:59 -05:00
|
|
|
}
|
