{
config,
pkgs,
lib,
...
}:
{
imports = [
./acme.nix
./attic
./docker
./gitea.nix
./firewall.nix
./haproxy
./hardware-changes.nix
./hydra.nix
./minio.nix
./networking.nix
./nextcloud.nix
./samba.nix
./postgresql.nix
./zfs.nix
];
programs.git.lfs.enable = false;
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
boot = {
loader.grub.device = "/dev/sda";
useSystemdBoot = true;
kernelParams = [
"i915.force_probe=56a5"
"i915.enable_guc=2"
];
kernel.sysctl = {
"vm.overcommit_memory" = lib.mkForce 1;
"vm.swappiness" = 10;
};
binfmt.emulatedSystems = [ "aarch64-linux" ];
};
hardware = {
enableAllFirmware = true;
graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
intel-compute-runtime
intel-media-sdk
];
};
};
environment.systemPackages = with pkgs; [
docker-compose
intel-gpu-tools
jellyfin-ffmpeg
jq
];
services = {
samba.enable = true;
nfs.server.enable = true;
openssh.ports = [ 666 ];
smartd.enable = true;
calibre-server.enable = false;
};
nix.gc.options = "--delete-older-than 150d";
# TODO: revert this once UPS is plugged in
# Not reverting this before the merge as the UPS not being plugged in is
# causing upgrades to fail
power.ups = {
enable = false;
ups."LX1325GU3" = {
driver = "usbhid-ups";
port = "auto";
description = "CyberPower LX1325GU3";
};
users.upsmon = {
passwordFile = config.sops.secrets."upsmon/password".path;
upsmon = "primary";
};
upsmon.monitor."LX1325GU3".user = "upsmon";
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
"postgres/init".owner = "postgres";
"upsmon/password".owner = "root";
};
};
system.stateVersion = "23.05";
}