init

2024-09-26 23:50:15 -04:00
commit 36ae02372c
15 changed files with 623 additions and 0 deletions
--- a/configuration.nix
+++ b/configuration.nix
@@ -0,0 +1,231 @@
+{
+  config,
+  lib,
+  pkgs,
+  hostname,
+  username,
+  eth_interface,
+  service_configs,
+  ...
+}:
+{
+  imports = [
+    ./hardware.nix
+    # ./services/jellyfin.nix
+    ./services/caddy.nix
+    ./services/quadlet.nix
+    ./services/immich.nix
+    ./services/git.nix
+  ];
+
+  nix = {
+    #garbage collection and cleanup stuff
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 7d";
+    };
+
+    #optimize the store
+    optimise.automatic = true;
+
+    #enable flakes!
+    settings.experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+  };
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_6_10;
+
+    supportedFilesystems = [ "zfs" ];
+    zfs.extraPools = [ "tank" ];
+    loader = {
+      # Use the systemd-boot EFI boot loader.
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+  };
+
+  # Set your time zone.
+  time.timeZone = "America/New_York";
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      PermitRootLogin = "no";
+    };
+  };
+
+  #Intel GPU stuff
+  nixpkgs.config.packageOverrides = pkgs: {
+    vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
+  };
+
+  hardware.graphics = {
+    enable = true;
+    extraPackages = with pkgs; [
+      intel-media-driver
+      intel-vaapi-driver # previously vaapiIntel
+      vaapiVdpau
+      intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
+      vpl-gpu-rt # QSV on 11th gen or newer
+    ];
+  };
+
+  #fwupd for updating firmware
+  services.fwupd = {
+    enable = true;
+    extraRemotes = [ "lvfs-testing" ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    helix
+    nixfmt-rfc-style
+
+    lm_sensors
+    bottom
+    htop
+
+    borgbackup
+    smartmontools
+
+    nil
+
+    ripgrep
+
+    intel-gpu-tools
+  ];
+
+  services.zfs = {
+    autoScrub.enable = true;
+    autoSnapshot.enable = true;
+  };
+
+  systemd.services.no-rgb =
+    let
+      no-rgb = pkgs.writeScriptBin "no-rgb" ''
+        #!/bin/sh
+        NUM_DEVICES=$(${pkgs.openrgb}/bin/openrgb --noautoconnect --list-devices | ${pkgs.coreutils}/bin/grep -E '^[0-9]+: ' | ${pkgs.coreutils}/bin/wc -l)
+
+        for i in $(${pkgs.coreutils}/bin/seq 0 $(($NUM_DEVICES - 1))); do
+          ${pkgs.openrgb}/bin/openrgb --noautoconnect --device $i --mode direct --color 000000
+        done
+      '';
+    in
+    {
+      description = "disable rgb";
+      serviceConfig = {
+        ExecStart = "${no-rgb}/bin/no-rgb";
+        Type = "oneshot";
+      };
+      wantedBy = [ "multi-user.target" ];
+    };
+
+  services.hardware.openrgb = {
+    enable = true;
+    package = pkgs.openrgb-with-all-plugins;
+    motherboard = "amd";
+  };
+
+  services.udev.packages = [ pkgs.openrgb-with-all-plugins ];
+  hardware.i2c.enable = true;
+
+  networking = {
+    nameservers = [
+      "1.1.1.1"
+      "9.9.9.9"
+    ];
+
+    hostName = hostname;
+    hostId = "0f712d56";
+    firewall.enable = true;
+    useDHCP = false;
+
+    interfaces.${eth_interface} = {
+      ipv4.addresses = [
+        {
+          address = "10.1.1.102";
+          prefixLength = 24;
+        }
+      ];
+    };
+    defaultGateway = {
+      address = "10.1.1.1";
+      interface = eth_interface;
+    };
+  };
+
+  virtualisation = {
+    containers.enable = true;
+    podman = {
+      enable = true;
+
+      # Required for containers under podman-compose to be able to talk to each other.
+      defaultNetwork.settings.dns_enabled = true;
+    };
+  };
+
+  users.users.${username} = {
+    isNormalUser = true;
+    extraGroups = [
+      "wheel"
+      "video"
+      "render"
+    ];
+    hashedPasswordFile = "/etc/nixos/secrets/hashedPass";
+
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJjT5QZ3zRDb+V6Em20EYpSEgPW5e/U+06uQGJdraxi" # desktop
+    ];
+  };
+
+  # https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell
+  programs.fish.enable = true;
+  programs.bash = {
+    interactiveShellInit = ''
+      if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
+      then
+        shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
+        exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
+      fi
+    '';
+  };
+
+  security = {
+    #lets use doas and not sudo!
+    doas.enable = true;
+    sudo.enable = false;
+    # Configure doas
+    doas.extraRules = [
+      {
+        users = [ username ];
+        keepEnv = true;
+        persist = true;
+      }
+    ];
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    service_configs.ports.minecraft
+  ];
+
+  services.murmur = {
+    enable = true;
+    openFirewall = true;
+    welcometext = "meow meow meow meow meow :3 xd";
+    password = builtins.readFile ./secrets/murmur_password;
+  };
+
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_16;
+    dataDir = "/tank/services/sql";
+  };
+
+  system.stateVersion = "24.05";
+}