overhaul

2025-02-01 20:13:37 -05:00
parent a8ea520f9f
commit b98adc50f6
8 changed files with 118 additions and 45 deletions
--- a/configuration.nix
+++ b/configuration.nix
@@ -11,6 +11,7 @@
 {
  imports = [
    ./hardware.nix
+    ./zfs.nix
    ./services/jellyfin.nix
    ./services/caddy.nix
    ./services/immich.nix
@@ -60,15 +61,6 @@

  boot = {
    kernelPackages = pkgs.linuxPackages;
-    zfs.package = pkgs.zfs_unstable;
-
-    kernelParams = [
-      # 2048MB
-      "zfs.zfs_arc_max=2048000000"
-    ];
-
-    supportedFilesystems = [ "zfs" ];
-    zfs.extraPools = [ "tank" ];

    loader = {
      # Use the systemd-boot EFI boot loader.
@@ -96,13 +88,10 @@
      #!/bin/sh
      rm -fr ${config.boot.lanzaboote.pkiBundle} || true
      mkdir -p ${config.boot.lanzaboote.pkiBundle}
-      ${pkgs.gnutar}/bin/tar xf /etc/nixos/secrets/secureboot.tar -C ${config.boot.lanzaboote.pkiBundle}
+      ${pkgs.gnutar}/bin/tar xf ${./secrets/secureboot.tar} -C ${config.boot.lanzaboote.pkiBundle}
    '';
  };

-  # encryption key for zpool (VERY IMPORTANT)
-  boot.initrd.secrets."/etc/zfs-key" = /etc/nixos/secrets/zfs-key;
-
  environment.etc = {
    "issue".text = "";
  };
@@ -160,25 +149,32 @@

    powertop

-    (pkgs.writeScriptBin "mc-console" ''
-      #!/bin/sh
-      ${pkgs.tmux}/bin/tmux -S /run/minecraft/${service_configs.minecraft.server_name}.sock attach
-    '')
+    (pkgs.writeShellApplication {
+      name = "disk-smart-test";
+      runtimeInputs = with pkgs; [
+        gnugrep
+        coreutils
+        smartmontools
+      ];

-    (pkgs.writeScriptBin "disk-smart-test" ''
-      #!/bin/sh
-      set -e
-      if [[ $EUID -ne 0 ]]; then
-        echo "This command requires root."
-        exit 2
-      fi
+      # i gotta fix that
+      excludeShellChecks = [ "SC2010" ];

-      DISKS=$(${pkgs.coreutils}/bin/ls /dev/sd* | ${pkgs.gnugrep}/bin/grep -v "[0-9]$")
-      for i in $DISKS; do
-        ${pkgs.coreutils}/bin/echo -n "$i "
-        ${pkgs.smartmontools}/bin/smartctl -a "$i" | ${pkgs.gnugrep}/bin/grep "SMART overall-health self-assessment test result:" | ${pkgs.coreutils}/bin/cut -d' ' -f6
-      done
-    '')
+      text = ''
+        #!/bin/sh
+        set -e
+        if [[ $EUID -ne 0 ]]; then
+          echo "This command requires root."
+          exit 2
+        fi
+
+        DISKS=$(ls /dev/sd* | grep -v "[0-9]$")
+        for i in $DISKS; do
+          echo -n "$i "
+          smartctl -a "$i" | grep "SMART overall-health self-assessment test result:" | cut -d' ' -f6
+        done
+      '';
+    })

    (pkgs.writeShellApplication {
      name = "reflac";
@@ -279,6 +275,8 @@
    # };
  };

+  users.groups.${service_configs.torrent_group} = { };
+
  users.users.${username} = {
    isNormalUser = true;
    extraGroups = [
@@ -286,9 +284,11 @@
      "video"
      "render"
      "postgres"
-      "owntracks"
+      "media"
+      service_configs.torrent_group
    ];
-    hashedPasswordFile = "/etc/nixos/secrets/hashedPass";
+
+    hashedPasswordFile = "${./secrets/hashedPass}";

    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop