commit 180e80181bf406b73fdfdd08ddc8dc83d093448b Author: Yan Lin Date: Thu Feb 12 07:29:04 2026 +0100 init commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/README.md b/README.md new file mode 100644 index 0000000..3d25a48 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +This is not a fully working Nix config. Purely for archival purpose. + +Hosts and modules that I am no longer using will be moved from my running Nix config repo to here. diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..24a668f --- /dev/null +++ b/flake.lock @@ -0,0 +1,172 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769524058, + "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", + "owner": "nix-community", + "repo": "disko", + "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1770654520, + "narHash": "sha256-mg5WZMIPGsFu9MxSrUcuJUPMbfMsF77el5yb/7rc10k=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "6c4fdbe1ad198fac36c320fd45c5957324a80b8e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "jovian": { + "inputs": { + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1770656651, + "narHash": "sha256-p0bV6EkZZRHyPm3ZJfo0txhuhy9gSfEAzzFc3zG1iLA=", + "owner": "Jovian-Experiments", + "repo": "Jovian-NixOS", + "rev": "2a3cd5fe86931bb928d56c11857d2f825014b852", + "type": "github" + }, + "original": { + "owner": "Jovian-Experiments", + "repo": "Jovian-NixOS", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "jovian", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729697500, + "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=", + "owner": "zhaofengli", + "repo": "nix-github-actions", + "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "ref": "matrix-name", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1770537093, + "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixvim": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1770630823, + "narHash": "sha256-5SEmOnJ61vmbap39vzWEsCX5UQ+3Ul8J4mXWKdqSn3w=", + "owner": "nix-community", + "repo": "nixvim", + "rev": "6acc964664ac916c64fe4e394edd467af4d90790", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixvim", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "home-manager": "home-manager", + "jovian": "jovian", + "nixpkgs": "nixpkgs", + "nixvim": "nixvim" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..71f2384 --- /dev/null +++ b/flake.nix @@ -0,0 +1,54 @@ +{ + description = "Archive configurations"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + home-manager.url = "github:nix-community/home-manager"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + nixvim.url = "github:nix-community/nixvim"; + nixvim.inputs.nixpkgs.follows = "nixpkgs"; + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + jovian.url = "github:Jovian-Experiments/Jovian-NixOS"; + jovian.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = inputs@{ self, nixpkgs, home-manager, nixvim, disko, jovian }: + { + + nixosConfigurations."hs" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + ./hosts/nixos/hs/system.nix + ./hosts/nixos/hs/disk-config.nix + ]; + }; + + nixosConfigurations."deck" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + jovian.nixosModules.default + disko.nixosModules.disko + ./hosts/nixos/deck/system.nix + ./hosts/nixos/deck/disk-config.nix + ]; + }; + + homeConfigurations = { + + "yanlin@hs" = home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.x86_64-linux; + modules = [ ./hosts/nixos/hs/home.nix ]; + extraSpecialArgs = { inherit nixvim; }; + }; + + "yanlin@deck" = home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.x86_64-linux; + modules = [ ./hosts/nixos/deck/home.nix ]; + extraSpecialArgs = { inherit nixvim; }; + }; + + }; + }; +} diff --git a/hosts/nixos/deck/disk-config.nix b/hosts/nixos/deck/disk-config.nix new file mode 100644 index 0000000..ba80a91 --- /dev/null +++ b/hosts/nixos/deck/disk-config.nix @@ -0,0 +1,34 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "fmask=0077" "dmask=0077" ]; + }; + }; + + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/nixos/deck/hardware-configuration.nix b/hosts/nixos/deck/hardware-configuration.nix new file mode 100644 index 0000000..10c1d46 --- /dev/null +++ b/hosts/nixos/deck/hardware-configuration.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; + boot.kernelModules = [ "kvm-amd" ]; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/nixos/deck/home.nix b/hosts/nixos/deck/home.nix new file mode 100644 index 0000000..bdd9801 --- /dev/null +++ b/hosts/nixos/deck/home.nix @@ -0,0 +1,7 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../home-default.nix + ]; +} diff --git a/hosts/nixos/deck/system.nix b/hosts/nixos/deck/system.nix new file mode 100644 index 0000000..67d960b --- /dev/null +++ b/hosts/nixos/deck/system.nix @@ -0,0 +1,49 @@ +{ config, pkgs, lib, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ../system-default.nix + ]; + + boot.loader = { + systemd-boot.enable = true; + systemd-boot.configurationLimit = 10; + efi.canTouchEfiVariables = true; + timeout = 3; + }; + + jovian.devices.steamdeck.enable = true; + + jovian.steam = { + enable = true; + autoStart = true; + user = "yanlin"; + }; + + jovian.steamos.useSteamOSConfig = true; + + jovian.hardware.has.amd.gpu = true; + + hardware.enableRedistributableFirmware = true; + + security.rtkit.enable = true; + + networking = { + hostName = "deck"; + networkmanager.enable = true; + firewall.enable = false; + }; + + users.users.yanlin = { + extraGroups = [ "networkmanager" "wheel" "video" "audio" "input" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmKZ0FbXhYRHVkVTeSmpPrvuG8sC8La3Yx2gWb4ncuc yanlin@imac" + ]; + }; + + environment.systemPackages = with pkgs; [ + pciutils + usbutils + ]; +} diff --git a/hosts/nixos/home-default.nix b/hosts/nixos/home-default.nix new file mode 100644 index 0000000..1012a57 --- /dev/null +++ b/hosts/nixos/home-default.nix @@ -0,0 +1,46 @@ +{ config, pkgs, nixvim, ... }: + +{ + imports = [ + nixvim.homeModules.nixvim + ../../modules/nvim.nix + ../../modules/tmux.nix + ../../modules/zsh.nix + ../../modules/ssh.nix + ../../modules/git.nix + ../../modules/lazygit.nix + ../../modules/btop.nix + ../../modules/font/home.nix + ]; + + home.username = "yanlin"; + home.homeDirectory = "/home/yanlin"; + home.stateVersion = "24.05"; + + programs.home-manager.enable = true; + nixpkgs.config.allowUnfree = true; + + programs.direnv = { + enable = true; + nix-direnv.enable = true; + silent = true; + }; + + # nixOS-specific alias + programs.zsh.shellAliases = { + oss = "sudo nixos-rebuild switch --flake ~/.config/nix#$(hostname)"; + }; + + home.packages = with pkgs; [ + httpie + gnumake + rsync + bind # DNS utilities (dig, nslookup, mdig) + iputils # Core network tools (ping, traceroute) + inetutils # Network utilities (telnet) + netcat-gnu # Network connection utility + ncdu + delta + fastfetch + ]; +} diff --git a/hosts/nixos/hs/containers.nix b/hosts/nixos/hs/containers.nix new file mode 100644 index 0000000..267840c --- /dev/null +++ b/hosts/nixos/hs/containers.nix @@ -0,0 +1,102 @@ +{ config, pkgs, lib, ... }: + +let + # Import Immich configuration from declarative config file + immichConfig = import ../../../config/immich.nix; + + # Convert Nix configuration to JSON string + immichConfigJson = builtins.toJSON immichConfig; + + # Write config file to a location accessible by the container + immichConfigFile = pkgs.writeText "immich.json" immichConfigJson; + + # Universal container configuration + commonUID = "1000"; + commonGID = "100"; + systemTZ = config.time.timeZone; +in +{ + # Container definitions for hs host + virtualisation.oci-containers.containers = { + + # Immich photo and video backup system + immich = { + image = "ghcr.io/imagegenius/immich:latest"; + + volumes = [ + "/var/lib/containers/config/immich:/config" + "/mnt/storage/appbulk/immich:/photos" + "/mnt/storage/Media/DCIM:/libraries" + # Mount the declarative config file + "${immichConfigFile}:/config/immich.json:ro" + ]; + + environment = { + PUID = commonUID; + PGID = commonGID; + TZ = systemTZ; + # Point to the mounted config file + IMMICH_CONFIG_FILE = "/config/immich.json"; + # Database connection (keep as env vars for security) + DB_HOSTNAME = "immich-db"; + DB_USERNAME = "postgres"; + DB_PASSWORD = "postgres"; + DB_DATABASE_NAME = "postgres"; + DB_PORT = "5432"; + # Redis connection + REDIS_HOSTNAME = "immich-redis"; + REDIS_PORT = "6379"; + # Machine Learning server (internal) + MACHINE_LEARNING_HOST = "0.0.0.0"; + MACHINE_LEARNING_PORT = "3003"; + MACHINE_LEARNING_WORKERS = "1"; + MACHINE_LEARNING_WORKER_TIMEOUT = "120"; + }; + + ports = [ + "5000:8080" + ]; + + extraOptions = [ + "--network=podman" + "--device=/dev/dri:/dev/dri" # Hardware acceleration + ]; + + dependsOn = [ "immich-db" "immich-redis" ]; + autoStart = true; + }; + + # PostgreSQL database for Immich with vector extension + immich-db = { + image = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0"; + + volumes = [ + "/var/lib/containers/config/immich-db:/var/lib/postgresql/data" + ]; + + environment = { + POSTGRES_PASSWORD = "postgres"; + POSTGRES_USER = "postgres"; + POSTGRES_DB = "postgres"; + }; + + extraOptions = [ + "--network=podman" + ]; + + autoStart = true; + }; + + # Redis cache for Immich + immich-redis = { + image = "docker.io/redis:7.2-alpine"; + + extraOptions = [ + "--network=podman" + ]; + + autoStart = true; + }; + + }; +} diff --git a/hosts/nixos/hs/disk-config.nix b/hosts/nixos/hs/disk-config.nix new file mode 100644 index 0000000..a9d244d --- /dev/null +++ b/hosts/nixos/hs/disk-config.nix @@ -0,0 +1,137 @@ +{ + disko.devices = { + disk = { + # First drive of ZFS mirror pair (ZHITAI 1TB #1) + main1 = { + type = "disk"; + device = "/dev/disk/by-id/ata-ZHITAI_SC001_XT_1000GB_ZTB401TAB244431J4R"; + content = { + type = "gpt"; + partitions = { + # GRUB BIOS boot partition + boot = { + size = "1M"; + type = "EF02"; + }; + # EFI System Partition (mirrored manually) + esp1 = { + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + # ZFS partition + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + + # Second drive of ZFS mirror pair (ZHITAI 1TB #2) + main2 = { + type = "disk"; + device = "/dev/disk/by-id/ata-ZHITAI_SC001_XT_1000GB_ZTB401TAB244431KEG"; + content = { + type = "gpt"; + partitions = { + # GRUB BIOS boot partition + boot = { + size = "1M"; + type = "EF02"; + }; + # EFI System Partition (backup) + esp2 = { + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + }; + }; + # ZFS partition + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }; + + }; + + zpool = { + rpool = { + type = "zpool"; + mode = "mirror"; + rootFsOptions = { + compression = "lz4"; + acltype = "posixacl"; + xattr = "sa"; + relatime = "on"; + normalization = "formD"; + canmount = "off"; + dnodesize = "auto"; + }; + mountpoint = "/"; + + datasets = { + # Root dataset + root = { + type = "zfs_fs"; + options = { + canmount = "off"; + mountpoint = "none"; + }; + }; + + # Root filesystem + "root/nixos" = { + type = "zfs_fs"; + mountpoint = "/"; + options = { + canmount = "noauto"; + mountpoint = "/"; + "com.sun:auto-snapshot" = "true"; + }; + }; + + # Home directory + "root/home" = { + type = "zfs_fs"; + mountpoint = "/home"; + options = { + canmount = "on"; + mountpoint = "/home"; + "com.sun:auto-snapshot" = "true"; + }; + }; + + # Nix store (no snapshots needed) + "root/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options = { + canmount = "on"; + mountpoint = "/nix"; + "com.sun:auto-snapshot" = "false"; + }; + }; + }; + }; + + }; + + }; +} \ No newline at end of file diff --git a/hosts/nixos/hs/hardware-configuration.nix b/hosts/nixos/hs/hardware-configuration.nix new file mode 100644 index 0000000..cd57d58 --- /dev/null +++ b/hosts/nixos/hs/hardware-configuration.nix @@ -0,0 +1,40 @@ +# Hardware configuration for home server (hs) +# Generated by nixos-generate-config and customized for this system + +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + # Boot configuration - detected kernel modules for this hardware + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + "sdhci_pci" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + # ZFS filesystems are managed by disko configuration + # No filesystem declarations needed here - disko handles all mounts + + # No swap devices configured + swapDevices = [ ]; + + # Networking hardware + networking.useDHCP = lib.mkDefault true; + + # Hardware-specific settings + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + # CPU microcode updates + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + # For AMD systems, use this instead: + # hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + # Enable firmware updates + hardware.enableRedistributableFirmware = lib.mkDefault true; +} \ No newline at end of file diff --git a/hosts/nixos/hs/home.nix b/hosts/nixos/hs/home.nix new file mode 100644 index 0000000..844dc28 --- /dev/null +++ b/hosts/nixos/hs/home.nix @@ -0,0 +1,25 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ../home-default.nix + ../../../modules/syncthing.nix + ../../../modules/schedule.nix + ../../../modules/media/yt-dlp.nix + ]; + + services.scheduled-commands.aicloud-backup = { + enable = true; + description = "Backup aicloud files"; + interval = "*-*-* 18:00:00"; + commands = [ + "rsync -avP aicloud:~/ /mnt/storage/Backup/aicloud/ --exclude='/.*'" + ]; + }; + + programs.yt-dlp-custom = { + enable = true; + downloadDir = "/mnt/storage/Media/web-video"; + }; + +} diff --git a/hosts/nixos/hs/system.nix b/hosts/nixos/hs/system.nix new file mode 100644 index 0000000..bc6b665 --- /dev/null +++ b/hosts/nixos/hs/system.nix @@ -0,0 +1,271 @@ +{ config, pkgs, ... }: { + imports = [ + ./hardware-configuration.nix + ./containers.nix + ../system-default.nix + ../../../modules/vpn/tailscale.nix + ../../../modules/podman.nix + ../../../modules/borg/client.nix + ../../../modules/login-display.nix + ../../../modules/file-server/samba.nix + ../../../modules/media/server.nix + ]; + + # GRUB bootloader with ZFS support + boot.loader.grub = { + enable = true; + devices = [ + "/dev/disk/by-id/ata-ZHITAI_SC001_XT_1000GB_ZTB401TAB244431J4R" + "/dev/disk/by-id/ata-ZHITAI_SC001_XT_1000GB_ZTB401TAB244431KEG" + ]; # Install GRUB on both ZFS mirror drives + efiSupport = true; + efiInstallAsRemovable = true; + zfsSupport = true; + }; + + # Enable systemd stage-1 and ZFS support + boot.initrd.systemd.enable = true; + boot.supportedFilesystems = [ "zfs" "xfs" ]; + boot.zfs.forceImportRoot = false; + + # ZFS ARC memory configuration for 32GB system + boot.kernelParams = [ + "zfs.zfs_arc_max=17179869184" # 16GB max ARC size + "zfs.zfs_arc_min=2147483648" # 2GB min ARC size + ]; + + # XFS drive mounts + fileSystems."/mnt/wd-12t-1" = { + device = "/dev/disk/by-id/ata-HGST_HUH721212ALE604_5PK2N4GB-part1"; + fsType = "xfs"; + options = [ "defaults" "noatime" ]; + }; + + fileSystems."/mnt/wd-12t-2" = { + device = "/dev/disk/by-id/ata-HGST_HUH721212ALE604_5PJ7Z3LE-part1"; + fsType = "xfs"; + options = [ "defaults" "noatime" ]; + }; + + fileSystems."/mnt/wd-14t-1" = { + device = "/dev/disk/by-id/ata-WDC_WD140EDFZ-11A0VA0_9MGJULEK-part1"; + fsType = "xfs"; + options = [ "defaults" "noatime" ]; + }; + + # Parity drive for SnapRAID + fileSystems."/mnt/parity" = { + device = "/dev/disk/by-id/ata-ST16000NM000J-2TW103_WRS0F8BE-part1"; + fsType = "xfs"; + options = [ "defaults" "noatime" ]; + }; + + # MergerFS union mount (needs to be after XFS mounts) + fileSystems."/mnt/storage" = { + device = "/mnt/wd-12t-1:/mnt/wd-12t-2:/mnt/wd-14t-1"; + fsType = "mergerfs"; + options = [ + "defaults" + "allow_other" + "use_ino" + "cache.files=partial" + "dropcacheonclose=true" + "category.create=mfs" + ]; + }; + + # Network configuration + networking = { + hostName = "hs"; + hostId = "8425e349"; # Required for ZFS, good practice for any system + networkmanager.enable = true; + firewall = { enable = false; }; + }; + + + # Host-specific SSH configuration + services.openssh = { + settings = { + PermitRootLogin = "yes"; # Allow root login for this server + }; + openFirewall = true; + }; + + # Define a user account + users.users.root = { + # Clear any inherited password settings + hashedPassword = null; + hashedPasswordFile = null; + password = null; + initialHashedPassword = null; + initialPassword = null; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG35m0DgTrEOAM+1wAlYZ8mvLelNTcx65cFccGPQcxmo yanlin@imac" + ]; + }; + + # Host-specific user configuration + users.users.yanlin = { + extraGroups = [ "networkmanager" "wheel" ]; + hashedPassword = "$6$8NUV0JK33hs3XBYe$osnYKzENDLYHQEpj8Z5F6ECpLdc8Y3RZcVGxQ0bc/6DepTwugAkfX8h6ItI01dJyk8RstiGsWVVCKGwXaL.sN."; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG35m0DgTrEOAM+1wAlYZ8mvLelNTcx65cFccGPQcxmo yanlin@imac" + ]; + }; + + # Intel graphics for hardware acceleration (QSV/VA-API) + hardware.graphics = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver + intel-vaapi-driver + libva-vdpau-driver + libvdpau-va-gl + vpl-gpu-rt + intel-compute-runtime + ]; + }; + + # Host-specific packages + environment.systemPackages = with pkgs; [ + smartmontools + zfs + mergerfs + snapraid + intel-gpu-tools + ]; + + # ZFS services configuration + services.zfs = { + autoScrub = { + enable = true; + interval = "monthly"; + pools = [ "rpool" ]; + }; + autoSnapshot = { + enable = true; + frequent = 4; + hourly = 24; + daily = 7; + weekly = 4; + monthly = 12; + }; + trim = { + enable = true; + interval = "weekly"; + }; + }; + + # SnapRAID configuration for parity protection + services.snapraid = { + enable = true; + + # Parity file location on 16TB drive + parityFiles = [ + "/mnt/parity/snapraid.parity" + ]; + + # Content files for metadata (stored on multiple drives for redundancy) + contentFiles = [ + "/var/snapraid.content" + "/mnt/parity/.snapraid.content" + "/mnt/wd-12t-1/.snapraid.content" + "/mnt/wd-12t-2/.snapraid.content" + "/mnt/wd-14t-1/.snapraid.content" + ]; + + # Data disks to protect + dataDisks = { + d1 = "/mnt/wd-12t-1/"; + d2 = "/mnt/wd-12t-2/"; + d3 = "/mnt/wd-14t-1/"; + }; + + # Sync and scrub schedule + sync.interval = "02:00"; + scrub.interval = "Mon *-*-* 06:00:00"; + + # Files and directories to exclude from parity + exclude = [ + "*.unrecoverable" + "/tmp/" + "/lost+found/" + "*.!sync" + ".DS_Store" + "._.DS_Store" + ".Spotlight-V100/" + ".TemporaryItems/" + ".Trashes/" + ".fseventsd/" + "Thumbs.db" + "*.tmp" + "*.tmp.*" + "*.temp" + "*.temp.*" + "*.!qB" + "*.part" + ]; + }; + + # Login display with SMART disk health status + services.login-display = { + enable = true; + showSystemInfo = true; + showSmartStatus = true; + smartDrives = { + "/dev/disk/by-id/ata-ZHITAI_SC001_XT_1000GB_ZTB401TAB244431J4R" = "ZFS_Mirror_1"; + "/dev/disk/by-id/ata-ZHITAI_SC001_XT_1000GB_ZTB401TAB244431KEG" = "ZFS_Mirror_2"; + "/dev/disk/by-id/ata-HGST_HUH721212ALE604_5PK2N4GB" = "Data_1_12TB"; + "/dev/disk/by-id/ata-HGST_HUH721212ALE604_5PJ7Z3LE" = "Data_2_12TB"; + "/dev/disk/by-id/ata-WDC_WD140EDFZ-11A0VA0_9MGJULEK" = "Data_3_14TB"; + "/dev/disk/by-id/ata-ST16000NM000J-2TW103_WRS0F8BE" = "Parity_16TB"; + }; + showDiskUsage = true; + diskUsagePaths = [ "/" "/home/" "/mnt/storage" "/mnt/parity" ]; + showSnapraidStatus = true; + showBorgStatus = true; + }; + + services.tailscale-custom = { + exitNode = true; + subnetRoutes = [ "10.1.1.0/24" ]; + }; + + # Samba file sharing + services.samba-custom = { + sharedPath = "/mnt/storage/Media"; + shareName = "Media"; + user = "yanlin"; + }; + + # Media server services + services.media-server = { + user = "yanlin"; + sonarr.enable = true; + radarr.enable = true; + jellyfin.enable = true; + deluge.enable = true; + plex.enable = true; + lidarr.enable = true; + bazarr.enable = true; + }; + + # Borg backup configuration + services.borg-client-custom = { + enable = true; + repositoryUrl = "ssh://borg-server/./hs"; + backupPaths = [ + "/mnt/storage/appbulk/immich/library/" + "/mnt/storage/Media/DCIM" + "/mnt/storage/Media/nsfw" + ]; + backupFrequency = "*-*-* 00:00:00"; + retention = { + keepDaily = 7; + keepWeekly = 4; + keepMonthly = 6; + keepYearly = 2; + }; + }; + +} diff --git a/hosts/nixos/system-default.nix b/hosts/nixos/system-default.nix new file mode 100644 index 0000000..e4564a9 --- /dev/null +++ b/hosts/nixos/system-default.nix @@ -0,0 +1,64 @@ +{ config, pkgs, ... }: + +{ + # Common NixOS system configuration shared across all hosts + + # Time zone and localization + time.timeZone = "Europe/Copenhagen"; + i18n.defaultLocale = "en_US.UTF-8"; + + # Enable zsh system-wide (required when set as user shell) + programs.zsh.enable = true; + + # Enable bandwhich network monitoring tool + programs.bandwhich.enable = true; + + # Enable experimental nix features + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Allow unfree packages globally + nixpkgs.config.allowUnfree = true; + + # Basic SSH configuration + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + AcceptEnv = [ "LANG" "LC_*" "TERM" "COLORTERM" "TMUX" "TMUX_PANE" ]; + }; + }; + + # Common user configuration + users.users.yanlin = { + isNormalUser = true; + description = "yanlin"; + shell = pkgs.zsh; + }; + + # Enable sudo for wheel group without password + security.sudo.wheelNeedsPassword = false; + + # Common system packages + environment.systemPackages = with pkgs; [ + # Essential command-line tools + vim + git + htop + curl + wget + rsync + tmux + tree + lsof + tcpdump + iotop + unzip + + # System management + home-manager + ]; + + # Default system state version + system.stateVersion = "24.05"; +}