1
1
Fork 0

Upgrade system to 22.11

VPN is migrating to Nebula, so fileserver and samba are temporarily unavailable
This commit is contained in:
Jaculabilis 2022-11-26 18:38:23 +00:00
parent 9b27214df8
commit d312a48993
2 changed files with 64 additions and 54 deletions

View File

@ -1,45 +1,29 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
disabledModules = [ "system/boot/loader/raspberrypi/raspberrypi.nix" ];
imports = [ imports = [
./modules/system/boot/loader/raspberrypi/raspberrypi.nix ./hardware-configuration.nix
./fileserver.nix #./fileserver.nix
]; ];
boot = { boot = {
kernelPackages = pkgs.linuxPackages_rpi4; loader = {
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
generic-extlinux-compatible.enable = true;
};
supportedFilesystems = ["zfs"]; supportedFilesystems = ["zfs"];
zfs.enableUnstable = true; zfs.enableUnstable = true;
loader = {
grub.enable = false;
raspberryPi = {
enable = true;
version = 4;
configurationLimit = 1;
};
};
}; };
# MAKE SURE THESE ARE RIGHT OR THE PI WILL NOT BOOT system.stateVersion = "22.11"; # Read the usual warning
fileSystems = {
"/" = {
fsType = "ext4";
device = "/dev/disk/by-label/NIXOS_SD";
};
"/boot" = {
fsType = "vfat";
device = "/dev/disk/by-label/NIXOS_BOOT";
};
};
hardware.enableRedistributableFirmware = true;
swapDevices = [ { device = "/swap"; size = 1024; } ]; swapDevices = [ { device = "/swap"; size = 1024; } ];
console.keyMap = "us"; console.keyMap = "us";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
environment.systemPackages = with pkgs; environment.systemPackages = with pkgs;
let let
py3-packages = python-packages: with python-packages; [ py3-packages = python-packages: with python-packages; [
@ -47,9 +31,8 @@
]; ];
py3-with-packages = python3.withPackages py3-packages; py3-with-packages = python3.withPackages py3-packages;
in [ in [
wget vim curl git htop bash tmux psmisc manpages pv lsof wget vim curl git htop bash tmux psmisc man-pages pv lsof
zip unzip zip unzip
nginx
py3-with-packages py3-with-packages
usbutils usbutils
hdparm sdparm smartmontools gptfdisk gnufdisk hdparm sdparm smartmontools gptfdisk gnufdisk
@ -60,7 +43,7 @@
rsync rsync
rclone gnupg rclone gnupg
]; ];
networking = { networking = {
hostName = "catacomb"; hostName = "catacomb";
hostId = "beeeeee5"; hostId = "beeeeee5";
@ -71,19 +54,15 @@
allowedUDPPorts = [ 137 138 ]; allowedUDPPorts = [ 137 138 ];
}; };
}; };
security = { #services.cron = {
hideProcessInformation = true; # enable = true;
}; # systemCronJobs = [
# "0 20 * * 1 root /root/reassert-nas-permissions.sh"
services.cron = { # "0 0 * * 1 tvb . /etc/profile; /home/tvb/gitea-backup"
enable = true; # ];
systemCronJobs = [ #};
"0 20 * * 1 root /root/reassert-nas-permissions.sh"
"0 0 * * 1 tvb . /etc/profile; /home/tvb/gitea-backup"
];
};
services.openssh = { services.openssh = {
enable = true; enable = true;
passwordAuthentication = true; passwordAuthentication = true;
@ -96,7 +75,7 @@
services.rsyncd.enable = true; services.rsyncd.enable = true;
services.samba = /*services.samba =
let let
sambaShare = path: validUsers: { sambaShare = path: validUsers: {
path = path; path = path;
@ -167,16 +146,16 @@
#image = sambaShare "/nas/image" ''@nas''; #image = sambaShare "/nas/image" ''@nas'';
#video = sambaShare "/nas/video" ''@nas''; #video = sambaShare "/nas/video" ''@nas'';
}; };
}; };*/
services.tinc.networks = { /*services.tinc.networks = {
beatific = { beatific = {
name = "catacomb"; name = "catacomb";
listenAddress = "0.0.0.0"; listenAddress = "0.0.0.0";
chroot = false; chroot = false;
}; };
}; };*/
services.zfs = { services.zfs = {
autoScrub = { autoScrub = {
enable = true; enable = true;
@ -194,7 +173,6 @@
uid = 1001; uid = 1001;
password = "badpassword"; password = "badpassword";
extraGroups = ["wheel" "nas"]; extraGroups = ["wheel" "nas"];
shell = pkgs.bash;
openssh.authorizedKeys.keyFiles = [ openssh.authorizedKeys.keyFiles = [
./keys/tvb.palamas.pub ./keys/tvb.palamas.pub
./keys/tvb.stagirite.pub ./keys/tvb.stagirite.pub
@ -205,7 +183,6 @@
}; };
#./keys/tvb.empyrean.pub #./keys/tvb.empyrean.pub
nix.buildCores = 4; nix.settings.cores = 4;
nix.package = pkgs.nixFlakes;
nix.extraOptions = "experimental-features = nix-command flakes"; nix.extraOptions = "experimental-features = nix-command flakes";
} }

View File

@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}