Upgrade system to 22.11
VPN is migrating to Nebula, so fileserver and samba are temporarily unavailable
This commit is contained in:
parent
9b27214df8
commit
d312a48993
|
@ -1,45 +1,29 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
disabledModules = [ "system/boot/loader/raspberrypi/raspberrypi.nix" ];
|
|
||||||
imports = [
|
imports = [
|
||||||
./modules/system/boot/loader/raspberrypi/raspberrypi.nix
|
./hardware-configuration.nix
|
||||||
./fileserver.nix
|
#./fileserver.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
kernelPackages = pkgs.linuxPackages_rpi4;
|
loader = {
|
||||||
|
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
|
||||||
|
grub.enable = false;
|
||||||
|
# Enables the generation of /boot/extlinux/extlinux.conf
|
||||||
|
generic-extlinux-compatible.enable = true;
|
||||||
|
};
|
||||||
supportedFilesystems = ["zfs"];
|
supportedFilesystems = ["zfs"];
|
||||||
zfs.enableUnstable = true;
|
zfs.enableUnstable = true;
|
||||||
loader = {
|
|
||||||
grub.enable = false;
|
|
||||||
raspberryPi = {
|
|
||||||
enable = true;
|
|
||||||
version = 4;
|
|
||||||
configurationLimit = 1;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# MAKE SURE THESE ARE RIGHT OR THE PI WILL NOT BOOT
|
system.stateVersion = "22.11"; # Read the usual warning
|
||||||
fileSystems = {
|
|
||||||
"/" = {
|
|
||||||
fsType = "ext4";
|
|
||||||
device = "/dev/disk/by-label/NIXOS_SD";
|
|
||||||
};
|
|
||||||
"/boot" = {
|
|
||||||
fsType = "vfat";
|
|
||||||
device = "/dev/disk/by-label/NIXOS_BOOT";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
|
||||||
|
|
||||||
swapDevices = [ { device = "/swap"; size = 1024; } ];
|
swapDevices = [ { device = "/swap"; size = 1024; } ];
|
||||||
|
|
||||||
console.keyMap = "us";
|
console.keyMap = "us";
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
|
||||||
environment.systemPackages = with pkgs;
|
environment.systemPackages = with pkgs;
|
||||||
let
|
let
|
||||||
py3-packages = python-packages: with python-packages; [
|
py3-packages = python-packages: with python-packages; [
|
||||||
|
@ -47,9 +31,8 @@
|
||||||
];
|
];
|
||||||
py3-with-packages = python3.withPackages py3-packages;
|
py3-with-packages = python3.withPackages py3-packages;
|
||||||
in [
|
in [
|
||||||
wget vim curl git htop bash tmux psmisc manpages pv lsof
|
wget vim curl git htop bash tmux psmisc man-pages pv lsof
|
||||||
zip unzip
|
zip unzip
|
||||||
nginx
|
|
||||||
py3-with-packages
|
py3-with-packages
|
||||||
usbutils
|
usbutils
|
||||||
hdparm sdparm smartmontools gptfdisk gnufdisk
|
hdparm sdparm smartmontools gptfdisk gnufdisk
|
||||||
|
@ -60,7 +43,7 @@
|
||||||
rsync
|
rsync
|
||||||
rclone gnupg
|
rclone gnupg
|
||||||
];
|
];
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "catacomb";
|
hostName = "catacomb";
|
||||||
hostId = "beeeeee5";
|
hostId = "beeeeee5";
|
||||||
|
@ -71,19 +54,15 @@
|
||||||
allowedUDPPorts = [ 137 138 ];
|
allowedUDPPorts = [ 137 138 ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security = {
|
#services.cron = {
|
||||||
hideProcessInformation = true;
|
# enable = true;
|
||||||
};
|
# systemCronJobs = [
|
||||||
|
# "0 20 * * 1 root /root/reassert-nas-permissions.sh"
|
||||||
services.cron = {
|
# "0 0 * * 1 tvb . /etc/profile; /home/tvb/gitea-backup"
|
||||||
enable = true;
|
# ];
|
||||||
systemCronJobs = [
|
#};
|
||||||
"0 20 * * 1 root /root/reassert-nas-permissions.sh"
|
|
||||||
"0 0 * * 1 tvb . /etc/profile; /home/tvb/gitea-backup"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
passwordAuthentication = true;
|
passwordAuthentication = true;
|
||||||
|
@ -96,7 +75,7 @@
|
||||||
|
|
||||||
services.rsyncd.enable = true;
|
services.rsyncd.enable = true;
|
||||||
|
|
||||||
services.samba =
|
/*services.samba =
|
||||||
let
|
let
|
||||||
sambaShare = path: validUsers: {
|
sambaShare = path: validUsers: {
|
||||||
path = path;
|
path = path;
|
||||||
|
@ -167,16 +146,16 @@
|
||||||
#image = sambaShare "/nas/image" ''@nas'';
|
#image = sambaShare "/nas/image" ''@nas'';
|
||||||
#video = sambaShare "/nas/video" ''@nas'';
|
#video = sambaShare "/nas/video" ''@nas'';
|
||||||
};
|
};
|
||||||
};
|
};*/
|
||||||
|
|
||||||
services.tinc.networks = {
|
/*services.tinc.networks = {
|
||||||
beatific = {
|
beatific = {
|
||||||
name = "catacomb";
|
name = "catacomb";
|
||||||
listenAddress = "0.0.0.0";
|
listenAddress = "0.0.0.0";
|
||||||
chroot = false;
|
chroot = false;
|
||||||
};
|
};
|
||||||
};
|
};*/
|
||||||
|
|
||||||
services.zfs = {
|
services.zfs = {
|
||||||
autoScrub = {
|
autoScrub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -194,7 +173,6 @@
|
||||||
uid = 1001;
|
uid = 1001;
|
||||||
password = "badpassword";
|
password = "badpassword";
|
||||||
extraGroups = ["wheel" "nas"];
|
extraGroups = ["wheel" "nas"];
|
||||||
shell = pkgs.bash;
|
|
||||||
openssh.authorizedKeys.keyFiles = [
|
openssh.authorizedKeys.keyFiles = [
|
||||||
./keys/tvb.palamas.pub
|
./keys/tvb.palamas.pub
|
||||||
./keys/tvb.stagirite.pub
|
./keys/tvb.stagirite.pub
|
||||||
|
@ -205,7 +183,6 @@
|
||||||
};
|
};
|
||||||
#./keys/tvb.empyrean.pub
|
#./keys/tvb.empyrean.pub
|
||||||
|
|
||||||
nix.buildCores = 4;
|
nix.settings.cores = 4;
|
||||||
nix.package = pkgs.nixFlakes;
|
|
||||||
nix.extraOptions = "experimental-features = nix-command flakes";
|
nix.extraOptions = "experimental-features = nix-command flakes";
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,33 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||||
|
}
|
Loading…
Reference in New Issue