jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: added flake parts

Browse source
This commit is contained in:
Leyla Becker 2026-04-06 22:18:17 -05:00
parent db7ac35613
commit 88041e86bd
66 changed files with 3538 additions and 2163 deletions
Download patch file Download diff file Expand all files Collapse all files

452
configurations/nixos/defiant/configuration.nix
View file

@ -1,452 +0,0 @@
# server nas
{
inputs,
config,
...
}: {
sops.secrets = {
"vpn-keys/tailscale-authkey/defiant" = {
sopsFile = "${inputs.secrets}/vpn-keys.yaml";
};
"vpn-keys/proton-wireguard/defiant-p2p" = {
sopsFile = "${inputs.secrets}/vpn-keys.yaml";
mode = "0640";
owner = "root";
group = "systemd-network";
};
"services/zfs_smtp_token" = {
sopsFile = "${inputs.secrets}/defiant-services.yaml";
};
"services/paperless_password" = {
sopsFile = "${inputs.secrets}/defiant-services.yaml";
mode = "0700";
owner = "paperless";
group = "paperless";
};
};
host = {
users = {
leyla = {
isDesktopUser = true;
isTerminalUser = true;
isPrincipleUser = true;
};
};
network_storage = {
enable = true;
directories = [
{
folder = "leyla_documents";
user = "leyla";
group = "leyla";
bind = "/home/leyla/documents";
}
{
folder = "eve_documents";
user = "eve";
group = "eve";
}
{
folder = "users_documents";
user = "root";
group = "users";
}
{
folder = "media";
user = "jellyfin";
group = "jellyfin_media";
bind = config.services.jellyfin.media_directory;
}
];
nfs = {
enable = true;
directories = ["leyla_documents" "eve_documents" "users_documents" "media"];
};
};
};
storage = {
zfs = {
enable = true;
notifications = {
enable = true;
host = "smtp.protonmail.ch";
port = 587;
to = "leyla@jan-leila.com";
user = "noreply@jan-leila.com";
tokenFile = config.sops.secrets."services/zfs_smtp_token".path;
};
pool = {
encryption = {
enable = true;
};
vdevs = [
[
"ata-ST18000NE000-3G6101_ZVTCXVEB"
"ata-ST18000NE000-3G6101_ZVTCXWSC"
"ata-ST18000NE000-3G6101_ZVTD10EH"
"ata-ST18000NT001-3NF101_ZVTE0S3Q"
"ata-ST18000NT001-3NF101_ZVTEF27J"
"ata-ST18000NE000-3G6101_ZVTJ7359"
]
[
"ata-ST4000NE001-2MA101_WS2275P3"
"ata-ST4000NE001-2MA101_WS227B9F"
"ata-ST4000NE001-2MA101_WS227CEW"
"ata-ST4000NE001-2MA101_WS227CYN"
"ata-ST4000NE001-2MA101_WS23TBWV"
"ata-ST4000NE001-2MA101_WS23TC5F"
]
];
# We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA
cache = [
{
device = "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F";
boot = true;
}
];
};
};
impermanence = {
enable = true;
};
};
# bond0 and wg0 are managed by systemd-networkd; tell NetworkManager to
# leave them alone so NM-wait-online doesn't time out waiting for them.
networking.networkmanager.unmanaged = ["bond0" "wg0" "eno1" "eno2"];
systemd.network = {
enable = true;
netdevs = {
"10-bond0" = {
netdevConfig = {
Kind = "bond";
Name = "bond0";
};
bondConfig = {
Mode = "active-backup";
PrimaryReselectPolicy = "always";
};
};
"20-wg0" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg0";
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path;
ListenPort = 51820;
};
wireguardPeers = [
{
PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0=";
Endpoint = "185.230.126.146:51820";
# Allow all traffic but use policy routing to prevent system-wide VPN
AllowedIPs = ["0.0.0.0/0"];
PersistentKeepalive = 25;
}
];
};
};
networks = {
"40-bond0" = {
matchConfig.Name = "bond0";
linkConfig = {
RequiredForOnline = "degraded-carrier";
RequiredFamilyForOnline = "any";
};
networkConfig.DHCP = "yes";
address = [
"192.168.1.2/24"
];
# Set lower priority for default gateway to allow WireGuard interface binding
routes = [
{
Destination = "0.0.0.0/0";
Gateway = "192.168.1.1";
Metric = 100;
}
];
dns = ["192.168.1.1"];
};
"50-wg0" = {
matchConfig.Name = "wg0";
# Don't block networkd-wait-online on the VPN tunnel coming up
linkConfig.RequiredForOnline = "no";
networkConfig = {
DHCP = "no";
};
address = [
"10.2.0.2/32"
];
# Configure routing for application binding
routingPolicyRules = [
{
# Route traffic from VPN interface through VPN table
From = "10.2.0.2/32";
Table = 200;
Priority = 100;
}
];
routes = [
{
# Direct route to VPN gateway
Destination = "10.2.0.1/32";
Scope = "link";
}
{
# Route VPN subnet through VPN gateway in custom table
Destination = "10.2.0.0/16";
Gateway = "10.2.0.1";
Table = 200;
}
{
# Route all traffic through VPN gateway in custom table
Destination = "0.0.0.0/0";
Gateway = "10.2.0.1";
Table = 200;
}
];
};
};
};
# limit arc usage to 50gb because ollama doesn't play nice with zfs using up all of the memory
boot.kernelParams = ["zfs.zfs_arc_max=53687091200"];
# Enable policy routing and source routing for application-specific VPN binding
boot.kernel.sysctl = {
"net.ipv4.conf.all.rp_filter" = 2;
"net.ipv4.conf.default.rp_filter" = 2;
"net.ipv4.conf.wg0.rp_filter" = 2;
};
services = {
# PostgreSQL database server
postgresql = {
enable = true;
adminUsers = ["leyla"];
impermanence.enable = false;
};
# temp enable desktop environment for setup
# Enable the X11 windowing system.
xserver.enable = true;
# Enable the GNOME Desktop Environment.
displayManager = {
gdm.enable = true;
};
desktopManager = {
gnome.enable = true;
};
# Enable new reverse proxy system
reverseProxy = {
enable = true;
openFirewall = true;
impermanence.enable = false;
acme = {
enable = true;
email = "jan-leila@protonmail.com";
};
};
ollama = {
enable = true;
exposePort = true;
impermanence.enable = false;
environmentVariables = {
OLLAMA_KEEP_ALIVE = "24h";
};
loadModels = [
# conversation models
"llama3.1:8b"
"deepseek-r1:8b"
"deepseek-r1:32b"
"deepseek-r1:70b"
# auto complete models
"qwen2.5-coder:1.5b-base"
"qwen2.5-coder:7b"
"deepseek-coder:6.7b"
"deepseek-coder:33b"
# agent models
"qwen3:8b"
"qwen3:32b"
"qwen3:235b-a22b"
"qwen3-coder:30b"
"qwen3-coder:30b-a3b-fp16"
# embedding models
"nomic-embed-text:latest"
];
};
tailscale = {
enable = true;
authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/defiant".path;
useRoutingFeatures = "server";
impermanence.enable = false;
extraUpFlags = [
"--advertise-exit-node"
"--advertise-routes=192.168.0.0/24"
"--accept-dns=false"
];
extraSetFlags = [
"--advertise-exit-node"
"--advertise-routes=192.168.0.0/24"
"--accept-dns=false"
];
};
syncthing = {
enable = true;
impermanence.enable = false;
};
fail2ban = {
enable = true;
impermanence.enable = false;
};
jellyfin = {
enable = true;
domain = "media.jan-leila.com";
extraDomains = ["jellyfin.jan-leila.com"];
impermanence.enable = false;
};
immich = {
enable = true;
domain = "photos.jan-leila.com";
impermanence.enable = false;
};
forgejo = {
enable = true;
reverseProxy.domain = "git.jan-leila.com";
impermanence.enable = false;
};
searx = {
enable = true;
domain = "search.jan-leila.com";
};
actual = {
enable = false;
domain = "budget.jan-leila.com";
impermanence.enable = false;
};
home-assistant = {
enable = true;
domain = "home.jan-leila.com";
openFirewall = true;
postgres.enable = true;
impermanence.enable = false;
extensions = {
sonos.enable = true;
jellyfin.enable = true;
wyoming.enable = false; # Temporarily disabled due to dependency conflict in wyoming-piper
};
};
paperless = {
enable = true;
domain = "documents.jan-leila.com";
passwordFile = config.sops.secrets."services/paperless_password".path;
impermanence.enable = false;
};
panoramax = {
enable = false;
openFirewall = true;
impermanence.enable = false;
};
crab-hole = {
enable = true;
port = 8085;
openFirewall = true;
show_doc = true;
impermanence.enable = false;
downstreams = {
host = {
enable = true;
openFirewall = true;
};
};
upstreams.cloudFlare.enable = true;
blocklists.ad_malware.enable = true;
};
qbittorrent = {
enable = true;
mediaDir = "/srv/qbittorent";
openFirewall = true;
webuiPort = 8084;
impermanence.enable = false;
};
sonarr = {
enable = true;
openFirewall = true;
impermanence.enable = false;
};
radarr = {
enable = true;
openFirewall = true;
impermanence.enable = false;
};
bazarr = {
enable = true;
openFirewall = true;
impermanence.enable = false;
};
lidarr = {
enable = true;
openFirewall = true;
impermanence.enable = false;
};
jackett = {
enable = true;
openFirewall = true;
impermanence.enable = false;
};
flaresolverr = {
enable = true;
openFirewall = true;
impermanence.enable = false;
};
};
# disable computer sleeping
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
services.displayManager.gdm.autoSuspend = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

10
configurations/nixos/defiant/default.nix
View file

@ -1,10 +0,0 @@
# server nas
{...}: {
imports = [
./hardware-configuration.nix
./configuration.nix
./packages.nix
./legacy-storage.nix
./legacy-impermanence.nix
];
}

68
configurations/nixos/defiant/hardware-configuration.nix
View file

@ -1,68 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod"];
kernelModules = [];
};
kernelModules = ["kvm-amd"];
extraModulePackages = [];
# Bootloader.
loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
supportedFilesystems = ["zfs"];
zfs.extraPools = ["rpool"];
};
networking = {
hostName = "defiant"; # Define your hostname.
hostId = "c51763d6";
useNetworkd = true;
};
systemd.network = {
enable = true;
networks = {
"30-eno1" = {
matchConfig.Name = "eno1";
networkConfig = {
Bond = "bond0";
PrimarySlave = true;
};
linkConfig.RequiredForOnline = "enslaved";
};
"30-eno2" = {
matchConfig.Name = "eno2";
networkConfig.Bond = "bond0";
linkConfig.RequiredForOnline = "enslaved";
};
};
};
networking.networkmanager.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware = {
# TODO: hardware graphics
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

296
configurations/nixos/defiant/legacy-impermanence.nix
View file

@ -1,296 +0,0 @@
# Legacy impermanence module for defiant
# See legacy-storage.nix for the full incremental migration plan.
#
# This file is consumed in two phases:
#
# Phase 3 (after generateBase is enabled):
# Remove the SYSTEM-LEVEL entries marked [PHASE 3] below. These will be
# handled automatically by storage.nix, ssh.nix, and the impermanence module:
# - var-lib-private-permissions activation script
# - /etc/machine-id
# - SSH host keys
# - /var/lib/nixos
# - /var/lib/systemd/coredump
# - /persist/system/var/log persistence block
#
# Phase 4 (migrate services one at a time, any order):
# For each service:
# 1. Remove the service's section marked [PHASE 4] from this file
# 2. Remove `impermanence.enable = false` for that service in configuration.nix
# For jellyfin/qbittorrent, also remove the separate media persistence blocks.
#
# Phase 5: Delete this file once empty.
{
config,
lib,
...
}: {
config = lib.mkIf config.storage.impermanence.enable {
# [PHASE 3] Remove this activation script after enabling generateBase
system.activationScripts = {
"var-lib-private-permissions" = {
deps = ["specialfs"];
text = ''
mkdir -p /persist/system/root/var/lib/private
chmod 0700 /persist/system/root/var/lib/private
'';
};
};
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
# [PHASE 3] Remove this files block after enabling generateBase
files = lib.mkMerge [
["/etc/machine-id"]
# SSH host keys
(lib.mkIf config.services.openssh.enable (
lib.lists.flatten (
builtins.map (hostKey: [
hostKey.path
"${hostKey.path}.pub"
])
config.services.openssh.hostKeys
)
))
];
directories = lib.mkMerge [
# [PHASE 3] Remove these system directories after enabling generateBase
[
"/var/lib/nixos"
"/var/lib/systemd/coredump"
]
# [PHASE 4] PostgreSQL
(lib.mkIf config.services.postgresql.enable [
{
directory = "/var/lib/postgresql/16";
user = "postgres";
group = "postgres";
}
])
# [PHASE 4] Reverse Proxy (ACME)
(lib.mkIf config.services.reverseProxy.enable [
{
directory = "/var/lib/acme";
user = "acme";
group = "acme";
}
])
# [PHASE 4] Ollama
(lib.mkIf config.services.ollama.enable [
{
directory = "/var/lib/private/ollama";
user = config.services.ollama.user;
group = config.services.ollama.group;
mode = "0700";
}
])
# [PHASE 4] Tailscale
(lib.mkIf config.services.tailscale.enable [
{
directory = "/var/lib/tailscale";
user = "root";
group = "root";
}
])
# [PHASE 4] Syncthing
(lib.mkIf config.services.syncthing.enable [
{
directory = "/mnt/sync";
user = "syncthing";
group = "syncthing";
}
{
directory = "/etc/syncthing";
user = "syncthing";
group = "syncthing";
}
])
# [PHASE 4] Fail2ban
(lib.mkIf config.services.fail2ban.enable [
{
directory = "/var/lib/fail2ban";
user = "fail2ban";
group = "fail2ban";
}
])
# [PHASE 4] Jellyfin (data/cache only - media is on separate dataset)
(lib.mkIf config.services.jellyfin.enable [
{
directory = "/var/lib/jellyfin";
user = "jellyfin";
group = "jellyfin";
}
{
directory = "/var/cache/jellyfin";
user = "jellyfin";
group = "jellyfin";
}
])
# [PHASE 4] Immich
(lib.mkIf config.services.immich.enable [
{
directory = "/var/lib/immich";
user = "immich";
group = "immich";
}
])
# [PHASE 4] Forgejo
(lib.mkIf config.services.forgejo.enable [
{
directory = "/var/lib/forgejo";
user = "forgejo";
group = "forgejo";
}
])
# [PHASE 4] Actual
(lib.mkIf config.services.actual.enable [
{
directory = "/var/lib/private/actual";
user = "actual";
group = "actual";
}
])
# [PHASE 4] Home Assistant
(lib.mkIf config.services.home-assistant.enable [
{
directory = "/var/lib/hass";
user = "hass";
group = "hass";
}
])
# [PHASE 4] Paperless
(lib.mkIf config.services.paperless.enable [
{
directory = "/var/lib/paperless";
user = "paperless";
group = "paperless";
}
])
# [PHASE 4] Crab-hole
(lib.mkIf config.services.crab-hole.enable [
{
directory = "/var/lib/private/crab-hole";
user = "crab-hole";
group = "crab-hole";
}
])
# [PHASE 4] qBittorrent (config only - media is on separate dataset)
(lib.mkIf config.services.qbittorrent.enable [
{
directory = "/var/lib/qBittorrent/";
user = "qbittorrent";
group = "qbittorrent";
}
])
# [PHASE 4] Sonarr
(lib.mkIf config.services.sonarr.enable [
{
directory = "/var/lib/sonarr/.config/NzbDrone";
user = "sonarr";
group = "sonarr";
}
])
# [PHASE 4] Radarr
(lib.mkIf config.services.radarr.enable [
{
directory = "/var/lib/radarr/.config/Radarr";
user = "radarr";
group = "radarr";
}
])
# [PHASE 4] Bazarr
(lib.mkIf config.services.bazarr.enable [
{
directory = "/var/lib/bazarr";
user = "bazarr";
group = "bazarr";
}
])
# [PHASE 4] Lidarr
(lib.mkIf config.services.lidarr.enable [
{
directory = "/var/lib/lidarr/.config/Lidarr";
user = "lidarr";
group = "lidarr";
}
])
# [PHASE 4] Jackett
(lib.mkIf config.services.jackett.enable [
{
directory = "/var/lib/jackett/.config/Jackett";
user = "jackett";
group = "jackett";
}
])
# [PHASE 4] FlareSolverr
(lib.mkIf config.services.flaresolverr.enable [
{
directory = "/var/lib/flaresolverr";
user = "flaresolverr";
group = "flaresolverr";
}
])
];
};
# [PHASE 4 - LAST] Jellyfin media on separate dataset
# Requires Phase 2 media dataset merge before migrating (several days of data copy)
environment.persistence."/persist/system/jellyfin" = lib.mkIf config.services.jellyfin.enable {
enable = true;
hideMounts = true;
directories = [
{
directory = config.services.jellyfin.media_directory;
user = "jellyfin";
group = "jellyfin_media";
mode = "1770";
}
];
};
# [PHASE 4 - LAST] qBittorrent media on separate dataset
# Requires Phase 2 media dataset merge before migrating (several days of data copy)
environment.persistence."/persist/system/qbittorrent" = lib.mkIf config.services.qbittorrent.enable {
enable = true;
hideMounts = true;
directories = [
{
directory = config.services.qbittorrent.mediaDir;
user = "qbittorrent";
group = "qbittorrent";
mode = "1775";
}
];
};
# [PHASE 3] /var/log persistence - handled by storage.nix after generateBase
environment.persistence."/persist/system/var/log" = {
enable = true;
hideMounts = true;
directories = [
"/var/log"
];
};
};
}

218
configurations/nixos/defiant/legacy-storage.nix
View file

@ -1,218 +0,0 @@
# Legacy storage configuration for defiant
# This file manually defines ZFS datasets matching the existing on-disk layout
# to allow incremental migration to the new storage module (generateBase = true).
#
# ============================================================================
# INCREMENTAL MIGRATION PLAN
# ============================================================================
#
# Current disk usage (for reference):
# rpool/local/system/nix ~26G (renamed in place, no copy)
# rpool/local/system/sops ~328K (renamed in place, no copy)
# rpool/persist/system/jellyfin ~32T (renamed in place, no copy)
# rpool/persist/system/qbittorrent ~6.5T (copied into media dataset, ~6.5T temp)
# rpool free space ~30T
#
# Phase 1: Migrate base datasets on disk (boot from live USB or rescue)
# All operations in this phase are instant renames -- no data is copied.
#
# Unlock the pool:
# zfs load-key -a
#
# Step 1a: Move nix and sops out of local/ (they go to persist/local/)
# The -p flag auto-creates the parent datasets.
#
# zfs rename -p rpool/local/system/nix rpool/persist/local/nix
# zfs rename -p rpool/local/system/sops rpool/persist/local/system/sops
#
# Step 1b: Rename local/ -> ephemeral/ (takes remaining children with it)
# zfs rename rpool/local rpool/ephemeral
# # This moves: local/system/root -> ephemeral/system/root
# # local/home/leyla -> ephemeral/home/leyla
#
# Step 1c: Recreate blank snapshots on ephemeral datasets
# zfs destroy rpool/ephemeral/system/root@blank
# zfs snapshot rpool/ephemeral/system/root@blank
# zfs destroy rpool/ephemeral/home/leyla@blank
# zfs snapshot rpool/ephemeral/home/leyla@blank
#
# Step 1d: Move persist/ children under persist/replicate/
# zfs create -o canmount=off rpool/persist/replicate
# zfs create -o canmount=off rpool/persist/replicate/system
# zfs rename rpool/persist/system/root rpool/persist/replicate/system/root
# zfs rename rpool/persist/system/var rpool/persist/replicate/system/var
# zfs rename rpool/persist/home/leyla rpool/persist/replicate/home
# # Clean up the now-empty home parent
# zfs destroy rpool/persist/home
# # NOTE: Do NOT destroy rpool/persist/system -- it still contains
# # persist/system/jellyfin and persist/system/qbittorrent which are
# # migrated in Phase 2.
#
# Verify the new layout:
# zfs list -r rpool -o name,used,mountpoint
#
# Phase 2: Merge media into a single dataset (do this last)
# Strategy: Rename the jellyfin dataset to become the shared media dataset
# (zero copy, instant), then copy qbittorrent data into it (~6.5T copy).
# This avoids duplicating the 32T jellyfin dataset.
#
# Step 2a: Rename jellyfin dataset to the shared media name
# zfs rename rpool/persist/system/jellyfin rpool/persist/replicate/system/media
#
# Step 2b: Copy qbittorrent data into the media dataset
# This copies ~6.5T and may take several hours/days depending on disk speed.
# The qbittorrent data is not critical to back up so no snapshot needed.
#
# systemctl stop qbittorrent
# rsync -avPHAX /persist/system/qbittorrent/ /persist/replicate/system/media/
#
# Step 2c: Verify the data and clean up
# ls -la /persist/replicate/system/media/
# zfs destroy rpool/persist/system/qbittorrent
# # persist/system should now be empty, clean it up:
# zfs destroy rpool/persist/system
#
# Phase 3: Enable generateBase
# In the nix config:
# - Delete this file (legacy-storage.nix) and remove its import from default.nix
# - Remove [PHASE 3] entries from legacy-impermanence.nix:
# - var-lib-private-permissions activation script
# - /etc/machine-id, SSH host keys (files block)
# - /var/lib/nixos, /var/lib/systemd/coredump (directories)
# - /persist/system/var/log persistence block
# These are now handled automatically by storage.nix and ssh.nix.
# Rebuild and verify:
# sudo nixos-rebuild switch --flake .#defiant
# # Verify mounts: findmnt -t fuse.bindfs,fuse
# # Verify persist: ls /persist/replicate/system/root/var/lib/nixos
# # Verify boot: reboot and confirm system comes up cleanly
#
# Phase 4: Migrate services (one at a time, any order)
# For each service (except jellyfin/qbittorrent):
# 1. Remove the service's [PHASE 4] section from legacy-impermanence.nix
# 2. Remove `impermanence.enable = false` for that service in configuration.nix
# 3. Rebuild: sudo nixos-rebuild switch --flake .#defiant
# 4. Verify: systemctl status <service>, check the service's data is intact
# No data migration is needed -- the data already lives on the renamed
# dataset at the new path.
#
# Migrate jellyfin and qbittorrent LAST (after Phase 2 media merge):
# 1. Remove [PHASE 4 - LAST] jellyfin entries from legacy-impermanence.nix
# 2. Remove [PHASE 4 - LAST] qbittorrent entries from legacy-impermanence.nix
# 3. Remove `impermanence.enable = false` for both in configuration.nix
# 4. Rebuild: sudo nixos-rebuild switch --flake .#defiant
# 5. Verify: systemctl status jellyfin qbittorrent
#
# Phase 5: Cleanup
# Once all services are migrated and legacy-impermanence.nix is empty:
# - Delete legacy-impermanence.nix and remove its import from default.nix
# - Rebuild: sudo nixos-rebuild switch --flake .#defiant
#
# ============================================================================
#
# Current on-disk dataset layout:
# rpool/local/ - ephemeral parent
# rpool/local/home/leyla - ephemeral user home (rolled back on boot)
# rpool/local/system/nix - nix store
# rpool/local/system/root - root filesystem (rolled back on boot)
# rpool/local/system/sops - sops age key
# rpool/persist/ - persistent parent
# rpool/persist/home/leyla - persistent user home
# rpool/persist/system/jellyfin - jellyfin media
# rpool/persist/system/qbittorrent - qbittorrent media
# rpool/persist/system/root - persistent root data
# rpool/persist/system/var/log - log persistence
{lib, ...}: {
# Disable automatic base dataset generation so we can define them manually
storage.generateBase = false;
# Manually define ZFS datasets matching main's structure
storage.zfs.datasets = {
# Ephemeral datasets (local/)
"local" = {
type = "zfs_fs";
mount = null;
};
"local/home/leyla" = {
type = "zfs_fs";
mount = "/home/leyla";
snapshot = {
blankSnapshot = true;
};
};
"local/system/nix" = {
type = "zfs_fs";
mount = "/nix";
atime = "off";
relatime = "off";
snapshot = {
autoSnapshot = false;
};
};
"local/system/root" = {
type = "zfs_fs";
mount = "/";
snapshot = {
blankSnapshot = true;
};
};
"local/system/sops" = {
type = "zfs_fs";
mount = "/var/lib/sops-nix";
};
# Persistent datasets (persist/)
"persist" = {
type = "zfs_fs";
mount = null;
};
"persist/home/leyla" = {
type = "zfs_fs";
mount = "/persist/home/leyla";
snapshot = {
autoSnapshot = true;
};
};
"persist/system/jellyfin" = {
type = "zfs_fs";
mount = "/persist/system/jellyfin";
atime = "off";
relatime = "off";
};
"persist/system/qbittorrent" = {
type = "zfs_fs";
mount = "/persist/system/qbittorrent";
atime = "off";
relatime = "off";
};
"persist/system/root" = {
type = "zfs_fs";
mount = "/persist/system/root";
snapshot = {
autoSnapshot = true;
};
};
"persist/system/var/log" = {
type = "zfs_fs";
mount = "/persist/system/var/log";
};
};
# Boot commands to rollback ephemeral root and user homes on boot
boot.initrd.postResumeCommands = lib.mkAfter ''
zfs rollback -r rpool/local/system/root@blank
zfs rollback -r rpool/local/home/leyla@blank
'';
# FileSystems needed for boot
fileSystems = {
"/".neededForBoot = true;
"/persist/system/root".neededForBoot = true;
"/persist/system/var/log".neededForBoot = true;
"/persist/system/jellyfin".neededForBoot = true;
"/persist/system/qbittorrent".neededForBoot = true;
"/var/lib/sops-nix".neededForBoot = true;
"/persist/home/leyla".neededForBoot = true;
"/home/leyla".neededForBoot = true;
};
}

9
configurations/nixos/defiant/packages.nix
View file

@ -1,9 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
ffsubsync
sox
yt-dlp
ffmpeg
imagemagick
];
}

185
configurations/nixos/emergent/configuration.nix
View file

@ -1,185 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
lib,
pkgs,
...
}: {
imports = [
./nvidia-drivers.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable wacom touchscreen device
services.xserver.wacom.enable = true;
# installed opentabletdriver
# hardware.opentabletdriver.enable = true;
hardware.keyboard.qmk.enable = true;
# Enable the GNOME Desktop Environment.
services.displayManager.gdm.enable = true;
services.desktopManager.gnome.enable = true;
host = {
ai.enable = true;
users = {
eve = {
isDesktopUser = true;
isTerminalUser = true;
isPrincipleUser = true;
};
};
hardware = {
piperMouse.enable = true;
};
};
storage = {
zfs = {
enable = true;
pool = {
mode = "stripe";
vdevs = [
[
{
device = "wwn-0x5000039fd0cf05eb";
boot = true;
}
]
];
cache = [];
};
};
};
virtualisation.libvirtd.enable = true;
users.users.eve = {
extraGroups = ["libvirtd"];
};
services.tailscale.enable = true;
# We were having weird build errors so this is disabled right now
# error: The option `devices.emergent.folders.eve_records.path' was accessed but has no value defined. Try setting the option
services.syncthing.enable = false;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# services.pulseaudio.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# tree
# ];
# };
# programs.firefox.enable = true;
nixpkgs.config.allowUnfree = true;
# Packages that can be installed without any extra configuration
# See https://search.nixos.org/packages for all options
environment.systemPackages = with pkgs; [
wget
gnome-boxes
libvirt
];
# Packages that need to be installed with some extra configuration
# See https://search.nixos.org/options for all options
programs = {};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
networking = {
networkmanager.enable = true;
useDHCP = lib.mkDefault true;
hostId = "7e35eb97"; # arbitrary id number generated via this command: `head -c4 /dev/urandom | od -A none -t x4`
hostName = "emergent"; # Define your hostname.
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "25.05"; # Did you read the comment?
}

8
configurations/nixos/emergent/default.nix
View file

@ -1,8 +0,0 @@
# evs desktop
{...}: {
imports = [
./configuration.nix
./hardware-configuration.nix
./legacy-storage.nix
];
}

32
configurations/nixos/emergent/hardware-configuration.nix
View file

@ -1,32 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "wacom" "kvm" "kvm_amd"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp42s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

51
configurations/nixos/emergent/legacy-storage.nix
View file

@ -1,51 +0,0 @@
# Legacy storage configuration for emergent
# This file manually defines ZFS datasets matching the existing on-disk layout
# to allow incremental migration to the new storage module (generateBase = true).
#
# Current on-disk dataset layout:
# rpool/local/ - parent (canmount=off)
# rpool/local/system/nix - nix store
# rpool/local/system/root - root filesystem
#
# Migration plan:
# Phase 1: Rename datasets on disk (boot from live USB)
# zfs rename -p rpool/local/system/nix rpool/persist/local/nix
# zfs rename rpool/local rpool/persist/local
# # This moves: local/system/root -> persist/local/root (need to rename after)
# # Actually, since local/system/root needs to become persist/local/root:
# zfs rename rpool/persist/local/system/root rpool/persist/local/root
# zfs destroy rpool/persist/local/system # now empty
# # Recreate blank snapshot:
# zfs destroy rpool/persist/local/root@blank
# zfs snapshot rpool/persist/local/root@blank
#
# Phase 2: Delete this file, remove its import from default.nix, rebuild.
{...}: {
# Disable automatic base dataset generation so we can define them manually
storage.generateBase = false;
# Manually define ZFS datasets matching the existing on-disk layout
storage.zfs.datasets = {
"local" = {
type = "zfs_fs";
mount = null;
};
"local/system/nix" = {
type = "zfs_fs";
mount = "/nix";
atime = "off";
relatime = "off";
snapshot = {
autoSnapshot = false;
};
};
"local/system/root" = {
type = "zfs_fs";
mount = "/";
snapshot = {
blankSnapshot = true;
autoSnapshot = true;
};
};
};
}

46
configurations/nixos/emergent/nvidia-drivers.nix
View file

@ -1,46 +0,0 @@
{config, ...}: {
# Enable OpenGL
hardware.graphics = {
enable = true;
};
# Load nvidia driver for Xorg and Wayland
services = {
xserver = {
# Load nvidia driver for Xorg and Wayland
videoDrivers = ["nvidia"];
};
# Use X instead of wayland
displayManager.gdm.wayland = true;
};
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = true;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
open = true;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
}

156
configurations/nixos/horizon/configuration.nix
View file

@ -1,156 +0,0 @@
{
lib,
pkgs,
config,
inputs,
...
}: {
imports = [
inputs.nixos-hardware.nixosModules.framework-11th-gen-intel
];
nixpkgs.config.allowUnfree = true;
boot = {
initrd = {
availableKernelModules = ["usb_storage" "sd_mod"];
};
kernelModules = ["sg"];
# Bootloader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
host = {
users = {
leyla = {
isDesktopUser = true;
isTerminalUser = true;
isPrincipleUser = true;
};
eve.isDesktopUser = true;
};
hardware = {
directAccess.enable = true;
};
ai = {
enable = true;
models = {
"Llama 3.1 8B" = {
model = "llama3.1:8b";
roles = ["chat" "edit" "apply"];
apiBase = "http://defiant:11434";
};
"Deepseek Coder:6.7B" = {
model = "deepseek-coder:6.7b";
roles = ["chat" "edit" "apply"];
apiBase = "http://defiant:11434";
};
"Deepseek Coder:33B" = {
model = "deepseek-coder:33b";
roles = ["chat" "edit" "apply"];
apiBase = "http://defiant:11434";
};
"Deepseek r1:8B" = {
model = "deepseek-r1:8b";
roles = ["chat"];
apiBase = "http://defiant:11434";
};
"Deepseek r1:32B" = {
model = "deepseek-r1:32b";
roles = ["chat"];
apiBase = "http://defiant:11434";
};
"qwen2.5-coder:1.5b-base" = {
model = "qwen2.5-coder:1.5b-base";
roles = ["autocomplete"];
apiBase = "http://defiant:11434";
};
"nomic-embed-text:latest" = {
model = "nomic-embed-text:latest";
roles = ["embed"];
apiBase = "http://defiant:11434";
};
};
};
};
virtualisation.docker.enable = true;
environment.systemPackages = with pkgs; [
cachefilesd
webtoon-dl
android-tools
];
services.cachefilesd.enable = true;
networking = {
networkmanager.enable = true;
hostName = "horizon"; # Define your hostname.
};
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware = {
graphics.enable = true;
};
sops.secrets = {
"vpn-keys/tailscale-authkey/horizon" = {
sopsFile = "${inputs.secrets}/vpn-keys.yaml";
};
};
services = {
# sudo fprintd-enroll
fprintd = {
enable = true;
};
# firmware update tool
fwupd = {
enable = true;
};
tailscale = {
enable = true;
authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path;
useRoutingFeatures = "client";
};
syncthing.enable = true;
ollama = {
enable = true;
loadModels = [
"llama3.1:8b"
];
};
};
# Enable network-online.target for better network dependency handling
systemd.services.NetworkManager-wait-online.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

8
configurations/nixos/horizon/default.nix
View file

@ -1,8 +0,0 @@
# leyla laptop
{...}: {
imports = [
./configuration.nix
./hardware-configuration.nix
# ./network-mount.nix
];
}

45
configurations/nixos/horizon/hardware-configuration.nix
View file

@ -1,45 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/E138-65B5";
fsType = "vfat";
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

76
configurations/nixos/horizon/network-mount.nix
View file

@ -1,76 +0,0 @@
{...}: {
boot.supportedFilesystems = ["nfs"];
fileSystems = {
"/mnt/leyla_documents" = {
device = "defiant:/exports/leyla_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"noatime"
"nofail"
"soft"
"intr" # Allow interruption of NFS calls
"timeo=30" # 3 second timeout (30 deciseconds)
"retrans=2" # Only 2 retries before giving up
"x-systemd.idle-timeout=300" # 5 minute idle timeout for mobile
"x-systemd.device-timeout=15" # 15 second device timeout
"bg" # Background mount - don't block boot
"fsc" # Enable caching
"_netdev" # Network device - wait for network
"x-systemd.requires=network-online.target" # Require network to be online
"x-systemd.after=network-online.target" # Start after network is online
"x-systemd.mount-timeout=30" # 30 second mount timeout
];
};
"/mnt/users_documents" = {
device = "defiant:/exports/users_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"nofail"
"soft"
"intr"
"timeo=30"
"retrans=2"
"x-systemd.idle-timeout=300"
"x-systemd.device-timeout=15"
"bg"
"fsc"
"_netdev"
"x-systemd.requires=network-online.target"
"x-systemd.after=network-online.target"
"x-systemd.mount-timeout=30"
];
};
"/mnt/media" = {
device = "defiant:/exports/media";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"noatime"
"nofail"
"soft"
"intr"
"timeo=30"
"retrans=2"
"x-systemd.idle-timeout=300"
"x-systemd.device-timeout=15"
"bg"
# Mobile-optimized read settings
"rsize=8192" # Smaller read size for mobile
"wsize=8192" # Smaller write size for mobile
"fsc"
"_netdev"
"x-systemd.requires=network-online.target"
"x-systemd.after=network-online.target"
"x-systemd.mount-timeout=30"
];
};
};
}

156
configurations/nixos/twilight/configuration.nix
View file

@ -1,156 +0,0 @@
{
inputs,
config,
pkgs,
...
}: {
nixpkgs.config.allowUnfree = true;
boot.initrd.availableKernelModules = ["usb_storage"];
boot.kernelModules = ["sg"];
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
sops.secrets = {
"vpn-keys/tailscale-authkey/twilight" = {
sopsFile = "${inputs.secrets}/vpn-keys.yaml";
};
};
host = {
users = {
leyla = {
isDesktopUser = true;
isTerminalUser = true;
isPrincipleUser = true;
};
eve.isDesktopUser = true;
};
hardware = {
piperMouse.enable = true;
viaKeyboard.enable = true;
openRGB.enable = true;
graphicsAcceleration.enable = true;
directAccess.enable = true;
};
ai = {
enable = true;
# TODO: benchmark twilight against defiant and prune this list of models that are faster on defiant
models = {
# conversation models
"Llama 3.1 8B" = {
model = "lamma3.1:8b";
roles = ["chat" "edit" "apply"];
};
"deepseek-r1:8b" = {
model = "deepseek-r1:8b";
roles = ["chat" "edit" "apply"];
};
"deepseek-r1:32b" = {
model = "deepseek-r1:32b";
roles = ["chat" "edit" "apply"];
};
# auto complete models
"qwen2.5-coder:1.5b-base" = {
model = "qwen2.5-coder:1.5b-base";
roles = ["autocomplete"];
};
"qwen2.5-coder:7b" = {
model = "qwen2.5-coder:7b";
roles = ["autocomplete"];
};
"deepseek-coder:6.7b" = {
model = "deepseek-coder:6.7b";
roles = ["autocomplete"];
};
"deepseek-coder:33b" = {
model = "deepseek-coder:33b";
roles = ["autocomplete"];
};
# agent models
"qwen3:32b" = {
model = "qwen3:32b";
roles = ["chat" "edit" "apply"];
};
# embedding models
"nomic-embed-text:latest" = {
model = "nomic-embed-text:latest";
roles = ["embed"];
};
};
};
};
services = {
ollama = {
enable = true;
exposePort = true;
loadModels = [
# conversation models
"llama3.1:8b"
"deepseek-r1:8b"
"deepseek-r1:32b"
# auto complete models
"qwen2.5-coder:1.5b-base"
"qwen2.5-coder:7b"
"deepseek-coder:6.7b"
"deepseek-coder:33b"
# agent models
"qwen3:32b"
# embedding models
"nomic-embed-text:latest"
];
};
tailscale = {
enable = true;
authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/twilight".path;
useRoutingFeatures = "both";
extraUpFlags = [
"--advertise-exit-node"
"--advertise-routes=192.168.0.0/24"
];
extraSetFlags = [
"--advertise-exit-node"
"--advertise-routes=192.168.0.0/24"
];
};
syncthing.enable = true;
};
# Enable network-online.target for better network dependency handling
systemd.services.NetworkManager-wait-online.enable = true;
environment.systemPackages = with pkgs; [
cachefilesd
];
hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index
networking = {
networkmanager.enable = true;
hostName = "twilight"; # Define your hostname.
};
# enabled virtualisation for docker
# virtualisation.docker.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

9
configurations/nixos/twilight/default.nix
View file

@ -1,9 +0,0 @@
# leyla desktop
{...}: {
imports = [
./configuration.nix
./hardware-configuration.nix
./nvidia-drivers.nix
# ./network-mount.nix
];
}

42
configurations/nixos/twilight/hardware-configuration.nix
View file

@ -1,42 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems = {
"/" = {
device = "/dev/disk/by-id/nvme-Samsung_SSD_980_500GB_S64ENJ0RA06463Z-part2";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-id/nvme-Samsung_SSD_980_500GB_S64ENJ0RA06463Z-part1";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

72
configurations/nixos/twilight/network-mount.nix
View file

@ -1,72 +0,0 @@
{...}: {
boot.supportedFilesystems = ["nfs"];
fileSystems = {
"/mnt/leyla_documents" = {
device = "defiant:/exports/leyla_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"noatime"
"nofail"
"soft"
"intr" # Allow interruption of NFS calls
"timeo=50" # 5 second timeout (50 deciseconds) - longer than mobile
"retrans=3" # 3 retries for desktop
"x-systemd.idle-timeout=600" # 10 minute idle timeout for desktop
"x-systemd.device-timeout=30" # 30 second device timeout
"bg" # Background mount - don't block boot
"fsc" # Enable caching
"_netdev" # Network device - wait for network
"x-systemd.requires=network-online.target" # Require network to be online
"x-systemd.after=network-online.target" # Start after network is online
];
};
"/mnt/users_documents" = {
device = "defiant:/exports/users_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"nofail"
"soft"
"intr"
"timeo=50"
"retrans=3"
"x-systemd.idle-timeout=600"
"bg"
"fsc"
"_netdev"
"x-systemd.requires=network-online.target"
"x-systemd.after=network-online.target"
];
};
"/mnt/media" = {
device = "defiant:/exports/media";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"noatime"
"nofail"
"soft"
"intr"
"timeo=50"
"retrans=3"
"x-systemd.idle-timeout=600"
"x-systemd.device-timeout=30"
"bg"
# Desktop-optimized read settings
"rsize=32768" # Larger read size for desktop
"wsize=32768" # Larger write size for desktop
"fsc"
"_netdev"
"x-systemd.requires=network-online.target"
"x-systemd.after=network-online.target"
];
};
};
}

48
configurations/nixos/twilight/nvidia-drivers.nix
View file

@ -1,48 +0,0 @@
{config, ...}: {
services = {
xserver = {
# Load nvidia driver for Xorg and Wayland
videoDrivers = ["nvidia"];
};
# Temporarily enable wayland to fix boot issue
# TODO: Investigate proper X11 session generation for gaming
displayManager.gdm.wayland = true;
};
hardware = {
# Enable OpenGL
graphics.enable = true;
# install graphics drivers
nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = true;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = true;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.production;
};
};
}