# server nas { inputs, config, pkgs, ... }: { sops.secrets = { "vpn-keys/tailscale-authkey/defiant" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; }; "vpn-keys/proton-wireguard/defiant-p2p" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; mode = "0640"; owner = "root"; group = "systemd-network"; }; "services/zfs_smtp_token" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; }; host = { users = { leyla = { isDesktopUser = true; isTerminalUser = true; isPrincipleUser = true; }; }; impermanence.enable = true; storage = { enable = true; encryption = true; notifications = { enable = true; host = "smtp.protonmail.ch"; port = 587; to = "leyla@jan-leila.com"; user = "leyla@jan-leila.com"; tokenFile = config.sops.secrets."services/zfs_smtp_token".path; }; pool = { drives = [ "ata-ST18000NE000-3G6101_ZVTCXVEB" "ata-ST18000NE000-3G6101_ZVTCXWSC" "ata-ST18000NE000-3G6101_ZVTD10EH" "ata-ST18000NT001-3NF101_ZVTE0S3Q" "ata-ST18000NT001-3NF101_ZVTEF27J" "ata-ST18000NT001-3NF101_ZVTEZACV" ]; cache = [ "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" ]; }; }; network_storage = { enable = true; directories = [ { folder = "leyla_documents"; user = "leyla"; group = "leyla"; bind = "/home/leyla/documents"; } { folder = "eve_documents"; user = "eve"; group = "eve"; } { folder = "users_documents"; user = "root"; group = "users"; } { folder = "media"; user = "jellyfin"; group = "jellyfin_media"; bind = config.services.jellyfin.media_directory; } ]; nfs = { enable = true; directories = ["leyla_documents" "eve_documents" "users_documents" "media"]; }; }; reverse_proxy = { enable = true; enableACME = true; hostname = "jan-leila.com"; }; postgres = { extraUsers = { leyla = { isAdmin = true; }; }; }; # home-assistant = { # enable = false; # subdomain = "home"; # }; adguardhome = { enable = false; }; }; systemd.network = { enable = true; config = { routeTables = { p2p = 1; }; }; netdevs = { "10-bond0" = { netdevConfig = { Kind = "bond"; Name = "bond0"; }; bondConfig = { Mode = "802.3ad"; TransmitHashPolicy = "layer3+4"; }; }; "15-p2p" = { netdevConfig = { Kind = "wireguard"; Name = "p2p0"; MTUBytes = "1300"; }; wireguardConfig = { PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; ListenPort = 51820; # RouteTable = "p2p"; }; wireguardPeers = [ { PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; Endpoint = "185.230.126.146:51820"; AllowedIPs = ["0.0.0.0/0"]; RouteTable = "off"; } ]; }; }; networks = { "40-bond0" = { matchConfig.Name = "bond0"; linkConfig = { RequiredForOnline = "degraded-carrier"; RequiredFamilyForOnline = "any"; }; networkConfig.DHCP = "yes"; address = [ "192.168.1.10/32" ]; gateway = ["192.168.1.1"]; dns = ["192.168.1.1"]; }; "45-p2p" = { matchConfig.Name = "p2p0"; address = [ "10.2.0.2/32" ]; # routingPolicyRules = [ # { # From = "10.2.0.2/32"; # Table = "p2p"; # } # { # To = "10.2.0.2/32"; # Table = "p2p"; # } # ]; linkConfig.RequiredForOnline = false; }; }; }; services = { # TODO: move zfs scrubbing into module zfs = { autoScrub.enable = true; autoSnapshot.enable = true; }; # temp enable desktop enviroment for setup # Enable the X11 windowing system. xserver = { enable = true; # Enable the GNOME Desktop Environment. displayManager = { gdm.enable = true; }; desktopManager = { gnome.enable = true; xterm.enable = false; }; # Get rid of xTerm excludePackages = [pkgs.xterm]; }; ollama = { enable = false; loadModels = [ "deepseek-coder:6.7b" "deepseek-r1:8b" "deepseek-r1:32b" "deepseek-r1:70b" ]; }; tailscale = { enable = true; authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/defiant".path; useRoutingFeatures = "server"; extraUpFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" "--accept-dns=false" ]; extraSetFlags = [ "--advertise-exit-node" "--advertise-routes=192.168.0.0/24" "--accept-dns=false" ]; }; syncthing.enable = true; fail2ban.enable = true; jellyfin = { enable = true; subdomain = "media"; extraSubdomains = ["jellyfin"]; }; immich = { enable = true; subdomain = "photos"; }; forgejo = { enable = true; subdomain = "git"; }; searx = { enable = true; subdomain = "search"; }; virt-home-assistant = { enable = false; networkBridge = "bond0"; hostDevice = "0x10c4:0xea60"; }; qbittorrent = { enable = true; mediaDir = "/srv/qbittorent"; openFirewall = true; webPort = 8084; }; }; # disable computer sleeping systemd.targets = { sleep.enable = false; suspend.enable = false; hibernate.enable = false; hybrid-sleep.enable = false; }; services.xserver.displayManager.gdm.autoSuspend = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? }