From cd3014af51f4d5e12cccf447dc1051339d95a12f Mon Sep 17 00:00:00 2001 From: Sijmen Date: Sun, 7 Aug 2022 23:28:27 +0200 Subject: [PATCH] add nas config --- nas/configuration.nix | 338 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 338 insertions(+) create mode 100644 nas/configuration.nix diff --git a/nas/configuration.nix b/nas/configuration.nix new file mode 100644 index 0000000..d88dc60 --- /dev/null +++ b/nas/configuration.nix @@ -0,0 +1,338 @@ +{ config, pkgs, lib, ... }: + +{ + imports = + [ + ../hardware-configuration.nix + ../common/configuration.nix + ]; + + hardware = { + cpu.intel.updateMicrocode = true; + enableAllFirmware = true; + + opengl = { + enable = true; + driSupport = true; + extraPackages = with pkgs; [ + intel-media-driver + vaapiIntel + vaapiVdpau + libvdpau-va-gl + intel-compute-runtime + ]; + }; + }; + + boot = { + kernelModules = [ "coretemp" "nct6775" ]; + + extraModprobeConfig = '' + options qla2xxx qlini_mode="disabled" + options zfs l2arc_rebuild_enabled=1 + ''; + + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + kernel.sysctl = { + "fs.inotify.max_user_watches" = 204800; + }; + + supportedFilesystems = [ "zfs" ]; + zfs.extraPools = [ "docs_12t_z1" ]; + }; + + networking = { + useDHCP = false; + interfaces.eno1.useDHCP = true; + + interfaces.enp1s0.useDHCP = false; + interfaces.enp1s0.ipv4.addresses = [{ + address = "10.2.0.2"; + prefixLength = 24; + }]; + + firewall.enable = false; + + hostName = "nas"; + hostId = "c9e40f42"; + }; + + i18n.defaultLocale = "en_US.UTF-8"; + + users.users.sijmen = { + isNormalUser = true; + extraGroups = [ "wheel" "nextcloud" ]; + }; + + nixpkgs.config.allowUnfree = true; + + programs.msmtp = { + enable = true; + setSendmail = true; + accounts = { + default = { + auth = true; + tls = true; + port = 587; + host = "smtp.soverin.net"; + user = "me@sijmenschoon.nl"; + passwordeval = "pass show email/personal-nas"; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "me@sijmenschoon.nl"; + }; + + services.jellyfin.enable = true; + services.thermald.enable = true; + + services.nginx = { + enable = true; + + # Use recommended settings + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + # Only allow PFS-enabled ciphers with AES256 + sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; + + clientMaxBodySize = "1000G"; + + # Setup Nextcloud virtual host to listen on ports + virtualHosts = { + "cloud.sijmenschoon.nl" = { + forceSSL = true; + enableACME = true; + extraConfig = '' + proxy_read_timeout 600; + proxy_connect_timeout 60; + proxy_send_timeout 600; + ''; + }; + }; + }; + + services.redis.servers."".enable = true; + + services.nextcloud = { + enable = true; + hostName = "cloud.sijmenschoon.nl"; + https = true; + autoUpdateApps.enable = true; + autoUpdateApps.startAt = "05:00:00"; + maxUploadSize = "1000G"; + package = pkgs.nextcloud24; + + caching = { + redis = true; + }; + + config = { + overwriteProtocol = "https"; + + # Nextcloud PostegreSQL database configuration, recommended over using SQLite + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself + dbname = "nextcloud"; + dbpassFile = "/var/nextcloud-db-pass"; + + adminpassFile = "/var/nextcloud-admin-pass"; + adminuser = "admin"; + + extraTrustedDomains = [ + "cloud.sijman.nl" + "192.168.1.123" + ]; + defaultPhoneRegion = "NL"; + }; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [ "nextcloud" ]; + ensureUsers = [ + { + name = "nextcloud"; + ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + } + { + name = "netdata"; + ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + } + ]; + + settings = { + shared_buffers = "8192MB"; + }; + }; + + services.fwupd.enable = true; + + services.netdata = { + enable = true; + python.extraPackages = ps: [ + ps.psycopg2 + ]; + }; + + services.smartd = { + enable = true; + extraOptions = [ + "-A /var/log/smartd/" + "-i 600" + ]; + notifications.mail = { + enable = true; + sender = "nas@sijman.nl"; + recipient = "nas@sijman.nl"; + mailer = "/run/current-system/sw/bin/msmtp --read-envelope-from -t"; + }; + }; + + services.nfs.server = { + enable = true; + exports = '' + /mnt/docs 192.168.0.0/24(rw,sync) + /mnt/backup 192.168.0.0/24(rw,sync) + ''; + }; + + services.samba = { + enable = true; + securityType = "user"; + extraConfig = '' + workgroup = WORKGROUP + server string = nas + netbios name = nas + security = user + hosts allow = 192.168.1.0/24, 10.2.0.0/24 + guest account = nobody + + client min protocol = SMB3 + client max protocol = SMB3 + restrict anonymous = 2 + encrypt passwords = true + ''; + + shares = { + docs = { + path = "/mnt/docs"; + "valid users" = "@nextcloud"; + "force user" = "nextcloud"; + "force group" = "+nextcloud"; + + public = "no"; + browseable = "yes"; + writable = "yes"; + + "read only" = "no"; + + "create mask" = "0664"; + "directory mask" = "2775"; + "force create mode" = "0664"; + "force directory mode" = "2775"; + }; + + backup = { + path = "/mnt/backup"; + "valid users" = "sijmen"; + "force user" = "nextcloud"; + "force group" = "+nextcloud"; + + public = "no"; + browseable = "yes"; + writable = "yes"; + + "read only" = "no"; + + "create mask" = "0644"; + "directory mask" = "2755"; + "force create mode" = "0644"; + "force directory mode" = "2755"; + }; + }; + }; + + services.borgmatic = { + enable = true; + settings = { + location.repositories = [ "/mnt/backup/borg" ]; + location.source_directories = [ "/mnt/docs" ]; + location.patterns = [ "- /mnt/docs/fileio.bin" ]; + retention.keep_daily = 7; + retention.keep_weekly = 4; + retention.keep_monthly = 3; + }; + }; + + services.syncthing = { + dataDir = "/mnt/docs/users/sijmen"; + configDir = "/home/sijmen/.config/syncthing"; + guiAddress = "0.0.0.0:8384"; + }; + + services.transmission = { + enable = true; + + user = "nextcloud"; # TODO make this its own user maybe + group = "nextcloud"; + + settings = { + peer-port = 51415; + download-dir = "/mnt/docs/media/Downloads"; + rpc-bind-address = "0.0.0.0"; + rpc-whitelist-enabled = false; + }; + }; + + systemd = { + services.jellyfin.serviceConfig.PrivateDevices = lib.mkForce false; + + services."nextcloud-setup" = { + requires = ["postgresql.service"]; + after = ["postgresql.service"]; + }; + + services."set-smr-timeout" = { + description = "Set command timeout for SMR drives to 180 seconds"; + wantedBy = [ "multi-user.target" ]; + after = [ "mnt-backup.mount" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.stdenv.shell} -c 'echo 180 > /sys/block/$(basename $(readlink -f /dev/disk/by-id/ata-ST2000DM008-2FR102_WFL3W3SZ))/device/timeout'"; + }; + }; + + timers.backup = { + wantedBy = [ "timers.target" ]; + partOf = [ "backup.service" ]; + timerConfig.OnCalendar = "daily"; + }; + + services.backup = { + serviceConfig.Type = "oneshot"; + path = [ pkgs.mount pkgs.umount pkgs.borgmatic pkgs.hdparm ]; + script = '' + mount /mnt/backup + borgmatic --verbosity 1 --files + umount /mnt/backup + sync + hdparm -y /dev/disk/by-id/{ata-WDC_WD10EARS-00MVWB0_WD-WCAZA0318253,ata-WDC_WD10EARS-00MVWB0_WD-WCAZA0338594,ata-ST2000VN004-2E4164_Z522Z7XT,ata-ST2000DM008-2FR102_WFL3W3SZ,ata-WDC_WD10EZEX-22RKKA0_WD-WCC1S3934917,ata-SAMSUNG_HD103SJ_S246J9BZC23280} + ''; + }; + }; + + system.stateVersion = "21.05"; +} +