felixalb/nixos-config
felixalb/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: felixalb:807462cd544f599eed55834a8c7e305133f2a197
Branches Tags
felixalb:main
...
compare: felixalb:26f4174b0be7dcddf417c01d5c300521e2d4207f
Branches Tags
felixalb:main

5 Commits
807462cd54 ... 26f4174b0b

Author SHA1 Message Date
Felix Albrigtsen
26f4174b0b challenger: set kernel params to prevent cpu hissy fits 2025-01-16 21:51:08 +01:00
Felix Albrigtsen
f2230c6e70 challenger: re-add backup nfs mount 2025-01-16 21:51:08 +01:00
Felix Albrigtsen
05134a6121 challenger: disable nvidia.open 2025-01-16 21:51:08 +01:00
Felix Albrigtsen
c5ca99e05f challenger/nextcloud: fix typo 2025-01-16 21:51:08 +01:00
Felix Albrigtsen
28296d5066 challenger: add user amalieem 2025-01-16 21:51:08 +01:00
5 changed files with 58 additions and 14 deletions
Show Stats Expand all files Collapse all files

37
hosts/challenger/amalieem.nix Normal file
View File

@ -0,0 +1,37 @@
{ config, pkgs, lib, ... }:
let
cmdChownManga = pkgs.writeScriptBin "chownManga" ''
#!${pkgs.stdenv.shell}
chown -R amalieem:komga /tank/media/komga/Amalie
chmod -R 750 /tank/media/komga/Amalie
'';
in {
users.users."amalieem" = {
isNormalUser = true;
home = "/home/amalieem";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7e+BAoXIFmTeeBYAVImQAcyx6SCoYCErA7h16OGL70 amalieem@wentworth"
];
packages = with pkgs; [
cmdChownManga
mangal
rsync
];
};
security.sudo = {
enable = true;
extraRules = [{
commands = [
{
command = "${lib.getExe cmdChownManga}";
options = [ "NOPASSWD" ];
}
];
users = [ "amalieem" ];
}];
};
}

3
hosts/challenger/configuration.nix
View File

@ -7,6 +7,7 @@
../../base.nix ../../base.nix
../../common/metrics-exporters.nix ../../common/metrics-exporters.nix
./amalieem.nix
./backup.nix ./backup.nix
# ./exports.nix # ./exports.nix
./filesystems.nix ./filesystems.nix
@ -53,7 +54,7 @@
hardware.nvidia = { hardware.nvidia = {
modesetting.enable = true; modesetting.enable = true;
open = true; open = false;
}; };
hardware.graphics.enable = true; hardware.graphics.enable = true;

24
hosts/challenger/filesystems.nix
View File

@ -17,16 +17,16 @@
interval = "Wed *-*-8..14 00:00:00"; interval = "Wed *-*-8..14 00:00:00";
}; };
# fileSystems = { fileSystems = {
# "/mnt/feal-syn1/backup" = { "/mnt/feal-syn1/backup" = {
# device = "feal-syn1.home.feal.no:/volume2/backup"; device = "feal-syn1.home.feal.no:/volume2/backup";
# fsType = "nfs"; fsType = "nfs";
# options = [ options = [
# "defaults" "defaults"
# "noatime" "noatime"
# "rw" "rw"
# "nfsvers=3" "nfsvers=3"
# ]; ];
# }; };
# }; };
} }

6
hosts/challenger/hardware-configuration.nix
View File

@ -12,6 +12,12 @@
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.kernelParams = [
# https://wiki.gentoo.org/wiki/Ryzen#Ryzen_Threadripper
"processor.max_cstate=1"
"rcu_nocbs=0-11"
"idle=nomwait"
];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/ea31d0ea-2949-420a-99ea-7f77c4b7091e"; { device = "/dev/disk/by-uuid/ea31d0ea-2949-420a-99ea-7f77c4b7091e";

2
hosts/challenger/services/nextcloud.nix
View File

@ -133,7 +133,7 @@ in {
ProtectProc = "invisible"; ProtectProc = "invisible";
ReadWritePaths = [ "/tank/nextcloud" "/run/phpfpm" "/run/systemd" ]; ReadWritePaths = [ "/tank/nextcloud" "/run/phpfpm" "/run/systemd" ];
ReadOnlyPaths = [ "/run/secrets" "/nix/store" ]; ReadOnlyPaths = [ "/run/secrets" "/nix/store" ];
InaccessbilePaths = [ "/tank/media" "/tank/backup" ]; InaccessiblePaths = [ "/tank/media" "/tank/backup" ];
RemoveIPC = true; RemoveIPC = true;
RestrictSUIDSGID = true; RestrictSUIDSGID = true;
UMask = "0007"; UMask = "0007";