numbus/numbus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Lots of changes to the directories organisation, more work needed.

Browse Source
This commit is contained in:
Raphaël Numbus
2026-05-15 10:02:29 +02:00
parent 73adb395c0
commit 24f62ec057
63 changed files with 1193 additions and 1412 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/backup/hardware/boot.nix
-13
View File
@@ -1,13 +0,0 @@
{ config, ... }:
{
config = {
boot.initrd.systemd.enable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernel.sysctl = {
"vm.overcommit_memory" = 1;
};
};
}
modules/backup/hardware/cpu.nix
-9
View File
@@ -1,9 +0,0 @@
{ config, ... }:
{
config = {
hardware.enableRedistributableFirmware = true;
hardware.cpu.intel.updateMicrocode = true;
hardware.cpu.amd.updateMicrocode = true;
};
}
modules/backup/hardware/default.nix
-10
View File
@@ -1,10 +0,0 @@
{ ... }:
{
imports = [
./boot.nix
./cpu.nix
./disks.nix
./pcie-coral.nix
];
}
modules/backup/hardware/disks.nix
-328
View File
@@ -1,328 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.numbus.hardware;
mkDataDisk = idx: device: {
name = "content-${toString idx}";
value = {
type = "disk";
device = device;
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-content-${toString idx}";
initrdUnlock = false;
settings = {
keyFile = "/etc/secrets/disks/content-${toString idx}";
allowDiscards = true;
crypttabExtraOpts = [ "nofail" ];
};
content = {
type = "filesystem";
format = cfg.dataDisksFilesystem;
mountpoint = "/mnt/content-${toString idx}";
mountOptions = [ "nofail" "noauto" ];
};
};
};
};
};
};
};
mkParityDisk = idx: device: {
name = "parity-${toString idx}";
value = {
type = "disk";
device = device;
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-parity-${toString idx}";
initrdUnlock = false;
settings = {
keyFile = "/etc/secrets/disks/parity-${toString idx}";
allowDiscards = true;
crypttabExtraOpts = [ "nofail" ];
};
content = {
type = "filesystem";
format = cfg.parityDisksFilesystem;
mountpoint = "/mnt/parity-${toString idx}";
mountOptions = [ "nofail" "noauto" ];
};
};
};
};
};
};
};
isMirror = length cfg.bootDisksList > 1;
bootDisksConfig = if isMirror then {
mdadm = {
boot = {
type = "mdadm";
level = 1;
metadata = "1.2";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
};
disk = listToAttrs (imap1 (i: device: {
name = "boot-${toString i}";
value = {
type = "disk";
device = device;
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "mdraid";
name = "boot";
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-boot-${toString i}";
settings = {
allowDiscards = true;
keyFile = "/etc/secrets/disks/boot-${toString i}";
};
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
}) cfg.bootDisksList);
} else {
disk = {
"boot-1" = {
type = "disk";
device = head cfg.bootDisksList;
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-boot-1";
settings = {
keyFile = "/etc/secrets/disks/boot-1";
allowDiscards = true;
};
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
};
};
lvmConfig = {
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
swap = {
size = cfg.swapSize;
content = {
type = "swap";
};
} // optionalAttrs isMirror { lvm_type = "mirror"; };
snapraid = {
size = "1G";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/mnt/content-0";
};
} // optionalAttrs isMirror { lvm_type = "mirror"; };
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/rootfs" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
};
};
} // optionalAttrs isMirror { lvm_type = "mirror"; };
};
};
};
};
in
{
options.numbus.hardware = {
dataDisksList = mkOption {
type = types.listOf types.str;
default = [];
example = [ "/dev/disk/by-id/WD_Blue_ATO431_159Ejz224G0000382b" "/dev/disk/by-id/Seagate_Barracuda_159Ejz224G" ];
description = "List by-id path of devices for data disks";
};
parityDisksList = mkOption {
type = types.listOf types.str;
default = [];
example = [ "/dev/disk/by-id/WD_Blue_ATO431_159Ejz224G0000382b" "/dev/disk/by-id/Seagate_Barracuda_159Ejz224G" ];
description = "List of by-id path of devices for parity disks";
};
bootDisksList = mkOption {
type = types.listOf types.str;
default = [];
example = [ "/dev/disk/by-id/nvme_SAMSUNG_MZVPYEHCO_159Ejz224G0000" "/dev/disk/by-id/ata-San_Disk_159Ejz224G" ];
description = "List of by-id path of devices for boot disks";
};
spindownDisksList = mkOption {
type = types.listOf types.str;
default = [];
example = [ "/dev/disk/by-id/WD_Blue_ATO431_159Ejz224G0000382b" "/dev/disk/by-id/Seagate_Barracuda_159Ejz224G" ];
description = "List of by-id path of devices to spindown when inactive to save power (HDD only)";
};
swapSize = mkOption {
type = types.str;
default = "16G";
example = "16G";
description = "Size of the swap partition";
};
dataDisksFilesystem = mkOption {
type = types.enum [ "xfs" "ext4" "btrfs" ];
default = "xfs";
example = "xfs";
description = "Filesystem for data disks. Available filesystem options : xfs, ext4, btrfs";
};
parityDisksFilesystem = mkOption {
type = types.enum [ "xfs" "ext4" "btrfs" ];
default = "xfs";
example = "xfs";
description = "Filesystem for parity disks. Available filesystem options : xfs, ext4, btrfs";
};
};
config = mkIf (cfg.bootDisksList != []) {
disko.devices = mkMerge [
bootDisksConfig
lvmConfig
{
disk = listToAttrs (imap1 mkDataDisk cfg.dataDisksList);
}
{
disk = listToAttrs (imap1 mkParityDisk cfg.parityDisksList);
}
];
services.snapraid = {
enable = true;
contentFiles = [ "/mnt/content-0/snapraid.content" ] ++
(map (i: "/mnt/content-${toString i}/snapraid.content") (range 1 (length cfg.dataDisksList)));
parityFiles = map (i: "/mnt/parity-${toString i}/snapraid.parity") (range 1 (length cfg.parityDisksList));
dataDisks = listToAttrs (imap1 (i: _: nameValuePair "d${toString i}" "/mnt/content-${toString i}") cfg.dataDisksList);
};
fileSystems."/mnt/data" = {
device = "/mnt/content-*";
fsType = "fuse.mergerfs";
options = [
"category.create=ff"
"cache.files=partial"
"dropcacheonclose=true"
"defaults"
"noauto"
"nofail"
"allow_other"
"moveonenospc=1"
"minfreespace=50G"
"func.getattr=newest"
"fsname=mergerfs_data"
"x-mount.mkdir"
"x-systemd.automount"
];
};
systemd.services.mount-disks = {
description = "Mount data and parity disks";
before = [ "mnt-data.mount" ];
requiredBy = [ "mnt-data.mount" ];
path = [ pkgs.cryptsetup pkgs.util-linux ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = let
mountDataDisk = i: ''
if [ ! -e /dev/mapper/crypted-content-${toString i} ]; then
cryptsetup luksOpen --key-file /etc/secrets/disks/content-${toString i} /dev/disk/by-partlabel/disk-content-${toString i}-luks crypted-content-${toString i}
fi
mkdir -p /mnt/content-${toString i}
if ! mountpoint -q /mnt/content-${toString i}; then
mount -t ${cfg.dataDisksFilesystem} /dev/mapper/crypted-content-${toString i} /mnt/content-${toString i}
fi
'';
mountParityDisk = i: ''
if [ ! -e /dev/mapper/crypted-parity-${toString i} ]; then
cryptsetup luksOpen --key-file /etc/secrets/disks/parity-${toString i} /dev/disk/by-partlabel/disk-parity-${toString i}-luks crypted-parity-${toString i}
fi
mkdir -p /mnt/parity-${toString i}
if ! mountpoint -q /mnt/parity-${toString i}; then
mount -t ${cfg.parityDisksFilesystem} /dev/mapper/crypted-parity-${toString i} /mnt/parity-${toString i}
fi
'';
in ''
${concatMapStrings mountDataDisk (range 1 (length cfg.dataDisksList))}
${concatMapStrings mountParityDisk (range 1 (length cfg.parityDisksList))}
'';
};
};
}
modules/backup/hardware/spindown.nix
-24
View File
@@ -1,24 +0,0 @@
{ config, lib, ... }:
with lib;
{
options.numbus-backup = {
hardware = {
HddSpindown = {
enable = mkOption {
description = "Spin down Hard drives when inactive in order to save power.";
type = types.bool;
example = true;
default = true;
};
optimize = mkOption {
description = "Optimize services to reduce HDD wakeups when HddSpindown is enabled. Can be set to \"compatible\" to optimize all compatible services, or a list of service names to optimize.";
type = types.nullOr (types.either (types.enum [ "compatible" ]) (types.listOf types.str));
default = "compatible";
example = "[ \"crafty\" \"gitea\" ]";
};
};
};
};
}
modules/backup/mail/clamav.nix
-89
View File
@@ -1,89 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.numbus.services.clamav;
clamav_notifier = pkgs.writeScript "clamav-notify.sh" ''
#!${pkgs.bash}/bin/bash
# Check if triggered by Real-time event (file exists)
if [ -f /var/lib/clamav/virus_event.env ]; then
source /var/lib/clamav/virus_event.env
rm /var/lib/clamav/virus_event.env
fi
ADMIN_EMAIL="${config.numbus.mail.adminAddress}"
USER_EMAIL="${config.numbus.mail.userAddress}"
OWNER_NAME="${config.numbus.owner}"
if [ -n "$CLAM_VIRUSEVENT_VIRUSNAME" ]; then
# --- Real-time / VirusEvent Mode ---
SUBJECT="Numbus Server Alert: Virus Detected (Real-time)"
# Retrieve logs from clamav-daemon
LOGS=$(journalctl -u clamav-daemon.service -n 50 --no-pager | grep "FOUND")
TECH_BODY="
ClamAV Real-time Alert:
Server owner: $OWNER_NAME
Virus detected: $CLAM_VIRUSEVENT_VIRUSNAME
File: $CLAM_VIRUSEVENT_FILENAME
Logs:
$LOGS
Action taken: Access blocked (OnAccessPrevention).
Please investigate manually.
"
FRIENDLY_BODY="Cher/Chère $OWNER_NAME,
L'antivirus de votre serveur a détecté et bloqué une menace en temps réel.
Fichier : $CLAM_VIRUSEVENT_FILENAME
Votre administrateur a été notifié.
"
else
# --- Scheduled Scan Summary Mode ---
SUBJECT="Numbus Server Alert: Virus Detected during Scheduled Scan"
# Retrieve logs (clamdscan prints FOUND when a virus is detected)
LOGS=$(journalctl -u clamav-periodic-scan.service -n 100 --no-pager | grep "FOUND")
TECH_BODY="
ClamAV Scan Alert:
Server owner: $OWNER_NAME
Viruses detected:
$LOGS
Action taken: Detection only.
Please investigate manually.
"
FRIENDLY_BODY="Cher/Chère $OWNER_NAME,
L'antivirus de votre serveur a détecté une menace potentielle lors de l'analyse périodique.
Votre administrateur a été notifié avec les détails techniques.
Nous vous conseillons d'être prudent avec vos fichiers récents.
"
fi
printf "Subject: [ADMIN] %s\n\n%s" "$SUBJECT" "$TECH_BODY" | /run/wrappers/bin/sendmail -t "$ADMIN_EMAIL"
printf "Subject: [Alerte] Menace détectée sur votre serveur Numbus\n\n%s\n\nMerci de votre confiance,\nL'équipe de support,\nNumbus-Server." "$FRIENDLY_BODY" | /run/wrappers/bin/sendmail -t "$USER_EMAIL"
'';
in
{
config = mkIf cfg.enable {
systemd.services.clamav-virus-notify = {
description = "Email notification for ClamAV virus detection";
serviceConfig = {
Type = "oneshot";
ExecStart = "${clamav_notifier}";
};
};
};
}
modules/backup/mail/default.nix
-10
View File
@@ -1,10 +0,0 @@
{ ... }:
{
imports = [
./clamav.nix
./smart.nix
./systemd.nix
./smtp.nix
];
}
modules/backup/mail/smart.nix
-61
View File
@@ -1,61 +0,0 @@
{ config, pkgs, ... }:
let
smartd_notifier = pkgs.writeScript "smartd-notify.sh" ''
#!${pkgs.bash}/bin/bash
# 1. Send Technical Email to Admin
ADMIN_EMAIL="${config.numbus.mail.adminAddress}"
SUBJECT="Numbus Server Alert: $SMARTD_FAILTYPE on $SMARTD_DEVICE"
TECH_BODY="
SMARTD Alert Details:
Server owner: $OWNER_NAME
Device: $SMARTD_DEVICE
Type: $SMARTD_DEVICETYPE
Failure Type: $SMARTD_FAILTYPE
Message: $SMARTD_MESSAGE
Full Message:
$SMARTD_FULLMESSAGE
"
printf "Subject: [ADMIN] $SUBJECT\n\n$TECH_BODY" | /run/wrappers/bin/sendmail -t "$ADMIN_EMAIL"
# 2. Send Friendly Email to Owner
USER_EMAIL="${config.numbus.mail.userAddress}"
OWNER_NAME="${config.numbus.owner}"
FRIENDLY_BODY="Cher/Chère $OWNER_NAME,
Votre serveur a automatiquement détecté une panne matérielle de disque dur.
Ce genre de panne est tout à fait normal selon l'âge de votre matériel et n'entraîne
dans la grande majorité des cas aucune perte de données grâce au système de
stockage redondant préventif.
Votre administrateur a été notifié de cette panne. Il vous recontactera dans de très
brefs délais afin de procéder au remplacement, si nécessaire, du disque dur défaillant.
Merci de votre confiance,
L'équipe de support,
Numbus-Server."
printf "Subject: [Alerte] Défaillance matérielle sur votre serveur Numbus\n\n$FRIENDLY_BODY" | /run/wrappers/bin/sendmail -t "$USER_EMAIL"
'';
in
{
services.smartd = {
enable = true;
defaults.autodetected = "-a -o on -S on -s (S/../.././00|L/../../6/01) -n standby,q -M exec ${smartd_notifier}";
notifications = {
wall = {
enable = true;
};
mail = {
enable = true;
sender = config.numbus.mail.fromAddress;
recipient = "${config.numbus.mail.userAddress},${config.numbus.mail.adminAddress}";
};
};
};
}
modules/backup/mail/smtp.nix
-84
View File
@@ -1,84 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.numbus.mail;
in
{
options.numbus.mail = {
enable = mkEnableOption "Email sending functionality";
userAddress = mkOption {
description = "The address of the user this server will send emails to";
type = types.str;
example = "user@your-domain.com";
};
adminAddress = mkOption {
description = "The address of the admin this server will send emails to";
type = types.str;
example = "admin@your-domain.com";
};
smtpUsername = mkOption {
description = "The username/email that will be use to authenticate to the SMTP server";
type = types.str;
example = "your-smtp-enabled-address@your-domain.com";
};
smtpPasswordPath = mkOption {
description = "The path to a file containing the password that will be use to authenticate to the SMTP server";
type = types.path;
example = /run/secrets/smtp-password;
};
fromAddress = mkOption {
description = "This server will send emails from this address";
type = types.str;
default = "numbus-server-noreply@${config.numbus.services.domain}";
example = "numbus-server-noreply@your-domain.com";
};
smtpServer = mkOption {
description = "The SMTP server address your server will use to send emails";
type = types.str;
default = "smtp.gmail.com";
example = "smtp.your-provider.com";
};
smtpPort = mkOption {
description = "The SMTP port your server will connect to to send emails";
type = types.port;
default = 587;
example = 587;
};
};
config = mkIf cfg.enable {
environment.etc."aliases".text = ''
root: ${cfg.userAddress}, ${cfg.adminAddress}
default: ${cfg.userAddress}, ${cfg.adminAddress}
'';
programs.msmtp = {
enable = true;
defaults = {
aliases = "/etc/aliases";
timeout = 60;
syslog = "on";
};
accounts.default = {
auth = true;
host = cfg.smtpServer;
port = cfg.smtpPort;
from = cfg.fromAddress;
user = cfg.smtpUsername;
tls = true;
tls_starttls = true;
passwordeval = "${pkgs.coreutils}/bin/cat ${cfg.smtpPasswordPath}";
};
};
};
}
modules/backup/mail/systemd.nix
-55
View File
@@ -1,55 +0,0 @@
{ config, pkgs, ... }:
let
systemd_notifier = pkgs.writeScript "systemd-email-notify.sh" ''
#!${pkgs.bash}/bin/bash
# The failing service name is passed as the first argument
UNIT=$1
# 1. Send Technical Email to Admin
ADMIN_EMAIL="${config.numbus.mail.adminAddress}"
SUBJECT="Numbus Server Alert: Service $UNIT Failed"
# Retrieve recent logs for context
LOGS=$(journalctl -u "$UNIT" -n 20 --no-pager)
TECH_BODY="
Systemd Service Failure Alert:
Server owner: ${config.numbus.owner}
Service: $UNIT
Recent Logs:
$LOGS
"
printf "Subject: [ADMIN] $SUBJECT\n\n$TECH_BODY" | /run/wrappers/bin/sendmail -t "$ADMIN_EMAIL"
# 2. Send Friendly Email to Owner
USER_EMAIL="${config.numbus.mail.userAddress}"
OWNER_NAME="${config.numbus.owner}"
FRIENDLY_BODY="Cher/Chère $OWNER_NAME,
Votre serveur a détecté une défaillance du service $UNIT.
Le système a tenté de gérer l'erreur, mais une intervention peut être nécessaire.
Votre administrateur a été notifié de cet incident avec les détails techniques nécessaires.
Il interviendra si une action manuelle est requise.
Merci de votre confiance,
L'équipe de support,
Numbus-Server."
printf "Subject: [Alerte] Erreur sur votre serveur Numbus\n\n$FRIENDLY_BODY" | /run/wrappers/bin/sendmail -t "$USER_EMAIL"
'';
in
{
systemd.services."service-failure-notify@" = {
description = "Email notification for failed service %i";
onFailure = [ ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${systemd_notifier} %i";
};
};
}
modules/backup/misc/default.nix
-10
View File
@@ -1,10 +0,0 @@
{ ... }:
{
imports = [
./internationalisation.nix
./power.nix
./update.nix
./users.nix
];
}
modules/backup/misc/internationalisation.nix
-24
View File
@@ -1,24 +0,0 @@
{ config, lib, ... }:
{
config = {
i18n.defaultLocale = "${config.numbus.locale}.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "${config.numbus.locale}.UTF-8";
LC_IDENTIFICATION = "${config.numbus.locale}.UTF-8";
LC_MEASUREMENT = "${config.numbus.locale}.UTF-8";
LC_MONETARY = "${config.numbus.locale}.UTF-8";
LC_NAME = "${config.numbus.locale}.UTF-8";
LC_NUMERIC = "${config.numbus.locale}.UTF-8";
LC_PAPER = "${config.numbus.locale}.UTF-8";
LC_TELEPHONE = "${config.numbus.locale}.UTF-8";
LC_TIME = "${config.numbus.locale}.UTF-8";
};
console.keyMap = lib.toLower config.numbus.language;
services.xserver.xkb = {
layout = lib.toLower config.numbus.language;
variant = "";
};
};
}
modules/backup/misc/power.nix
-30
View File
@@ -1,30 +0,0 @@
{ config, lib, pkgs, ... }:
let
hardDrives = config.numbus.hardware.spindownDisksList;
in
{
config = {
systemd.services.hd-idle = {
description = "External HD spin down daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
ExecStart =
let
idleTime = toString 1800;
hardDriveParameter = lib.strings.concatMapStringsSep " " (x: "-a ${x} -i ${idleTime}") hardDrives;
in
"${pkgs.hd-idle}/bin/hd-idle -i 0 ${hardDriveParameter}";
};
};
services.autoaspm.enable = true;
powerManagement.powertop.enable = true;
boot.kernelParams = [
"pcie_aspm=force"
"consoleblank=60"
];
};
}
modules/backup/misc/update.nix
-23
View File
@@ -1,23 +0,0 @@
{ config, inputs, ... }:
{
config = {
system.autoUpgrade = {
enable = true;
allowReboot = false;
flake = inputs.self.outPath;
flags = [ "--print-build-logs" ];
dates = "02:00";
randomizedDelaySec = "45min";
};
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.auto-optimise-store = true;
};
}
modules/backup/misc/users.nix
-16
View File
@@ -1,16 +0,0 @@
{ config, pkgs, ... }:
{
users.users.numbus-admin = {
shell = pkgs.fish;
isNormalUser = true;
description = "Numbus Admin";
extraGroups = [ "wheel" ];
uid = 1000;
initialPassword = "changeMe!";
# required for auto start before user login
linger = true;
# required for rootless container with multiple users
autoSubUidGidRange = true;
};
}
modules/common/hardware/boot-params.nix
+31
View File
@@ -0,0 +1,31 @@
{ config, deviceType, ... }:
{
config = mkMerge [
({
boot = {
plymouth.enable = true;
# Enable "Silent boot"
consoleLogLevel = 3;
initrd.verbose = false;
loader.timeout = 1;
};
})
( mkIf (deviceType == "computer" || deviceType == "tv") {
# Bootloader options
boot = {
initrd.systemd.enable = true;
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
kernelParams = [
"quiet"
"udev.log_level=3"
"systemd.show_status=auto"
"pcie_aspm=force"
"consoleblank=60"
];
};
})
];
}
modules/common/hardware/default.nix
+2
View File
@@ -4,6 +4,8 @@
imports = [
# To test
./disks/default.nix
./boot-params.nix
./cpu.nix
./graphics.nix
];
}
modules/computer/hardware/nvidia.nix → modules/common/hardware/graphics.nix
+2 -5
View File
@@ -1,11 +1,11 @@
{ config, lib, pkgs, ... }:
let
cfg = config.numbus-computer.hardware;
cfg = config.numbus.hardware;
in
{
options.numbus-computer.hardware = {
options.numbus.hardware = {
nvidia = {
enable = mkEnableOption "Wether to install the NVIDIA driver. Required for better performance with NVIDIA graphics cards."
}
@@ -44,10 +44,7 @@ in
# Only available from driver 515.43.04+
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
modules/backup/hardware/pcie-coral.nix → modules/common/hardware/pcie-coral.nix
+3 -3
View File
@@ -103,9 +103,9 @@ in
{
options.numbus.hardware.pcie-coral = lib.mkEnableOption "PCIe Coral TPU support";
config = lib.mkIf cfg {
services.udev.packages = [ libedgetpu ];
config = lib.mkIf cfg.enable {
services.udev.packages = [ "libedgetpu" ];
users.groups.plugdev = {};
boot.extraModulePackages = [ gasket ];
boot.extraModulePackages = [ "gasket" ];
};
}
modules/server/mail/clamav.nix → modules/common/mail/clamav.nix
View File
modules/server/mail/systemd.nix → modules/common/mail/systemd.nix
View File
modules/common/web/cockpit-numbus/cockpit.nix
+28
View File
@@ -0,0 +1,28 @@
{ pkgs, ... }:
let
cockpit-numbus = pkgs.stdenv.mkDerivation {
name = "cockpit-numbus";
src = ./cockpit-numbus;
installPhase = ''
mkdir -p $out/share/cockpit/numbus
cp -r * $out/share/cockpit/numbus
'';
};
in
{
services.cockpit = {
enable = true;
port = 9090;
openFirewall = false;
settings = {
WebService = {
AllowUnencrypted = true;
};
};
};
# Link the extension into the system cockpit path
environment.systemPackages = [ cockpit-numbus ];
}
modules/common/web/default.nix
View File
modules/computer/hardware/boot.nix
-24
View File
@@ -1,24 +0,0 @@
{ config, ... }:
{
config = {
# Bootloader options
boot.initrd.systemd.enable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Boot splash instead of log messages
boot = {
plymouth.enable = true;
# Enable "Silent boot"
consoleLogLevel = 3;
initrd.verbose = false;
kernelParams = [
"quiet"
"udev.log_level=3"
"systemd.show_status=auto"
];
loader.timeout = 1;
};
};
}
modules/computer/hardware/cpu.nix
-9
View File
@@ -1,9 +0,0 @@
{ config, ... }:
{
config = {
hardware.enableRedistributableFirmware = true;
hardware.cpu.intel.updateMicrocode = true;
hardware.cpu.amd.updateMicrocode = true;
};
}
modules/computer/hardware/default.nix
-10
View File
@@ -1,10 +0,0 @@
{ ... }:
{
imports=[
./boot.nix
./cpu.nix
./disks.nix
./nvidia.nix
];
}
modules/computer/hardware/disks.nix
-328
View File
@@ -1,328 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.numbus.hardware;
mkDataDisk = idx: device: {
name = "content-${toString idx}";
value = {
type = "disk";
device = device;
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-content-${toString idx}";
initrdUnlock = false;
settings = {
keyFile = "/etc/secrets/disks/content-${toString idx}";
allowDiscards = true;
crypttabExtraOpts = [ "nofail" ];
};
content = {
type = "filesystem";
format = cfg.dataDisksFilesystem;
mountpoint = "/mnt/content-${toString idx}";
mountOptions = [ "nofail" "noauto" ];
};
};
};
};
};
};
};
mkParityDisk = idx: device: {
name = "parity-${toString idx}";
value = {
type = "disk";
device = device;
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-parity-${toString idx}";
initrdUnlock = false;
settings = {
keyFile = "/etc/secrets/disks/parity-${toString idx}";
allowDiscards = true;
crypttabExtraOpts = [ "nofail" ];
};
content = {
type = "filesystem";
format = cfg.parityDisksFilesystem;
mountpoint = "/mnt/parity-${toString idx}";
mountOptions = [ "nofail" "noauto" ];
};
};
};
};
};
};
};
isMirror = length cfg.bootDisksList > 1;
bootDisksConfig = if isMirror then {
mdadm = {
boot = {
type = "mdadm";
level = 1;
metadata = "1.2";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
};
disk = listToAttrs (imap1 (i: device: {
name = "boot-${toString i}";
value = {
type = "disk";
device = device;
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "mdraid";
name = "boot";
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-boot-${toString i}";
settings = {
allowDiscards = true;
keyFile = "/etc/secrets/disks/boot-${toString i}";
};
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
}) cfg.bootDisksList);
} else {
disk = {
"boot-1" = {
type = "disk";
device = head cfg.bootDisksList;
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted-boot-1";
settings = {
keyFile = "/etc/secrets/disks/boot-1";
allowDiscards = true;
};
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
};
};
lvmConfig = {
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
swap = {
size = cfg.swapSize;
content = {
type = "swap";
};
} // optionalAttrs isMirror { lvm_type = "mirror"; };
snapraid = {
size = "1G";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/mnt/content-0";
};
} // optionalAttrs isMirror { lvm_type = "mirror"; };
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/rootfs" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
};
};
} // optionalAttrs isMirror { lvm_type = "mirror"; };
};
};
};
};
in
{
options.numbus.hardware = {
dataDisksList = mkOption {
type = types.listOf types.str;
default = [];
example = [ "/dev/disk/by-id/WD_Blue_ATO431_159Ejz224G0000382b" "/dev/disk/by-id/Seagate_Barracuda_159Ejz224G" ];
description = "List by-id path of devices for data disks";
};
parityDisksList = mkOption {
type = types.listOf types.str;
default = [];
example = [ "/dev/disk/by-id/WD_Blue_ATO431_159Ejz224G0000382b" "/dev/disk/by-id/Seagate_Barracuda_159Ejz224G" ];
description = "List of by-id path of devices for parity disks";
};
bootDisksList = mkOption {
type = types.listOf types.str;
default = [];
example = [ "/dev/disk/by-id/nvme_SAMSUNG_MZVPYEHCO_159Ejz224G0000" "/dev/disk/by-id/ata-San_Disk_159Ejz224G" ];
description = "List of by-id path of devices for boot disks";
};
spindownDisksList = mkOption {
type = types.listOf types.str;
default = [];
example = [ "/dev/disk/by-id/WD_Blue_ATO431_159Ejz224G0000382b" "/dev/disk/by-id/Seagate_Barracuda_159Ejz224G" ];
description = "List of by-id path of devices to spindown when inactive to save power (HDD only)";
};
swapSize = mkOption {
type = types.str;
default = "16G";
example = "16G";
description = "Size of the swap partition";
};
dataDisksFilesystem = mkOption {
type = types.enum [ "xfs" "ext4" "btrfs" ];
default = "xfs";
example = "xfs";
description = "Filesystem for data disks. Available filesystem options : xfs, ext4, btrfs";
};
parityDisksFilesystem = mkOption {
type = types.enum [ "xfs" "ext4" "btrfs" ];
default = "xfs";
example = "xfs";
description = "Filesystem for parity disks. Available filesystem options : xfs, ext4, btrfs";
};
};
config = mkIf (cfg.bootDisksList != []) {
disko.devices = mkMerge [
bootDisksConfig
lvmConfig
{
disk = listToAttrs (imap1 mkDataDisk cfg.dataDisksList);
}
{
disk = listToAttrs (imap1 mkParityDisk cfg.parityDisksList);
}
];
services.snapraid = {
enable = true;
contentFiles = [ "/mnt/content-0/snapraid.content" ] ++
(map (i: "/mnt/content-${toString i}/snapraid.content") (range 1 (length cfg.dataDisksList)));
parityFiles = map (i: "/mnt/parity-${toString i}/snapraid.parity") (range 1 (length cfg.parityDisksList));
dataDisks = listToAttrs (imap1 (i: _: nameValuePair "d${toString i}" "/mnt/content-${toString i}") cfg.dataDisksList);
};
fileSystems."/mnt/data" = {
device = "/mnt/content-*";
fsType = "fuse.mergerfs";
options = [
"category.create=ff"
"cache.files=partial"
"dropcacheonclose=true"
"defaults"
"noauto"
"nofail"
"allow_other"
"moveonenospc=1"
"minfreespace=50G"
"func.getattr=newest"
"fsname=mergerfs_data"
"x-mount.mkdir"
"x-systemd.automount"
];
};
systemd.services.mount-disks = {
description = "Mount data and parity disks";
before = [ "mnt-data.mount" ];
requiredBy = [ "mnt-data.mount" ];
path = [ pkgs.cryptsetup pkgs.util-linux ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = let
mountDataDisk = i: ''
if [ ! -e /dev/mapper/crypted-content-${toString i} ]; then
cryptsetup luksOpen --key-file /etc/secrets/disks/content-${toString i} /dev/disk/by-partlabel/disk-content-${toString i}-luks crypted-content-${toString i}
fi
mkdir -p /mnt/content-${toString i}
if ! mountpoint -q /mnt/content-${toString i}; then
mount -t ${cfg.dataDisksFilesystem} /dev/mapper/crypted-content-${toString i} /mnt/content-${toString i}
fi
'';
mountParityDisk = i: ''
if [ ! -e /dev/mapper/crypted-parity-${toString i} ]; then
cryptsetup luksOpen --key-file /etc/secrets/disks/parity-${toString i} /dev/disk/by-partlabel/disk-parity-${toString i}-luks crypted-parity-${toString i}
fi
mkdir -p /mnt/parity-${toString i}
if ! mountpoint -q /mnt/parity-${toString i}; then
mount -t ${cfg.parityDisksFilesystem} /dev/mapper/crypted-parity-${toString i} /mnt/parity-${toString i}
fi
'';
in ''
${concatMapStrings mountDataDisk (range 1 (length cfg.dataDisksList))}
${concatMapStrings mountParityDisk (range 1 (length cfg.parityDisksList))}
'';
};
};
}
modules/console/default.nix
View File
modules/server/hardware/boot.nix
-11
View File
@@ -1,11 +0,0 @@
{ config, ... }:
{
boot.initrd.systemd.enable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernel.sysctl = {
"vm.overcommit_memory" = 1;
};
}
modules/server/hardware/default.nix
-12
View File
@@ -1,12 +0,0 @@
{ ... }:
{
imports = [
# Tested
./boot.nix
./cpu.nix
# To test
./pcie-coral.nix
./disks/default.nix
];
}
modules/server/hardware/pcie-coral.nix
-111
View File
@@ -1,111 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.numbus-server.hardware.pcie-coral;
gasket-driver = { stdenv, lib, fetchFromGitHub, kernel }: stdenv.mkDerivation rec {
pname = "gasket";
version = "1.0-18";
src = fetchFromGitHub {
owner = "google";
repo = "gasket-driver";
rev = "97aeba584efd18983850c36dcf7384b0185284b3";
sha256 = "pJwrrI7jVKFts4+bl2xmPIAD01VKFta2SRuElerQnTo=";
};
makeFlags = [
"-C"
"${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
"M=$(PWD)"
];
buildFlags = [ "modules" ];
installFlags = [ "INSTALL_MOD_PATH=${placeholder "out"}" ];
installTargets = [ "modules_install" ];
sourceRoot = "source/src";
hardeningDisable = [ "pic" "format" ];
nativeBuildInputs = kernel.moduleBuildDependencies;
meta = with lib; {
description = "The Coral Gasket Driver allows usage of the Coral EdgeTPU on Linux systems.";
homepage = "https://github.com/google/gasket-driver";
license = licenses.gpl2;
maintainers = [ maintainers.kylehendricks ];
platforms = platforms.linux;
};
};
libedgetpu-pkg = { stdenv, lib, fetchFromGitHub, libusb1, abseil-cpp, flatbuffers, xxd }:
let
flatbuffers_1_12 = flatbuffers.overrideAttrs (oldAttrs: rec {
version = "1.12.0";
NIX_CFLAGS_COMPILE = "-Wno-error=class-memaccess -Wno-error=maybe-uninitialized";
cmakeFlags = (oldAttrs.cmakeFlags or []) ++ ["-DFLATBUFFERS_BUILD_SHAREDLIB=ON"];
NIX_CXXSTDLIB_COMPILE = "-std=c++17";
configureFlags = (oldAttrs.configureFlags or []) ++ ["--enable-shared"];
src = fetchFromGitHub {
owner = "google";
repo = "flatbuffers";
rev = "v${version}";
sha256 = "sha256-L1B5Y/c897Jg9fGwT2J3+vaXsZ+lfXnskp8Gto1p/Tg=";
};
});
in stdenv.mkDerivation rec {
pname = "libedgetpu";
version = "grouper";
src = fetchFromGitHub {
owner = "google-coral";
repo = pname;
rev = "release-${version}";
sha256 = "sha256-73hwItimf88Iqnb40lk4ul/PzmCNIfdt6Afi+xjNiBE=";
};
makeFlags = ["-f" "makefile_build/Makefile" "libedgetpu" ];
buildInputs = [
libusb1
abseil-cpp
flatbuffers_1_12
];
nativeBuildInputs = [
xxd
];
NIX_CXXSTDLIB_COMPILE = "-std=c++17";
TFROOT = "${fetchFromGitHub {
owner = "tensorflow";
repo = "tensorflow";
rev = "v2.7.4";
sha256 = "sha256-liDbUAdaVllB0b74aBeqNxkYNu/zPy7k3CevzRF5dk0=";
}}";
enableParallelBuilding = false;
installPhase = ''
mkdir -p $out/lib
cp out/direct/k8/libedgetpu.so.1.0 $out/lib
ln -s $out/lib/libedgetpu.so.1.0 $out/lib/libedgetpu.so.1
mkdir -p $out/lib/udev/rules.d
cp debian/edgetpu-accelerator.rules $out/lib/udev/rules.d/99-edgetpu-accelerator.rules
'';
};
gasket = config.boot.kernelPackages.callPackage gasket-driver {};
libedgetpu = pkgs.callPackage libedgetpu-pkg {};
in
{
options.numbus-server.hardware.pcie-coral = lib.mkEnableOption "PCIe Coral TPU support";
config = lib.mkIf cfg.enable {
services.udev.packages = [ libedgetpu ];
users.groups.plugdev = {};
boot.extraModulePackages = [ gasket ];
};
}
modules/server/mail/default.nix
-12
View File
@@ -1,12 +0,0 @@
{ ... }:
{
imports = [
# To test
./clamav.nix
./smart.nix
./systemd.nix
./smtp.nix
./disk-space.nix
];
}
modules/server/networking/networking.nix
+3 -3
View File
@@ -44,16 +44,16 @@ in
# Allow rootless containers to bind to port 53 and up
boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 53;
networking.bridges.br0.interfaces = [ "${cfg.interface}" ];
networking.bridges.br0.interfaces = [ cfg.interface ];
networking.interfaces."${cfg.interface}".useDHCP = false;
networking.interfaces.br0.useDHCP = false;
networking.nameservers = cfg.dnsServers;
networking.interfaces.br0.ipv4.addresses = [{
address = "${cfg.ipAddress}";
address = cfg.ipAddress;
prefixLength = 24;
}];
networking.defaultGateway = {
address = "${cfg.routerIpAddress}";
address = cfg.routerIpAddress;
interface = "br0";
};
};
modules/server/packages/packages.nix → modules/server/packages/default-packages.nix
+14 -7
View File
@@ -4,22 +4,29 @@
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
git
ncdu
fastfetch
tpm2-tss
sops
# Secrets
age
powertop
pciutils
sops
# HDD tools
hdparm
hd-idle
hddtemp
smartmontools
ncdu
# CPU tools
cpufrequtils
intel-gpu-tools
# Filesystem tools
snapraid
mergerfs
mergerfs-tools
# Powersave tools
powertop
# PCI devices tools
pciutils
tpm2-tss
# Misc
git
fastfetch
];
}
modules/server/packages/default.nix
-2
View File
@@ -5,7 +5,5 @@
# To test
./packages.nix
./podman.nix
./ssh.nix
./terminal.nix
];
}