thunderbottom/flakes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: thunderbottom:8f4c7fe4cc7fe14236a746afef4e123c84508542
Branches Tags
thunderbottom:main
thunderbottom:master
..
compare: thunderbottom:3a3a8afe306d10dc91a133eacb9102100a9d574f
Branches Tags
thunderbottom:main
thunderbottom:master

No commits in common. "8f4c7fe4cc7fe14236a746afef4e123c84508542" and "3a3a8afe306d10dc91a133eacb9102100a9d574f" have entirely different histories.
8f4c7fe4cc ... 3a3a8afe30

36 changed files with 128 additions and 750 deletions
Show Stats Expand all files Collapse all files

8
data.nix
View File

@ -10,11 +10,6 @@
root-password.file = ./secrets/machines/bicboye/root-password.age; root-password.file = ./secrets/machines/bicboye/root-password.age;
}; };
}; };
monitoring = {
grafana = {
password.file = ./secrets/monitoring/grafana/password.age;
};
};
services = { services = {
gitea = { gitea = {
password.file = ./secrets/services/gitea/password.age; password.file = ./secrets/services/gitea/password.age;
@ -25,9 +20,6 @@
paperless = { paperless = {
password.file = ./secrets/services/paperless/password.age; password.file = ./secrets/services/paperless/password.age;
}; };
unifi-unpoller = {
password.file = ./secrets/services/unifi-unpoller/password.age;
};
vaultwarden = { vaultwarden = {
password.file = ./secrets/services/vaultwarden/password.age; password.file = ./secrets/services/vaultwarden/password.age;
}; };

3
modules/nixos/core/default.nix
View File

@ -24,9 +24,9 @@
config = { config = {
console = { console = {
font = "Lat2-Terminus16";
keyMap = lib.mkDefault "us"; keyMap = lib.mkDefault "us";
useXkbConfig = true; useXkbConfig = true;
font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
}; };
# Enable all snowflake core modules. # Enable all snowflake core modules.
@ -46,6 +46,7 @@
kernelParams = [ kernelParams = [
"pcie_aspm.policy=performance" "pcie_aspm.policy=performance"
"nmi_watchdog=0" "nmi_watchdog=0"
"udev.log_level=3"
]; ];
loader = { loader = {

1
modules/nixos/core/docker/default.nix
View File

@ -20,6 +20,7 @@
autoPrune = { autoPrune = {
enable = true; enable = true;
}; };
extraOptions = "--iptables=False";
inherit (config.snowflake.core.docker) storageDriver; inherit (config.snowflake.core.docker) storageDriver;
}; };

23
modules/nixos/monitoring/default.nix
View File

@ -1,23 +0,0 @@
{
config,
lib,
...
}: {
options.snowflake.monitoring.enable = lib.mkEnableOption "Enable the base monitoring stack configuration";
config = lib.mkIf config.snowflake.monitoring.enable {
# Enable base snowflake monitoring modules.
snowflake.monitoring = {
victoriametrics.enable = lib.mkDefault true;
grafana.enable = lib.mkDefault true;
exporter.collectd.enable = lib.mkDefault true;
exporter.node.enable = lib.mkDefault true;
exporter.systemd.enable = lib.mkDefault true;
# NOTE: Extra modules such as unifi-unpoller can be
# enabled in the system configuration manually.
# For example:
# exporter.unifi = true;
# Check exporter/default.nix for more details.
};
};
}

33
modules/nixos/monitoring/exporter/default.nix
View File

@ -1,33 +0,0 @@
{
config,
lib,
...
}: {
options.snowflake.monitoring.exporter = {
collectd.enable = lib.mkEnableOption "Enable collectd exporter service";
node.enable = lib.mkEnableOption "Enable node-exporter service";
systemd.enable = lib.mkEnableOption "Enable systemd exporter service";
};
config = let
cfg = config.snowflake.monitoring.exporter;
in {
services.prometheus.exporters = {
collectd.enable = cfg.collectd.enable;
node.enable = cfg.node.enable;
systemd.enable = cfg.systemd.enable;
# NOTE: These are the base monitoring modules meant to
# be enabled by default as sane defaults.
# Extra options for the defined exporters or custom exporters
# can be added to machine configuration manually.
# For example:
# services.prometheus.exporters.unifi = {
# enable = true;
# unifiUsername = "username";
# unifiPassword = "password";
# unifiInsecure = true;
# };
# This can then be added to the vmagent configuration as extraConfig.
};
};
}

90
modules/nixos/monitoring/grafana/default.nix
View File

@ -1,90 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
options.snowflake.monitoring.grafana = let
settingsFormat = pkgs.formats.yaml {};
in {
enable = lib.mkEnableOption "Enable grafana for monitoring stack";
domain = lib.mkOption {
type = lib.types.str;
default = "";
description = "Configuration domain to use for the grafana service";
};
adminPasswordFile = lib.mkOption {
description = "Age module containing the administrator password to use for grafana";
};
port = lib.mkOption {
type = lib.types.port;
default = 3010;
description = "Configuration port to use for the grafana service";
};
extraDatasourceConfig = lib.mkOption {
description = "Extra datasource configuration for grafana";
type = lib.types.listOf (lib.types.submodule {freeformType = settingsFormat.type;});
default = [];
};
};
config = let
cfg = config.snowflake.monitoring.grafana;
in
lib.mkIf cfg.enable {
age.secrets.grafana = {
inherit (cfg.adminPasswordFile) file;
owner = "grafana";
group = "grafana";
};
services.grafana = {
enable = true;
settings = {
server = {
http_addr = "127.0.0.1";
http_port = cfg.port;
};
analytics = {
reporting_enabled = false;
feedback_links_enabled = false;
};
security.admin_password = "$__file{${config.age.secrets.grafana.path}}";
};
provision = {
enable = true;
datasources.settings.datasources =
[]
++ lib.optional config.services.victoriametrics.enable {
name = "Victoriametrics";
type = "prometheus";
access = "proxy";
url = "http://127.0.0.1:${toString config.snowflake.monitoring.victoriametrics.port}";
}
++ cfg.extraDatasourceConfig;
};
};
# Requires services.nginx.enable.
services.nginx = {
virtualHosts = {
"${cfg.domain}" = {
serverName = "${cfg.domain}";
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}/";
};
};
};
};
};
}

81
modules/nixos/monitoring/victoriametrics/default.nix
View File

@ -1,81 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
options.snowflake.monitoring.victoriametrics = let
settingsFormat = pkgs.formats.json {};
in {
enable = lib.mkEnableOption "Enable victoriametrics and vmagent stack";
port = lib.mkOption {
type = lib.types.port;
default = 8428;
description = "Port to listen on for victoriametrics";
};
extraPrometheusConfig = lib.mkOption {
description = "Extra prometheus scrape config for vmagent";
type = lib.types.listOf (lib.types.submodule {freeformType = settingsFormat.type;});
default = [];
};
};
config = let
cfg = config.snowflake.monitoring.victoriametrics;
exporterCfg = config.services.prometheus.exporters;
in
lib.mkIf cfg.enable {
services.victoriametrics = {
enable = cfg.enable;
listenAddress = "127.0.0.1:${toString cfg.port}";
retentionPeriod = 3;
};
services.vmagent = {
enable = cfg.enable;
remoteWrite.url = "http://${config.services.victoriametrics.listenAddress}/api/v1/write";
prometheusConfig = {
global = {
scrape_interval = "1m";
scrape_timeout = "30s";
};
scrape_configs =
[]
++ lib.optional exporterCfg.node.enable {
job_name = "node";
static_configs = [
{
targets = ["127.0.0.1:${toString exporterCfg.node.port}"];
}
];
relabel_configs = [
{
source_labels = ["__address__"];
target_label = "instance";
regex = "([^:]+)(:[0-9]+)?";
replacement = config.networking.hostName;
}
];
}
++ lib.optional exporterCfg.collectd.enable {
job_name = "collectd";
static_configs = [
{
targets = ["127.0.0.1:${toString exporterCfg.collectd.port}"];
}
];
}
++ lib.optional exporterCfg.systemd.enable {
job_name = "systemd";
static_configs = [
{
targets = ["127.0.0.1:${toString exporterCfg.systemd.port}"];
}
];
}
++ cfg.extraPrometheusConfig;
};
};
};
}

18
modules/nixos/services/arr/bazarr/default.nix
View File

@ -1,18 +0,0 @@
{
config,
lib,
...
}: {
options.snowflake.services.bazarr = {
enable = lib.mkEnableOption "Enable bazarr deployment configuration";
};
# NOTE: No good subtitle providers are available right now.
# There's no need to enable bazarr, private trackers have decent
# subtitles for releases.
config = lib.mkIf config.snowflake.services.bazarr.enable {
services.bazarr.enable = true;
services.bazarr.group = "media";
services.bazarr.openFirewall = true;
};
}

51
modules/nixos/services/arr/default.nix
View File

@ -1,32 +1,51 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: { }: {
options.snowflake.services.arr = { options.snowflake.services.arr = {
enable = lib.mkEnableOption "Enable arr suite configuration"; enable = lib.mkEnableOption "Enable arr suite configuration";
monitoring = { jellyfin.enable = lib.mkEnableOption "Enable jellyfin configuration for NixOS";
enable = lib.mkEnableOption "Enable monitoring for arr suite"; # mediaDir = lib.mkOption {
sonarrApiKeyFile = lib.mkOption { # type = lib.types.path;
description = "Age module containing the sonarr API Key to use for monitoring"; # description = "Path to media storage directory, accessible by all *arr suite applications";
# };
}; };
radarrApiKeyFile = lib.mkOption {
description = "Age module containing the radarr API Key to use for monitoring"; config = let
cfg = config.snowflake.services.arr;
in
lib.mkIf cfg.enable {
services.jellyfin = {
enable = cfg.jellyfin.enable;
openFirewall = true;
};
users.groups.media = {
members = ["@wheel" "jellyfin"];
};
nixpkgs.config.packageOverrides = pkgs: {
jellyfin-ffmpeg = pkgs.jellyfin-ffmpeg.override {
ffmpeg_6-full = pkgs.ffmpeg_6-full.override {
withMfx = false;
withVpl = true;
}; };
}; };
}; };
config = lib.mkIf config.snowflake.services.arr.enable { hardware.graphics = {
snowflake.services = {
jellyfin.enable = true;
jellyseerr.enable = true;
radarr.enable = true;
sonarr.enable = true;
prowlarr.enable = true;
qbittorrent-nox = {
enable = true; enable = true;
openFirewall = true; extraPackages = with pkgs; [
}; intel-media-driver
intel-compute-runtime
onevpl-intel-gpu
libvdpau-va-gl
];
}; };
services.jellyseerr.enable = true;
services.jellyseerr.openFirewall = true;
}; };
} }

66
modules/nixos/services/arr/jellyfin/default.nix
View File

@ -1,66 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
options.snowflake.services.jellyfin = {
enable = lib.mkEnableOption "Enable jellyfin deployment configuration";
};
config = let
cfg = config.snowflake.services.jellyfin;
in
lib.mkIf cfg.enable {
services.jellyfin = {
enable = true;
openFirewall = true;
};
users.groups.media = {
members = ["@wheel" "jellyfin"];
};
nixpkgs.config.packageOverrides = pkgs: {
jellyfin-ffmpeg = pkgs.jellyfin-ffmpeg.override {
ffmpeg_6-full = pkgs.ffmpeg_6-full.override {
withMfx = false;
withVpl = true;
};
};
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
};
environment.systemPackages = with pkgs; [
jellyfin-ffmpeg
];
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-compute-runtime
vpl-gpu-rt
vaapiIntel
vaapiVdpau
libvdpau-va-gl
];
};
services.jellyseerr.enable = true;
services.jellyseerr.openFirewall = true;
services.nginx = {
virtualHosts = {
"jelly.deku.moe" = {
serverName = "jelly.deku.moe";
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:8096/";
};
};
};
};
};
}

26
modules/nixos/services/arr/jellyseerr/default.nix
View File

@ -1,26 +0,0 @@
{
config,
lib,
...
}: {
options.snowflake.services.jellyseerr = {
enable = lib.mkEnableOption "Enable jellyseerr deployment configuration";
};
config = lib.mkIf config.snowflake.services.jellyseerr.enable {
services.jellyseerr.enable = true;
services.jellyseerr.openFirewall = true;
services.nginx = {
virtualHosts = {
"seerr.deku.moe" = {
serverName = "seerr.deku.moe";
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:5055/";
};
};
};
};
};
}

14
modules/nixos/services/arr/prowlarr/default.nix
View File

@ -1,14 +0,0 @@
{
config,
lib,
...
}: {
options.snowflake.services.prowlarr = {
enable = lib.mkEnableOption "Enable prowlarr deployment configuration";
};
config = lib.mkIf config.snowflake.services.prowlarr.enable {
services.prowlarr.enable = true;
services.prowlarr.openFirewall = true;
};
}

76
modules/nixos/services/arr/qbittorrent/default.nix
View File

@ -1,76 +0,0 @@
{
config,
lib,
pkgs,
namespace,
...
}: {
options.snowflake.services.qbittorrent-nox = {
enable = lib.mkEnableOption "Enable qbittorrent-nox service configuration";
package = lib.mkPackageOption pkgs "qbittorrent-nox" {};
openFirewall = lib.mkOption {
description = "Allow firewall access for qbittorrent-nox";
type = lib.types.bool;
default = false;
};
uiPort = lib.mkOption {
description = "Web UI Port for qbittorrent-nox";
type = lib.types.port;
default = 8069;
};
torrentPort = lib.mkOption {
description = "Torrenting port";
type = with lib.types; nullOr port;
default = 64211;
};
};
config = let
cfg = config.snowflake.services.qbittorrent-nox;
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts =
lib.optional (cfg.openFirewall && cfg.torrentPort != null) cfg.torrentPort
++ lib.optional cfg.openFirewall cfg.uiPort;
networking.firewall.allowedUDPPorts =
lib.optional (cfg.openFirewall && cfg.torrentPort != null) cfg.torrentPort;
users.users.qbittorrent-nox = {
isSystemUser = true;
group = "media";
home = "/var/lib/qbittorrent-nox";
};
systemd.services.qbittorrent-nox = {
description = "qBittorrent-nox service";
wants = ["network-online.target"];
after = ["local-fs.target" "network-online.target" "nss-lookup.target"];
wantedBy = ["multi-user.target"];
unitConfig.Documentation = "man:qbittorrent-nox(1)";
# required for reverse proxying
preStart = ''
rm -rf /var/lib/qbittorrent-nox/qBittorrent/config/vuetorrent
ln -sf ${pkgs.${namespace}.vuetorrent} /var/lib/qbittorrent-nox/qBittorrent/config/vuetorrent
if [[ ! -f /var/lib/qbittorrent-nox/qBittorrent/config/qBittorrent.conf ]]; then
mkdir -p /var/lib/qbittorrent-nox/qBittorrent/config
echo "Preferences\WebUI\HostHeaderValidation=false" >> /var/lib/qbittorrent-nox/qBittorrent/config/qBittorrent.conf
fi
'';
serviceConfig = {
User = "qbittorrent-nox";
Group = "media";
StateDirectory = "qbittorrent-nox";
WorkingDirectory = "/var/lib/qbittorrent-nox";
ExecStart = ''
${cfg.package}/bin/qbittorrent-nox ${lib.optionalString (cfg.torrentPort != null) "--torrenting-port=${toString cfg.torrentPort}"} \
--webui-port=${toString cfg.uiPort} --profile=/var/lib/qbittorrent-nox
'';
};
};
};
}

15
modules/nixos/services/arr/radarr/default.nix
View File

@ -1,15 +0,0 @@
{
config,
lib,
...
}: {
options.snowflake.services.radarr = {
enable = lib.mkEnableOption "Enable radarr deployment configuration";
};
config = lib.mkIf config.snowflake.services.radarr.enable {
services.radarr.enable = true;
services.radarr.group = "media";
services.radarr.openFirewall = true;
};
}

15
modules/nixos/services/arr/sonarr/default.nix
View File

@ -1,15 +0,0 @@
{
config,
lib,
...
}: {
options.snowflake.services.sonarr = {
enable = lib.mkEnableOption "Enable sonarr deployment configuration";
};
config = lib.mkIf config.snowflake.services.sonarr.enable {
services.sonarr.enable = true;
services.sonarr.group = "media";
services.sonarr.openFirewall = true;
};
}

7
modules/nixos/services/gitea/default.nix
View File

@ -1,8 +1,5 @@
{ config, lib, ... }:
{ {
config,
lib,
...
}: {
options.snowflake.services.gitea = { options.snowflake.services.gitea = {
enable = lib.mkEnableOption "Enable gitea service"; enable = lib.mkEnableOption "Enable gitea service";
@ -63,7 +60,7 @@
HTTP_ADDR = "127.0.0.1"; HTTP_ADDR = "127.0.0.1";
HTTP_PORT = config.snowflake.services.gitea.httpPort; HTTP_PORT = config.snowflake.services.gitea.httpPort;
ROOT_URL = "https://${config.snowflake.services.gitea.domain}"; ROOT_URL = "https://${config.snowflake.services.gitea.domain}";
SSH_DOMAIN = config.snowflake.services.gitea.sshDomain; SSH_DOMAIN = "https://${config.snowflake.services.gitea.sshDomain}";
SSH_PORT = config.snowflake.services.gitea.sshPort; SSH_PORT = config.snowflake.services.gitea.sshPort;
}; };
service = { service = {

60
modules/nixos/services/unifi-controller/default.nix
View File

@ -3,71 +3,19 @@
lib, lib,
pkgs, pkgs,
... ...
}: { }:
options.snowflake.services.unifi-controller = {
enable = lib.mkEnableOption "Enable Unifi controller service for Unifi devices";
unpoller = {
enable = lib.mkEnableOption "Enable unpoller metrics for Unifi controller";
user = lib.mkOption {
type = lib.types.str;
default = "unifi-unpoller";
description = "Username for unpoller access to Unifi controller";
};
passwordFile = lib.mkOption {
description = "Age module containing the password to use for unpoller user";
};
url = lib.mkOption {
type = lib.types.str;
default = "https://127.0.0.1:8443";
description = "URL for the unifi controller service";
};
};
};
config = let
cfg = config.snowflake.services.unifi-controller;
in
lib.mkMerge [
(lib.mkIf cfg.enable
{ {
options.snowflake.services.unifi-controller.enable = lib.mkEnableOption "Enable Unifi controller service for Unifi devices";
config = lib.mkIf config.snowflake.services.unifi-controller.enable {
networking.firewall.allowedTCPPorts = [ 8443 ]; networking.firewall.allowedTCPPorts = [ 8443 ];
services.unifi = { services.unifi = {
enable = true; enable = true;
unifiPackage = pkgs.unifi8; unifiPackage = pkgs.unifi8;
# mongodbPackage = pkgs.mongodb-6_0;
# Limit memory to 256MB. Works well enough # Limit memory to 256MB. Works well enough
# for small, home-based controller deployments. # for small, home-based controller deployments.
maximumJavaHeapSize = 256; maximumJavaHeapSize = 256;
openFirewall = true; openFirewall = true;
}; };
})
(lib.mkIf cfg.unpoller.enable
{
age.secrets.unpoller-password = {
inherit (cfg.unpoller.passwordFile) file;
owner = config.services.prometheus.exporters.unpoller.user;
group = config.services.prometheus.exporters.unpoller.user;
}; };
services.prometheus.exporters.unpoller = {
enable = cfg.unpoller.enable;
controllers = [
{
url = cfg.unpoller.url;
user = cfg.unpoller.user;
pass = config.age.secrets.unpoller-password.path;
save_ids = true;
save_events = true;
save_alarms = true;
save_anomalies = true;
verify_ssl = false;
}
];
};
})
];
} }

35
packages/vuetorrent/default.nix
View File

@ -1,35 +0,0 @@
{
pkgs,
lib,
stdenv,
...
}:
stdenv.mkDerivation rec {
pname = "vuetorrent";
version = "2.10.2";
src = pkgs.fetchurl {
url = "https://github.com/WDaan/VueTorrent/releases/download/v${version}/vuetorrent.zip";
sha256 = "sha256-pJzj3jHXmpKca1zyOTlzUQvp7/LtjjMGNt9SMDo89yo=";
};
buildInputs = with pkgs; [unzip];
unpackPhase = ''
unzip $src
'';
dontStrip = true;
installPhase = ''
mkdir -p $out/
cp -r vuetorrent/public/ $out/
'';
meta = with lib; {
description = "The sleekest looking WEBUI for qBittorrent made with Vuejs! ";
homepage = "https://github.com/WDaan/VueTorrent";
license = [licenses.gpl3Only];
platforms = ["x86_64-darwin" "aarch64-darwin" "aarch64-linux" "x86_64-linux"];
};
}

15
secrets/machines/bicboye/password.age
View File

@ -1,10 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 XInHQA /NRM0XjHa8w8lmRHi+aTpCuViwJGcUxAVAez0PSGdwQ -> ssh-ed25519 XInHQA KqFc6Ej8L8yNVX3EoEqlJZlpdmsBTAn3GDPlH0CsmWc
UiW+Vnk2Z1/8apx8JTTXNw0+Mw+txBvwzh3xgQyslig 6cEtER5dcQNzWfPUGeN0tMyPEwOUMkSTiqnCQrsNhp8
-> ssh-ed25519 9JjquQ Cd54qelvmj8O4x4eIi0UtWxGhqvlfCIHBqBxtd99h2E -> ssh-ed25519 9JjquQ sFTTVGk5VDcfw/K4yKbwGX73O2LFXp5eHWkzHhAeDVY
IdYDmPrOPzAimL/M2foYOFsEMcLXTMUolPOy+0gZxNg usZ/giJLoWxXJ0pA8HZZSHMybxuxf8HxjDkeD5Kpuz4
-> ssh-ed25519 8S096g x1o/dQKQIywGlX/vJ2eQqCuWPb2BQNZsEIO4RkkNRxA --- CjABvoWY5QYTJ2OmUnqxOxyehm3r/YQmYyx00auShxY
oijplPOdsYYreti3I7bX1KwdHQrWft63bAJBlUGcSzg t0æ<EFBFBD>Ç]—iéû<C3A9>fEÇ!ö¿‹úi µ—+­ÕÔ¬íA(¥Ò£TÚ”R ë,ªM9׺¤Ã?‰¼såÎ~ù=ÓÀ¦ýžOô“Ôõ¢þx<C3BE>}¼7!õã<12>{£"'FÎC¥ $Æ@Æžoæø‘ïç%§íJÝ®bxE·W:³x­<ò3(U±
--- H78isjmjr1DgBAaq0cuzpxQHEwrdVf7rgbgGSX/K/pQ
Ȯ8²D>X€<å X€9 ?Ǥ{>ìüšLÌ«ž°üãk·††Œ}݉_ß%×Sµ÷<C2B5>ïÈ\—|-žÊø"Ã䩘#;ÃJŽÁ»£ãÕäÉ2iÚ(ƒ¹ùR3°ÜØÔ(Ð=F.^¦<E280B9>»<C2BB>
Iž£MLuäãΠì©ÙïÜ 'ÕúÚ

BIN
secrets/machines/bicboye/root-password.age
View File

Binary file not shown.

BIN
secrets/machines/thonkpad/password.age
View File

Binary file not shown.

BIN
secrets/machines/thonkpad/root-password.age
View File

Binary file not shown.

7
secrets/monitoring/grafana/password.age
View File

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 XInHQA k39Tpe44MbIY/fa8Sf3f9JXjTlQN849nKWI3G+c4plA
Y05ZLbNPJePRU1mLV87KuhQceWZC3LcpM/qX5mOMHg8
-> ssh-ed25519 9JjquQ Si+4zoaU6TMP0cymWGQdc54fDhLisYGIi1EXZ9+vbmY
cMRoa1Owu1zwhnT6HPwGKk6y3vtHBi8rCnyJfbrAPZY
--- Y27ZK2+ekW1WKGZqTV6Q3mrNNzVWXA7v8JPOylZWYdE
> âQà0l­Zy±¼jÈI|TVÖ KPæ[ìþ˜ªFàI*~LŒÅܯK|b ™!|ÏÅ,é¯ûö­´e™G

6
secrets/secrets.nix
View File

@ -13,9 +13,7 @@ let
]; ];
smolboye = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQFm91hLes24sYbq96zD52mDrrr1l2F2xstcfAEg+qI"]; smolboye = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQFm91hLes24sYbq96zD52mDrrr1l2F2xstcfAEg+qI"];
bicboye = [ bicboye = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsciEMPwLAYtbHNkdedjhSrb66fFQ46lgnVGssCuiLH"];
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsciEMPwLAYtbHNkdedjhSrb66fFQ46lgnVGssCuiLH"
];
servers = bicboye ++ smolboye; servers = bicboye ++ smolboye;
users = thunderbottom ++ codingcoffee; users = thunderbottom ++ codingcoffee;
@ -24,7 +22,6 @@ in {
"machines/thonkpad/root-password.age".publicKeys = thunderbottom ++ thonkpad; "machines/thonkpad/root-password.age".publicKeys = thunderbottom ++ thonkpad;
"machines/bicboye/password.age".publicKeys = thunderbottom ++ bicboye; "machines/bicboye/password.age".publicKeys = thunderbottom ++ bicboye;
"machines/bicboye/root-password.age".publicKeys = thunderbottom ++ bicboye; "machines/bicboye/root-password.age".publicKeys = thunderbottom ++ bicboye;
"monitoring/grafana/password.age".publicKeys = thunderbottom ++ bicboye;
"services/backup/environment.age".publicKeys = thunderbottom ++ bicboye; "services/backup/environment.age".publicKeys = thunderbottom ++ bicboye;
"services/backup/password.age".publicKeys = thunderbottom ++ bicboye; "services/backup/password.age".publicKeys = thunderbottom ++ bicboye;
"services/gitea/password.age".publicKeys = thunderbottom ++ bicboye; "services/gitea/password.age".publicKeys = thunderbottom ++ bicboye;
@ -32,6 +29,5 @@ in {
"services/maddy/user-watashi.age".publicKeys = thunderbottom ++ servers; "services/maddy/user-watashi.age".publicKeys = thunderbottom ++ servers;
"services/miniflux/password.age".publicKeys = thunderbottom ++ bicboye; "services/miniflux/password.age".publicKeys = thunderbottom ++ bicboye;
"services/paperless/password.age".publicKeys = users ++ bicboye; "services/paperless/password.age".publicKeys = users ++ bicboye;
"services/unifi-unpoller/password.age".publicKeys = users ++ bicboye;
"services/vaultwarden/password.age".publicKeys = users ++ bicboye; "services/vaultwarden/password.age".publicKeys = users ++ bicboye;
} }

BIN
secrets/services/backup/environment.age
View File

Binary file not shown.

14
secrets/services/backup/password.age
View File

@ -1,9 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 XInHQA aJsT3kOeJa2ZPVkY8qcu74Ch+KHOxdN/8FLRu5hcrw0 -> ssh-ed25519 XInHQA cu04OlowGfn91ape/TGXYToi4kFU9JIS4iY09qlMPmo
PehT0Fp2CVTIO77v8jhGcIcUYS33d5NvmVQeNt3TtjY Yv2vSFELyNl93DaNQc+E3b9MuwGr0k79TISXF2fUxTY
-> ssh-ed25519 9JjquQ Kuvah0sJwGwGGDFAUTjqmkapUGUW9QPCvZ206cFgukU -> ssh-ed25519 9JjquQ FJ0QtlUi+VKZ7S6BtqCj21x5Q2QG/8s2bay4j+JFFlQ
yan/IUu6MrhctKCgrAtbMwdsp+hX9FjHIAeG/gkokHw K1ijqw6pz7F0CZedLxNdXWuPrKMm/y4cnVaVlMuQ4CM
-> ssh-ed25519 8S096g CLror+G56H5TOuOqjBOLL1GvOyPU8jzYXTlXEjoM6xY --- WJz/j8eixXYAzN4VxyHrdMaXCSFsVzlVAhXU8cgq6cU
LmqGHmsW5M2TTa4+BuWJk7qNP4YtT6/bHZBXwKKx6VU â[Ŕ ˙UuŕÜ ßfL—8ľĚ¶śÇ­QÂRrV4Łň'_&Ĺ»zĎ<7A>ţ,<2C>ĆîQ•š6gä<>ˇNŮq
--- q3W/w3KhMsEENOa+L0F7Do3H1gQtrlD8F53RrAYtsWQ
Žm`—îê%¨Ë¼ìezéñžW÷` ÐZA.ÓüÔ„Êʴ·|¨ÊM'ë%3á´Ëî&Ö»lÇV

14
secrets/services/gitea/password.age
View File

@ -1,9 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 XInHQA CHnxIyP3ch6zmozgHHGKyrNwCukFOzpQqzqmhBBK3HU -> ssh-ed25519 XInHQA PIaYFOuYTsAufLY3jySjdLfKzfcQ6hAetR8sG9k4KTM
cShHERfT2fay87wUcFMzLo2CqQjo2GlPckbN9ajIzoE Wg1kb+WgD8MW81bJfwejeTiiEVJCH9WWQ7O7J5zeYj8
-> ssh-ed25519 9JjquQ JUjEXgduMtZG7k3p8vs4kAp7npo5yenMlaqYeRDvs3I -> ssh-ed25519 9JjquQ nN0gqdhhk+tcsXgb2YdlNr9TCM8ZzJ8jgwFQK+o3Cw0
FTzPyilqsUhBE1tVzePrWEG9AMaBTvYfJpPp9dMahfs uklN8haFY8XCUMIlAPqIheganGtCyLSg2w/4LM9dcdM
-> ssh-ed25519 8S096g +kQ00HeKJSTEZhH+kDYVAS8JmphGAIX3O4gAcg+uATs --- uNsDhT+Z43s4wRMaKiuVS0CIib7Geh+zBtSHIPLdHmY
Lswx4AtFXJBrJThwIzeKeUFdOYkNXmAEEuJ8OuNmCVo 7Vÿ<EFBFBD>ÌäŒ%Ð)¶},1¾Ã½r㊔_× Ù;œçÝ·ï°õÿÍ­Nbîl
--- LmvUVzAHHAEgun76eCLHe+nxgv2Xj5qhPbUgVWirjxU
Ÿi—Ø¡v(•<-‰d'ЫGñ£ÔEzV¾š;ߺåµKc3ŸÈè I¹ÁX´

BIN
secrets/services/maddy/password.age
View File

Binary file not shown.

18
secrets/services/maddy/user-watashi.age
View File

@ -1,11 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 XInHQA RfnooKxGudC9db3TeLiHCeBAQmoBMKQYwne1kPwBB3Y -> ssh-ed25519 XInHQA OsckddKmgFuwo64IFPysoEWhUWdaNz0fQOpgup0dKQY
Cy7nE5t4HksIkTGiE5A5eWugtPpLLgKg675a9QAJ1OQ o1/BcRP/NND8YHZYuQnclfa1GxlczSdc57nOw9Zm2io
-> ssh-ed25519 9JjquQ IXrC89snSDyCk0/cHfZxK3I7VBDOkMB7RqLikSzFfhc -> ssh-ed25519 9JjquQ pLjLs2p363cKXPmz8iYAOJUYSlmK4N9GCXlizaE5fj4
gJUgWJT00puABYjKgSlQIScxwIzLzw9G04MeYq5skMw kIdPVG/i3WdRGYxLefEnCA8cTytHCZEcpqbp5Y8aG2o
-> ssh-ed25519 8S096g euxCvoiDEsR3+X5YsbTeDluRA8f5iLFV7KOC1aLwH3U -> ssh-ed25519 H9OGOA BowCiYKCWxWbiapKpdshcRzdZR1UEscscAAOe/kEig8
TDIIZoqkh2DPUVno76U16Y/9HaU5dCL/AqgbqBNF/BU Lexjp0LuPZs5bV8CQ63Scb+xh8lPDM7x17KD9r0/1qU
-> ssh-ed25519 H9OGOA VmODcaMxRDUeD0sbrtFNTAiuI/gI7+zVEQwfhC7gT1s --- e+NBlts82HBx3gbjznmUKufAYF1w2fzEO+LNx9yvq18
p95/aXRwH3PdgsiMMxR/pEFlithxc68STelHRxAZoKM <EFBFBD>#<ÐUŲݲ?Ã{çþC¹ÝÈäÓ_ÞoyXüZBEʶ£%é§Ä,m<>#÷fSõkÀ§à­~z
--- WVxsIeOZysNFXyQiihNL527CpfNy6WuSVw7UnrMEmAU
Ì ¦=K+t¹zf8 coœÈÅQZ÷<5A>ÀŸ.ý²/xðSç«Yª?ÜÊÂ<=^Ny€¿`'ŠÜù¯Z¸¾ŠÚà7

BIN
secrets/services/miniflux/password.age
View File

Binary file not shown.

23
secrets/services/paperless/password.age
View File

@ -1,13 +1,12 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 XInHQA UWrsDGlrkZ6xmFFSOCrAZbybIvIYQc1QKhgXhdDSoxY -> ssh-ed25519 XInHQA uCUIywKJrUQhqYI8uhhxNIsXoTcRBbZSRVfUJPCp2wM
5Je6sUO8h71WJkFpof3XcxnIUEexutrEz5TXT1Bwobg 2p1OvwRBUMJTXvhp2PdGBCwxKU/rFPBHKZaKJ38HvAo
-> ssh-ed25519 K8TEKA Kxxgpb4qEFVQ+KJpb2wBwKjQc22PwjEEB3Y3ERmm924 -> ssh-ed25519 K8TEKA d4DDO/774I+lhafaKbrERWsl6NqeqpdkbmZy0FA6Dws
2O4zzOOyH8SeRScBhGFKopMD5eZKtOF63fWs3YjqC5Q ObQGhn0BmzqE5pSg+vPSVdx3rLng9h3wPfoFx2umVAI
-> ssh-ed25519 7+Zv5Q 3A3v+goiSRXpBhb3hAVJXbHuHdT+L4Xr178ML/pfG2s -> ssh-ed25519 7+Zv5Q M1P+teBvn1p4zbFNIVvGremZC5hViNswi9q24mCxCEg
Ds1qBZlDl2mnlZvRcI0fEvDQ79KmUFAYICoVrcoA+Oc zR1sV/5t8nI3jky5Ou9Ud7IYC8E8nkQnvRIW9lG7nbA
-> ssh-ed25519 9JjquQ 0p+mZLwhphoGDdmpOxgQrzIX+Y2w0RvIdNMlSarL90s -> ssh-ed25519 9JjquQ P5F2UqVRXkySbbI4OHM6rChELU0wpx6Stpvz78Ie1yY
8P+l4oPQ3qEtR4KWk7W7wkxGEjroqMA5f70+1eUjdY8 uWOhkO0vx0anNHA5EWuLmDmTQvoY/c1iSzlVl2xldC4
-> ssh-ed25519 8S096g 5cTN3f5x+9Qizop1nRdjkqe0pa1S3LjR0pbMTccsPWM --- BARoI30iwdy5g5hWJoHpVlA6Hlhu4SBpGhxrTPvG8ok
gGn24WckcR1iCNJH2oB8gekTTty/a4asssRmDlgEpwU ´•µãØÄ;”Ö&ß_xIúXÛRŸøóÏ£ÂĴ螞ܾ]¹9ÅÏ'La§1ø÷¡Q )ê@
--- LCrdBMibVYcT7SAS+jw+IBSb8nHdqvCpP0oe4fVc9OQ °WMeÎ%€3¼K
<1F>æèQÐÒ<C390>x¥Q,•¹ºÓéS­<53>WŠõ<C5A0>$2È­Ó3E“Aîß-×fc‰dæ•wV¿i2ÌvÏŸê >Z

12
secrets/services/unifi-unpoller/password.age
View File

@ -1,12 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 XInHQA bMzwX3D3LAeB2oFjeCgQy6NtXfde87lGBBhJN7Nrox4
h6hwikEijHYMUTWhBuSgz+nxnnj00VlSibTZc2JmnBY
-> ssh-ed25519 K8TEKA s2cQpiLdC+1XBH5cIE5Z/IUEpsk564jYrsafVZSMgVQ
d5qPoJhyUToxN639uoR0J9kcfvubItuzXGoVk6Sewao
-> ssh-ed25519 7+Zv5Q pdOyuEw0qr/owYTSBq1Ewmge/0iGrf5PVQe8nSRKRhk
WWnMY5blWR6JOEz8dcOXdFoz9Vfj7J3EmVfVfb0qAmQ
-> ssh-ed25519 9JjquQ V82cwaqtAmVTMeyWvd23c0xOUk38tnmwFMKPeNZbbik
iWuQQSWFGf5ZqTyv78YRk7D96W8UXTnbaMLZ6F0ctj8
--- PtBBUhavizHrdmvxBF9qcB4rYEcB0A4AWqRl1Wp1Hic
ÅêÞ`ÐXj*Ä3U ±Ë÷ :¢7…ä´s<C2B4>Zž1eA«
ø‰µýíRú#ì

BIN
secrets/services/vaultwarden/password.age
View File

Binary file not shown.

83
systems/x86_64-linux/bicboye/default.nix
View File

@ -1,5 +1,4 @@
{ {
config,
lib, lib,
pkgs, pkgs,
userdata, userdata,
@ -13,11 +12,14 @@
networking = { networking = {
hostName = "bicboye"; hostName = "bicboye";
useDHCP = lib.mkDefault false; useDHCP = lib.mkDefault false;
interfaces.enp2s0 = { interfaces.enp6s0 = {
useDHCP = lib.mkDefault true; useDHCP = lib.mkDefault true;
wakeOnLan.enable = true; wakeOnLan.enable = true;
}; };
firewall.allowedTCPPorts = [80 443]; firewall.allowedTCPPorts = [
80
443
];
}; };
# Enable weekly btrfs auto-scrub. # Enable weekly btrfs auto-scrub.
@ -33,93 +35,33 @@
# TODO: move to module # TODO: move to module
security.acme.defaults.email = "chinmaydpai@gmail.com"; security.acme.defaults.email = "chinmaydpai@gmail.com";
security.dhparams = {
enable = true;
params.nginx = {};
};
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
sslDhparam = config.security.dhparams.params.nginx.path;
# Disable default_server access and return HTTP 444.
appendHttpConfig = ''
server {
listen 80 http2 default_server;
listen 443 ssl http2 default_server;
ssl_reject_handshake on;
return 444;
}
'';
}; };
snowflake = { snowflake = {
stateVersion = "24.05"; stateVersion = "24.05";
extraPackages = with pkgs; [
nmap
recyclarr
];
core.docker.enable = true; core.docker.enable = true;
core.docker.storageDriver = "btrfs"; core.docker.storageDriver = "btrfs";
core.security.sysctl.enable = lib.mkForce false; core.security.sysctl.enable = lib.mkForce false;
networking.networkManager.enable = true; networking.networkManager.enable = true;
networking.resolved.enable = true;
hardware.initrd-luks = { hardware.initrd-luks = {
enable = true; enable = true;
authorizedKeys = [ authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3PeMbehJBkmv8Ee7xJimTzXoSdmAnxhBatHSdS+saM" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3PeMbehJBkmv8Ee7xJimTzXoSdmAnxhBatHSdS+saM"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyY8ZkhwWiqJCiTqXvHnLpXQb1qWwSZAoqoSWJI1ogP" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyY8ZkhwWiqJCiTqXvHnLpXQb1qWwSZAoqoSWJI1ogP"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQWA+bAwpm9ca5IhC6q2BsxeQH4WAiKyaht48b7/xkN"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C"
]; ];
availableKernelModules = ["r8169"]; availableKernelModules = ["r8169"];
}; };
monitoring = {
enable = true;
grafana = {
domain = "lens.deku.moe";
adminPasswordFile = userdata.secrets.monitoring.grafana.password;
};
victoriametrics.extraPrometheusConfig = [
{
job_name = "unpoller";
static_configs = [
{
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.unpoller.port}"];
}
];
}
{
job_name = "router";
static_configs = [
{
targets = ["192.168.69.1:9100"];
}
];
relabel_configs = [
{
source_labels = ["__address__"];
target_label = "instance";
regex = "([^:]+)(:[0-9]+)?";
replacement = "openwrt";
}
];
}
];
};
services = { services = {
arr.enable = true;
gitea = { gitea = {
enable = true; enable = true;
domain = "git.deku.moe"; domain = "git.deku.moe";
@ -133,11 +75,6 @@
adminTokenFile = userdata.secrets.services.miniflux.password; adminTokenFile = userdata.secrets.services.miniflux.password;
}; };
ntfy-sh = {
enable = true;
domain = "ntfy.deku.moe";
};
paperless = { paperless = {
enable = true; enable = true;
domain = "docs.deku.moe"; domain = "docs.deku.moe";
@ -156,13 +93,7 @@
package = pkgs.maych-in; package = pkgs.maych-in;
domain = "maych.in"; domain = "maych.in";
}; };
unifi-controller = { unifi-controller.enable = true;
enable = true;
unpoller = {
enable = true;
passwordFile = userdata.secrets.services.unifi-unpoller.password;
};
};
}; };
user = { user = {
@ -174,8 +105,6 @@
extraAuthorizedKeys = [ extraAuthorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3PeMbehJBkmv8Ee7xJimTzXoSdmAnxhBatHSdS+saM" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG3PeMbehJBkmv8Ee7xJimTzXoSdmAnxhBatHSdS+saM"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyY8ZkhwWiqJCiTqXvHnLpXQb1qWwSZAoqoSWJI1ogP" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOyY8ZkhwWiqJCiTqXvHnLpXQb1qWwSZAoqoSWJI1ogP"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQWA+bAwpm9ca5IhC6q2BsxeQH4WAiKyaht48b7/xkN"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJnFvU6nBXEuZF08zRLFfPpxYjV3o0UayX0zTPbDb7C"
]; ];
}; };
}; };

33
systems/x86_64-linux/bicboye/hardware.nix
View File

@ -10,14 +10,14 @@ _: {
"usb_storage" "usb_storage"
"sd_mod" "sd_mod"
]; ];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/e570c2be-65df-4208-9cac-a03de08a6209"; luks.devices."root".device = "/dev/disk/by-uuid/e70bfc3c-1147-4af7-9bae-69f70146953f";
}; };
kernelModules = ["kvm-intel"]; kernelModules = ["kvm-intel"];
}; };
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/a1b57a56-16d4-45ea-bac3-daeacd3dbcb2"; device = "/dev/disk/by-uuid/5cabc339-898c-4604-9bfc-0a2cf17e44ca";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
@ -30,7 +30,7 @@ _: {
}; };
"/home" = { "/home" = {
device = "/dev/disk/by-uuid/a1b57a56-16d4-45ea-bac3-daeacd3dbcb2"; device = "/dev/disk/by-uuid/5cabc339-898c-4604-9bfc-0a2cf17e44ca";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
@ -42,7 +42,7 @@ _: {
}; };
"/.snapshots" = { "/.snapshots" = {
device = "/dev/disk/by-uuid/a1b57a56-16d4-45ea-bac3-daeacd3dbcb2"; device = "/dev/disk/by-uuid/5cabc339-898c-4604-9bfc-0a2cf17e44ca";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
@ -54,7 +54,7 @@ _: {
}; };
"/var/log" = { "/var/log" = {
device = "/dev/disk/by-uuid/a1b57a56-16d4-45ea-bac3-daeacd3dbcb2"; device = "/dev/disk/by-uuid/5cabc339-898c-4604-9bfc-0a2cf17e44ca";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
@ -66,7 +66,7 @@ _: {
}; };
"/etc/nixos" = { "/etc/nixos" = {
device = "/dev/disk/by-uuid/a1b57a56-16d4-45ea-bac3-daeacd3dbcb2"; device = "/dev/disk/by-uuid/5cabc339-898c-4604-9bfc-0a2cf17e44ca";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
@ -78,7 +78,7 @@ _: {
}; };
"/var/cache" = { "/var/cache" = {
device = "/dev/disk/by-uuid/a1b57a56-16d4-45ea-bac3-daeacd3dbcb2"; device = "/dev/disk/by-uuid/5cabc339-898c-4604-9bfc-0a2cf17e44ca";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
@ -90,13 +90,24 @@ _: {
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/B731-09A3"; device = "/dev/disk/by-uuid/1C6C-122C";
fsType = "vfat"; fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
}; };
"/storage/media" = { "/storage/immich" = {
device = "/dev/disk/by-uuid/f8aadf58-d561-476b-a2c5-64b266dc5755"; device = "/dev/disk/by-uuid/bae65b7a-4f08-4b0d-963c-72e71bfcff46";
fsType = "btrfs";
options = [
"defaults"
"compress-force=zstd"
"noatime"
"user"
];
};
# TODO: delete btrfs subvolume
"/storage/syncthing" = {
device = "/dev/disk/by-uuid/e3a4c251-a3e2-4b5e-a63b-70f53b51836a";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"

5
systems/x86_64-linux/thonkpad/hardware.nix
View File

@ -31,6 +31,7 @@ _: {
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
# "autodefrag"
"compress-force=zstd" "compress-force=zstd"
"noatime" "noatime"
"ssd" "ssd"
@ -45,6 +46,7 @@ _: {
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
# "autodefrag"
"compress-force=zstd" "compress-force=zstd"
"noatime" "noatime"
"ssd" "ssd"
@ -71,6 +73,7 @@ _: {
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
# "autodefrag"
"compress-force=zstd" "compress-force=zstd"
"noatime" "noatime"
"ssd" "ssd"
@ -84,6 +87,7 @@ _: {
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
# "autodefrag"
"compress-force=zstd" "compress-force=zstd"
"noatime" "noatime"
"ssd" "ssd"
@ -109,6 +113,7 @@ _: {
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
"defaults" "defaults"
# "autodefrag"
"compress-force=zstd" "compress-force=zstd"
"noatime" "noatime"
"ssd" "ssd"