adding brain

2026-04-17 13:08:19 -04:00 · 2025-09-26 22:18:57 -04:00
parent 28cd7f3f6f
commit c4be520190
15 changed files with 437 additions and 26 deletions
--- a/systems/brain/services/default.nix
+++ b/systems/brain/services/default.nix
@@ -0,0 +1,9 @@
+{ lib, ... }:
+{
+  imports =
+    let
+      files = builtins.attrNames (builtins.readDir ./.);
+      nixFiles = builtins.filter (name: lib.hasSuffix ".nix" name && name != "default.nix") files;
+    in
+    map (file: ./. + "/${file}") nixFiles;
+}
--- a/systems/brain/services/home_assistant.nix
+++ b/systems/brain/services/home_assistant.nix
@@ -0,0 +1,71 @@
+{
+  users = {
+    users.hass = {
+      isSystemUser = true;
+      group = "hass";
+    };
+    groups.hass = { };
+  };
+
+  services = {
+    home-assistant = {
+      enable = true;
+      openFirewall = true;
+      config = {
+        http = {
+          server_port = 8123;
+          server_host = [
+            "192.168.99.14"
+            "192.168.95.9"
+            "127.0.0.1"
+          ];
+          use_x_forwarded_for = true;
+          trusted_proxies = "127.0.0.1";
+        };
+        homeassistant = {
+          time_zone = "America/New_York";
+          unit_system = "us_customary";
+          temperature_unit = "F";
+        };
+        recorder = {
+          db_url = "postgresql://@/hass";
+          auto_purge = true;
+          purge_keep_days = 3650;
+          db_retry_wait = 15;
+        };
+        assist_pipeline = { };
+        backup = { };
+        bluetooth = { };
+        config = { };
+        dhcp = { };
+        energy = { };
+        history = { };
+        homeassistant_alerts = { };
+        image_upload = { };
+        logbook = { };
+        media_source = { };
+        mobile_app = { };
+        ssdp = { };
+        sun = { };
+        webhook = { };
+        zeroconf = { };
+        automation = "!include automations.yaml";
+        script = "!include scripts.yaml";
+        scene = "!include scenes.yaml";
+        group = "!include groups.yaml";
+      };
+      extraPackages =
+        python3Packages: with python3Packages; [
+          jellyfin-apiclient-python
+          psycopg2
+          uiprotect
+        ];
+      extraComponents = [ "isal" ];
+    };
+    esphome = {
+      enable = true;
+      openFirewall = true;
+      address = "192.168.90.40";
+    };
+  };
+}
--- a/systems/brain/services/jellyfin.nix
+++ b/systems/brain/services/jellyfin.nix
@@ -0,0 +1,6 @@
+{
+  services.jellyfin = {
+    enable = true;
+    openFirewall = true;
+  };
+}
--- a/systems/brain/services/postgress.nix
+++ b/systems/brain/services/postgress.nix
@@ -0,0 +1,151 @@
+{ pkgs, ... }:
+{
+  networking.firewall.allowedTCPPorts = [ 5432 ];
+
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_17_jit;
+    enableTCPIP = true;
+    enableJIT = true;
+
+    authentication = pkgs.lib.mkOverride 10 ''
+
+      # admins
+      local all  postgres   trust
+      host  all  postgres   127.0.0.1/32    trust
+      host  all  postgres   ::1/128         trust 
+
+      local all  richie   trust
+      host  all  richie   127.0.0.1/32    trust
+      host  all  richie   ::1/128         trust
+      host  all  richie   192.168.90.1/24 trust
+      host  all  richie   192.168.99.1/24 trust
+
+      #type database DBuser origin-address auth-method
+      local hass     hass     trust
+
+      # ipv4
+      host  hass     hass     192.168.90.1/24 trust
+      host  hass     hass     127.0.0.1/32 trust
+
+      # ipv6
+      host hass      hass     ::1/128         trust
+    '';
+
+    identMap = ''
+      # ArbitraryMapName systemUser DBUser
+        superuser_map      root      postgres
+        superuser_map      postgres  postgres
+        # Let other names login as themselves
+        superuser_map      richie    postgres
+        superuser_map      hass      hass
+    '';
+    ensureUsers = [
+      {
+        name = "postgres";
+        ensureClauses = {
+          superuser = true;
+          login = true;
+          createrole = true;
+          createdb = true;
+          replication = true;
+        };
+      }
+      {
+        name = "richie";
+        ensureDBOwnership = true;
+        ensureClauses = {
+          superuser = true;
+          login = true;
+          createrole = true;
+          createdb = true;
+          replication = true;
+        };
+      }
+      {
+        name = "hass";
+        ensureDBOwnership = true;
+        ensureClauses = {
+          login = true;
+          createrole = true;
+          createdb = true;
+          replication = true;
+        };
+      }
+    ];
+    ensureDatabases = [
+      "hass"
+      "richie"
+    ];
+    # Thank you NotAShelf
+    # https://github.com/NotAShelf/nyx/blob/d407b4d6e5ab7f60350af61a3d73a62a5e9ac660/modules/core/roles/server/system/services/databases/postgresql.nix#L74
+    settings = {
+      # Connectivity;
+      max_connections = 100;
+      superuser_reserved_connections = 3;
+
+      # Memory Settings;
+      shared_buffers = "1024 MB";
+      work_mem = "32 MB";
+      maintenance_work_mem = "320 MB";
+      huge_pages = "off";
+      effective_cache_size = "2 GB";
+      effective_io_concurrency = 100; # concurrent IO only really activated if OS supports posix_fadvise function;
+      random_page_cost = 1.25; # speed of random disk access relative to sequential access (1.0);
+
+      # Monitoring;
+      shared_preload_libraries = "pg_stat_statements,auto_explain"; # per statement resource usage stats & log explain statements for slow queries
+      track_io_timing = "on"; # measure exact block IO times;
+      track_functions = "pl"; # track execution times of pl-language procedures if any;
+      # Replication;
+      wal_level = "replica"; # consider using at least "replica";
+      max_wal_senders = 0;
+      synchronous_commit = "on";
+
+      # Checkpointing: ;
+      checkpoint_timeout = "15 min";
+      checkpoint_completion_target = 0.9;
+      max_wal_size = "1024 MB";
+      min_wal_size = "512 MB";
+
+      # WAL writing;
+      wal_compression = "on";
+      wal_buffers = -1; # auto-tuned by Postgres till maximum of segment size (16MB by default);
+      wal_writer_delay = "200ms";
+      wal_writer_flush_after = "1MB";
+
+      # Background writer;
+      bgwriter_delay = "200ms";
+      bgwriter_lru_maxpages = 100;
+      bgwriter_lru_multiplier = 2.0;
+      bgwriter_flush_after = 0;
+
+      # Parallel queries: ;
+      max_worker_processes = 6;
+      max_parallel_workers_per_gather = 3;
+      max_parallel_maintenance_workers = 3;
+      max_parallel_workers = 6;
+      parallel_leader_participation = "on";
+
+      # Advanced features ;
+      enable_partitionwise_join = "on";
+      enable_partitionwise_aggregate = "on";
+      jit = "on";
+
+      jit_above_cost = 100000;
+      jit_inline_above_cost = 150000;
+      jit_optimize_above_cost = 500000;
+
+      # log slow queries
+      log_min_duration_statement = 100;
+      "auto_explain.log_min_duration" = 100;
+
+      # logging configuration
+      log_connections = true;
+      log_statement = "ddl";
+      logging_collector = true;
+      log_disconnections = true;
+      log_rotation_age = "14d";
+    };
+  };
+}