jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

Compare commits

base: jordan:a6b23112898f465ec976210782bec683dab071da
Branches Tags
jordan:master jordan:helios-disko jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store
...
compare: jordan:helios-disko
Branches Tags
jordan:master jordan:helios-disko jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store

13 Commits
a6b2311289 ... helios-dis

Author SHA1 Message Date
Jordan Holt
2cbacf93b6 hosts/helios: add initial disko config 2025-08-23 21:39:28 +01:00
Jordan Holt
6ea925eb7d hosts/artemis: update README.md
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m20s
Details
2025-08-23 09:33:33 +01:00
Jordan Holt
ce0181af06 flake.lock: Update
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m20s
Details 
Flake lock file updates:

• Updated input 'firefox-gnome-theme':
    'github:rafaelmardojai/firefox-gnome-theme/6f173d0873dd33c5653dee89a831af3e49db3e36?narHash=sha256-9veVYpPCwKNjIK5gOigl5nEUN6tmrSHXUv4bVZkRuOE%3D' (2025-08-04)
  → 'github:rafaelmardojai/firefox-gnome-theme/6fafa0409ad451b90db466f900b7549a1890bf1a?narHash=sha256-ClHCtrzwU6TIfK0qOzAsfPY4swrpbZ8SwUpBpVwphaY%3D' (2025-08-22)
• Updated input 'home-manager':
    'github:nix-community/home-manager/4fb695d10890e9fc6a19deadf85ff79ffb78da86?narHash=sha256-CPM7zm6csUx7vSfKvzMDIjepEJv1u/usmaT7zydzbuI%3D' (2025-08-21)
  → 'github:nix-community/home-manager/4a44fb9f7555da362af9d499817084f4288a957f?narHash=sha256-OILVkfhRCm8u18IZ2DKR8gz8CVZM2ZcJmQBXmjFLIfk%3D' (2025-08-23)
• Updated input 'hyprland':
    'github:hyprwm/Hyprland/42caff5587b6c43703b3c3d51878f156448994f6?narHash=sha256-afr1iUi3HHTgBdF5wZJ1JZQGUNTM4ZY85NnEN138Q2g%3D' (2025-08-22)
  → 'github:hyprwm/Hyprland/0d45b277d6c750377b336034b8adc53eae238d91?narHash=sha256-/yviTS9piazXoZAmnN0dXnYjDAFvooBnzJfPw2Gi30Y%3D' (2025-08-22)
• Updated input 'pre-commit-hooks':
    'github:cachix/git-hooks.nix/4b04db83821b819bbbe32ed0a025b31e7971f22e?narHash=sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW%2B7uSsOUM%3D' (2025-08-17)
  → 'github:cachix/git-hooks.nix/3ff4596663c8cbbffe06d863ee4c950bce2c3b78?narHash=sha256-2KZl6cU5rzEwXKMW369kLTzinJXXkF3TRExA6qEeVbc%3D' (2025-08-22)
• Updated input 'thunderbird-gnome-theme':
    'github:rafaelmardojai/thunderbird-gnome-theme/a9ee1a2c8a1dfce700250a4ce3ce7f88dff43300?narHash=sha256-zADBsXqIkxy519sK/2mnZ/lcTQSA/3iXwdkXCVNqUVY%3D' (2025-08-06)
  → 'github:rafaelmardojai/thunderbird-gnome-theme/b1fbb41db5718c23667bd9b40268b8e7317634fd?narHash=sha256-oLmw1VRrmbuLwT5errG3lT85K0jLII/aQ32VtdJ%2B1xM%3D' (2025-08-22)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/7d81f6fb2e19bf84f1c65135d1060d829fae2408?narHash=sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl%2BV/PsmIiJREG4rE%3D' (2025-08-10)
  → 'github:numtide/treefmt-nix/74e1a52d5bd9430312f8d1b8b0354c92c17453e5?narHash=sha256-CsDojnMgYsfshQw3t4zjRUkmMmUdZGthl16bXVWgRYU%3D' (2025-08-23)
 2025-08-23 09:22:56 +01:00
Jordan Holt
df7d5f3f93 users/guest: init and add steam
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m22s
Details
2025-08-22 21:04:58 +01:00
Jordan Holt
269e9d20bf hosts: import users in individual hosts
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m20s
Details
2025-08-22 11:57:16 +01:00
Jordan Holt
68c8d8599d flake.lock: Update
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m24s
Details 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/fc3add429f21450359369af74c2375cb34a2d204?narHash=sha256-oV695RvbAE4%2BR9pcsT9shmp6zE/%2BIZe6evHWX63f2Qg%3D' (2025-07-27)
  → 'github:nix-community/home-manager/4fb695d10890e9fc6a19deadf85ff79ffb78da86?narHash=sha256-CPM7zm6csUx7vSfKvzMDIjepEJv1u/usmaT7zydzbuI%3D' (2025-08-21)
• Updated input 'hyprland':
    'github:hyprwm/Hyprland/1ac1ff457ab8ef1ae6a8f2ab17ee7965adfa729f?narHash=sha256-w/5JZD04Z4PoPjev0ZRRlrMSxvqDHYC2MZbliIo3z3Q%3D' (2025-08-20)
  → 'github:hyprwm/Hyprland/42caff5587b6c43703b3c3d51878f156448994f6?narHash=sha256-afr1iUi3HHTgBdF5wZJ1JZQGUNTM4ZY85NnEN138Q2g%3D' (2025-08-22)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/a58390ab6f1aa810eb8e0f0fc74230e7cc06de03?narHash=sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4%3D' (2025-08-19)
  → 'github:NixOS/nixpkgs/9cb344e96d5b6918e94e1bca2d9f3ea1e9615545?narHash=sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A%3D' (2025-08-20)
 2025-08-22 09:54:19 +01:00
Jordan Holt
58bef019fb flake.lock: Update
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m25s
Details 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/8246829f2e675a46919718f9a64b71afe3bfb22d?narHash=sha256-p04ZnIBGzerSyiY2dNGmookCldhldWAu03y0s3P8CB0%3D' (2025-08-12)
  → 'github:nix-community/disko/4073ff2f481f9ef3501678ff479ed81402caae6d?narHash=sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc%3D' (2025-08-18)
• Updated input 'hyprland':
    'github:hyprwm/Hyprland/251288ec5942b3544ad31de1299569284d80f0d7?narHash=sha256-40yHpmTu/dJV5xh8V6PcMvSVqxtQdsVZUium5WMpxFg%3D' (2025-08-17)
  → 'github:hyprwm/Hyprland/1ac1ff457ab8ef1ae6a8f2ab17ee7965adfa729f?narHash=sha256-w/5JZD04Z4PoPjev0ZRRlrMSxvqDHYC2MZbliIo3z3Q%3D' (2025-08-20)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/ad7196ae55c295f53a7d1ec39e4a06d922f3b899?narHash=sha256-rTInmnp/xYrfcMZyFMH3kc8oko5zYfxsowaLv1LVobY%3D' (2025-08-15)
  → 'github:NixOS/nixpkgs/a58390ab6f1aa810eb8e0f0fc74230e7cc06de03?narHash=sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4%3D' (2025-08-19)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/fbcf476f790d8a217c3eab4e12033dc4a0f6d23c?narHash=sha256-wNO3%2BKs2jZJ4nTHMuks%2BcxAiVBGNuEBXsT29Bz6HASo%3D' (2025-08-14)
  → 'github:NixOS/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4?narHash=sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs%2BStOp19xNsbqdOg%3D' (2025-08-19)
• Updated input 'nixvim':
    'github:nix-community/nixvim/ab1b5962e1ca90b42de47e1172e0d24ca80e6256?narHash=sha256-Yz5dJ0VzGRzSRHdHldsWQbuFYmtP3NWNreCvPfCi9CI%3D' (2025-08-03)
  → 'github:nix-community/nixvim/6df0b97b39baa1c0b3002b051f307aed68e17d1b?narHash=sha256-eb9N7XFj1zirk%2BD2KV%2Brn/CjmVHDISlxhtZCWZEVpkM%3D' (2025-08-20)
• Updated input 'pre-commit-hooks':
    'github:cachix/git-hooks.nix/9c52372878df6911f9afc1e2a1391f55e4dfc864?narHash=sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef%2B6fRcofA%3D' (2025-08-05)
  → 'github:cachix/git-hooks.nix/4b04db83821b819bbbe32ed0a025b31e7971f22e?narHash=sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW%2B7uSsOUM%3D' (2025-08-17)
 2025-08-21 10:10:05 +01:00
Jordan Holt
a04e64ebd5 impermanence: use either SSH host key for agenix 2025-08-21 10:08:54 +01:00
Jordan Holt
65af220200 treewide: impermanence configuration
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m23s
Details
2025-08-18 22:26:20 +01:00
Jordan Holt
2a005aade6 devshell: add pre-commit hook installer
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m44s
Details
2025-08-18 19:45:49 +01:00
Jordan Holt
93042329bd flake.lock: Update
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m24s
Details 
Flake lock file updates:

• Updated input 'hyprland':
    'github:hyprwm/Hyprland/edc473e8b0c14e768445422080af9978d132bff6?narHash=sha256-LrXtv1RIEds93j%2BOiSEvYFVX4fcGk2vrEzva19oxvco%3D' (2025-08-15)
  → 'github:hyprwm/Hyprland/251288ec5942b3544ad31de1299569284d80f0d7?narHash=sha256-40yHpmTu/dJV5xh8V6PcMvSVqxtQdsVZUium5WMpxFg%3D' (2025-08-17)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113?narHash=sha256-dz303vGuzWjzOPOaYkS9xSW%2BB93PSAJxvBd6CambXVA%3D' (2025-08-07)
  → 'github:NixOS/nixos-hardware/3dac8a872557e0ca8c083cdcfc2f218d18e113b0?narHash=sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA%3D' (2025-08-16)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/3385ca0cd7e14c1a1eb80401fe011705ff012323?narHash=sha256-Hu/gTDoi4uy6TAKISPHQusSMy8U6xUbLSDjKBYdhDIY%3D' (2025-08-13)
  → 'github:NixOS/nixpkgs/ad7196ae55c295f53a7d1ec39e4a06d922f3b899?narHash=sha256-rTInmnp/xYrfcMZyFMH3kc8oko5zYfxsowaLv1LVobY%3D' (2025-08-15)
 2025-08-17 12:51:55 +01:00
Jordan Holt
56e7e5888b hosts/hypnos: accept vulnerable wifi driver
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m22s
Details
2025-08-17 12:50:48 +01:00
Jordan Holt
655e2295c4 users/jordan: add dejavu_fonts 
Fix a startup issue with Audacity
 2025-08-17 12:48:58 +01:00
45 changed files with 716 additions and 98 deletions
Expand all files Collapse all files

74
flake.lock generated
View File

@@ -213,11 +213,11 @@
]
},
"locked": {
"lastModified": 1754971456,
"narHash": "sha256-p04ZnIBGzerSyiY2dNGmookCldhldWAu03y0s3P8CB0=",
"lastModified": 1755519972,
"narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=",
"owner": "nix-community",
"repo": "disko",
"rev": "8246829f2e675a46919718f9a64b71afe3bfb22d",
"rev": "4073ff2f481f9ef3501678ff479ed81402caae6d",
"type": "github"
},
"original": {
@@ -229,11 +229,11 @@
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1754312136,
"narHash": "sha256-9veVYpPCwKNjIK5gOigl5nEUN6tmrSHXUv4bVZkRuOE=",
"lastModified": 1755874650,
"narHash": "sha256-ClHCtrzwU6TIfK0qOzAsfPY4swrpbZ8SwUpBpVwphaY=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "6f173d0873dd33c5653dee89a831af3e49db3e36",
"rev": "6fafa0409ad451b90db466f900b7549a1890bf1a",
"type": "github"
},
"original": {
@@ -517,11 +517,11 @@
]
},
"locked": {
"lastModified": 1753592768,
"narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=",
"lastModified": 1755928099,
"narHash": "sha256-OILVkfhRCm8u18IZ2DKR8gz8CVZM2ZcJmQBXmjFLIfk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "fc3add429f21450359369af74c2375cb34a2d204",
"rev": "4a44fb9f7555da362af9d499817084f4288a957f",
"type": "github"
},
"original": {
@@ -605,11 +605,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1755277479,
"narHash": "sha256-LrXtv1RIEds93j+OiSEvYFVX4fcGk2vrEzva19oxvco=",
"lastModified": 1755883465,
"narHash": "sha256-/yviTS9piazXoZAmnN0dXnYjDAFvooBnzJfPw2Gi30Y=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "edc473e8b0c14e768445422080af9978d132bff6",
"rev": "0d45b277d6c750377b336034b8adc53eae238d91",
"type": "github"
},
"original": {
@@ -906,11 +906,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1754564048,
"narHash": "sha256-dz303vGuzWjzOPOaYkS9xSW+B93PSAJxvBd6CambXVA=",
"lastModified": 1755330281,
"narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113",
"rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0",
"type": "github"
},
"original": {
@@ -993,11 +993,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1755186698,
"narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"lastModified": 1755615617,
"narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"rev": "20075955deac2583bb12f07151c2df830ef346b4",
"type": "github"
},
"original": {
@@ -1008,11 +1008,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1755078291,
"narHash": "sha256-Hu/gTDoi4uy6TAKISPHQusSMy8U6xUbLSDjKBYdhDIY=",
"lastModified": 1755704039,
"narHash": "sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3385ca0cd7e14c1a1eb80401fe011705ff012323",
"rev": "9cb344e96d5b6918e94e1bca2d9f3ea1e9615545",
"type": "github"
},
"original": {
@@ -1031,11 +1031,11 @@
"systems": "systems_6"
},
"locked": {
"lastModified": 1754262585,
"narHash": "sha256-Yz5dJ0VzGRzSRHdHldsWQbuFYmtP3NWNreCvPfCi9CI=",
"lastModified": 1755727480,
"narHash": "sha256-eb9N7XFj1zirk+D2KV+rn/CjmVHDISlxhtZCWZEVpkM=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "ab1b5962e1ca90b42de47e1172e0d24ca80e6256",
"rev": "6df0b97b39baa1c0b3002b051f307aed68e17d1b",
"type": "github"
},
"original": {
@@ -1100,11 +1100,11 @@
]
},
"locked": {
"lastModified": 1754416808,
"narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=",
"lastModified": 1755879220,
"narHash": "sha256-2KZl6cU5rzEwXKMW369kLTzinJXXkF3TRExA6qEeVbc=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864",
"rev": "3ff4596663c8cbbffe06d863ee4c950bce2c3b78",
"type": "github"
},
"original": {
@@ -1143,11 +1143,11 @@
"secrets": {
"flake": false,
"locked": {
"lastModified": 1753994653,
"narHash": "sha256-kVd17w6oo9dbZfgZXMMPEssspp8vAr32G5U8VnfuIFc=",
"lastModified": 1755887038,
"narHash": "sha256-HoEMwFfR3rwNxwJjFCbj3rfW8k6EabHuMJAZOwsT95c=",
"ref": "refs/heads/master",
"rev": "e0cb8c5b8de3f61fbef13c80219715f2e3e5ffb5",
"revCount": 39,
"rev": "9e47b557087ebde3a30c9f97189d110c29d144fd",
"revCount": 40,
"type": "git",
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
},
@@ -1249,11 +1249,11 @@
"thunderbird-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1754507270,
"narHash": "sha256-zADBsXqIkxy519sK/2mnZ/lcTQSA/3iXwdkXCVNqUVY=",
"lastModified": 1755861050,
"narHash": "sha256-oLmw1VRrmbuLwT5errG3lT85K0jLII/aQ32VtdJ+1xM=",
"owner": "rafaelmardojai",
"repo": "thunderbird-gnome-theme",
"rev": "a9ee1a2c8a1dfce700250a4ce3ce7f88dff43300",
"rev": "b1fbb41db5718c23667bd9b40268b8e7317634fd",
"type": "github"
},
"original": {
@@ -1290,11 +1290,11 @@
]
},
"locked": {
"lastModified": 1754847726,
"narHash": "sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl+V/PsmIiJREG4rE=",
"lastModified": 1755934250,
"narHash": "sha256-CsDojnMgYsfshQw3t4zjRUkmMmUdZGthl16bXVWgRYU=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "7d81f6fb2e19bf84f1c65135d1060d829fae2408",
"rev": "74e1a52d5bd9430312f8d1b8b0354c92c17453e5",
"type": "github"
},
"original": {

20
hosts/artemis/README.md
View File

@@ -2,7 +2,7 @@
## Overview
Couch gaming PC and media centre
Home theatre and gaming PC
## Specs
@@ -25,16 +25,24 @@ WD Black SN850X | `/dev/nvme0n1p1` (EFI, 500 MiB, NixOS Boot) <br> `/dev/nvme0n1
rpool/
├── local
│ ├── nix
│ └── tmp
├── system
│ ├── root
│ └── var
└── user
└── home
│ └── state
└── safe
└── persist
```
See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind these datasets.
#### Impermanence
This machine uses [impermanence](https://github.com/nix-community/impermanence) and is rolled back to a clean state on each reboot.
Mountpoint | Persists across reboots? | Backed up?
--- | --- | ---
`/` | No | Yes
`/state` | Yes | No
`/persist` | Yes | Yes
### Networks
- DHCP on `10.0.1.0/24` subnet.

6
hosts/artemis/default.nix
View File

@@ -18,6 +18,7 @@ in
./hardware-configuration.nix
./disko-config.nix
../desktop.nix
../../users/guest
];
nixpkgs = {
@@ -72,11 +73,16 @@ in
capSysAdmin = true;
};
programs.steam.enable = true;
environment = {
systemPackages = [ pkgs.wine ];
sessionVariables.WINE_BIN = getExe pkgs.wine;
};
environment.persistence."/persist".enable = mkForce true;
environment.persistence."/state".enable = mkForce true;
modules = {
services = {
borgmatic = {

85
hosts/artemis/disko-config.nix
View File

@@ -35,80 +35,59 @@
ashift = "12";
};
rootFsOptions = {
canmount = "off";
mountpoint = "none";
dnodesize = "auto";
compression = "zstd";
acltype = "posix";
atime = "off";
xattr = "sa";
dnodesize = "auto";
mountpoint = "none";
canmount = "off";
devices = "off";
exec = "off";
setuid = "off";
};
postCreateHook = "zfs snapshot rpool@blank";
datasets = {
local = {
"local" = {
type = "zfs_fs";
};
"local/root" = {
type = "zfs_fs";
mountpoint = "/";
options = {
mountpoint = "none";
canmount = "noauto";
mountpoint = "/";
exec = "on";
setuid = "on";
};
postCreateHook = "zfs snapshot rpool/local/root@blank";
};
"local/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options = {
atime = "off";
mountpoint = "legacy";
canmount = "noauto";
mountpoint = "/nix";
exec = "on";
setuid = "on";
};
};
"local/tmp" = {
"local/state" = {
type = "zfs_fs";
mountpoint = "/tmp";
mountpoint = "/state";
options = {
setuid = "off";
devices = "off";
mountpoint = "legacy";
canmount = "noauto";
mountpoint = "/state";
};
};
system = {
"safe" = {
type = "zfs_fs";
mountpoint = "/";
options = {
mountpoint = "legacy";
};
};
"system/var" = {
"safe/persist" = {
type = "zfs_fs";
mountpoint = "/var";
mountpoint = "/persist";
options = {
mountpoint = "legacy";
};
};
"system/var/tmp" = {
type = "zfs_fs";
mountpoint = "/var/tmp";
options = {
devices = "off";
mountpoint = "legacy";
};
};
"system/var/log" = {
type = "zfs_fs";
mountpoint = "/var/log";
options = {
compression = "on";
acltype = "posix";
mountpoint = "legacy";
};
};
user = {
type = "zfs_fs";
options = {
mountpoint = "none";
};
};
"user/home" = {
type = "zfs_fs";
mountpoint = "/home";
options = {
setuid = "off";
devices = "off";
mountpoint = "legacy";
canmount = "noauto";
mountpoint = "/persist";
};
};
};

1
hosts/atlas/default.nix
View File

@@ -4,6 +4,7 @@
imports = [
./hardware-configuration.nix
../desktop.nix
../../users/jordan
];
nixpkgs.hostPlatform = "x86_64-linux";

2
hosts/common.nix
View File

@@ -4,12 +4,12 @@
pkgs,
...
}:
{
imports = [
inputs.agenix.nixosModules.age
inputs.home-manager.nixosModules.home-manager
../modules/nixos
../modules/nixos/impermanence.nix
];
nixpkgs = {

6
hosts/desktop.nix
View File

@@ -1,4 +1,6 @@
{
inputs,
config,
pkgs,
...
}:
@@ -6,7 +8,6 @@
{
imports = [
./common.nix
../users/jordan
];
services.printing.enable = true;
@@ -44,6 +45,9 @@
randomizedDelaySec = "10min";
};
age.secrets."passwords/users/root".file = "${inputs.secrets}/passwords/users/jordan.age";
users.users.root.hashedPasswordFile = config.age.secrets."passwords/users/root".path;
systemd.services.NetworkManager-wait-online.enable = false;
modules = {

1
hosts/eos/default.nix
View File

@@ -4,6 +4,7 @@
imports = [
./hardware-configuration.nix
../desktop.nix
../../users/jordan
];
nixpkgs.hostPlatform = "x86_64-linux";

4
hosts/helios/default.nix
View File

@@ -1,4 +1,5 @@
{
inputs,
pkgs,
lib,
...
@@ -9,8 +10,11 @@ let
in
{
imports = [
inputs.disko.nixosModules.disko
./hardware-configuration.nix
./disko-config.nix
../desktop.nix
../../users/jordan
];
nixpkgs.hostPlatform = "x86_64-linux";

101
hosts/helios/disko-config.nix Normal file
View File

@@ -0,0 +1,101 @@
{ ... }:
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/ata-SanDisk_Ultra_II_480GB_162224802391";
content = {
type = "gpt";
partitions = {
MBR = {
size = "1M";
type = "EF02"; # For GRUB MBR
};
boot = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "rpool";
};
};
};
};
};
};
zpool = {
rpool = {
type = "zpool";
options = {
ashift = "12";
};
rootFsOptions = {
compression = "zstd";
acltype = "posix";
atime = "off";
xattr = "sa";
dnodesize = "auto";
mountpoint = "none";
canmount = "off";
devices = "off";
exec = "off";
setuid = "off";
};
datasets = {
"local" = {
type = "zfs_fs";
};
"local/root" = {
type = "zfs_fs";
mountpoint = "/";
options = {
canmount = "noauto";
mountpoint = "/";
exec = "on";
setuid = "on";
};
postCreateHook = "zfs snapshot rpool/local/root@blank";
};
"local/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options = {
canmount = "noauto";
mountpoint = "/nix";
exec = "on";
setuid = "on";
};
};
"local/state" = {
type = "zfs_fs";
mountpoint = "/state";
options = {
canmount = "noauto";
mountpoint = "/state";
};
};
"safe" = {
type = "zfs_fs";
};
"safe/persist" = {
type = "zfs_fs";
mountpoint = "/persist";
options = {
canmount = "noauto";
mountpoint = "/persist";
};
};
};
};
};
};
}

2
hosts/hypnos/default.nix
View File

@@ -11,12 +11,14 @@
./hardware-configuration.nix
./disko-config.nix
../desktop.nix
../../users/jordan
];
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
nvidia.acceptLicense = true;
permittedInsecurePackages = [ "broadcom-sta-6.30.223.271-57-6.12.41" ];
};
};

7
hosts/library/ai.nix
View File

@@ -36,4 +36,11 @@
modules.services.borgmatic.directories = [
"/var/lib/private/open-webui"
];
environment.persistence."/persist".directories = [
{
directory = "/var/lib/private/open-webui";
mode = "0700";
}
];
}

10
hosts/library/grafana.nix
View File

@@ -1,4 +1,5 @@
{
config,
...
}:
@@ -13,4 +14,13 @@
};
};
};
environment.persistence."/persist".directories = [
{
directory = config.services.grafana.dataDir;
user = "grafana";
group = "grafana";
mode = "0700";
}
];
}

16
hosts/library/jellyfin.nix
View File

@@ -24,6 +24,22 @@
dataDir = "/var/lib/jellyfin";
};
environment.persistence."/state".directories = [
{
directory = config.services.jellyfin.cacheDir;
inherit (config.services.jellyfin) user group;
mode = "0700";
}
];
environment.persistence."/persist".directories = [
{
directory = config.services.jellyfin.dataDir;
inherit (config.services.jellyfin) user group;
mode = "0700";
}
];
modules.services.borgmatic.directories = [
config.services.jellyfin.dataDir
];

4
hosts/library/jellysearch.nix
View File

@@ -55,4 +55,8 @@
MEILI_URL = "http://localhost:${toString config.services.meilisearch.listenPort}";
};
};
environment.persistence."/state".directories = [
config.systemd.services.jellysearch.serviceConfig.WorkingDirectory
];
}

9
hosts/library/prometheus.nix
View File

@@ -32,4 +32,13 @@
}
];
};
environment.persistence."/state".directories = [
{
directory = "/var/lib/${config.services.prometheus.stateDir}";
user = "prometheus";
group = "prometheus";
mode = "0700";
}
];
}

48
hosts/mail/mail.nix
View File

@@ -85,4 +85,52 @@ in
smtp_destination_concurrency_limit = "20";
header_size_limit = "4096000";
};
environment.persistence."/persist".directories = [
{
directory = "/var/dkim";
user = "rspamd";
group = "rspamd";
mode = "0755";
}
{
directory = "/var/sieve";
user = "virtualMail";
group = "virtualMail";
mode = "0770";
}
{
directory = "/var/vmail";
user = "virtualMail";
group = "virtualMail";
mode = "0700";
}
{
directory = "/var/lib/rspamd";
user = "rspamd";
group = "rspamd";
mode = "0700";
}
{
directory = "/var/lib/redis-rspamd";
user = "redis-rspamd";
group = "redis-rspamd";
mode = "0700";
}
{
directory = "/var/lib/opendkim";
user = 221;
group = 221;
mode = "0700";
}
{
directory = "/var/lib/knot-resolver";
user = "knot-resolver";
group = "knot-resolver";
mode = "0770";
}
"/var/lib/dhparams"
"/var/lib/dovecot"
"/var/lib/postfix"
];
}

1
hosts/odyssey/default.nix
View File

@@ -10,6 +10,7 @@
./gitea-runner.nix
./nix-serve.nix
../desktop.nix
../../users/jordan
];
nixpkgs = {

9
hosts/pi/home-assistant/default.nix
View File

@@ -276,6 +276,15 @@
lovelaceConfigWritable = true;
};
environment.persistence."/persist".directories = [
{
directory = config.services.home-assistant.configDir;
user = "hass";
group = "hass";
mode = "0700";
}
];
modules.services.borgmatic.directories = [
config.services.home-assistant.configDir
];

15
hosts/pi/home-assistant/mqtt.nix
View File

@@ -69,6 +69,21 @@
};
};
environment.persistence."/persist".directories = [
{
directory = config.services.zigbee2mqtt.dataDir;
user = "zigbee2mqtt";
group = "zigbee2mqtt";
mode = "0700";
}
{
directory = config.services.mosquitto.dataDir;
user = "mosquitto";
group = "mosquitto";
mode = "0700";
}
];
modules.services.borgmatic.directories = [
config.services.mosquitto.dataDir
config.services.zigbee2mqtt.dataDir

7
hosts/server.nix
View File

@@ -65,6 +65,13 @@ in
];
};
environment.persistence."/state".directories = [
{
directory = "/var/lib/fail2ban";
mode = "0750";
}
];
services.openssh.settings.PermitRootLogin = mkForce "prohibit-password";
modules.services.tailscale = {

4
hosts/skycam/default.nix
View File

@@ -79,6 +79,10 @@
};
};
environment.persistence."/persist".directories = [
"/var/lib/skycam-archiver"
];
modules.services.borgmatic = {
enable = true;
directories = [

8
hosts/vps1/gitea.nix
View File

@@ -86,4 +86,12 @@ in
packages.CHUNKED_UPLOAD_PATH = lib.mkForce "${stateDir}/data/tmp/package-upload";
};
};
environment.persistence."/persist".directories = [
{
directory = config.services.gitea.stateDir;
inherit (config.services.gitea) user group;
mode = "0700";
}
];
}

7
hosts/vps1/headscale.nix
View File

@@ -48,6 +48,13 @@ in
};
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/headscale";
inherit (config.services.headscale) user group;
}
];
services.nginx.virtualHosts = {
"${domain}" = {
forceSSL = true;

9
hosts/vps1/kanidm.nix
View File

@@ -49,4 +49,13 @@ in
postRun = "systemctl restart kanidm.service";
group = "acme";
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/kanidm";
user = "kanidm";
group = "kanidm";
mode = "0700";
}
];
}

19
hosts/vps1/matrix.nix
View File

@@ -216,4 +216,23 @@ in
}
// commonBridgeSettings "mautrix-whatsapp";
};
environment.persistence."/persist".directories = [
{
directory = config.services.matrix-synapse.dataDir;
user = "matrix-synapse";
group = "matrix-synapse";
mode = "0700";
}
{
directory = "/var/lib/mautrix-signal";
user = "mautrix-signal";
group = "mautrix-signal";
}
{
directory = "/var/lib/mautrix-whatsapp";
user = "mautrix-whatsapp";
group = "mautrix-whatsapp";
}
];
}

8
hosts/vps1/photoprism.nix
View File

@@ -32,6 +32,14 @@ in
file = "${inputs.secrets}/passwords/services/photoprism/admin.age";
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/private/photoprism";
user = "photoprism";
group = "photoprism";
}
];
services.photoprism = {
enable = true;
address = "localhost";

147
modules/nixos/impermanence.nix Normal file
View File

@@ -0,0 +1,147 @@
{
config,
pkgs,
lib,
...
}:
let
inherit (lib)
attrNames
flip
isAttrs
mapAttrs
mkIf
mkMerge
mkOption
optionals
types
;
in
{
boot.zfs.forceImportRoot = false;
boot.initrd.systemd.enable = true;
boot.initrd.systemd.services.impermanence-rollback =
mkIf
(config.environment.persistence."/persist".enable || config.environment.persistence."/state".enable)
{
description = "Rollback root filesystem";
wantedBy = [ "initrd.target" ];
after = [ "zfs-import-rpool.service" ];
before = [ "sysroot.mount" ];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.zfs}/bin/zfs rollback -r rpool/local/root@blank";
};
};
age.identityPaths = [
"/persist/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key"
];
fileSystems."/state" = mkIf config.environment.persistence."/state".enable {
neededForBoot = true;
};
environment.persistence."/state" = {
enable = false;
hideMounts = true;
directories = [
"/var/lib/systemd"
"/var/log"
"/var/spool"
];
};
fileSystems."/persist" = mkIf config.environment.persistence."/persist".enable {
neededForBoot = true;
};
environment.persistence."/persist" = {
enable = false;
hideMounts = true;
files = [
(mkIf (!config.boot.isContainer) "/etc/machine-id")
"/etc/adjtime"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
directories = [
"/var/lib/nixos"
]
++ optionals config.security.acme.acceptTerms [
{
directory = "/var/lib/acme";
user = "acme";
group = "acme";
mode = "0755";
}
]
++ optionals config.services.printing.enable [
{
directory = "/var/lib/cups";
mode = "0700";
}
]
++ optionals config.hardware.bluetooth.enable [
"/var/lib/bluetooth"
];
};
users.mutableUsers = !config.environment.persistence."/persist".enable;
# For each user that has a home-manager config, merge the locally defined
# persistence options that we defined above.
imports =
let
mkUserFiles = map (
x: { parentDirectory.mode = "700"; } // (if isAttrs x then x else { file = x; })
);
mkUserDirs = map (x: { mode = "700"; } // (if isAttrs x then x else { directory = x; }));
in
[
{
environment.persistence = mkMerge (
flip map (attrNames config.home-manager.users) (
user:
let
hmUserCfg = config.home-manager.users.${user};
in
flip mapAttrs hmUserCfg.home.persistence (
_: sourceCfg: {
users.${user} = {
files = mkUserFiles sourceCfg.files;
directories = mkUserDirs sourceCfg.directories;
};
}
)
)
);
}
];
home-manager.sharedModules = [
{
options.home.persistence = mkOption {
description = "Additional persistence config for the given source path";
default = { };
type = types.attrsOf (
types.submodule {
options = {
files = mkOption {
description = "Additional files to persist via NixOS impermanence.";
type = types.listOf (types.either types.attrs types.str);
default = [ ];
};
directories = mkOption {
description = "Additional directories to persist via NixOS impermanence.";
type = types.listOf (types.either types.attrs types.str);
default = [ ];
};
};
}
);
};
}
];
}

4
modules/nixos/podman.nix
View File

@@ -40,6 +40,10 @@ in
};
environment.persistence."/persist".directories = [
"/var/lib/containers/storage"
];
networking.firewall.interfaces."podman+" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];

9
modules/nixos/services/postgresql.nix
View File

@@ -30,6 +30,15 @@ in
};
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/postgresql";
user = "postgres";
group = "postgres";
mode = "0700";
}
];
services.borgmatic.settings = {
postgresql_databases = [
{

4
modules/nixos/services/tailscale.nix
View File

@@ -56,5 +56,9 @@ in
trustedInterfaces = [ "tailscale0" ];
allowedUDPPorts = [ config.services.tailscale.port ];
};
environment.persistence."/state".directories = [
"/var/lib/tailscale"
];
};
}

6
modules/nixos/system/desktop/gnome.nix
View File

@@ -70,5 +70,11 @@ in
gnomeExtensions.worksets
gnomeExtensions.workspace-matrix
];
environment.persistence."/persist".directories = [
"/etc/NetworkManager"
"/var/lib/AccountsService"
"/var/lib/NetworkManager"
];
};
}

2
nix/devshell.nix
View File

@@ -19,6 +19,8 @@
help = "Deploy this nix-config to remote hosts";
}
];
devshell.startup.pre-commit.text = config.pre-commit.installationScript;
};
};
}

1
nix/hosts.nix
View File

@@ -31,6 +31,7 @@
specialArgs = { inherit inputs; };
modules = [
inputs.impermanence.nixosModules.impermanence
{
networking = {
inherit domain;

30
users/guest/common/optional/graphical/steam.nix Normal file
View File

@@ -0,0 +1,30 @@
{
pkgs,
...
}:
{
home.packages = with pkgs; [
gamescope
steam
];
systemd.user.services.steam-big-picture = {
Unit = {
Description = "Steam Big Picture in Gamescope";
After = [
"graphical.target"
"default.target"
];
};
Service = {
ExecStart = ''
${pkgs.gamescope}/bin/gamescope --rt --backend drm --steam -- \
${pkgs.steam}/bin/steam -pipewire-dmabuf -tenfoot
'';
Restart = "always";
};
Install = {
WantedBy = [ "default.target" ];
};
};
}

66
users/guest/default.nix Normal file
View File

@@ -0,0 +1,66 @@
{
config,
pkgs,
lib,
...
}:
let
inherit (lib)
optional
;
name = "guest";
hostFile = ./. + "/${config.networking.hostName}.nix";
in
{
users.users.${name} = {
description = "Guest";
extraGroups = [
"audio"
"input"
"render"
"video"
];
group = "users";
isNormalUser = true;
shell = pkgs.zsh;
};
home-manager.users.${name} = {
imports = [
./common/optional/graphical/steam.nix
{
home.persistence."/state" = {
directories = [
".local/state/wireplumber"
];
};
home.persistence."/persist" = {
directories = [
".config/gamescope"
".local/share/icons"
".local/share/Steam"
".local/share/vulkan"
".steam"
];
};
}
]
++ optional (builtins.pathExists hostFile) hostFile;
home = {
username = name;
};
xdg.enable = true;
};
services.getty = {
autologinOnce = true;
autologinUser = "guest";
};
# Workaround: https://github.com/nix-community/home-manager/issues/7166
systemd.services."home-manager-${name}".serviceConfig = {
RemainAfterExit = "yes";
};
}

4
users/jordan/common/gpg.nix
View File

@@ -11,4 +11,8 @@
enable = true;
enableSshSupport = true;
};
home.persistence."/persist".directories = [
".gnupg"
];
}

6
users/jordan/common/neovim.nix
View File

@@ -130,4 +130,10 @@
};
home.sessionVariables.EDITOR = "nvim";
home.persistence."/state".directories = [
".local/share/nvim"
".local/state/nvim"
".cache/nvim"
];
}

8
users/jordan/common/optional/graphical/firefox.nix
View File

@@ -207,4 +207,12 @@
};
};
};
home.persistence."/state".directories = [
".cache/mozilla"
];
home.persistence."/persist".directories = [
".mozilla"
];
}

1
users/jordan/common/optional/graphical/fonts.nix
View File

@@ -8,6 +8,7 @@
adwaita-fonts
apple-color-emoji
corefonts
dejavu_fonts
nerd-fonts.bigblue-terminal
nerd-fonts.comic-shanns-mono
nerd-fonts.terminess-ttf

8
users/jordan/common/optional/graphical/thunderbird.nix
View File

@@ -24,4 +24,12 @@
};
};
};
home.persistence."/state".directories = [
".cache/thunderbird"
];
home.persistence."/persist".directories = [
".thunderbird"
];
}

4
users/jordan/common/pass.nix
View File

@@ -8,4 +8,8 @@
enable = true;
package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
};
home.persistence."/state".directories = [
".local/share/password-store"
];
}

9
users/jordan/common/shell.nix
View File

@@ -176,6 +176,15 @@ in
nix-index.enable = true;
};
home.persistence."/persist" = {
directories = [
".local/share/mcfly"
];
files = [
".zsh_history"
];
};
home.packages = with pkgs; [
bat
btop

4
users/jordan/common/ssh.nix
View File

@@ -9,4 +9,8 @@
enable = true;
addKeysToAgent = "yes";
};
home.persistence."/state".files = [
".ssh/known_hosts"
];
}

18
users/jordan/default.nix
View File

@@ -42,6 +42,24 @@ in
./common/pass.nix
./common/shell.nix
./common/ssh.nix
{
home.persistence."/state" = {
directories = [
"Downloads"
".local/state/wireplumber"
];
};
home.persistence."/persist" = {
directories = [
"Desktop"
"Documents"
"Music"
"Pictures"
"projects"
"Videos"
];
};
}
]
++ optional (builtins.pathExists hostFile) hostFile;