jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions 1 Projects 3 Wiki Activity

Compare commits

base: jordan:f89304ef1f5dfe4cfaefcb7aefe5e707564cce55
Branches Tags
jordan:master jordan:helios-disko jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store
...
compare: jordan:helios-disko
Branches Tags
jordan:master jordan:helios-disko jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store

25 Commits
f89304ef1f ... helios-dis

Author SHA1 Message Date
Jordan Holt
2cbacf93b6 hosts/helios: add initial disko config 2025-08-23 21:39:28 +01:00
Jordan Holt
6ea925eb7d hosts/artemis: update README.md
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m20s
Details
2025-08-23 09:33:33 +01:00
Jordan Holt
ce0181af06 flake.lock: Update
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m20s
Details 
Flake lock file updates:

• Updated input 'firefox-gnome-theme':
    'github:rafaelmardojai/firefox-gnome-theme/6f173d0873dd33c5653dee89a831af3e49db3e36?narHash=sha256-9veVYpPCwKNjIK5gOigl5nEUN6tmrSHXUv4bVZkRuOE%3D' (2025-08-04)
  → 'github:rafaelmardojai/firefox-gnome-theme/6fafa0409ad451b90db466f900b7549a1890bf1a?narHash=sha256-ClHCtrzwU6TIfK0qOzAsfPY4swrpbZ8SwUpBpVwphaY%3D' (2025-08-22)
• Updated input 'home-manager':
    'github:nix-community/home-manager/4fb695d10890e9fc6a19deadf85ff79ffb78da86?narHash=sha256-CPM7zm6csUx7vSfKvzMDIjepEJv1u/usmaT7zydzbuI%3D' (2025-08-21)
  → 'github:nix-community/home-manager/4a44fb9f7555da362af9d499817084f4288a957f?narHash=sha256-OILVkfhRCm8u18IZ2DKR8gz8CVZM2ZcJmQBXmjFLIfk%3D' (2025-08-23)
• Updated input 'hyprland':
    'github:hyprwm/Hyprland/42caff5587b6c43703b3c3d51878f156448994f6?narHash=sha256-afr1iUi3HHTgBdF5wZJ1JZQGUNTM4ZY85NnEN138Q2g%3D' (2025-08-22)
  → 'github:hyprwm/Hyprland/0d45b277d6c750377b336034b8adc53eae238d91?narHash=sha256-/yviTS9piazXoZAmnN0dXnYjDAFvooBnzJfPw2Gi30Y%3D' (2025-08-22)
• Updated input 'pre-commit-hooks':
    'github:cachix/git-hooks.nix/4b04db83821b819bbbe32ed0a025b31e7971f22e?narHash=sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW%2B7uSsOUM%3D' (2025-08-17)
  → 'github:cachix/git-hooks.nix/3ff4596663c8cbbffe06d863ee4c950bce2c3b78?narHash=sha256-2KZl6cU5rzEwXKMW369kLTzinJXXkF3TRExA6qEeVbc%3D' (2025-08-22)
• Updated input 'thunderbird-gnome-theme':
    'github:rafaelmardojai/thunderbird-gnome-theme/a9ee1a2c8a1dfce700250a4ce3ce7f88dff43300?narHash=sha256-zADBsXqIkxy519sK/2mnZ/lcTQSA/3iXwdkXCVNqUVY%3D' (2025-08-06)
  → 'github:rafaelmardojai/thunderbird-gnome-theme/b1fbb41db5718c23667bd9b40268b8e7317634fd?narHash=sha256-oLmw1VRrmbuLwT5errG3lT85K0jLII/aQ32VtdJ%2B1xM%3D' (2025-08-22)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/7d81f6fb2e19bf84f1c65135d1060d829fae2408?narHash=sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl%2BV/PsmIiJREG4rE%3D' (2025-08-10)
  → 'github:numtide/treefmt-nix/74e1a52d5bd9430312f8d1b8b0354c92c17453e5?narHash=sha256-CsDojnMgYsfshQw3t4zjRUkmMmUdZGthl16bXVWgRYU%3D' (2025-08-23)
 2025-08-23 09:22:56 +01:00
Jordan Holt
df7d5f3f93 users/guest: init and add steam
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m22s
Details
2025-08-22 21:04:58 +01:00
Jordan Holt
269e9d20bf hosts: import users in individual hosts
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m20s
Details
2025-08-22 11:57:16 +01:00
Jordan Holt
68c8d8599d flake.lock: Update
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m24s
Details 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/fc3add429f21450359369af74c2375cb34a2d204?narHash=sha256-oV695RvbAE4%2BR9pcsT9shmp6zE/%2BIZe6evHWX63f2Qg%3D' (2025-07-27)
  → 'github:nix-community/home-manager/4fb695d10890e9fc6a19deadf85ff79ffb78da86?narHash=sha256-CPM7zm6csUx7vSfKvzMDIjepEJv1u/usmaT7zydzbuI%3D' (2025-08-21)
• Updated input 'hyprland':
    'github:hyprwm/Hyprland/1ac1ff457ab8ef1ae6a8f2ab17ee7965adfa729f?narHash=sha256-w/5JZD04Z4PoPjev0ZRRlrMSxvqDHYC2MZbliIo3z3Q%3D' (2025-08-20)
  → 'github:hyprwm/Hyprland/42caff5587b6c43703b3c3d51878f156448994f6?narHash=sha256-afr1iUi3HHTgBdF5wZJ1JZQGUNTM4ZY85NnEN138Q2g%3D' (2025-08-22)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/a58390ab6f1aa810eb8e0f0fc74230e7cc06de03?narHash=sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4%3D' (2025-08-19)
  → 'github:NixOS/nixpkgs/9cb344e96d5b6918e94e1bca2d9f3ea1e9615545?narHash=sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A%3D' (2025-08-20)
 2025-08-22 09:54:19 +01:00
Jordan Holt
58bef019fb flake.lock: Update
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m25s
Details 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/8246829f2e675a46919718f9a64b71afe3bfb22d?narHash=sha256-p04ZnIBGzerSyiY2dNGmookCldhldWAu03y0s3P8CB0%3D' (2025-08-12)
  → 'github:nix-community/disko/4073ff2f481f9ef3501678ff479ed81402caae6d?narHash=sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc%3D' (2025-08-18)
• Updated input 'hyprland':
    'github:hyprwm/Hyprland/251288ec5942b3544ad31de1299569284d80f0d7?narHash=sha256-40yHpmTu/dJV5xh8V6PcMvSVqxtQdsVZUium5WMpxFg%3D' (2025-08-17)
  → 'github:hyprwm/Hyprland/1ac1ff457ab8ef1ae6a8f2ab17ee7965adfa729f?narHash=sha256-w/5JZD04Z4PoPjev0ZRRlrMSxvqDHYC2MZbliIo3z3Q%3D' (2025-08-20)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/ad7196ae55c295f53a7d1ec39e4a06d922f3b899?narHash=sha256-rTInmnp/xYrfcMZyFMH3kc8oko5zYfxsowaLv1LVobY%3D' (2025-08-15)
  → 'github:NixOS/nixpkgs/a58390ab6f1aa810eb8e0f0fc74230e7cc06de03?narHash=sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4%3D' (2025-08-19)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/fbcf476f790d8a217c3eab4e12033dc4a0f6d23c?narHash=sha256-wNO3%2BKs2jZJ4nTHMuks%2BcxAiVBGNuEBXsT29Bz6HASo%3D' (2025-08-14)
  → 'github:NixOS/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4?narHash=sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs%2BStOp19xNsbqdOg%3D' (2025-08-19)
• Updated input 'nixvim':
    'github:nix-community/nixvim/ab1b5962e1ca90b42de47e1172e0d24ca80e6256?narHash=sha256-Yz5dJ0VzGRzSRHdHldsWQbuFYmtP3NWNreCvPfCi9CI%3D' (2025-08-03)
  → 'github:nix-community/nixvim/6df0b97b39baa1c0b3002b051f307aed68e17d1b?narHash=sha256-eb9N7XFj1zirk%2BD2KV%2Brn/CjmVHDISlxhtZCWZEVpkM%3D' (2025-08-20)
• Updated input 'pre-commit-hooks':
    'github:cachix/git-hooks.nix/9c52372878df6911f9afc1e2a1391f55e4dfc864?narHash=sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef%2B6fRcofA%3D' (2025-08-05)
  → 'github:cachix/git-hooks.nix/4b04db83821b819bbbe32ed0a025b31e7971f22e?narHash=sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW%2B7uSsOUM%3D' (2025-08-17)
 2025-08-21 10:10:05 +01:00
Jordan Holt
a04e64ebd5 impermanence: use either SSH host key for agenix 2025-08-21 10:08:54 +01:00
Jordan Holt
65af220200 treewide: impermanence configuration
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m23s
Details
2025-08-18 22:26:20 +01:00
Jordan Holt
2a005aade6 devshell: add pre-commit hook installer
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m44s
Details
2025-08-18 19:45:49 +01:00
Jordan Holt
93042329bd flake.lock: Update
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m24s
Details 
Flake lock file updates:

• Updated input 'hyprland':
    'github:hyprwm/Hyprland/edc473e8b0c14e768445422080af9978d132bff6?narHash=sha256-LrXtv1RIEds93j%2BOiSEvYFVX4fcGk2vrEzva19oxvco%3D' (2025-08-15)
  → 'github:hyprwm/Hyprland/251288ec5942b3544ad31de1299569284d80f0d7?narHash=sha256-40yHpmTu/dJV5xh8V6PcMvSVqxtQdsVZUium5WMpxFg%3D' (2025-08-17)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113?narHash=sha256-dz303vGuzWjzOPOaYkS9xSW%2BB93PSAJxvBd6CambXVA%3D' (2025-08-07)
  → 'github:NixOS/nixos-hardware/3dac8a872557e0ca8c083cdcfc2f218d18e113b0?narHash=sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA%3D' (2025-08-16)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/3385ca0cd7e14c1a1eb80401fe011705ff012323?narHash=sha256-Hu/gTDoi4uy6TAKISPHQusSMy8U6xUbLSDjKBYdhDIY%3D' (2025-08-13)
  → 'github:NixOS/nixpkgs/ad7196ae55c295f53a7d1ec39e4a06d922f3b899?narHash=sha256-rTInmnp/xYrfcMZyFMH3kc8oko5zYfxsowaLv1LVobY%3D' (2025-08-15)
 2025-08-17 12:51:55 +01:00
Jordan Holt
56e7e5888b hosts/hypnos: accept vulnerable wifi driver
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m22s
Details
2025-08-17 12:50:48 +01:00
Jordan Holt
655e2295c4 users/jordan: add dejavu_fonts 
Fix a startup issue with Audacity
 2025-08-17 12:48:58 +01:00
Jordan Holt
a6b2311289 treewide: format markdown
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m18s
Details
2025-08-15 21:38:30 +01:00
Jordan Holt
77ca125bde flake.nix: add treefmt-nix
Some checks failed
Check flake / build-amd64-linux (push) Failing after 1m21s
Details
2025-08-15 21:37:06 +01:00
Jordan Holt
a40e84ddb4 flake.lock: Update
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m35s
Details 
Flake lock file updates:

• Updated input 'deploy-rs/nixpkgs':
    'github:NixOS/nixpkgs/bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f?narHash=sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg%3D' (2025-03-26)
  → follows 'nixpkgs'
 2025-08-15 21:17:58 +01:00
Jordan Holt
9653e4d9d0 flake.nix: add devshell with deploy-rs
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m22s
Details
2025-08-15 21:05:59 +01:00
Jordan Holt
24828da373 flake.nix: add agenix-rekey and nix-topology
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m19s
Details
2025-08-15 20:18:32 +01:00
Jordan Holt
c1016e641c flake.lock: Update 
Flake lock file updates:

• Added input 'nix-topology':
    'github:oddlama/nix-topology/6a536c4b686ee4bcf07a7b0f8b823584560e2633?narHash=sha256-P0TySh6sQl1EhfxjW9ZqGxEyUBSsEpdnchOe1QB0pLA%3D' (2025-07-09)
• Added input 'nix-topology/devshell':
    'github:numtide/devshell/dd6b80932022cea34a019e2bb32f6fa9e494dfef?narHash=sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg%3D' (2024-10-07)
• Added input 'nix-topology/devshell/nixpkgs':
    follows 'nix-topology/nixpkgs'
• Added input 'nix-topology/flake-utils':
    'github:numtide/flake-utils/c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a?narHash=sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ%3D' (2024-09-17)
• Added input 'nix-topology/flake-utils/systems':
    'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e?narHash=sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768%3D' (2023-04-09)
• Added input 'nix-topology/nixpkgs':
    follows 'nixpkgs'
• Added input 'nix-topology/pre-commit-hooks':
    follows 'pre-commit-hooks'
 2025-08-15 20:17:57 +01:00
Jordan Holt
db345e0a00 flake.nix: update inputs
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m24s
Details
2025-08-15 20:07:14 +01:00
Jordan Holt
47d0f78c0a flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix-rekey/pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/a5a961387e75ae44cc20f0a57ae463da5e959656?narHash=sha256-3FZAG%2BpGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110%3D' (2025-01-03)
  → follows 'pre-commit-hooks'
• Removed input 'agenix-rekey/pre-commit-hooks/flake-compat'
• Removed input 'agenix-rekey/pre-commit-hooks/gitignore'
• Removed input 'agenix-rekey/pre-commit-hooks/gitignore/nixpkgs'
• Removed input 'agenix-rekey/pre-commit-hooks/nixpkgs'
• Removed input 'git-hooks-nix'
• Removed input 'git-hooks-nix/flake-compat'
• Removed input 'git-hooks-nix/gitignore'
• Removed input 'git-hooks-nix/gitignore/nixpkgs'
• Removed input 'git-hooks-nix/nixpkgs'
 2025-08-15 20:06:27 +01:00
Jordan Holt
e7145bad37 flake.nix: use flake-parts
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m28s
Details
2025-08-15 19:42:45 +01:00
Jordan Holt
75f1317346 hyprland: disable VRR
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m26s
Details
2025-08-15 10:41:54 +01:00
Jordan Holt
ecc5218bf1 hosts/artemis: add vk-hdr-layer
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m31s
Details
2025-08-15 10:41:17 +01:00
Jordan Holt
2c3f56c582 vk-hdr-layer: init
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m22s
Details
2025-08-15 10:02:35 +01:00
61 changed files with 1329 additions and 311 deletions
Expand all files Collapse all files

7
README.md
View File

@@ -10,10 +10,12 @@ System and user configuration for NixOS-based systems.
| **Terminal:** | Ghostty |
## Provisioning a new host
> [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) is the module used
> for provisioning
Generate a new SSH host key in "$temp/etc/ssh" as per [this guide](https://nix-community.github.io/nixos-anywhere/howtos/secrets.html#example-decrypting-an-openssh-host-key-with-pass).
```
ssh-keygen -t ed25519 -f /tmp/ssh_host_ed25519_key
```
@@ -29,6 +31,7 @@ Create a new directory under `hosts/` with a system configuration and disk layou
Boot the NixOS installer (or any Linux distribution) on the target.
Then run:
```
nix run github:nix-community/nixos-anywhere -- \
--disk-encryption-keys /tmp/secret.key /tmp/secret.key \
@@ -40,15 +43,19 @@ nix run github:nix-community/nixos-anywhere -- \
### Post install
If backups are configured, you'll need to run:
```
borgmatic init --encryption repokey-blake2
```
then restart `borgmatic`.
To join the Tailscale network, run:
```
tailscale up --login-server https://headscale.vimium.net
```
then visit the URL, SSH onto `vps1` and run `headscale --user mesh nodes register --key <key>`.
The new node can optionally be given a friendly name with `headscale node rename -i <index> <hostname>`.

401
flake.lock generated
View File

@@ -3,8 +3,12 @@
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"home-manager": [
"nixpkgs"
],
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
@@ -21,6 +25,32 @@
"type": "github"
}
},
"agenix-rekey": {
"inputs": {
"devshell": "devshell",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": [
"pre-commit-hooks"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1754492276,
"narHash": "sha256-cCtleJZQY5eWPYRGl5x63BZ2rfOik4pLveCveH+tmvM=",
"owner": "oddlama",
"repo": "agenix-rekey",
"rev": "69ed7833c0e4e6a677a20894d8f12876b9e2bedb",
"type": "github"
},
"original": {
"owner": "oddlama",
"repo": "agenix-rekey",
"type": "github"
}
},
"aquamarine": {
"inputs": {
"hyprutils": [
@@ -95,7 +125,9 @@
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
},
"locked": {
@@ -112,6 +144,68 @@
"type": "github"
}
},
"devshell": {
"inputs": {
"nixpkgs": [
"agenix-rekey",
"nixpkgs"
]
},
"locked": {
"lastModified": 1728330715,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"owner": "numtide",
"repo": "devshell",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1741473158,
"narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
"owner": "numtide",
"repo": "devshell",
"rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_3": {
"inputs": {
"nixpkgs": [
"nix-topology",
"nixpkgs"
]
},
"locked": {
"lastModified": 1728330715,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"owner": "numtide",
"repo": "devshell",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@@ -119,11 +213,11 @@
]
},
"locked": {
"lastModified": 1754971456,
"narHash": "sha256-p04ZnIBGzerSyiY2dNGmookCldhldWAu03y0s3P8CB0=",
"lastModified": 1755519972,
"narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=",
"owner": "nix-community",
"repo": "disko",
"rev": "8246829f2e675a46919718f9a64b71afe3bfb22d",
"rev": "4073ff2f481f9ef3501678ff479ed81402caae6d",
"type": "github"
},
"original": {
@@ -135,11 +229,11 @@
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1754312136,
"narHash": "sha256-9veVYpPCwKNjIK5gOigl5nEUN6tmrSHXUv4bVZkRuOE=",
"lastModified": 1755874650,
"narHash": "sha256-ClHCtrzwU6TIfK0qOzAsfPY4swrpbZ8SwUpBpVwphaY=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "6f173d0873dd33c5653dee89a831af3e49db3e36",
"rev": "6fafa0409ad451b90db466f900b7549a1890bf1a",
"type": "github"
},
"original": {
@@ -213,6 +307,45 @@
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"agenix-rekey",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1754487366,
"narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
@@ -237,6 +370,24 @@
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
@@ -362,36 +513,15 @@
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"lastModified": 1755928099,
"narHash": "sha256-OILVkfhRCm8u18IZ2DKR8gz8CVZM2ZcJmQBXmjFLIfk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1753592768,
"narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "fc3add429f21450359369af74c2375cb34a2d204",
"rev": "4a44fb9f7555da362af9d499817084f4288a957f",
"type": "github"
},
"original": {
@@ -469,17 +599,17 @@
"hyprlang": "hyprlang",
"hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs",
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_3",
"xdph": "xdph"
},
"locked": {
"lastModified": 1755184403,
"narHash": "sha256-VI+ZPD/uIFjzYW8IcyvBgvwyDIvUe4/xh/kOHTbITX8=",
"lastModified": 1755883465,
"narHash": "sha256-/yviTS9piazXoZAmnN0dXnYjDAFvooBnzJfPw2Gi30Y=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "60d769a89908c29e19100059985db15a7b6bab6a",
"rev": "0d45b277d6c750377b336034b8adc53eae238d91",
"type": "github"
},
"original": {
@@ -749,13 +879,38 @@
"type": "github"
}
},
"nix-topology": {
"inputs": {
"devshell": "devshell_3",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": [
"pre-commit-hooks"
]
},
"locked": {
"lastModified": 1752093877,
"narHash": "sha256-P0TySh6sQl1EhfxjW9ZqGxEyUBSsEpdnchOe1QB0pLA=",
"owner": "oddlama",
"repo": "nix-topology",
"rev": "6a536c4b686ee4bcf07a7b0f8b823584560e2633",
"type": "github"
},
"original": {
"owner": "oddlama",
"repo": "nix-topology",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1754564048,
"narHash": "sha256-dz303vGuzWjzOPOaYkS9xSW+B93PSAJxvBd6CambXVA=",
"lastModified": 1755330281,
"narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "26ed7a0d4b8741fe1ef1ee6fa64453ca056ce113",
"rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0",
"type": "github"
},
"original": {
@@ -791,16 +946,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1754028485,
"narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
"lastModified": 1754725699,
"narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "59e69648d345d6e8fef86158c555730fa12af9de",
"rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
@@ -821,13 +976,28 @@
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1753579242,
"narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1755027561,
"narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=",
"lastModified": 1755615617,
"narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "005433b926e16227259a1843015b5b2b7f7d1fc3",
"rev": "20075955deac2583bb12f07151c2df830ef346b4",
"type": "github"
},
"original": {
@@ -838,43 +1008,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1743014863,
"narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=",
"lastModified": 1755704039,
"narHash": "sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1754725699,
"narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1754937576,
"narHash": "sha256-3sWA5WJybUE16kIMZ3+uxcxKZY/JRR4DFBqLdSLBo7w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ddae11e58c0c345bf66efbddbf2192ed0e58f896",
"rev": "9cb344e96d5b6918e94e1bca2d9f3ea1e9615545",
"type": "github"
},
"original": {
@@ -885,19 +1023,19 @@
},
"nixvim": {
"inputs": {
"flake-parts": "flake-parts",
"flake-parts": "flake-parts_3",
"nixpkgs": [
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch",
"systems": "systems_5"
"systems": "systems_6"
},
"locked": {
"lastModified": 1754262585,
"narHash": "sha256-Yz5dJ0VzGRzSRHdHldsWQbuFYmtP3NWNreCvPfCi9CI=",
"lastModified": 1755727480,
"narHash": "sha256-eb9N7XFj1zirk+D2KV+rn/CjmVHDISlxhtZCWZEVpkM=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "ab1b5962e1ca90b42de47e1172e0d24ca80e6256",
"rev": "6df0b97b39baa1c0b3002b051f307aed68e17d1b",
"type": "github"
},
"original": {
@@ -909,7 +1047,7 @@
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"ixx": "ixx",
"nixpkgs": [
"nixvim",
@@ -962,11 +1100,11 @@
]
},
"locked": {
"lastModified": 1754416808,
"narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=",
"lastModified": 1755879220,
"narHash": "sha256-2KZl6cU5rzEwXKMW369kLTzinJXXkF3TRExA6qEeVbc=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864",
"rev": "3ff4596663c8cbbffe06d863ee4c950bce2c3b78",
"type": "github"
},
"original": {
@@ -978,33 +1116,38 @@
"root": {
"inputs": {
"agenix": "agenix",
"agenix-rekey": "agenix-rekey",
"deploy-rs": "deploy-rs",
"devshell": "devshell_2",
"disko": "disko",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_2",
"gitea-github-theme": "gitea-github-theme",
"home-manager": "home-manager_2",
"home-manager": "home-manager",
"hyprland": "hyprland",
"hyprland-plugins": "hyprland-plugins",
"impermanence": "impermanence",
"kvlibadwaita": "kvlibadwaita",
"nix-topology": "nix-topology",
"nixos-hardware": "nixos-hardware",
"nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim",
"pre-commit-hooks": "pre-commit-hooks_2",
"secrets": "secrets",
"thunderbird-gnome-theme": "thunderbird-gnome-theme"
"thunderbird-gnome-theme": "thunderbird-gnome-theme",
"treefmt-nix": "treefmt-nix_2"
}
},
"secrets": {
"flake": false,
"locked": {
"lastModified": 1753994653,
"narHash": "sha256-kVd17w6oo9dbZfgZXMMPEssspp8vAr32G5U8VnfuIFc=",
"lastModified": 1755887038,
"narHash": "sha256-HoEMwFfR3rwNxwJjFCbj3rfW8k6EabHuMJAZOwsT95c=",
"ref": "refs/heads/master",
"rev": "e0cb8c5b8de3f61fbef13c80219715f2e3e5ffb5",
"revCount": 39,
"rev": "9e47b557087ebde3a30c9f97189d110c29d144fd",
"revCount": 40,
"type": "git",
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
},
@@ -1088,14 +1231,29 @@
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"thunderbird-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1754507270,
"narHash": "sha256-zADBsXqIkxy519sK/2mnZ/lcTQSA/3iXwdkXCVNqUVY=",
"lastModified": 1755861050,
"narHash": "sha256-oLmw1VRrmbuLwT5errG3lT85K0jLII/aQ32VtdJ+1xM=",
"owner": "rafaelmardojai",
"repo": "thunderbird-gnome-theme",
"rev": "a9ee1a2c8a1dfce700250a4ce3ce7f88dff43300",
"rev": "b1fbb41db5718c23667bd9b40268b8e7317634fd",
"type": "github"
},
"original": {
@@ -1104,6 +1262,47 @@
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"agenix-rekey",
"nixpkgs"
]
},
"locked": {
"lastModified": 1735135567,
"narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "9e09d30a644c57257715902efbb3adc56c79cf28",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1755934250,
"narHash": "sha256-CsDojnMgYsfshQw3t4zjRUkmMmUdZGthl16bXVWgRYU=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "74e1a52d5bd9430312f8d1b8b0354c92c17453e5",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_2"

207
flake.nix
View File

@@ -2,169 +2,176 @@
description = "NixOS system configuration";
inputs = {
nixpkgs.url = "nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
# nixpkgs-master.url = "nixpkgs";
agenix.url = "github:ryantm/agenix";
deploy-rs.url = "github:serokell/deploy-rs";
agenix = {
url = "github:ryantm/agenix";
inputs.home-manager.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix-rekey = {
url = "github:oddlama/agenix-rekey";
inputs.nixpkgs.follows = "nixpkgs";
inputs.pre-commit-hooks.follows = "pre-commit-hooks";
};
deploy-rs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
};
devshell = {
url = "github:numtide/devshell";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
hyprland.url = "github:hyprwm/Hyprland";
hyprland-plugins = {
url = "github:hyprwm/hyprland-plugins";
inputs.hyprland.follows = "hyprland";
};
firefox-gnome-theme = {
url = "github:rafaelmardojai/firefox-gnome-theme";
flake = false;
};
flake-parts.url = "github:hercules-ci/flake-parts";
gitea-github-theme = {
url = "git+ssh://git@git.vimium.com/jordan/gitea-github-theme.git?ref=main";
flake = false;
};
impermanence.url = "github:nix-community/impermanence";
kvlibadwaita = {
url = "github:GabePoel/KvLibadwaita";
flake = false;
};
nixos-hardware.url = "github:NixOS/nixos-hardware";
nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
# nixpkgs-master.url = "nixpkgs";
nixvim = {
url = "github:nix-community/nixvim/nixos-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-topology = {
url = "github:oddlama/nix-topology";
inputs.nixpkgs.follows = "nixpkgs";
inputs.pre-commit-hooks.follows = "pre-commit-hooks";
};
pre-commit-hooks = {
url = "github:cachix/git-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
secrets = {
url = "git+ssh://git@git.vimium.com/jordan/nix-secrets.git";
flake = false;
};
thunderbird-gnome-theme = {
url = "github:rafaelmardojai/thunderbird-gnome-theme";
flake = false;
};
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
inputs@{ self, nixpkgs, ... }:
let
inherit (nixpkgs) lib;
domain = "mesh.vimium.net";
forEachSystem = lib.genAttrs [
"x86_64-linux"
"aarch64-linux"
inputs@{
nixpkgs,
flake-parts,
...
}:
flake-parts.lib.mkFlake { inherit inputs; } {
imports = [
inputs.agenix-rekey.flakeModule
inputs.pre-commit-hooks.flakeModule
inputs.nix-topology.flakeModule
inputs.treefmt-nix.flakeModule
./nix/devshell.nix
./nix/hosts.nix
];
mkDeployNode = hostName: {
hostname = "${hostName}.${domain}";
profiles.system = {
user = "root";
path =
inputs.deploy-rs.lib.${
self.nixosConfigurations.${hostName}.config.system.build.toplevel.system
}.activate.nixos
self.nixosConfigurations.${hostName};
flake = {
overlays = nixpkgs.lib.packagesFromDirectoryRecursive {
callPackage = path: overrides: import path;
directory = ./overlays;
};
};
in
{
overlays = lib.packagesFromDirectoryRecursive {
callPackage = path: overrides: import path;
directory = ./overlays;
};
legacyPackages = forEachSystem (
system:
lib.packagesFromDirectoryRecursive {
callPackage = nixpkgs.legacyPackages.${system}.callPackage;
directory = ./pkgs;
}
);
nixosConfigurations = lib.pipe ./hosts [
builtins.readDir
(lib.filterAttrs (name: value: value == "directory"))
(lib.mapAttrs (
name: value:
lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
{
networking = {
inherit domain;
hostName = name;
};
}
./hosts/${name}
];
}
))
systems = [
"aarch64-linux"
"x86_64-linux"
];
checks =
builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib
// (forEachSystem (system: {
pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
check-case-conflicts.enable = true;
check-executables-have-shebangs.enable = true;
check-merge-conflicts.enable = true;
perSystem =
{ pkgs, ... }:
{
formatter = pkgs.nixfmt-rfc-style;
legacyPackages = pkgs.lib.packagesFromDirectoryRecursive {
callPackage = pkgs.callPackage;
directory = ./pkgs;
};
pre-commit = {
settings = {
excludes = [ "pkgs/libcamera-rpi/libcamera-rpi-ipa-priv-key.pem" ];
hooks = {
check-case-conflicts.enable = true;
check-executables-have-shebangs.enable = true;
check-merge-conflicts.enable = true;
detect-private-keys.enable = true;
end-of-file-fixer.enable = true;
fix-byte-order-marker.enable = true;
mixed-line-endings.enable = true;
treefmt.enable = true;
trim-trailing-whitespace.enable = true;
};
};
};
treefmt = {
projectRootFile = "flake.nix";
programs = {
deadnix = {
enable = true;
settings = {
noLambdaArg = true;
};
no-lambda-arg = true;
};
detect-private-keys.enable = true;
end-of-file-fixer.enable = true;
fix-byte-order-marker.enable = true;
mixed-line-endings.enable = true;
mdformat.enable = true;
nixfmt-rfc-style.enable = true;
trim-trailing-whitespace.enable = true;
shellcheck.enable = true;
};
excludes = [ "pkgs/libcamera-rpi/libcamera-rpi-ipa-priv-key.pem" ];
};
}));
formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
devShells = forEachSystem (system: {
default = nixpkgs.legacyPackages.${system}.mkShell {
inherit (self.checks.${system}.pre-commit-check) shellHook;
buildInputs = [
inputs.agenix.packages.${system}.agenix
inputs.deploy-rs.packages.${system}.deploy-rs
]
++ self.checks.${system}.pre-commit-check.enabledPackages;
};
});
deploy = {
magicRollback = true;
autoRollback = true;
sshUser = "root";
nodes = lib.genAttrs [
"artemis"
"mail"
"pi"
"skycam"
"vps1"
"vps2"
] mkDeployNode;
};
};
}

37
hosts/artemis/README.md
View File

@@ -1,36 +1,49 @@
# Artemis
## Overview
Couch gaming PC and media centre
Home theatre and gaming PC
## Specs
* CPU - AMD Ryzen 7 9800X3D @ 4.70GHz
* Chipset - AMD B850
* Memory - 64 GB DDR5
* Motherboard - ASUS ROG STRIX B850-I Gaming WiFi
* GPU - AMD Radeon 7900 XTX
* Case - MCPRUE Apollo S v4
- CPU - AMD Ryzen 7 9800X3D @ 4.70GHz
- Chipset - AMD B850
- Memory - 64 GB DDR5
- Motherboard - ASUS ROG STRIX B850-I Gaming WiFi
- GPU - AMD Radeon 7900 XTX
- Case - MCPRUE Apollo S v4
### Disks
Device | Partitions _(filesystem, size, usage)_
--- | ---
WD Black SN850X | `/dev/nvme0n1p1` (EFI, 500 MiB, NixOS Boot) <br> `/dev/nvme0n1p2` (ZFS, 4 TiB, NixOS Root)
#### ZFS pool layout
```
rpool/
├── local
│ ├── nix
│ └── tmp
├── system
│ ├── root
│ └── var
└── user
└── home
│ └── state
└── safe
└── persist
```
See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind these datasets.
#### Impermanence
This machine uses [impermanence](https://github.com/nix-community/impermanence) and is rolled back to a clean state on each reboot.
Mountpoint | Persists across reboots? | Backed up?
--- | --- | ---
`/` | No | Yes
`/state` | Yes | No
`/persist` | Yes | Yes
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `artemis.mesh.vimium.net`.

6
hosts/artemis/default.nix
View File

@@ -18,6 +18,7 @@ in
./hardware-configuration.nix
./disko-config.nix
../desktop.nix
../../users/guest
];
nixpkgs = {
@@ -72,11 +73,16 @@ in
capSysAdmin = true;
};
programs.steam.enable = true;
environment = {
systemPackages = [ pkgs.wine ];
sessionVariables.WINE_BIN = getExe pkgs.wine;
};
environment.persistence."/persist".enable = mkForce true;
environment.persistence."/state".enable = mkForce true;
modules = {
services = {
borgmatic = {

85
hosts/artemis/disko-config.nix
View File

@@ -35,80 +35,59 @@
ashift = "12";
};
rootFsOptions = {
canmount = "off";
mountpoint = "none";
dnodesize = "auto";
compression = "zstd";
acltype = "posix";
atime = "off";
xattr = "sa";
dnodesize = "auto";
mountpoint = "none";
canmount = "off";
devices = "off";
exec = "off";
setuid = "off";
};
postCreateHook = "zfs snapshot rpool@blank";
datasets = {
local = {
"local" = {
type = "zfs_fs";
};
"local/root" = {
type = "zfs_fs";
mountpoint = "/";
options = {
mountpoint = "none";
canmount = "noauto";
mountpoint = "/";
exec = "on";
setuid = "on";
};
postCreateHook = "zfs snapshot rpool/local/root@blank";
};
"local/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options = {
atime = "off";
mountpoint = "legacy";
canmount = "noauto";
mountpoint = "/nix";
exec = "on";
setuid = "on";
};
};
"local/tmp" = {
"local/state" = {
type = "zfs_fs";
mountpoint = "/tmp";
mountpoint = "/state";
options = {
setuid = "off";
devices = "off";
mountpoint = "legacy";
canmount = "noauto";
mountpoint = "/state";
};
};
system = {
"safe" = {
type = "zfs_fs";
mountpoint = "/";
options = {
mountpoint = "legacy";
};
};
"system/var" = {
"safe/persist" = {
type = "zfs_fs";
mountpoint = "/var";
mountpoint = "/persist";
options = {
mountpoint = "legacy";
};
};
"system/var/tmp" = {
type = "zfs_fs";
mountpoint = "/var/tmp";
options = {
devices = "off";
mountpoint = "legacy";
};
};
"system/var/log" = {
type = "zfs_fs";
mountpoint = "/var/log";
options = {
compression = "on";
acltype = "posix";
mountpoint = "legacy";
};
};
user = {
type = "zfs_fs";
options = {
mountpoint = "none";
};
};
"user/home" = {
type = "zfs_fs";
mountpoint = "/home";
options = {
setuid = "off";
devices = "off";
mountpoint = "legacy";
canmount = "noauto";
mountpoint = "/persist";
};
};
};

5
hosts/artemis/hardware-configuration.nix
View File

@@ -91,7 +91,10 @@ in
};
graphics = {
enable32Bit = true;
extraPackages = [ pkgs.gamescope-wsi ];
extraPackages = [
pkgs.gamescope-wsi
pkgs.vk-hdr-layer
];
extraPackages32 = [ pkgs.pkgsi686Linux.gamescope-wsi ];
};
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

19
hosts/atlas/README.md
View File

@@ -1,24 +1,28 @@
# Atlas
## Overview
A general purpose mini computer used for web browsing and multimedia.
## Specs
* CPU - Intel Core i7-4790K @ 4.00GHz
* Chipset - Intel Z97
* Memory - 8 GB DDR3
* Motherboard - ASRock Z97M-ITX
* GPU - AMD Radeon R9 290X 4GB
* Case - SilverStone Sugo SG13
* NIC - Intel Gigabit I218-V, Broadcom BCM4360 802.11ac
- CPU - Intel Core i7-4790K @ 4.00GHz
- Chipset - Intel Z97
- Memory - 8 GB DDR3
- Motherboard - ASRock Z97M-ITX
- GPU - AMD Radeon R9 290X 4GB
- Case - SilverStone Sugo SG13
- NIC - Intel Gigabit I218-V, Broadcom BCM4360 802.11ac
### Disks
Device | Partitions _(filesystem, size, usage)_
--- | ---
Samsung SSD 850 | `/dev/sda1` (NTFS, 500 GiB, Windows XP)
Samsung SSD 850 | `/dev/sdb1` (EFI, 500 MiB, NixOS Boot) <br> `/dev/sdb2` (ZFS, 500 GiB, NixOS Root)
#### ZFS pool layout
```
rpool/
├── local
@@ -34,5 +38,6 @@ rpool/
See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind these datasets.
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `atlas.mesh.vimium.net`.

1
hosts/atlas/default.nix
View File

@@ -4,6 +4,7 @@
imports = [
./hardware-configuration.nix
../desktop.nix
../../users/jordan
];
nixpkgs.hostPlatform = "x86_64-linux";

2
hosts/common.nix
View File

@@ -4,12 +4,12 @@
pkgs,
...
}:
{
imports = [
inputs.agenix.nixosModules.age
inputs.home-manager.nixosModules.home-manager
../modules/nixos
../modules/nixos/impermanence.nix
];
nixpkgs = {

6
hosts/desktop.nix
View File

@@ -1,4 +1,6 @@
{
inputs,
config,
pkgs,
...
}:
@@ -6,7 +8,6 @@
{
imports = [
./common.nix
../users/jordan
];
services.printing.enable = true;
@@ -44,6 +45,9 @@
randomizedDelaySec = "10min";
};
age.secrets."passwords/users/root".file = "${inputs.secrets}/passwords/users/jordan.age";
users.users.root.hashedPasswordFile = config.age.secrets."passwords/users/root".path;
systemd.services.NetworkManager-wait-online.enable = false;
modules = {

9
hosts/eos/README.md
View File

@@ -1,18 +1,22 @@
# Eos
## Overview
ThinkPad X220 laptop.
## Specs
* CPU - Intel Core i5-2520M @ 3.20GHz
* Memory - 8 GB DDR3
- CPU - Intel Core i5-2520M @ 3.20GHz
- Memory - 8 GB DDR3
### Disks
Device | Partitions _(filesystem, usage)_
--- | ---
Solid | `/dev/sda1` (EFI, NixOS Boot) <br> `/dev/sda2` (ZFS, NixOS Root)
#### ZFS pool layout
```
rpool/
├── local
@@ -28,5 +32,6 @@ rpool/
See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind these datasets.
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `eos.mesh.vimium.net`.

1
hosts/eos/default.nix
View File

@@ -4,6 +4,7 @@
imports = [
./hardware-configuration.nix
../desktop.nix
../../users/jordan
];
nixpkgs.hostPlatform = "x86_64-linux";

15
hosts/helios/README.md
View File

@@ -1,16 +1,19 @@
# Helios
## Overview
Dell OptiPlex 980 small form factor desktop.
## Specs
* CPU - Intel Core i7-860 @ 2.8GHz
* Chipset - Intel Q57 Express
* Memory - 8 GB DDR2
* GPU - AMD FirePro 2460
* NIC - Intel Gigabit 82578DM
- CPU - Intel Core i7-860 @ 2.8GHz
- Chipset - Intel Q57 Express
- Memory - 8 GB DDR2
- GPU - AMD FirePro 2460
- NIC - Intel Gigabit 82578DM
### Disks
Device | Partitions _(filesystem, size, usage)_
--- | ---
SanDisk Ultra II | `/dev/sda1` (ext2, 200 MiB, NixOS Boot) <br> `/dev/sda2` (ZFS, 480 GiB, NixOS Root)
@@ -19,6 +22,7 @@ SanDisk Ultra II | `/dev/sda1` (ext2, 200 MiB, NixOS Boot) <br> `/dev/sda2` (ZFS
> an MBR partition table.
#### ZFS pool layout
```
rpool/
├── local
@@ -34,5 +38,6 @@ rpool/
See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind these datasets.
### Networks
- DHCP on `192.168.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `helios.mesh.vimium.net`.

4
hosts/helios/default.nix
View File

@@ -1,4 +1,5 @@
{
inputs,
pkgs,
lib,
...
@@ -9,8 +10,11 @@ let
in
{
imports = [
inputs.disko.nixosModules.disko
./hardware-configuration.nix
./disko-config.nix
../desktop.nix
../../users/jordan
];
nixpkgs.hostPlatform = "x86_64-linux";

101
hosts/helios/disko-config.nix Normal file
View File

@@ -0,0 +1,101 @@
{ ... }:
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/ata-SanDisk_Ultra_II_480GB_162224802391";
content = {
type = "gpt";
partitions = {
MBR = {
size = "1M";
type = "EF02"; # For GRUB MBR
};
boot = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "rpool";
};
};
};
};
};
};
zpool = {
rpool = {
type = "zpool";
options = {
ashift = "12";
};
rootFsOptions = {
compression = "zstd";
acltype = "posix";
atime = "off";
xattr = "sa";
dnodesize = "auto";
mountpoint = "none";
canmount = "off";
devices = "off";
exec = "off";
setuid = "off";
};
datasets = {
"local" = {
type = "zfs_fs";
};
"local/root" = {
type = "zfs_fs";
mountpoint = "/";
options = {
canmount = "noauto";
mountpoint = "/";
exec = "on";
setuid = "on";
};
postCreateHook = "zfs snapshot rpool/local/root@blank";
};
"local/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options = {
canmount = "noauto";
mountpoint = "/nix";
exec = "on";
setuid = "on";
};
};
"local/state" = {
type = "zfs_fs";
mountpoint = "/state";
options = {
canmount = "noauto";
mountpoint = "/state";
};
};
"safe" = {
type = "zfs_fs";
};
"safe/persist" = {
type = "zfs_fs";
mountpoint = "/persist";
options = {
canmount = "noauto";
mountpoint = "/persist";
};
};
};
};
};
};
}

15
hosts/hypnos/README.md
View File

@@ -1,21 +1,25 @@
# Hypnos
## Overview
15-inch MacBook Pro 11,3 (Mid 2014).
## Specs
* CPU - Intel Core i7-4870HQ @ 2.50GHz
* Memory - 16 GB DDR3
* GPU - Intel Iris Pro 5200
* GPU - NVIDIA GeForce GT 750M
* NIC - Broadcom BCM43xx 802.11ac
- CPU - Intel Core i7-4870HQ @ 2.50GHz
- Memory - 16 GB DDR3
- GPU - Intel Iris Pro 5200
- GPU - NVIDIA GeForce GT 750M
- NIC - Broadcom BCM43xx 802.11ac
### Disks
Device | Partitions _(filesystem, size, usage)_
--- | ---
Apple SSD SM0512F | `/dev/sda1` (EFI, 256 MiB, NixOS Boot) <br> `/dev/sda2` (ZFS, 500 GiB, NixOS Root)
#### ZFS pool layout
```
rpool/
├── local
@@ -31,5 +35,6 @@ rpool/
See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind these datasets.
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `hypnos.mesh.vimium.net`.

2
hosts/hypnos/default.nix
View File

@@ -11,12 +11,14 @@
./hardware-configuration.nix
./disko-config.nix
../desktop.nix
../../users/jordan
];
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
nvidia.acceptLicense = true;
permittedInsecurePackages = [ "broadcom-sta-6.30.223.271-57-6.12.41" ];
};
};

15
hosts/library/README.md
View File

@@ -1,21 +1,25 @@
# Library
## Overview
Media and public file server.
## Specs
* CPU - AMD Ryzen 5 5600G @ 3.90GHz
* Chipset - AMD B550
* Memory - 64 GB DDR4
* Motherboard - ASRock B550M Pro4
* Case - JMCD-12S4
- CPU - AMD Ryzen 5 5600G @ 3.90GHz
- Chipset - AMD B550
- Memory - 64 GB DDR4
- Motherboard - ASRock B550M Pro4
- Case - JMCD-12S4
### Disks
Device | Partitions _(filesystem, size, usage)_
--- | ---
Samsung 970 Evo Plus | `/dev/nvme0n1p1` (EFI, 512 MiB, NixOS Boot) <br> `/dev/nvme0n1p2` (ZFS `rpool`, 200 GiB, NixOS Root)
#### ZFS datasets
```
rpool/
├── local
@@ -41,5 +45,6 @@ library/
See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind the `rpool` datasets.
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `library.mesh.vimium.net`.

7
hosts/library/ai.nix
View File

@@ -36,4 +36,11 @@
modules.services.borgmatic.directories = [
"/var/lib/private/open-webui"
];
environment.persistence."/persist".directories = [
{
directory = "/var/lib/private/open-webui";
mode = "0700";
}
];
}

10
hosts/library/grafana.nix
View File

@@ -1,4 +1,5 @@
{
config,
...
}:
@@ -13,4 +14,13 @@
};
};
};
environment.persistence."/persist".directories = [
{
directory = config.services.grafana.dataDir;
user = "grafana";
group = "grafana";
mode = "0700";
}
];
}

16
hosts/library/jellyfin.nix
View File

@@ -24,6 +24,22 @@
dataDir = "/var/lib/jellyfin";
};
environment.persistence."/state".directories = [
{
directory = config.services.jellyfin.cacheDir;
inherit (config.services.jellyfin) user group;
mode = "0700";
}
];
environment.persistence."/persist".directories = [
{
directory = config.services.jellyfin.dataDir;
inherit (config.services.jellyfin) user group;
mode = "0700";
}
];
modules.services.borgmatic.directories = [
config.services.jellyfin.dataDir
];

4
hosts/library/jellysearch.nix
View File

@@ -55,4 +55,8 @@
MEILI_URL = "http://localhost:${toString config.services.meilisearch.listenPort}";
};
};
environment.persistence."/state".directories = [
config.systemd.services.jellysearch.serviceConfig.WorkingDirectory
];
}

9
hosts/library/prometheus.nix
View File

@@ -32,4 +32,13 @@
}
];
};
environment.persistence."/state".directories = [
{
directory = "/var/lib/${config.services.prometheus.stateDir}";
user = "prometheus";
group = "prometheus";
mode = "0700";
}
];
}

8
hosts/mail/README.md
View File

@@ -1,17 +1,21 @@
# Mail server
## Overview
Mail server hosted in OVH.
## Specs
* CPU - ??
* Memory - ??
- CPU - ??
- Memory - ??
### Disks
Device | Partitions _(filesystem, usage)_
--- | ---
NVMe | `/dev/sda1` (ext4, NixOS Root)
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `mail.mesh.vimium.net`.

48
hosts/mail/mail.nix
View File

@@ -85,4 +85,52 @@ in
smtp_destination_concurrency_limit = "20";
header_size_limit = "4096000";
};
environment.persistence."/persist".directories = [
{
directory = "/var/dkim";
user = "rspamd";
group = "rspamd";
mode = "0755";
}
{
directory = "/var/sieve";
user = "virtualMail";
group = "virtualMail";
mode = "0770";
}
{
directory = "/var/vmail";
user = "virtualMail";
group = "virtualMail";
mode = "0700";
}
{
directory = "/var/lib/rspamd";
user = "rspamd";
group = "rspamd";
mode = "0700";
}
{
directory = "/var/lib/redis-rspamd";
user = "redis-rspamd";
group = "redis-rspamd";
mode = "0700";
}
{
directory = "/var/lib/opendkim";
user = 221;
group = 221;
mode = "0700";
}
{
directory = "/var/lib/knot-resolver";
user = "knot-resolver";
group = "knot-resolver";
mode = "0770";
}
"/var/lib/dhparams"
"/var/lib/dovecot"
"/var/lib/postfix"
];
}

17
hosts/odyssey/README.md
View File

@@ -1,22 +1,26 @@
# Odyssey
## Overview
Primary workstation.
## Specs
* CPU - AMD Ryzen 9 9950X3D @ 4.30GHz
* Chipset - AMD X870E
* Memory - 96 GB DDR5
* Motherboard - ASUS ProArt X870E-Creator WiFi
* GPU - NVIDIA RTX 3090
* Case - Thermaltake A500
- CPU - AMD Ryzen 9 9950X3D @ 4.30GHz
- Chipset - AMD X870E
- Memory - 96 GB DDR5
- Motherboard - ASUS ProArt X870E-Creator WiFi
- GPU - NVIDIA RTX 3090
- Case - Thermaltake A500
### Disks
Device | Partitions _(filesystem, size, usage)_
--- | ---
Samsung 980 Pro | `/dev/nvme0n1p1` (EFI, 512 MiB, NixOS Boot) <br> `/dev/nvme0n1p2` (ZFS, 2 TiB, NixOS Root)
#### ZFS pool layout
```
rpool/
├── local
@@ -32,5 +36,6 @@ rpool/
See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind these datasets.
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `odyssey.mesh.vimium.net`.

1
hosts/odyssey/default.nix
View File

@@ -10,6 +10,7 @@
./gitea-runner.nix
./nix-serve.nix
../desktop.nix
../../users/jordan
];
nixpkgs = {

3
hosts/odyssey/hardware-configuration.nix
View File

@@ -34,6 +34,9 @@
powerOnBoot = true;
};
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
graphics = {
extraPackages = [ pkgs.vk-hdr-layer ];
};
nvidia = {
modesetting.enable = true;
open = true;

10
hosts/pi/README.md
View File

@@ -1,19 +1,23 @@
# Pi
## Overview
Raspberry Pi 4
## Specs
* SoC - Broadcom BCM2711
* CPU - ARM Cortex-A72 @ 1.8 GHz
* Memory - 8 GB LPDDR4
- SoC - Broadcom BCM2711
- CPU - ARM Cortex-A72 @ 1.8 GHz
- Memory - 8 GB LPDDR4
### Disks
Device | Partitions _(filesystem, usage)_
--- | ---
SD card | `/dev/mmcblk0` (ext4, NixOS Root)
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `pi.mesh.vimium.net`.

9
hosts/pi/home-assistant/default.nix
View File

@@ -276,6 +276,15 @@
lovelaceConfigWritable = true;
};
environment.persistence."/persist".directories = [
{
directory = config.services.home-assistant.configDir;
user = "hass";
group = "hass";
mode = "0700";
}
];
modules.services.borgmatic.directories = [
config.services.home-assistant.configDir
];

15
hosts/pi/home-assistant/mqtt.nix
View File

@@ -69,6 +69,21 @@
};
};
environment.persistence."/persist".directories = [
{
directory = config.services.zigbee2mqtt.dataDir;
user = "zigbee2mqtt";
group = "zigbee2mqtt";
mode = "0700";
}
{
directory = config.services.mosquitto.dataDir;
user = "mosquitto";
group = "mosquitto";
mode = "0700";
}
];
modules.services.borgmatic.directories = [
config.services.mosquitto.dataDir
config.services.zigbee2mqtt.dataDir

7
hosts/server.nix
View File

@@ -65,6 +65,13 @@ in
];
};
environment.persistence."/state".directories = [
{
directory = "/var/lib/fail2ban";
mode = "0750";
}
];
services.openssh.settings.PermitRootLogin = mkForce "prohibit-password";
modules.services.tailscale = {

12
hosts/skycam/README.md
View File

@@ -1,26 +1,32 @@
# Skycam
## Overview
Raspberry Pi 4-based webcam
## Specs
* SoC - Broadcom BCM2711
* CPU - ARM Cortex-A72 @ 1.8 GHz
* Memory - 8 GB LPDDR4
- SoC - Broadcom BCM2711
- CPU - ARM Cortex-A72 @ 1.8 GHz
- Memory - 8 GB LPDDR4
### Disks
Device | Partitions _(filesystem, usage)_
--- | ---
SD card | `/dev/mmcblk0` (ext4, NixOS Root)
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `skycam.mesh.vimium.net`.
## Devices and connections
- Camera Module 3 with wide-angle lens
## Building
To generate a compressed SD card image for Skycam, run:
`nix build '.#nixosConfigurations.skycam.config.system.build.sdImage'`

4
hosts/skycam/default.nix
View File

@@ -79,6 +79,10 @@
};
};
environment.persistence."/persist".directories = [
"/var/lib/skycam-archiver"
];
modules.services.borgmatic = {
enable = true;
directories = [

8
hosts/vps1/README.md
View File

@@ -1,17 +1,21 @@
# vps1
## Overview
VPS hosted in OVH.
## Specs
* CPU - ??
* Memory - ??
- CPU - ??
- Memory - ??
### Disks
Device | Partitions _(filesystem, usage)_
--- | ---
NVMe | `/dev/sda1` (ext4, NixOS Root)
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `vps1.mesh.vimium.net`.

8
hosts/vps1/gitea.nix
View File

@@ -86,4 +86,12 @@ in
packages.CHUNKED_UPLOAD_PATH = lib.mkForce "${stateDir}/data/tmp/package-upload";
};
};
environment.persistence."/persist".directories = [
{
directory = config.services.gitea.stateDir;
inherit (config.services.gitea) user group;
mode = "0700";
}
];
}

7
hosts/vps1/headscale.nix
View File

@@ -48,6 +48,13 @@ in
};
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/headscale";
inherit (config.services.headscale) user group;
}
];
services.nginx.virtualHosts = {
"${domain}" = {
forceSSL = true;

9
hosts/vps1/kanidm.nix
View File

@@ -49,4 +49,13 @@ in
postRun = "systemctl restart kanidm.service";
group = "acme";
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/kanidm";
user = "kanidm";
group = "kanidm";
mode = "0700";
}
];
}

19
hosts/vps1/matrix.nix
View File

@@ -216,4 +216,23 @@ in
}
// commonBridgeSettings "mautrix-whatsapp";
};
environment.persistence."/persist".directories = [
{
directory = config.services.matrix-synapse.dataDir;
user = "matrix-synapse";
group = "matrix-synapse";
mode = "0700";
}
{
directory = "/var/lib/mautrix-signal";
user = "mautrix-signal";
group = "mautrix-signal";
}
{
directory = "/var/lib/mautrix-whatsapp";
user = "mautrix-whatsapp";
group = "mautrix-whatsapp";
}
];
}

8
hosts/vps1/photoprism.nix
View File

@@ -32,6 +32,14 @@ in
file = "${inputs.secrets}/passwords/services/photoprism/admin.age";
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/private/photoprism";
user = "photoprism";
group = "photoprism";
}
];
services.photoprism = {
enable = true;
address = "localhost";

147
modules/nixos/impermanence.nix Normal file
View File

@@ -0,0 +1,147 @@
{
config,
pkgs,
lib,
...
}:
let
inherit (lib)
attrNames
flip
isAttrs
mapAttrs
mkIf
mkMerge
mkOption
optionals
types
;
in
{
boot.zfs.forceImportRoot = false;
boot.initrd.systemd.enable = true;
boot.initrd.systemd.services.impermanence-rollback =
mkIf
(config.environment.persistence."/persist".enable || config.environment.persistence."/state".enable)
{
description = "Rollback root filesystem";
wantedBy = [ "initrd.target" ];
after = [ "zfs-import-rpool.service" ];
before = [ "sysroot.mount" ];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.zfs}/bin/zfs rollback -r rpool/local/root@blank";
};
};
age.identityPaths = [
"/persist/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key"
];
fileSystems."/state" = mkIf config.environment.persistence."/state".enable {
neededForBoot = true;
};
environment.persistence."/state" = {
enable = false;
hideMounts = true;
directories = [
"/var/lib/systemd"
"/var/log"
"/var/spool"
];
};
fileSystems."/persist" = mkIf config.environment.persistence."/persist".enable {
neededForBoot = true;
};
environment.persistence."/persist" = {
enable = false;
hideMounts = true;
files = [
(mkIf (!config.boot.isContainer) "/etc/machine-id")
"/etc/adjtime"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
directories = [
"/var/lib/nixos"
]
++ optionals config.security.acme.acceptTerms [
{
directory = "/var/lib/acme";
user = "acme";
group = "acme";
mode = "0755";
}
]
++ optionals config.services.printing.enable [
{
directory = "/var/lib/cups";
mode = "0700";
}
]
++ optionals config.hardware.bluetooth.enable [
"/var/lib/bluetooth"
];
};
users.mutableUsers = !config.environment.persistence."/persist".enable;
# For each user that has a home-manager config, merge the locally defined
# persistence options that we defined above.
imports =
let
mkUserFiles = map (
x: { parentDirectory.mode = "700"; } // (if isAttrs x then x else { file = x; })
);
mkUserDirs = map (x: { mode = "700"; } // (if isAttrs x then x else { directory = x; }));
in
[
{
environment.persistence = mkMerge (
flip map (attrNames config.home-manager.users) (
user:
let
hmUserCfg = config.home-manager.users.${user};
in
flip mapAttrs hmUserCfg.home.persistence (
_: sourceCfg: {
users.${user} = {
files = mkUserFiles sourceCfg.files;
directories = mkUserDirs sourceCfg.directories;
};
}
)
)
);
}
];
home-manager.sharedModules = [
{
options.home.persistence = mkOption {
description = "Additional persistence config for the given source path";
default = { };
type = types.attrsOf (
types.submodule {
options = {
files = mkOption {
description = "Additional files to persist via NixOS impermanence.";
type = types.listOf (types.either types.attrs types.str);
default = [ ];
};
directories = mkOption {
description = "Additional directories to persist via NixOS impermanence.";
type = types.listOf (types.either types.attrs types.str);
default = [ ];
};
};
}
);
};
}
];
}

4
modules/nixos/podman.nix
View File

@@ -40,6 +40,10 @@ in
};
environment.persistence."/persist".directories = [
"/var/lib/containers/storage"
];
networking.firewall.interfaces."podman+" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];

9
modules/nixos/services/postgresql.nix
View File

@@ -30,6 +30,15 @@ in
};
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/postgresql";
user = "postgres";
group = "postgres";
mode = "0700";
}
];
services.borgmatic.settings = {
postgresql_databases = [
{

4
modules/nixos/services/tailscale.nix
View File

@@ -56,5 +56,9 @@ in
trustedInterfaces = [ "tailscale0" ];
allowedUDPPorts = [ config.services.tailscale.port ];
};
environment.persistence."/state".directories = [
"/var/lib/tailscale"
];
};
}

6
modules/nixos/system/desktop/gnome.nix
View File

@@ -70,5 +70,11 @@ in
gnomeExtensions.worksets
gnomeExtensions.workspace-matrix
];
environment.persistence."/persist".directories = [
"/etc/NetworkManager"
"/var/lib/AccountsService"
"/var/lib/NetworkManager"
];
};
}

26
nix/devshell.nix Normal file
View File

@@ -0,0 +1,26 @@
{ inputs, ... }:
{
imports = [
inputs.devshell.flakeModule
];
perSystem =
{ config, pkgs, ... }:
{
devshells.default = {
commands = [
{
package = config.treefmt.build.wrapper;
help = "Format all files";
}
{
package = pkgs.deploy-rs;
name = "deploy";
help = "Deploy this nix-config to remote hosts";
}
];
devshell.startup.pre-commit.text = config.pre-commit.installationScript;
};
};
}

61
nix/hosts.nix Normal file
View File

@@ -0,0 +1,61 @@
{
inputs,
...
}:
{
flake =
{ config, lib, ... }:
let
domain = "mesh.vimium.net";
mkDeployNode = hostName: {
hostname = "${hostName}.${domain}";
profiles.system = {
user = "root";
path =
inputs.deploy-rs.lib.${
config.nixosConfigurations.${hostName}.config.system.build.toplevel.system
}.activate.nixos
config.nixosConfigurations.${hostName};
};
};
in
{
nixosConfigurations = lib.pipe ../hosts [
builtins.readDir
(lib.filterAttrs (name: value: value == "directory"))
(lib.mapAttrs (
name: value:
inputs.nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
inputs.impermanence.nixosModules.impermanence
{
networking = {
inherit domain;
hostName = name;
};
}
../hosts/${name}
];
}
))
];
deploy = {
magicRollback = true;
autoRollback = true;
sshUser = "root";
nodes = lib.genAttrs [
"artemis"
"mail"
"pi"
"skycam"
"vps1"
"vps2"
] mkDeployNode;
};
};
}

44
pkgs/vk-hdr-layer/package.nix Normal file
View File

@@ -0,0 +1,44 @@
{
stdenv,
fetchFromGitHub,
lib,
meson,
ninja,
pkg-config,
vulkan-headers,
vulkan-loader,
wayland-scanner,
wayland,
xorg,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "vk-hdr-layer";
version = "303e0c69e1d33acd95158d92b1fc652fb5b85399";
src = fetchFromGitHub {
owner = "Zamundaaa";
repo = "VK_hdr_layer";
rev = "303e0c69e1d33acd95158d92b1fc652fb5b85399";
fetchSubmodules = true;
hash = "sha256-NsC44Ifl/fAHvFqP7NLrVZ71Y+x5mBEkv+r43HN5yn4=";
};
nativeBuildInputs = [
meson
ninja
pkg-config
];
buildInputs = [
vulkan-headers
vulkan-loader
wayland
wayland-scanner
xorg.libX11
];
meta = {
description = "Vulkan layer utilizing a small color management / HDR protocol for experimentation";
homepage = "https://github.com/Zamundaaa/VK_hdr_layer";
license = lib.licenses.mit;
};
})

30
users/guest/common/optional/graphical/steam.nix Normal file
View File

@@ -0,0 +1,30 @@
{
pkgs,
...
}:
{
home.packages = with pkgs; [
gamescope
steam
];
systemd.user.services.steam-big-picture = {
Unit = {
Description = "Steam Big Picture in Gamescope";
After = [
"graphical.target"
"default.target"
];
};
Service = {
ExecStart = ''
${pkgs.gamescope}/bin/gamescope --rt --backend drm --steam -- \
${pkgs.steam}/bin/steam -pipewire-dmabuf -tenfoot
'';
Restart = "always";
};
Install = {
WantedBy = [ "default.target" ];
};
};
}

66
users/guest/default.nix Normal file
View File

@@ -0,0 +1,66 @@
{
config,
pkgs,
lib,
...
}:
let
inherit (lib)
optional
;
name = "guest";
hostFile = ./. + "/${config.networking.hostName}.nix";
in
{
users.users.${name} = {
description = "Guest";
extraGroups = [
"audio"
"input"
"render"
"video"
];
group = "users";
isNormalUser = true;
shell = pkgs.zsh;
};
home-manager.users.${name} = {
imports = [
./common/optional/graphical/steam.nix
{
home.persistence."/state" = {
directories = [
".local/state/wireplumber"
];
};
home.persistence."/persist" = {
directories = [
".config/gamescope"
".local/share/icons"
".local/share/Steam"
".local/share/vulkan"
".steam"
];
};
}
]
++ optional (builtins.pathExists hostFile) hostFile;
home = {
username = name;
};
xdg.enable = true;
};
services.getty = {
autologinOnce = true;
autologinUser = "guest";
};
# Workaround: https://github.com/nix-community/home-manager/issues/7166
systemd.services."home-manager-${name}".serviceConfig = {
RemainAfterExit = "yes";
};
}

4
users/jordan/common/gpg.nix
View File

@@ -11,4 +11,8 @@
enable = true;
enableSshSupport = true;
};
home.persistence."/persist".directories = [
".gnupg"
];
}

6
users/jordan/common/neovim.nix
View File

@@ -130,4 +130,10 @@
};
home.sessionVariables.EDITOR = "nvim";
home.persistence."/state".directories = [
".local/share/nvim"
".local/state/nvim"
".cache/nvim"
];
}

8
users/jordan/common/optional/graphical/firefox.nix
View File

@@ -207,4 +207,12 @@
};
};
};
home.persistence."/state".directories = [
".cache/mozilla"
];
home.persistence."/persist".directories = [
".mozilla"
];
}

1
users/jordan/common/optional/graphical/fonts.nix
View File

@@ -8,6 +8,7 @@
adwaita-fonts
apple-color-emoji
corefonts
dejavu_fonts
nerd-fonts.bigblue-terminal
nerd-fonts.comic-shanns-mono
nerd-fonts.terminess-ttf

4
users/jordan/common/optional/graphical/hyprland/default.nix
View File

@@ -165,8 +165,8 @@ in
};
monitor = [
"desc:Dell Inc. DELL U3219Q HPTP413, preferred, auto, 1, bitdepth, 10, cm, hdr"
"desc:LG Electronics LG TV SSCR2, 3840x2160@60, 0x0, 1, bitdepth, 10, cm, hdr"
"desc:Dell Inc. DELL U3219Q HPTP413, preferred, auto, 1, vrr, 0, bitdepth, 10, cm, hdr"
"desc:LG Electronics LG TV SSCR2, 3840x2160@60, 0x0, 1, vrr, 0, bitdepth, 10, cm, hdr"
];
input = {

8
users/jordan/common/optional/graphical/thunderbird.nix
View File

@@ -24,4 +24,12 @@
};
};
};
home.persistence."/state".directories = [
".cache/thunderbird"
];
home.persistence."/persist".directories = [
".thunderbird"
];
}

4
users/jordan/common/pass.nix
View File

@@ -8,4 +8,8 @@
enable = true;
package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
};
home.persistence."/state".directories = [
".local/share/password-store"
];
}

9
users/jordan/common/shell.nix
View File

@@ -176,6 +176,15 @@ in
nix-index.enable = true;
};
home.persistence."/persist" = {
directories = [
".local/share/mcfly"
];
files = [
".zsh_history"
];
};
home.packages = with pkgs; [
bat
btop

4
users/jordan/common/ssh.nix
View File

@@ -9,4 +9,8 @@
enable = true;
addKeysToAgent = "yes";
};
home.persistence."/state".files = [
".ssh/known_hosts"
];
}

18
users/jordan/default.nix
View File

@@ -42,6 +42,24 @@ in
./common/pass.nix
./common/shell.nix
./common/ssh.nix
{
home.persistence."/state" = {
directories = [
"Downloads"
".local/state/wireplumber"
];
};
home.persistence."/persist" = {
directories = [
"Desktop"
"Documents"
"Music"
"Pictures"
"projects"
"Videos"
];
};
}
]
++ optional (builtins.pathExists hostFile) hostFile;