jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

Compare commits

base: jordan:lunarvim
Branches Tags
jordan:master jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store
..
compare: jordan:4ad4814bed67a946d5884cf606fcd970afb77a5b
Branches Tags
jordan:master jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store

1 Commits
lunarvim ... 4ad4814bed

Author SHA1 Message Date
Jordan Holt
4ad4814bed Initial pi config 2023-12-03 23:17:30 +00:00
90 changed files with 1292 additions and 2548 deletions
Expand all files Collapse all files

18
README.md
View File

@ -9,16 +9,8 @@ System and user configuration for NixOS-based systems.
| **Theme:** | adwaita | | **Theme:** | adwaita |
| **Terminal:** | Console | | **Terminal:** | Console |
## Provisioning ## Quick start
> [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) is the module used for provisioning 1. Copy SSH keypair and `known_hosts` to `~/.ssh`
1. Import GPG keys and set ultimate trust with `echo "KEYID:6:" | gpg --import-ownertrust`
Generate a new SSH host key in "$temp/etc/ssh" as per [this guide](https://nix-community.github.io/nixos-anywhere/howtos/secrets.html#example-decrypting-an-openssh-host-key-with-pass). 1. `git clone git@git.vimium.com:jordan/nix-config.git projects/jordan/nix-config`
1. `sudo nixos-rebuild switch --flake .#`
Then run;
```
nix run github:nix-community/nixos-anywhere -- \
--disk-encryption-keys /tmp/secret.key /tmp/secret.key \
--extra-files "$temp" \
--flake .#<hostname> \
root@<ip>
```

214
flake.lock generated
View File

@ -4,15 +4,14 @@
"inputs": { "inputs": {
"darwin": "darwin", "darwin": "darwin",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs"
"systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1707830867, "lastModified": 1701216516,
"narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", "narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", "rev": "13ac9ac6d68b9a0896e3d43a082947233189e247",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -29,11 +28,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1700795494, "lastModified": 1673295039,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -43,54 +42,14 @@
"type": "github" "type": "github"
} }
}, },
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2",
"utils": "utils"
},
"locked": {
"lastModified": 1708091384,
"narHash": "sha256-dTGGw2y8wvfjr+J9CjQbfdulOq72hUG17HXVNxpH1yE=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "0a0187794ac7f7a1e62cda3dabf8dc041f868790",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1709439398,
"narHash": "sha256-MW0zp3ta7SvdpjvhVCbtP20ewRwQZX2vRFn14gTc4Kg=",
"owner": "nix-community",
"repo": "disko",
"rev": "1f76b318aa11170c8ca8c225a9b4c458a5fcbb57",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1708965002, "lastModified": 1701370547,
"narHash": "sha256-gIBZCPB0sA8Gagrxd8w4+y9uUkWBnXJBmq9Ur5BYTQU=", "narHash": "sha256-pCtPIcRnMMJOwAlNh5qTO00uw/PBThIIzjMCRcCyHYw=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "firefox-gnome-theme", "repo": "firefox-gnome-theme",
"rev": "4e966509c180f93ba8665cd73cad8456bf44baab", "rev": "ec9421f82d922b7293ffd45a47f7abdee80038c6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -99,22 +58,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -123,11 +66,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703113217, "lastModified": 1682203081,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -143,11 +86,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1706981411, "lastModified": 1700814205,
"narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", "narHash": "sha256-lWqDPKHRbQfi+zNIivf031BUeyciVOtwCwTjyrhDB5g=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "652fda4ca6dafeb090943422c34ae9145787af37", "rev": "aeb2232d7a32530d3448318790534d196bf9427a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -159,11 +102,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1709410583, "lastModified": 1701598471,
"narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=", "narHash": "sha256-kHdJ2qc4qKeMTzUIHEcP41ah/dBIhCgvWgrjllt2G78=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc", "rev": "a89745edd5f657e2e5be5ed1bea86725ca78d92e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -174,11 +117,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1703013332, "lastModified": 1677676435,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -188,44 +131,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": {
"locked": {
"lastModified": 1709237383,
"narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1702272962, "lastModified": 1701389149,
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=", "narHash": "sha256-rU1suTIEd5DGCaAXKW6yHoCfR1mnYjOXQFOaH7M23js=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d", "rev": "5de0b32be6e85dc1a9404c75131316e4ffbc634c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1709309926,
"narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "79baff8812a0d68e24a836df0a364c678089e2c7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -237,71 +149,21 @@
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"deploy-rs": "deploy-rs",
"disko": "disko",
"firefox-gnome-theme": "firefox-gnome-theme", "firefox-gnome-theme": "firefox-gnome-theme",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"secrets": "secrets",
"thunderbird-gnome-theme": "thunderbird-gnome-theme" "thunderbird-gnome-theme": "thunderbird-gnome-theme"
} }
}, },
"secrets": {
"flake": false,
"locked": {
"lastModified": 1709495020,
"narHash": "sha256-eiz0qUjUbdeb6m28XPY7OVnrGMZ45JiT2dZZ0Bmq2X0=",
"ref": "refs/heads/master",
"rev": "d135b4d6d5f0079999188895f8b5f35e821b0d4b",
"revCount": 14,
"type": "git",
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
},
"original": {
"type": "git",
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"thunderbird-gnome-theme": { "thunderbird-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1701889124, "lastModified": 1699285862,
"narHash": "sha256-K+6oh7+J6RDBFkxphY/pzf0B+q5+IY54ZMKZrFSKXlc=", "narHash": "sha256-3TQYBJAeQ2fPFxQnD5iKRKKWFlN3GJhz1EkdwE+4m0k=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "thunderbird-gnome-theme", "repo": "thunderbird-gnome-theme",
"rev": "966e9dd54bd2ce9d36d51cd6af8c3bac7a764a68", "rev": "a899ca12204d19f4834fbd092aa5bb05dc4bd127",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -309,24 +171,6 @@
"repo": "thunderbird-gnome-theme", "repo": "thunderbird-gnome-theme",
"type": "github" "type": "github"
} }
},
"utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

155
flake.nix
View File

@ -1,16 +1,10 @@
{ {
description = "NixOS system configuration"; description = "NixOS/Darwin system configuration";
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-23.11"; nixpkgs.url = "nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; nixos-hardware.url = "github:NixOS/nixos-hardware";
# nixpkgs-master.url = "nixpkgs";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
deploy-rs.url = "github:serokell/deploy-rs";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-23.11"; url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -19,101 +13,74 @@
url = "github:rafaelmardojai/firefox-gnome-theme"; url = "github:rafaelmardojai/firefox-gnome-theme";
flake = false; flake = false;
}; };
nixos-hardware.url = "github:NixOS/nixos-hardware";
secrets = {
url = "git+ssh://git@git.vimium.com/jordan/nix-secrets.git";
flake = false;
};
thunderbird-gnome-theme = { thunderbird-gnome-theme = {
url = "github:rafaelmardojai/thunderbird-gnome-theme"; url = "github:rafaelmardojai/thunderbird-gnome-theme";
flake = false; flake = false;
}; };
}; };
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, agenix, deploy-rs, disko, home-manager, nixos-hardware, secrets, ... }: outputs = inputs @ { self, nixpkgs, agenix, home-manager, ... }:
let let
mkPkgsForSystem = system: inputs.nixpkgs; inherit (lib) attrValues;
overlays = [ inherit (lib.my) mapModules mapModulesRec;
agenix.overlays.default
(import ./overlays/gnome.nix) system = "x86_64-linux";
(
final: prev: { mkPkgs = pkgs: extraOverlays:
unstable = import inputs.nixpkgs-unstable { system = final.system; }; import pkgs {
custom = self.packages { system = final.system; }; inherit system;
} config.allowUnfree = true;
) overlays = extraOverlays ++ (lib.attrValues self.overlays);
];
commonModules = [
agenix.nixosModules.age
disko.nixosModules.disko
home-manager.nixosModule
./modules
];
mkNixosSystem = { system, name, extraModules ? [] }:
let
nixpkgs = mkPkgsForSystem system;
lib = (import nixpkgs { inherit overlays system; }).lib;
in
inputs.nixpkgs.lib.nixosSystem {
inherit lib system;
specialArgs = { modulesPath = toString (nixpkgs + "/nixos/modules"); inherit inputs; };
baseModules = import (nixpkgs + "/nixos/modules/module-list.nix");
modules = commonModules ++ [
({ config, ... }:
{
nixpkgs.pkgs = import nixpkgs {
inherit overlays system;
config.allowUnfree = true;
};
networking.hostName = name;
})
./hosts/${name}
] ++ extraModules;
}; };
in pkgs = mkPkgs nixpkgs [];
{
lib = nixpkgs.lib.extend (self: super: {
my = import ./lib {
inherit pkgs inputs;
lib = self;
};
});
in {
lib = lib.my;
nixosConfigurations = { nixosConfigurations = {
atlas = mkNixosSystem { system = "x86_64-linux"; name = "atlas"; }; atlas = nixpkgs.lib.nixosSystem {
eos = mkNixosSystem { system = "x86_64-linux"; name = "eos"; }; modules = [
helios = mkNixosSystem { system = "x86_64-linux"; name = "helios"; }; home-manager.nixosModules.home-manager
hypnos = mkNixosSystem { system = "x86_64-linux"; name = "hypnos"; }; { nixpkgs.overlays = [ (import ./overlays/gnome.nix) ]; }
library = mkNixosSystem { system = "x86_64-linux"; name = "library"; }; (import ./modules)
odyssey = mkNixosSystem { system = "x86_64-linux"; name = "odyssey"; }; ./hosts/atlas
pi = mkNixosSystem { system = "aarch64-linux"; name = "pi"; extraModules = [ nixos-hardware.nixosModules.raspberry-pi-4 ]; }; ];
vps1 = mkNixosSystem { system = "x86_64-linux"; name = "vps1"; }; specialArgs = { inherit lib inputs; };
}; };
eos = nixpkgs.lib.nixosSystem {
devShells.x86_64-linux.default = nixpkgs.legacyPackages.x86_64-linux.mkShell { modules = [
buildInputs = [ home-manager.nixosModules.home-manager
deploy-rs.packages.x86_64-linux.deploy-rs { nixpkgs.overlays = [ (import ./overlays/gnome.nix) ]; }
]; (import ./modules)
}; ./hosts/eos
];
deploy = { specialArgs = { inherit lib inputs; };
magicRollback = true; };
autoRollback = true; helios = nixpkgs.lib.nixosSystem {
sshUser = "root"; modules = [
nodes = { home-manager.nixosModules.home-manager
vps1 = { { nixpkgs.overlays = [ (import ./overlays/gnome.nix) ]; }
hostname = "vps1.mesh.vimium.net"; (import ./modules)
./hosts/helios
profiles.system = { ];
user = "root"; specialArgs = { inherit lib inputs; };
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.vps1; };
}; odyssey = nixpkgs.lib.nixosSystem {
}; modules = [
# pi = { home-manager.nixosModules.home-manager
# hostname = "10.0.1.191"; agenix.nixosModules.default
# { nixpkgs.overlays = [ (import ./overlays/gnome.nix) ]; }
# profiles.system = { (import ./modules)
# user = "root"; ./hosts/odyssey
# path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pi; ];
# }; specialArgs = { inherit lib inputs; };
# };
}; };
}; };
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
};
} }

34
hosts/atlas/default.nix
View File

@ -1,20 +1,27 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib.my;
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../desktop.nix ../desktop.nix
]; ];
boot.loader = { boot.loader.systemd-boot.enable = true;
systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true;
efi.canTouchEfiVariables = true;
};
networking = { networking.hostName = "atlas";
hostId = "8425e349"; networking.hostId = "8425e349";
networkmanager.enable = true; networking.networkmanager.enable = true;
};
nix.package = pkgs.nixFlakes;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
users.defaultUserShell = pkgs.zsh;
system.stateVersion = "22.11";
modules = { modules = {
desktop = { desktop = {
@ -42,20 +49,9 @@
gpg.enable = true; gpg.enable = true;
pass.enable = true; pass.enable = true;
}; };
services = {
borgmatic = {
enable = true;
directories = [
"/home/jordan/Documents"
];
repoPath = "ssh://uzu2y5b1@uzu2y5b1.repo.borgbase.com/./repo";
};
};
shell = { shell = {
git.enable = true; git.enable = true;
zsh.enable = true; zsh.enable = true;
}; };
}; };
system.stateVersion = "22.11";
} }

94
hosts/atlas/hardware-configuration.nix
View File

@ -1,66 +1,70 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = [ imports =
(modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot = { boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ];
initrd.kernelModules = [ ]; boot.initrd.supportedFilesystems = [ "zfs" ];
initrd.supportedFilesystems = [ "zfs" ]; boot.kernelModules = [ "kvm-intel" ];
kernelModules = [ "kvm-intel" ]; boot.kernelParams = [ "elevator=none" ];
kernelParams = [ "elevator=none" ]; boot.extraModulePackages = [ ];
extraModulePackages = [ ]; boot.supportedFilesystems = [ "zfs" ];
supportedFilesystems = [ "zfs" ];
};
fileSystems."/" = { fileSystems."/" =
device = "rpool/system/root"; { device = "rpool/system/root";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/home" = { fileSystems."/home" =
device = "rpool/user/home"; { device = "rpool/user/home";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/nix" = { fileSystems."/nix" =
device = "rpool/local/nix"; { device = "rpool/local/nix";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/tmp" = { fileSystems."/tmp" =
device = "rpool/local/tmp"; { device = "rpool/local/tmp";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var" = { fileSystems."/var" =
device = "rpool/system/var"; { device = "rpool/system/var";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/log" = { fileSystems."/var/log" =
device = "rpool/system/var/log"; { device = "rpool/system/var/log";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/tmp" = { fileSystems."/var/tmp" =
device = "rpool/system/var/tmp"; { device = "rpool/system/var/tmp";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/00B2-0384"; { device = "/dev/disk/by-uuid/00B2-0384";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s25.useDHCP = lib.mkDefault true; # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

72
hosts/common.nix
View File

@ -1,72 +0,0 @@
{ config, lib, pkgs, ... }:
{
time.timeZone = "Europe/London";
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_GB.UTF-8";
LC_IDENTIFICATION = "en_GB.UTF-8";
LC_MEASUREMENT = "en_GB.UTF-8";
LC_MONETARY = "en_GB.UTF-8";
LC_NAME = "en_GB.UTF-8";
LC_NUMERIC = "en_GB.UTF-8";
LC_PAPER = "en_GB.UTF-8";
LC_TELEPHONE = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
};
console.keyMap = "uk";
security.sudo.execWheelOnly = true;
services.openssh = {
enable = true;
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
services.journald.extraConfig = ''
SystemMaxUse=4G
MaxRetentionSec=90day
'';
users.defaultUserShell = pkgs.zsh;
programs.zsh.enable = true;
nix = {
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
settings = {
connect-timeout = 5;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
fallback = true;
allowed-users = [ "@wheel" ];
auto-optimise-store = true;
substituters = [
"http://odyssey.mesh.vimium.net"
"https://cache.nixos.org"
];
trusted-public-keys = [
"odyssey.mesh.vimium.net:ZhQhjscPWjoN4rlZwoMELznEiBnZ9O26iyGA27ibilQ="
];
};
gc = {
automatic = true;
dates = "weekly";
options = "-d --delete-older-than 7d";
};
};
environment.systemPackages = with pkgs; [
git
neovim
];
}

73
hosts/desktop.nix
View File

@ -1,12 +1,35 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
{ {
imports = [ time.timeZone = "Europe/London";
./common.nix
]; i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_GB.UTF-8";
LC_IDENTIFICATION = "en_GB.UTF-8";
LC_MEASUREMENT = "en_GB.UTF-8";
LC_MONETARY = "en_GB.UTF-8";
LC_NAME = "en_GB.UTF-8";
LC_NUMERIC = "en_GB.UTF-8";
LC_PAPER = "en_GB.UTF-8";
LC_TELEPHONE = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
};
console.keyMap = "uk";
services.printing.enable = true; services.printing.enable = true;
services.openssh.startWhenNeeded = true; services.openssh = {
enable = true;
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
PermitRootLogin = "no";
};
startWhenNeeded = true;
};
sound.enable = true; sound.enable = true;
hardware.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
@ -18,20 +41,34 @@
pulse.enable = true; pulse.enable = true;
}; };
fileSystems."/mnt/library" = { environment.systemPackages = with pkgs; [
device = "library.mesh.vimium.net:/mnt/library"; git
fsType = "nfs"; neovim
options = [ "nfsvers=4.2" "soft" "nocto" "ro" "x-systemd.automount" "noauto" ]; ];
nix = {
settings = {
connect-timeout = 5;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
fallback = true;
auto-optimise-store = true;
substituters = [
"http://odyssey.mesh.vimium.net"
"https://cache.nixos.org"
];
trusted-public-keys = [
"odyssey.mesh.vimium.net:ZhQhjscPWjoN4rlZwoMELznEiBnZ9O26iyGA27ibilQ="
];
};
gc = {
automatic = true;
dates = "weekly";
options = "-d --delete-older-than 7d";
};
}; };
system.autoUpgrade = { modules.desktop.gnome.enable = true;
enable = true; modules.networking.tailscale.enable = true;
flake = "git+ssh://git@git.vimium.com/jordan/nix-config.git";
randomizedDelaySec = "10min";
};
modules = {
desktop.gnome.enable = true;
networking.tailscale.enable = true;
};
} }

26
hosts/eos/default.nix
View File

@ -1,20 +1,28 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib.my;
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../desktop.nix ../desktop.nix
]; ];
boot.loader = { boot.loader.systemd-boot.enable = true;
systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true;
efi.canTouchEfiVariables = true;
};
networking = { networking.hostName = "eos";
hostId = "cc858347"; networking.hostId = "cc858347";
networkmanager.enable = true; networking.networkmanager.enable = true;
};
nix.package = pkgs.nixFlakes;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
nix.settings.auto-optimise-store = true;
users.defaultUserShell = pkgs.zsh;
system.stateVersion = "22.11";
dconf.settings = { dconf.settings = {
"org/gnome/desktop/interface" = { "org/gnome/desktop/interface" = {
@ -44,6 +52,4 @@
zsh.enable = true; zsh.enable = true;
}; };
}; };
system.stateVersion = "22.11";
} }

96
hosts/eos/hardware-configuration.nix
View File

@ -1,65 +1,71 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = [ imports =
(modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot = { boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.kernelModules = [ ];
initrd.kernelModules = [ ]; boot.initrd.supportedFilesystems = [ "zfs" ];
initrd.supportedFilesystems = [ "zfs" ]; boot.kernelModules = [ ];
kernelModules = [ ]; boot.kernelParams = [ "elevator=none" ];
kernelParams = [ "elevator=none" ]; boot.extraModulePackages = [ ];
extraModulePackages = [ ]; boot.supportedFilesystems = [ "zfs" ];
supportedFilesystems = [ "zfs" ];
};
fileSystems."/" = { fileSystems."/" =
device = "rpool/system/root"; { device = "rpool/system/root";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/home" = { fileSystems."/home" =
device = "rpool/user/home"; { device = "rpool/user/home";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/nix" = { fileSystems."/nix" =
device = "rpool/local/nix"; { device = "rpool/local/nix";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/tmp" = { fileSystems."/tmp" =
device = "rpool/local/tmp"; { device = "rpool/local/tmp";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var" = { fileSystems."/var" =
device = "rpool/system/var"; { device = "rpool/system/var";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/log" = { fileSystems."/var/log" =
device = "rpool/system/var/log"; { device = "rpool/system/var/log";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/tmp" = { fileSystems."/var/tmp" =
device = "rpool/system/var/tmp"; { device = "rpool/system/var/tmp";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/28E6-5509"; { device = "/dev/disk/by-uuid/28E6-5509";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

40
hosts/helios/default.nix
View File

@ -1,23 +1,28 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, ... }:
with lib.my;
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../desktop.nix ../desktop.nix
]; ];
boot = { boot.loader.grub.enable = true;
loader.grub = { boot.loader.grub.device = "/dev/sda";
enable = true; boot.loader.grub.zfsSupport = true;
device = "/dev/sda";
zfsSupport = true;
};
};
networking = { networking.hostName = "helios";
hostId = "47d23505"; networking.hostId = "47d23505";
networkmanager.enable = true; networking.networkmanager.enable = true;
};
nix.package = pkgs.nixFlakes;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
users.defaultUserShell = pkgs.zsh;
system.stateVersion = "22.11";
modules = { modules = {
desktop = { desktop = {
@ -36,20 +41,9 @@
gpg.enable = true; gpg.enable = true;
pass.enable = true; pass.enable = true;
}; };
services = {
borgmatic = {
enable = true;
directories = [
"/home/jordan/Documents"
];
repoPath = "ssh://b9cjl9hq@b9cjl9hq.repo.borgbase.com/./repo";
};
};
shell = { shell = {
git.enable = true; git.enable = true;
zsh.enable = true; zsh.enable = true;
}; };
}; };
system.stateVersion = "22.11";
} }

86
hosts/helios/hardware-configuration.nix
View File

@ -1,61 +1,65 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = [ imports =
(modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot = { boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" "zfs" ];
initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" "zfs" ]; boot.initrd.kernelModules = [ ];
initrd.kernelModules = [ ]; boot.initrd.supportedFilesystems = [ "zfs" ];
initrd.supportedFilesystems = [ "zfs" ]; boot.kernelModules = [ "kvm-intel" ];
kernelModules = [ "kvm-intel" ]; boot.kernelParams = [ "elevator=none" ];
kernelParams = [ "elevator=none" ]; boot.extraModulePackages = [ ];
extraModulePackages = [ ]; boot.supportedFilesystems = [ "zfs" ];
supportedFilesystems = [ "zfs" ];
};
fileSystems."/" = { fileSystems."/" =
device = "rpool/system/root"; { device = "rpool/system/root";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/home" = { fileSystems."/home" =
device = "rpool/user/home"; { device = "rpool/user/home";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/nix" = { fileSystems."/nix" =
device = "rpool/local/nix"; { device = "rpool/local/nix";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/tmp" = { fileSystems."/tmp" =
device = "rpool/local/tmp"; { device = "rpool/local/tmp";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/log" = { fileSystems."/var/log" =
device = "rpool/system/var/log"; { device = "rpool/system/var/log";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/tmp" = { fileSystems."/var/tmp" =
device = "rpool/system/var/tmp"; { device = "rpool/system/var/tmp";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/sda1"; { device = "/dev/sda1";
fsType = "ext2"; fsType = "ext2";
}; };
swapDevices = [ ]; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

35
hosts/hypnos/README.md
View File

@ -1,35 +0,0 @@
# Hypnos
## Overview
15-inch MacBook Pro 11,3 (Mid 2014).
## Specs
* CPU - Intel Core i7-4870HQ @ 2.50GHz
* Memory - 16 GB DDR3
* GPU - Intel Iris Pro 5200
* GPU - NVIDIA GeForce GT 750M
* NIC - Broadcom BCM43xx 802.11ac
### Disks
Device | Partitions _(filesystem, size, usage)_
--- | ---
Apple SSD SM0512F | `/dev/sda1` (EFI, 256 MiB, NixOS Boot) <br> `/dev/sda2` (ZFS, 500 GiB, NixOS Root)
#### ZFS pool layout
```
rpool/
├── local
│ ├── nix
│ └── tmp
├── system
│ ├── root
│ └── var
└── user
└── home
```
See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind these datasets.
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `hypnos.mesh.vimium.net`.

43
hosts/hypnos/default.nix
View File

@ -1,43 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./disko-config.nix
../desktop.nix
];
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
networking.hostId = "cf791898";
modules = {
desktop = {
browsers = {
firefox.enable = true;
};
media.recording = {
audio.enable = true;
};
};
dev = {
node.enable = true;
};
editors = {
neovim.enable = true;
};
security = {
gpg.enable = true;
pass.enable = true;
};
shell = {
git.enable = true;
zsh.enable = true;
};
};
system.stateVersion = "22.11";
}

126
hosts/hypnos/disko-config.nix
View File

@ -1,126 +0,0 @@
{ lib, ... }:
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/ata-APPLE_SSD_SM0512F_S1K5NYBF736152";
content = {
type = "gpt";
partitions = {
ESP = {
size = "256M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "rpool";
};
};
};
};
};
};
zpool = {
rpool = {
type = "zpool";
options = {
ashift = "12";
};
rootFsOptions = {
canmount = "off";
mountpoint = "none";
dnodesize = "auto";
xattr = "sa";
};
postCreateHook = "zfs snapshot rpool@blank";
datasets = {
local = {
type = "zfs_fs";
options = {
mountpoint = "none";
};
};
"local/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options = {
atime = "off";
mountpoint = "legacy";
};
};
"local/tmp" = {
type = "zfs_fs";
mountpoint = "/tmp";
options = {
setuid = "off";
devices = "off";
mountpoint = "legacy";
};
};
system = {
type = "zfs_fs";
mountpoint = "/";
options = {
mountpoint = "legacy";
};
};
"system/var" = {
type = "zfs_fs";
mountpoint = "/var";
options = {
mountpoint = "legacy";
};
};
"system/var/tmp" = {
type = "zfs_fs";
mountpoint = "/var/tmp";
options = {
devices = "off";
mountpoint = "legacy";
};
};
"system/var/log" = {
type = "zfs_fs";
mountpoint = "/var/log";
options = {
compression = "on";
acltype = "posix";
mountpoint = "legacy";
};
};
user = {
type = "zfs_fs";
options = {
mountpoint = "none";
encryption = "aes-256-gcm";
keyformat = "passphrase";
keylocation = "file:///tmp/secret.key";
};
# use this to read the key during boot
postCreateHook = ''
zfs set keylocation="prompt" "rpool/$name";
'';
};
"user/home" = {
type = "zfs_fs";
mountpoint = "/home";
options = {
setuid = "off";
devices = "off";
mountpoint = "legacy";
};
};
};
};
};
};
}

27
hosts/hypnos/hardware-configuration.nix
View File

@ -1,27 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
kernelModules = [ "applesmc" "kvm-intel" "wl" ];
extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
};
};
}

46
hosts/library/README.md
View File

@ -1,46 +0,0 @@
# Library
## Overview
Media and public file server.
## Specs
* CPU - AMD Ryzen 5 5600G @ 3.90GHz
* Chipset - AMD B550
* Memory - 64 GB DDR4
* Motherboard - ASRock B550M Pro4
* Case - Fractal Design Node 804
### Disks
Device | Partitions _(filesystem, size, usage)_
--- | ---
Samsung 980 Evo | `/dev/nvme0n1p1` (EFI, 512 MiB, NixOS Boot) <br> `/dev/nvme0n1p2` (ZFS `rpool`, 200 GiB, NixOS Root)
#### ZFS datasets
```
rpool/
├── local
│ ├── nix
│ └── tmp
├── system
│ ├── root
│ └── var
└── user
└── home
library/
├── books
├── fonts
├── movies
├── music
├── software
├── tv
├── videos
└── web
```
See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind the `rpool` datasets.
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `library.mesh.vimium.net`.

175
hosts/library/default.nix
View File

@ -1,175 +0,0 @@
{ config, lib, pkgs, ... }:
with lib.my;
{
imports = [
./hardware-configuration.nix
../server.nix
];
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
zfs.extraPools = [ "library" ];
};
networking = {
domain = "mesh.vimium.net";
hostId = "d24ae953";
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
];
interfaces."podman+" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
};
networkmanager.enable = true;
};
services.zfs = {
autoScrub = {
enable = true;
pools = [ "library" ];
};
autoSnapshot = {
enable = true;
flags = "-k -p --utc";
frequent = 0;
hourly = 0;
daily = 7;
monthly = 1;
};
};
services.nfs.server = {
enable = true;
};
services.prometheus = {
enable = true;
port = 9001;
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
port = 9002;
};
zfs = {
enable = true;
port = 9003;
};
};
scrapeConfigs = [
{
job_name = "library";
static_configs = [{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
"127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}"
];
}];
}
];
};
systemd.services.vps1-tunnel = {
enable = true;
description = "vps1.mesh.vimium.net SSH tunnel";
after = [
"network-online.target"
"jellyfin.service"
];
wants = [ "network-online.target" ];
serviceConfig = {
Type="simple";
ExecStart=pkgs.lib.mkForce ''
${pkgs.openssh}/bin/ssh \
-NT \
-o ExitOnForwardFailure=yes \
-o ServerAliveInterval=60 \
-o TCPKeepAlive=no \
-i %h/.ssh/id_jellyfin \
-R localhost:8000:localhost:8000 \
jellyfin@vps1.mesh.vimium.net
'';
Restart="always";
RestartSec=20;
};
wantedBy = [ "default.target" ];
};
services.nginx = let
proxyConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
in {
enable = true;
package = pkgs.openresty;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
clientMaxBodySize = "2G";
virtualHosts = {
"library.mesh.vimium.net" = {
locations."/" = {
root = "/mnt/library";
extraConfig = ''
autoindex on;
'';
};
};
"jellyfin.vimium.com" = {
default = true;
listen = [
{
addr = "127.0.0.1";
port = 8000;
}
];
locations."/" = {
proxyPass = "http://localhost:8096";
extraConfig = proxyConfig;
};
locations."/metrics" = {
return = "404";
};
};
};
};
services.jellyfin.enable = true;
modules = {
security = {
gpg.enable = true;
};
shell = {
zsh.enable = true;
};
services = {
borgmatic = {
enable = true;
directories = [
"/home/jordan"
];
repoPath = "ssh://b61758r4@b61758r4.repo.borgbase.com/./repo";
};
};
};
system.stateVersion = "22.11";
}

68
hosts/library/hardware-configuration.nix
View File

@ -1,68 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "rpool/system/root";
fsType = "zfs";
};
fileSystems."/var" = {
device = "rpool/system/var";
fsType = "zfs";
};
fileSystems."/var/log" = {
device = "rpool/system/var/log";
fsType = "zfs";
};
fileSystems."/var/tmp" = {
device = "rpool/system/var/tmp";
fsType = "zfs";
};
fileSystems."/var/lib/containers/storage" = {
device = "rpool/system/var/lib-containers-storage";
fsType = "zfs";
};
fileSystems."/nix" = {
device = "rpool/local/nix";
fsType = "zfs";
};
fileSystems."/tmp" = {
device = "rpool/local/tmp";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/user/home";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/F697-F1C0";
fsType = "vfat";
};
swapDevices = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

20
modules/hardware/0001-Update-device-ID-for-PreSonus-1824c.patch → hosts/odyssey/0001-Update-device-ID-for-PreSonus-1824c.patch
View File

@ -1,4 +1,4 @@
From daebf42bd955f6f8d971af967c675e4e339cb0b2 Mon Sep 17 00:00:00 2001 From c16be6b3b4da5a55e3ff4258ada123b5f03757e5 Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com> From: Jordan Holt <jordan@vimium.com>
Date: Sun, 12 Nov 2023 12:13:39 +0000 Date: Sun, 12 Nov 2023 12:13:39 +0000
Subject: [PATCH] Update device ID for PreSonus 1824c Subject: [PATCH] Update device ID for PreSonus 1824c
@ -6,9 +6,8 @@ Subject: [PATCH] Update device ID for PreSonus 1824c
--- ---
sound/usb/format.c | 4 ++-- sound/usb/format.c | 4 ++--
sound/usb/mixer_quirks.c | 2 +- sound/usb/mixer_quirks.c | 2 +-
sound/usb/mixer_s1810c.c | 2 +-
sound/usb/quirks.c | 4 ++-- sound/usb/quirks.c | 4 ++--
4 files changed, 6 insertions(+), 6 deletions(-) 3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/sound/usb/format.c b/sound/usb/format.c diff --git a/sound/usb/format.c b/sound/usb/format.c
index ab5fed9f55b6..da50a4782414 100644 index ab5fed9f55b6..da50a4782414 100644
@ -38,19 +37,6 @@ index 898bc3baca7b..c3135459c38c 100644
err = snd_sc1810_init_mixer(mixer); err = snd_sc1810_init_mixer(mixer);
break; break;
case USB_ID(0x2a39, 0x3fb0): /* RME Babyface Pro FS */ case USB_ID(0x2a39, 0x3fb0): /* RME Babyface Pro FS */
diff --git a/sound/usb/mixer_s1810c.c b/sound/usb/mixer_s1810c.c
index fac4bbc6b275..5bc2e66d452c 100644
--- a/sound/usb/mixer_s1810c.c
+++ b/sound/usb/mixer_s1810c.c
@@ -552,7 +552,7 @@ int snd_sc1810_init_mixer(struct usb_mixer_interface *mixer)
return 0;
dev_info(&dev->dev,
- "Presonus Studio 1810c, device_setup: %u\n", chip->setup);
+ "Presonus Studio 1824c, device_setup: %u\n", chip->setup);
if (chip->setup == 1)
dev_info(&dev->dev, "(8out/18in @ 48kHz)\n");
else if (chip->setup == 2)
diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
index ab2b938502eb..b86832edaaa0 100644 index ab2b938502eb..b86832edaaa0 100644
--- a/sound/usb/quirks.c --- a/sound/usb/quirks.c
@ -67,5 +53,5 @@ index ab2b938502eb..b86832edaaa0 100644
-- --
2.42.0 2.40.1

118
hosts/odyssey/default.nix
View File

@ -1,30 +1,63 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, ... }:
with lib.my;
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../desktop.nix ../desktop.nix
]; ];
boot.loader = { boot.loader.systemd-boot = {
systemd-boot = { enable = true;
enable = true; graceful = true;
graceful = true; netbootxyz.enable = true;
netbootxyz.enable = true;
};
efi.canTouchEfiVariables = true;
}; };
boot.loader.efi.canTouchEfiVariables = true;
networking = { networking.hostName = "odyssey";
hostId = "c5e68d78"; networking.hostId = "c5e68d78";
networkmanager.enable = true;
firewall.trustedInterfaces = [ "lxdbr0" "virbr0" ]; # Work around https://github.com/NixOS/nixpkgs/issues/263359
};
virtualisation = { networking.networkmanager.enable = true;
libvirtd.enable = true;
lxd.enable = true; environment.etc."pipewire/pipewire.conf.d/surround.conf".text = ''
}; context.modules = [
{
name = libpipewire-module-loopback
args = {
node.description = "1824c Surround"
capture.props = {
node.name = "1824c_Speakers"
media.class = "Audio/Sink"
audio.position = [ FL FR FC SL SR LFE ]
}
playback.props = {
node.name = "playback.1824c_Speakers"
audio.position = [ AUX0 AUX1 AUX2 AUX3 AUX4 AUX5 ]
target.object = "alsa_output.usb-PreSonus_Studio_1824c_SC4E21110775-00.multichannel-output"
stream.dont-remix = true
node.passive = true
}
}
}
]
'';
nix.package = pkgs.nixFlakes;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
virtualisation.libvirtd.enable = true;
virtualisation.lxd.enable = true;
users.defaultUserShell = pkgs.zsh;
system.stateVersion = "22.11";
services.journald.extraConfig = ''
SystemMaxUse=4G
MaxRetentionSec=90day
'';
services.nix-serve = { services.nix-serve = {
enable = true; enable = true;
@ -41,20 +74,42 @@
}; };
}; };
age.secrets."odyssey_borg_passphrase" = {
file = ../../secrets/odyssey_borg_passphrase.age;
};
services.borgmatic = {
enable = true;
settings = {
location = {
source_directories = [
"/home/jordan/Documents"
];
repositories = [
"ssh://iqwu22oq@iqwu22oq.repo.borgbase.com/./repo"
];
};
storage = {
encryption_passcommand = "cat ${config.age.secrets.odyssey_borg_passphrase.path}";
ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key";
};
retention = {
keep_daily = 7;
keep_weekly = 4;
keep_monthly = 6;
};
};
};
# Without this override, `cat` is unavailable for `encryption_passcommand`
systemd.services.borgmatic.confinement.fullUnit = true;
modules = { modules = {
desktop = { desktop = {
apps.qbittorrent.enable = true; apps.qbittorrent.enable = true;
browsers = { browsers = {
firefox.enable = true; firefox.enable = true;
}; };
gaming.emulators = {
gamecube.enable = true;
ps2.enable = true;
ps3.enable = true;
psp.enable = true;
wii.enable = true;
xbox.enable = true;
};
media.graphics = { media.graphics = {
modeling.enable = true; modeling.enable = true;
raster.enable = true; raster.enable = true;
@ -70,27 +125,14 @@
}; };
editors = { editors = {
neovim.enable = true; neovim.enable = true;
vscode.enable = true;
}; };
hardware.presonus-studio.enable = true;
security = { security = {
gpg.enable = true; gpg.enable = true;
pass.enable = true; pass.enable = true;
}; };
services = {
borgmatic = {
enable = true;
directories = [
"/home/jordan/Documents"
];
repoPath = "ssh://iqwu22oq@iqwu22oq.repo.borgbase.com/./repo";
};
};
shell = { shell = {
git.enable = true; git.enable = true;
zsh.enable = true; zsh.enable = true;
}; };
}; };
system.stateVersion = "22.11";
} }

110
hosts/odyssey/hardware-configuration.nix
View File

@ -1,72 +1,78 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ let
imports = [ snd-usb-audio-module = pkgs.callPackage ./snd-usb-audio.nix {
(modulesPath + "/installer/scan/not-detected.nix") kernel = config.boot.kernelPackages.kernel;
};
in {
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [
(snd-usb-audio-module.overrideAttrs (_: {
patches = [ ./0001-Update-device-ID-for-PreSonus-1824c.patch ];
}))
]; ];
boot.supportedFilesystems = [ "ntfs" ];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
boot = { hardware.nvidia = {
initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; modesetting.enable = true;
initrd.kernelModules = [ ]; powerManagement.enable = true;
initrd.supportedFilesystems = [ "zfs" ];
kernelModules = [ "kvm-intel" ];
kernelPackages = pkgs.linuxPackages;
supportedFilesystems = [ "ntfs" ];
binfmt.emulatedSystems = [ "aarch64-linux" ];
}; };
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
};
};
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];
fileSystems."/" = { fileSystems."/" =
device = "rpool/system/root"; { device = "rpool/system/root";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/home" = { fileSystems."/home" =
device = "rpool/user/home"; { device = "rpool/user/home";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var" = { fileSystems."/var" =
device = "rpool/system/var"; { device = "rpool/system/var";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/tmp" = { fileSystems."/tmp" =
device = "rpool/local/tmp"; { device = "rpool/local/tmp";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/log" = { fileSystems."/var/log" =
device = "rpool/system/var/log"; { device = "rpool/system/var/log";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/tmp" = { fileSystems."/var/tmp" =
device = "rpool/system/var/tmp"; { device = "rpool/system/var/tmp";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/E63E-8E75"; { device = "/dev/disk/by-uuid/E63E-8E75";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
environment.systemPackages = [
pkgs.apfs-fuse
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

0
modules/hardware/snd-usb-audio.nix → hosts/odyssey/snd-usb-audio.nix
View File

25
hosts/pi/README.md
View File

@ -1,25 +0,0 @@
# Pi
## Overview
Raspberry Pi 4
## Specs
* SoC - Broadcom BCM2711
* CPU - ARM Cortex-A72 @ 1.8 GHz
* Memory - 8 GB LPDDR4
### Disks
Device | Partitions _(filesystem, usage)_
--- | ---
SD card | `/dev/mmcblk0` (ext4, NixOS Root)
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `pi.mesh.vimium.net`.
## Devices and connections
- SONOFF Zigbee 3.0 USB Dongle Plus (connected to USB 2.0 port to avoid [interference](https://www.unit3compliance.co.uk/2-4ghz-intra-system-or-self-platform-interference-demonstration/))
- HDMI to ONKYO HT-R990
- S/PDIF to ONKYO HT-R990
- Ethernet to ONKYO HT-R990

222
hosts/pi/default.nix
View File

@ -1,103 +1,30 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, ... }:
with lib.my;
{ {
imports = [ imports = [
<nixos-hardware/raspberry-pi/4>
./hardware-configuration.nix ./hardware-configuration.nix
../server.nix ../server.nix
]; ];
networking.hostId = "731d1660"; networking.hostName = "pi";
networking.hostId = "";
hardware = { hardware = {
raspberry-pi."4" = { raspberry-pi."4" = {
apply-overlays-dtmerge.enable = true; apply-overlays-dtmerge.enable = true;
audio.enable = false; audio.enable = true;
fkms-3d.enable = false; fkms-3d.enable = true;
xhci.enable = false;
}; };
deviceTree = { deviceTree = {
enable = true; enable = true;
filter = "*rpi-4-*.dtb"; filter = "*rpi-4-*.dtb";
overlays = [
{
name = "audio-off-overlay";
dtsText = ''
/dts-v1/;
/plugin/;
/ {
compatible = "brcm,bcm2711";
fragment@0 {
target = <&vchiq>;
__overlay__ {
status = "disabled";
};
};
};
'';
}
{
# Adapted from: https://github.com/raspberrypi/linux/blob/rpi-6.1.y/arch/arm/boot/dts/overlays/hifiberry-digi-pro-overlay.dts
# changes:
# - modified top-level "compatible" field from bcm2835 to bcm2711
# - s/i2s_clk_consumer/i2s/ (name on bcm2711 platform)
name = "hifiberry-digi-pro";
dtsText = ''
/dts-v1/;
/plugin/;
/ {
compatible = "brcm,bcm2711";
fragment@0 {
target = <&i2s>;
__overlay__ {
status = "okay";
};
};
fragment@1 {
target = <&i2c1>;
__overlay__ {
#address-cells = <1>;
#size-cells = <0>;
status = "okay";
wm8804@3b {
#sound-dai-cells = <0>;
compatible = "wlf,wm8804";
reg = <0x3b>;
PVDD-supply = <&vdd_3v3_reg>;
DVDD-supply = <&vdd_3v3_reg>;
status = "okay";
};
};
};
fragment@2 {
target = <&sound>;
__overlay__ {
compatible = "hifiberry,hifiberry-digi";
i2s-controller = <&i2s>;
status = "okay";
clock44-gpio = <&gpio 5 0>;
clock48-gpio = <&gpio 6 0>;
};
};
};
'';
}
];
}; };
firmware = with pkgs; [
firmwareLinuxNonfree
wireless-regdb
];
}; };
sound.enable = true; sound.enable = true;
console.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
@ -107,140 +34,7 @@
pulse.enable = true; pulse.enable = true;
}; };
age.secrets."files/services/home-assistant/secrets.yaml" = {
file = "${inputs.secrets}/files/services/home-assistant/secrets.yaml.age";
path = "${config.services.home-assistant.configDir}/secrets.yaml";
owner = "hass";
group = "hass";
};
services.home-assistant = {
enable = true;
extraComponents = [
"api"
"alert"
"auth"
"backup"
"command_line"
"default_config"
"homekit_controller"
"homekit"
"http"
"icloud"
"jellyfin"
"metoffice"
"mqtt"
"onkyo"
"ping"
"proximity"
"radio_browser"
"scrape"
"sensor"
"system_health"
];
config = {
default_config = {};
backup = {};
homeassistant = {
name = "Home";
latitude = "!secret latitude";
longitude = "!secret longitude";
country = "GB";
temperature_unit = "C";
time_zone = config.time.timeZone;
unit_system = "metric";
};
mqtt = { };
scene = "!include scenes.yaml";
automation = "!include automations.yaml";
system_health = { };
recorder = {
purge_keep_days = 365;
};
};
};
services.mosquitto = {
enable = true;
listeners = [{
acl = [ "pattern readwrite #" ];
omitPasswordAuth = true;
port = 1883;
settings = {
allow_anonymous = true;
};
}];
};
age.secrets."files/services/zigbee2mqtt/secret.yaml" = {
file = "${inputs.secrets}/files/services/zigbee2mqtt/secret.yaml.age";
path = "${config.services.zigbee2mqtt.dataDir}/secret.yaml";
owner = "zigbee2mqtt";
group = "zigbee2mqtt";
};
services.zigbee2mqtt = {
package = pkgs.unstable.zigbee2mqtt;
enable = true;
dataDir = "/var/lib/zigbee2mqtt";
settings = {
homeassistant = lib.optionalAttrs config.services.home-assistant.enable {
discovery_topic = "homeassistant";
status_topic = "hass/status";
legacy_entity_attributes = true;
legacy_triggers = true;
};
availability = true;
frontend = true;
device_options = {
retain = true;
};
serial = {
port = "/dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0";
};
advanced = {
channel = 20;
network_key = "!secret.yaml network_key";
pan_id = 13001;
ext_pan_id = [ 79 1 73 47 250 136 124 222 ];
transmit_power = 20;
};
mqtt = {
version = 5;
server = "mqtt://localhost:1883";
};
};
};
modules = {
networking = {
wireless = {
enable = true;
interfaces = [ "wlan0" ];
};
};
services = {
borgmatic = {
enable = true;
directories = [
"/var/lib/mosquitto"
"/var/lib/zigbee2mqtt"
];
repoPath = "ssh://qcw86s11@qcw86s11.repo.borgbase.com/./repo";
};
};
};
# Connection to ONKYO HT-R990
networking.interfaces.end0 = {
ipv4.addresses = [{
address = "172.16.0.1";
prefixLength = 30;
}];
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
python311Packages.onkyo-eiscp
libraspberrypi libraspberrypi
raspberrypi-eeprom raspberrypi-eeprom
]; ];

17
hosts/pi/hardware-configuration.nix
View File

@ -2,22 +2,7 @@
{ {
imports = [ imports = [
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix") <nixos-hardware/raspberry-pi/4>
];
boot = {
# Stop ZFS kernel being built
supportedFilesystems = lib.mkForce [ "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs" ];
tmp.cleanOnBoot = true;
};
# Fix missing modules
# https://github.com/NixOS/nixpkgs/issues/154163
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // { allowMissing = true; });
})
]; ];
fileSystems = { fileSystems = {

51
hosts/server.nix
View File

@ -1,20 +1,47 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
{ {
imports = [ time.timeZone = "Europe/London";
./common.nix
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_GB.UTF-8";
LC_IDENTIFICATION = "en_GB.UTF-8";
LC_MEASUREMENT = "en_GB.UTF-8";
LC_MONETARY = "en_GB.UTF-8";
LC_NAME = "en_GB.UTF-8";
LC_NUMERIC = "en_GB.UTF-8";
LC_PAPER = "en_GB.UTF-8";
LC_TELEPHONE = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
};
console.keyMap = "uk";
services.openssh = {
enable = true;
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
environment.systemPackages = with pkgs; [
git
neovim
]; ];
documentation.enable = false; nix = {
settings = {
security = { auto-optimise-store = true;
acme.acceptTerms = true; };
auditd.enable = true; gc = {
audit = { automatic = true;
enable = true; dates = "weekly";
rules = [ options = "-d --delete-older-than 7d";
"-a exit,always -F arch=b64 -S execve"
];
}; };
}; };

18
hosts/vps1/README.md
View File

@ -1,18 +0,0 @@
# vps1
## Overview
VPS hosted in OVH.
## Specs
* CPU - ??
* Memory - ??
### Disks
Device | Partitions _(filesystem, usage)_
--- | ---
NVMe | `/dev/sda1` (ext4, NixOS Root)
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `vps1.mesh.vimium.net`.

69
hosts/vps1/default.nix
View File

@ -1,69 +0,0 @@
{ config, lib, pkgs, inputs, ... }:
{
imports = [
./hardware-configuration.nix
../server.nix
];
networking = {
hostId = "08bf6db3";
domain = "mesh.vimium.net";
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
];
};
};
users = {
users = {
jellyfin = {
isSystemUser = true;
group = "jellyfin";
shell = "/bin/sh";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaaS+KMAEAymZhIJGC4LK8aMhUzhpmloUgvP2cxeBH4 jellyfin"
];
};
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
];
};
};
groups = {
jellyfin = { };
};
};
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
security.acme.defaults = {
email = "hostmaster@vimium.com";
group = "nginx";
webroot = "/var/lib/acme/acme-challenge";
};
modules = {
services = {
borgmatic = {
enable = true;
directories = [
"/home"
"/var/lib"
"/var/www"
];
repoPath = "ssh://p91y8oh7@p91y8oh7.repo.borgbase.com/./repo";
};
coturn.enable = true;
gitea.enable = true;
headscale.enable = true;
matrix-synapse.enable = true;
nginx.enable = true;
};
};
system.stateVersion = "22.11";
}

26
hosts/vps1/hardware-configuration.nix
View File

@ -1,26 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
initrd = {
availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
kernelModules = [ "nvme" ];
};
loader.grub.device = "/dev/sda";
tmp.cleanOnBoot = true;
};
zramSwap.enable = true;
fileSystems = {
"/" = {
device = "/dev/sda1";
fsType = "ext4";
};
};
}

26
lib/attrs.nix Normal file
View File

@ -0,0 +1,26 @@
{ lib, ... }:
with builtins;
with lib;
rec {
# attrsToList
attrsToList = attrs:
mapAttrsToList (name: value: { inherit name value; }) attrs;
# mapFilterAttrs ::
# (name -> value -> bool)
# (name -> value -> { name = any; value = any; })
# attrs
mapFilterAttrs = pred: f: attrs: filterAttrs pred (mapAttrs' f attrs);
# Generate an attribute set by mapping a function over a list of values.
genAttrs' = values: f: listToAttrs (map f values);
# anyAttrs :: (name -> value -> bool) attrs
anyAttrs = pred: attrs:
any (attr: pred attr.name attr.value) (attrsToList attrs);
# countAttrs :: (name -> value -> bool) attrs
countAttrs = pred: attrs:
count (attr: pred attr.name attr.value) (attrsToList attrs);
}

19
lib/default.nix Normal file
View File

@ -0,0 +1,19 @@
{ inputs, lib, pkgs, ... }:
let
inherit (lib) makeExtensible attrValues foldr;
inherit (modules) mapModules;
modules = import ./modules.nix {
inherit lib;
self.attrs = import ./attrs.nix { inherit lib; self = {}; };
};
mylib = makeExtensible (self:
with self; mapModules ./.
(file: import file { inherit self lib pkgs inputs; }));
in
mylib.extend
(self: super:
foldr (a: b: a // b) {} (attrValues super))

53
lib/modules.nix Normal file
View File

@ -0,0 +1,53 @@
{ self, lib, ... }:
let
inherit (builtins) attrValues readDir pathExists concatLists;
inherit (lib) id mapAttrsToList filterAttrs hasPrefix hasSuffix nameValuePair removeSuffix;
inherit (self.attrs) mapFilterAttrs;
in
rec {
mapModules = dir: fn:
mapFilterAttrs
(n: v:
v != null &&
!(hasPrefix "_" n))
(n: v:
let path = "${toString dir}/${n}"; in
if v == "directory" && pathExists "${path}/default.nix"
then nameValuePair n (fn path)
else if v == "regular" &&
n != "default.nix" &&
hasSuffix ".nix" n
then nameValuePair (removeSuffix ".nix" n) (fn path)
else nameValuePair "" null)
(readDir dir);
mapModules' = dir: fn:
attrValues (mapModules dir fn);
mapModulesRec = dir: fn:
mapFilterAttrs
(n: v:
v != null &&
!(hasPrefix "_" n))
(n: v:
let path = "${toString dir}/${n}"; in
if v == "directory"
then nameValuePair n (mapModulesRec path fn)
else if v == "regular" && n != "default.nix" && hasSuffix ".nix" n
then nameValuePair (removeSuffix ".nix" n) (fn path)
else nameValuePair "" null)
(readDir dir);
mapModulesRec' = dir: fn:
let
dirs =
mapAttrsToList
(k: _: "${dir}/${k}")
(filterAttrs
(n: v: v == "directory" && !(hasPrefix "_" n))
(readDir dir));
files = attrValues (mapModules dir id);
paths = files ++ concatLists (map (d: mapModulesRec' d id) dirs);
in map fn paths;
}

25
lib/nixos.nix Normal file
View File

@ -0,0 +1,25 @@
{ inputs, lib, pkgs, ... }:
with lib;
with lib.my;
let sys = "x86_64-linux";
in {
mkHost = path: attrs @ { system ? sys, ... }:
nixosSystem {
inherit system;
specialArgs = { inherit lib inputs system; };
modules = [
{
nixpkgs.pkgs = pkgs;
networking.hostName = mkDefault (removeSuffix ".nix" (baseNameOf path));
}
(filterAttrs (n: v: !elem n [ "system" ]) attrs)
../. # /default.nix
(import path)
];
};
mapHosts = dir: attrs @ { system ? system, ... }:
mapModules dir
(hostPath: mkHost hostPath attrs);
}

35
lib/options.nix Normal file
View File

@ -0,0 +1,35 @@
{ lib, ... }:
let
inherit (lib) mkOption types;
in
rec {
mkOpt = type: default:
mkOption { inherit type default; };
mkOpt' = type: default: description:
mkOption { inherit type default description; };
mkBoolOpt = default: mkOption {
inherit default;
type = types.bool;
example = true;
};
mkStringOpt = default: mkOption {
inherit default;
type = types.lines;
example = "";
};
mkListOfStringOpt = default: mkOption {
inherit default;
type = types.listOf types.lines;
example = [ "a" "b" "c" ];
};
mkPath = path:
if path != null
then toString path
else "";
}

8
modules/default.nix
View File

@ -25,17 +25,9 @@
./dev/zig.nix ./dev/zig.nix
./editors/neovim ./editors/neovim
./editors/vscode.nix ./editors/vscode.nix
./hardware/presonus-studio.nix
./networking/tailscale.nix ./networking/tailscale.nix
./networking/wireless.nix
./security/gpg.nix ./security/gpg.nix
./security/pass.nix ./security/pass.nix
./services/borgmatic
./services/coturn
./services/gitea
./services/headscale
./services/matrix-synapse
./services/nginx
./shell/git ./shell/git
./shell/zsh ./shell/zsh
]; ];

9
modules/desktop/apps/qbittorrent.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.desktop.apps.qbittorrent; let cfg = config.modules.desktop.apps.qbittorrent;
in { in {
options.modules.desktop.apps.qbittorrent = { options.modules.desktop.apps.qbittorrent = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
user.packages = with pkgs; [ user.packages = with pkgs; [
qbittorrent qbittorrent
]; ];

9
modules/desktop/apps/slack.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.desktop.apps.slack; let cfg = config.modules.desktop.apps.slack;
in { in {
options.modules.desktop.apps.slack = { options.modules.desktop.apps.slack = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
user.packages = with pkgs; [ user.packages = with pkgs; [
slack slack
]; ];

9
modules/desktop/apps/thunderbird.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, inputs, ... }:
with lib;
with lib.my;
let cfg = config.modules.desktop.apps.thunderbird; let cfg = config.modules.desktop.apps.thunderbird;
in { in {
options.modules.desktop.apps.thunderbird = { options.modules.desktop.apps.thunderbird = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
home.file.".thunderbird/Default/chrome/thunderbird-gnome-theme".source = inputs.thunderbird-gnome-theme; home.file.".thunderbird/Default/chrome/thunderbird-gnome-theme".source = inputs.thunderbird-gnome-theme;
home.programs.thunderbird = { home.programs.thunderbird = {

9
modules/desktop/apps/zoom.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.desktop.apps.zoom; let cfg = config.modules.desktop.apps.zoom;
in { in {
options.modules.desktop.apps.zoom = { options.modules.desktop.apps.zoom = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
user.packages = with pkgs; [ user.packages = with pkgs; [
zoom-us zoom-us
]; ];

9
modules/desktop/browsers/firefox.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, inputs, ... }:
with lib;
with lib.my;
let cfg = config.modules.desktop.browsers.firefox; let cfg = config.modules.desktop.browsers.firefox;
in { in {
options.modules.desktop.browsers.firefox = { options.modules.desktop.browsers.firefox = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
home.file.".mozilla/firefox/Default/chrome/firefox-gnome-theme".source = inputs.firefox-gnome-theme; home.file.".mozilla/firefox/Default/chrome/firefox-gnome-theme".source = inputs.firefox-gnome-theme;
home.programs.firefox = { home.programs.firefox = {

76
modules/desktop/gaming/emulators.nix
View File

@ -1,74 +1,34 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.desktop.gaming.emulators; let cfg = config.modules.desktop.gaming.emulators;
in { in {
options.modules.desktop.gaming.emulators = { options.modules.desktop.gaming.emulators = {
ds.enable = lib.mkOption { ds.enable = mkBoolOpt false;
default = false; gb.enable = mkBoolOpt false;
example = true; gba.enable = mkBoolOpt false;
}; gamecube.enable = mkBoolOpt false;
gb.enable = lib.mkOption { ps2.enable = mkBoolOpt false;
default = false; ps3.enable = mkBoolOpt false;
example = true; psp.enable = mkBoolOpt false;
}; snes.enable = mkBoolOpt false;
gba.enable = lib.mkOption { wii.enable = mkBoolOpt false;
default = false;
example = true;
};
gamecube.enable = lib.mkOption {
default = false;
example = true;
};
ps1.enable = lib.mkOption {
default = false;
example = true;
};
ps2.enable = lib.mkOption {
default = false;
example = true;
};
ps3.enable = lib.mkOption {
default = false;
example = true;
};
psp.enable = lib.mkOption {
default = false;
example = true;
};
snes.enable = lib.mkOption {
default = false;
example = true;
};
switch.enable = lib.mkOption {
default = false;
example = true;
};
wii.enable = lib.mkOption {
default = false;
example = true;
};
xbox.enable = lib.mkOption {
default = false;
example = true;
};
}; };
config = { config = {
user.packages = with pkgs.unstable; [ user.packages = with pkgs; [
(lib.mkIf cfg.ps1.enable duckstation) (mkIf cfg.ps2.enable pcsx2)
(lib.mkIf cfg.ps2.enable pcsx2) (mkIf cfg.ps3.enable rpcs3)
(lib.mkIf cfg.ps3.enable rpcs3) (mkIf cfg.psp.enable ppsspp)
(lib.mkIf cfg.psp.enable ppsspp) (mkIf cfg.ds.enable desmume)
(lib.mkIf cfg.ds.enable desmume) (mkIf (cfg.gba.enable ||
(lib.mkIf (cfg.gba.enable ||
cfg.gb.enable || cfg.gb.enable ||
cfg.snes.enable) cfg.snes.enable)
higan) higan)
(lib.mkIf cfg.switch.enable yuzuPackages.mainline) (mkIf (cfg.wii.enable ||
(lib.mkIf (cfg.wii.enable ||
cfg.gamecube.enable) cfg.gamecube.enable)
dolphin-emu) dolphin-emu)
(lib.mkIf cfg.xbox.enable xemu)
]; ];
}; };
} }

9
modules/desktop/gaming/lutris.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.desktop.gaming.lutris; let cfg = config.modules.desktop.gaming.lutris;
in { in {
options.modules.desktop.gaming.lutris = { options.modules.desktop.gaming.lutris = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
user.packages = with pkgs; [ user.packages = with pkgs; [
lutris lutris
vulkan-loader vulkan-loader

9
modules/desktop/gaming/steam.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.desktop.gaming.steam; let cfg = config.modules.desktop.gaming.steam;
in { in {
options.modules.desktop.gaming.steam = { options.modules.desktop.gaming.steam = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
programs.steam.enable = true; programs.steam.enable = true;
systemd.extraConfig = "DefaultLimitNOFILE=1048576"; systemd.extraConfig = "DefaultLimitNOFILE=1048576";

44
modules/desktop/gnome.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.desktop.gnome; let cfg = config.modules.desktop.gnome;
in { in {
options.modules.desktop.gnome = { options.modules.desktop.gnome = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
services.xserver = { services.xserver = {
enable = true; enable = true;
displayManager.gdm.enable = true; displayManager.gdm.enable = true;
@ -17,7 +16,6 @@ in {
}; };
services.flatpak.enable = true; services.flatpak.enable = true;
services.fwupd.enable = true;
programs.dconf.enable = true; programs.dconf.enable = true;
dconf.settings = { dconf.settings = {
@ -103,12 +101,6 @@ in {
picture-uri = "file://${pkgs.gnome.gnome-backgrounds}/share/backgrounds/gnome/adwaita-l.jpg"; picture-uri = "file://${pkgs.gnome.gnome-backgrounds}/share/backgrounds/gnome/adwaita-l.jpg";
picture-uri-dark = "file://${pkgs.gnome.gnome-backgrounds}/share/backgrounds/gnome/adwaita-d.jpg"; picture-uri-dark = "file://${pkgs.gnome.gnome-backgrounds}/share/backgrounds/gnome/adwaita-d.jpg";
}; };
"org/gnome/desktop/peripherals/touchpad" = {
tap-to-click = true;
};
"org/gnome/desktop/search-providers" = {
disabled = [ "org.gnome.Epiphany.desktop" ];
};
"org/gtk/settings/file-chooser" = { "org/gtk/settings/file-chooser" = {
show-hidden = true; show-hidden = true;
sort-directories-first = true; sort-directories-first = true;
@ -138,13 +130,12 @@ in {
}; };
"org/gnome/mutter" = { "org/gnome/mutter" = {
center-new-windows = true; center-new-windows = true;
edge-tiling = true;
experimental-features = [ "scale-monitor-framebuffer" ]; experimental-features = [ "scale-monitor-framebuffer" ];
}; };
"org/gnome/desktop/interface" = { "org/gnome/desktop/interface" = {
color-scheme = "prefer-dark"; color-scheme = "prefer-dark";
enable-hot-corners = false; enable-hot-corners = false;
monospace-font-name = "UbuntuMono Nerd Font 11"; monospace-font-name = "Ubuntu Mono 11";
}; };
"org/gnome/desktop/wm/keybindings" = { "org/gnome/desktop/wm/keybindings" = {
switch-group = [ "<Super>grave" ]; switch-group = [ "<Super>grave" ];
@ -157,33 +148,16 @@ in {
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
noto-fonts noto-fonts
(nerdfonts.override { fonts = [ "BigBlueTerminal" "ComicShannsMono" "UbuntuMono" ]; }) ubuntu_font_family
]; ];
user.packages = with pkgs; [ user.packages = with pkgs; [
authenticator
bottles
bustle
celluloid celluloid
d-spy
drawing
fragments fragments
gnome.ghex
# gnome-builder
gnome-decoder
gnome-firmware
gnome-frog
gnome-obfuscate
gnome-podcasts
identity
mission-center mission-center
newsflash
schemes
shortwave
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
adw-gtk3
bind bind
bmon bmon
fd fd
@ -206,7 +180,6 @@ in {
gnomeExtensions.pano gnomeExtensions.pano
gnomeExtensions.paperwm gnomeExtensions.paperwm
# gnomeExtensions.pip-on-top # gnomeExtensions.pip-on-top
gnomeExtensions.rounded-window-corners
gnomeExtensions.search-light gnomeExtensions.search-light
gnomeExtensions.smart-auto-move gnomeExtensions.smart-auto-move
gnomeExtensions.space-bar gnomeExtensions.space-bar
@ -219,16 +192,13 @@ in {
# gnomeExtensions.worksets # gnomeExtensions.worksets
# gnomeExtensions.workspace-matrix # gnomeExtensions.workspace-matrix
iotop iotop
unstable.morewaita-icon-theme
ripgrep ripgrep
rsync rsync
tcpdump tcpdump
tokei tokei
tree tree
wl-clipboard wl-clipboard
] ++ (if config.virtualisation.podman.enable then [ ];
pods
] else []);
home.services.gpg-agent.pinentryFlavor = "gnome3"; home.services.gpg-agent.pinentryFlavor = "gnome3";
}; };

25
modules/desktop/media/graphics.nix
View File

@ -1,28 +1,21 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.desktop.media.graphics; let cfg = config.modules.desktop.media.graphics;
in { in {
options.modules.desktop.media.graphics = { options.modules.desktop.media.graphics = {
modeling.enable = lib.mkOption { modeling.enable = mkBoolOpt false;
default = false; raster.enable = mkBoolOpt false;
example = true; vector.enable = mkBoolOpt false;
};
raster.enable = lib.mkOption {
default = false;
example = true;
};
vector.enable = lib.mkOption {
default = false;
example = true;
};
}; };
config = { config = {
user.packages = with pkgs; [ user.packages = with pkgs; [
(lib.mkIf cfg.modeling.enable blender) (mkIf cfg.modeling.enable blender)
(lib.mkIf cfg.raster.enable gimp) (mkIf cfg.raster.enable gimp)
(lib.mkIf cfg.raster.enable krita) (mkIf cfg.raster.enable krita)
(lib.mkIf cfg.vector.enable inkscape) (mkIf cfg.vector.enable inkscape)
]; ];
}; };
} }

12
modules/desktop/media/recording.nix
View File

@ -1,16 +1,12 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.desktop.media.recording; let cfg = config.modules.desktop.media.recording;
in { in {
options.modules.desktop.media.recording = { options.modules.desktop.media.recording = {
audio.enable = lib.mkOption { audio.enable = mkBoolOpt false;
default = false; video.enable = mkBoolOpt false;
example = true;
};
video.enable = lib.mkOption {
default = false;
example = true;
};
}; };
config = { config = {

9
modules/desktop/mimeapps.nix
View File

@ -1,18 +1,17 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let let
cfg = config.modules.desktop.mimeapps; cfg = config.modules.desktop.mimeapps;
avApp = "io.github.celluloid_player.Celluloid.desktop"; avApp = "io.github.celluloid_player.Celluloid.desktop";
imageApp = "org.gnome.eog.desktop"; imageApp = "org.gnome.eog.desktop";
in { in {
options.modules.desktop.mimeapps = { options.modules.desktop.mimeapps = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
xdg.mime.defaultApplications = { xdg.mime.defaultApplications = {
# Audio/video # Audio/video
"audio/x-vorbis+ogg" = avApp; "audio/x-vorbis+ogg" = avApp;

9
modules/desktop/office/libreoffice.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.desktop.office.libreoffice; let cfg = config.modules.desktop.office.libreoffice;
in { in {
options.modules.desktop.office.libreoffice = { options.modules.desktop.office.libreoffice = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
user.packages = with pkgs; [ user.packages = with pkgs; [
libreoffice libreoffice
]; ];

9
modules/dev/cc.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.dev.cc; let cfg = config.modules.dev.cc;
in { in {
options.modules.dev.cc = { options.modules.dev.cc = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
user.packages = with pkgs; [ user.packages = with pkgs; [
clang clang
gcc gcc

9
modules/dev/java.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.dev.java; let cfg = config.modules.dev.java;
in { in {
options.modules.dev.java = { options.modules.dev.java = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
user.packages = with pkgs; [ user.packages = with pkgs; [
jdk jdk
]; ];

9
modules/dev/lua.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.dev.lua; let cfg = config.modules.dev.lua;
in { in {
options.modules.dev.lua = { options.modules.dev.lua = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
user.packages = with pkgs; [ user.packages = with pkgs; [
lua lua
]; ];

9
modules/dev/node.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.dev.node; let cfg = config.modules.dev.node;
in { in {
options.modules.dev.node = { options.modules.dev.node = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
user.packages = with pkgs; [ user.packages = with pkgs; [
nodejs_latest nodejs_latest
]; ];

9
modules/dev/python.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.dev.python; let cfg = config.modules.dev.python;
in { in {
options.modules.dev.python = { options.modules.dev.python = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
user.packages = with pkgs; [ user.packages = with pkgs; [
python310 python310
]; ];

9
modules/dev/rust.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.dev.rust; let cfg = config.modules.dev.rust;
in { in {
options.modules.dev.rust = { options.modules.dev.rust = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
user.packages = with pkgs; [ user.packages = with pkgs; [
rustc rustc
rustup rustup

9
modules/dev/scala.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.dev.scala; let cfg = config.modules.dev.scala;
in { in {
options.modules.dev.scala = { options.modules.dev.scala = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
user.packages = with pkgs; [ user.packages = with pkgs; [
jdk jdk
sbt sbt

9
modules/dev/shell.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.dev.shell; let cfg = config.modules.dev.shell;
in { in {
options.modules.dev.shell = { options.modules.dev.shell = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
user.packages = with pkgs; [ user.packages = with pkgs; [
shellcheck shellcheck
]; ];

9
modules/dev/zig.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.dev.zig; let cfg = config.modules.dev.zig;
in { in {
options.modules.dev.zig = { options.modules.dev.zig = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
user.packages = with pkgs; [ user.packages = with pkgs; [
zig zig
]; ];

131
modules/editors/neovim/default.nix
View File

@ -1,25 +1,134 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let let
cfg = config.modules.editors.neovim; cfg = config.modules.editors.neovim;
dev = config.modules.dev;
in { in {
options.modules.editors.neovim = { options.modules.editors.neovim = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
user.packages = with pkgs.unstable; [ user.packages = with pkgs; [
lunarvim (neovim.override {
]; configure = {
customRC = ''
luafile ~/.config/nvim/init.lua
'';
packages.myPlugins = with pkgs.vimPlugins; {
start = [
(nvim-treesitter.withPlugins (
plugins: with plugins; [
bash
c
cmake
cpp
css
dockerfile
elm
glsl
graphql
haskell
http
html
java
javascript
jsdoc
json
json5
latex
lua
markdown
ninja
nix
org
perl
php
pug
python
regex
rst
ruby
rust
scala
scss
toml
tsx
typescript
vim
yaml
zig
]
))
nvim-treesitter-context
nvim-treesitter-textobjects
nvim-lspconfig
];
};
};
})
] ++
env.EDITOR = "lvim"; # Install appropriate language servers
(if dev.cc.enable then [
ccls # C/C++
] else []) ++
(if dev.java.enable then [
java-language-server # Java
ltex-ls # LaTeX
] else []) ++
(if dev.lua.enable then [
sumneko-lua-language-server # Lua
] else []) ++
(if dev.node.enable then [
nodePackages.bash-language-server # Bash
nodePackages.dockerfile-language-server-nodejs # Dockerfile
nodePackages.graphql-language-service-cli # GraphQL
nodePackages.purescript-language-server # PureScript
nodePackages.svelte-language-server # Svelte
nodePackages.typescript-language-server # JavaScript/TypeScript
nodePackages.vim-language-server # Vim
nodePackages.vscode-langservers-extracted # HTML, CSS, JSON, ESLint
nodePackages.vue-language-server # Vue.js
nodePackages.yaml-language-server # YAML
] else []) ++
(if dev.python.enable then [
cmake-language-server # CMake
python310Packages.python-lsp-server # Python
] else []) ++
(if dev.rust.enable then [
rust-analyzer # Rust
] else []) ++
(if dev.scala.enable then [
metals # Scala
] else []) ++
(if dev.zig.enable then [
zls # Zig
] else []);
home.configFile = {
"nvim/init.lua".source = ./init.lua;
"nvim/lua" = { source = ./lua; recursive = true; };
"nvim/lua/config/lsp.lua".text = ''
-- This file is autogenerated, do not edit.
${if dev.cc.enable then "require('config.lsp.cc')\n" else ""}
${if dev.java.enable then "require('config.lsp.java')\n" else ""}
${if dev.lua.enable then "require('config.lsp.lua')\n" else ""}
${if dev.node.enable then "require('config.lsp.node')\n" else ""}
${if dev.python.enable then "require('config.lsp.python')\n" else ""}
${if dev.rust.enable then "require('config.lsp.rust')\n" else ""}
${if dev.scala.enable then "require('config.lsp.scala')\n" else ""}
${if dev.zig.enable then "require('config.lsp.zig')\n" else ""}
'';
};
env.EDITOR = "nvim";
environment.shellAliases = { environment.shellAliases = {
vim = "lvim"; vim = "nvim";
v = "lvim"; v = "nvim";
}; };
}; };
} }

6
modules/editors/neovim/init.lua Normal file
View File

@ -0,0 +1,6 @@
require("config.core")
require("config.keymap")
require("config.treesitter")
require("config.plugins")
require("config.lsp")

36
modules/editors/neovim/lua/config/core.lua Normal file
View File

@ -0,0 +1,36 @@
local o = vim.opt
local wo = vim.wo
local bo = vim.bo
-- Global dirs
local cachedir = os.getenv("XDG_CACHE_HOME")
o.backupdir = cachedir .. "/nvim/backup/"
o.directory = cachedir .. "/nvim/swap/"
o.undodir = cachedir .. "/nvim/undo/"
-- Global
o.breakindent = true
o.clipboard = "unnamedplus"
o.compatible = false
o.encoding = "utf-8"
o.expandtab = true
o.foldlevel = 99
o.hidden = true
o.hlsearch = false
o.ignorecase = true
o.laststatus = 2
o.listchars = { eol = '', tab = '', trail = '·' }
o.relativenumber = true
o.shiftwidth = 2
o.showmode = false
o.smartcase = true
o.smarttab = true
o.softtabstop = 2
o.synmaxcol = 150
o.tabstop = 4
o.undofile = true
o.wildmenu = true
-- Window
-- Buffer

35
modules/editors/neovim/lua/config/keymap.lua Normal file
View File

@ -0,0 +1,35 @@
local keymap = vim.keymap.set
local opts = { noremap = true, silent = true }
vim.g.mapleader = ","
-- Modes
-- Normal = "n",
-- Insert = "i",
-- Visual = "v",
-- Visual Block = "x",
-- Term = "t",
-- Command = "c"
keymap("n", "<Left>", "<Nop>", opts)
keymap("n", "<Right>", "<Nop>", opts)
keymap("n", "<Up>", "<Nop>", opts)
keymap("n", "<Down>", "<Nop>", opts)
keymap("n", "<C-h>", "<C-w>h", { noremap = true })
keymap("n", "<C-j>", "<C-w>j", { noremap = true })
keymap("n", "<C-k>", "<C-w>k", { noremap = true })
keymap("n", "<C-l>", "<C-w>l", { noremap = true })
keymap("n", "gV", "`[v`]", opts)
keymap("n", ";", ":", { noremap = true })
-- Bubble single lines with vim-unimpaired
keymap("n", "<C-Up>", "[e", opts)
keymap("n", "<C-Down>", "]e", opts)
-- Bubble multiple lines with vim-unimpaired
keymap("v", "<C-Up>", "[egv", opts)
keymap("v", "<C-Down>", "]egv", opts)

5
modules/editors/neovim/lua/config/lsp/cc.lua Normal file
View File

@ -0,0 +1,5 @@
lspconfig = require('lspconfig')
-- Requires C/C++
lspconfig.ccls.setup{}

6
modules/editors/neovim/lua/config/lsp/java.lua Normal file
View File

@ -0,0 +1,6 @@
lspconfig = require('lspconfig')
-- Requires Java
lspconfig.java_language_server.setup{}
lspconfig.ltex.setup{}

22
modules/editors/neovim/lua/config/lsp/lua.lua Normal file
View File

@ -0,0 +1,22 @@
lspconfig = require('lspconfig')
-- Requires Lua
lspconfig.sumneko_lua.setup {
settings = {
Lua = {
runtime = {
-- Tell the language server which version of Lua you're using (most likely LuaJIT in the case of Neovim)
version = 'LuaJIT',
},
diagnostics = {
-- Get the language server to recognize the `vim` global
globals = {'vim'},
},
-- Do not send telemetry data containing a randomized but unique identifier
telemetry = {
enable = false,
},
},
},
}

17
modules/editors/neovim/lua/config/lsp/node.lua Normal file
View File

@ -0,0 +1,17 @@
lspconfig = require('lspconfig')
-- Requires Node.js
lspconfig.bashls.setup{}
lspconfig.cssls.setup{}
lspconfig.dockerls.setup{}
lspconfig.eslint.setup{}
lspconfig.graphql.setup{}
lspconfig.html.setup{}
lspconfig.jsonls.setup{}
lspconfig.purescriptls.setup{}
lspconfig.svelte.setup{}
lspconfig.tsserver.setup{}
lspconfig.vimls.setup{}
lspconfig.vuels.setup{}
lspconfig.yamlls.setup{}

6
modules/editors/neovim/lua/config/lsp/python.lua Normal file
View File

@ -0,0 +1,6 @@
lspconfig = require('lspconfig')
-- Requires Python
lspconfig.cmake.setup{}
lspconfig.pylsp.setup{}

5
modules/editors/neovim/lua/config/lsp/rust.lua Normal file
View File

@ -0,0 +1,5 @@
lspconfig = require('lspconfig')
-- Requires Rust
lspconfig.rls.setup{}

5
modules/editors/neovim/lua/config/lsp/scala.lua Normal file
View File

@ -0,0 +1,5 @@
lspconfig = require('lspconfig')
-- Requires Scala
lspconfig.metals.setup{}

5
modules/editors/neovim/lua/config/lsp/zig.lua Normal file
View File

@ -0,0 +1,5 @@
lspconfig = require('lspconfig')
-- Requires Zig
lspconfig.zls.setup{}

77
modules/editors/neovim/lua/config/plugins.lua Normal file
View File

@ -0,0 +1,77 @@
local fn = vim.fn
local install_path = fn.stdpath "data" .. "/site/pack/packer/start/packer.nvim"
if fn.empty(fn.glob(install_path)) > 0 then
PACKER_BOOTSTRAP = fn.system {
"git",
"clone",
"--depth",
"1",
"https://github.com/wbthomason/packer.nvim",
install_path,
}
print "Installing packer close and reopen Neovim..."
vim.cmd [[packadd packer.nvim]]
end
vim.cmd [[
augroup packer_user_config
autocmd!
autocmd BufWritePost plugins.lua source <afile> | PackerSync
augroup end
]]
local status_ok, packer = pcall(require, "packer")
if not status_ok then
return
end
packer.init {
display = {
open_fn = function()
return require("packer.util").float { border = "rounded" }
end,
},
}
return packer.startup(function(use)
-- Utilities
use { "wbthomason/packer.nvim", opt = true }
use { "mbbill/undotree" }
use { "nvim-lua/plenary.nvim" }
use { "tpope/vim-fugitive", event = "User InGitRepo" }
-- Editing
use { "andymass/vim-matchup" }
use { "godlygeek/tabular" }
use { "JoosepAlviste/nvim-ts-context-commentstring" }
use { "kana/vim-textobj-user" }
use { "mg979/vim-visual-multi", branch = "master" }
use { "p00f/nvim-ts-rainbow" }
use { "terryma/vim-expand-region" }
use { "tommcdo/vim-exchange", event = "VimEnter" }
use { "tpope/vim-abolish" }
use { "tpope/vim-commentary", event = "VimEnter" }
use { "tpope/vim-repeat", event = "VimEnter" }
use { "tpope/vim-surround", event = "VimEnter" }
use { "windwp/nvim-autopairs" }
use { "windwp/nvim-ts-autotag" }
-- UI
use { "junegunn/goyo.vim" }
use { "junegunn/limelight.vim" }
use { "markonm/traces.vim" }
-- Searching
use { "nvim-telescope/telescope.nvim", config = [[require('config.telescope')]] }
use { "cljoly/telescope-repo.nvim", requires = "telescope.nvim" }
use { "dyng/ctrlsf.vim" }
-- LSP
use { "jose-elias-alvarez/null-ls.nvim" }
if PACKER_BOOTSTRAP then
require("packer").sync()
end
end)

46
modules/editors/neovim/lua/config/telescope.lua Normal file
View File

@ -0,0 +1,46 @@
local status_ok, telescope = pcall(require, "telescope")
if not status_ok then
return
end
local actions = require("telescope.actions")
telescope.setup({
defaults = {
file_ignore_patterns = { ".git/", "node_modules" },
},
mappings = {
i = {
["<Down>"] = actions.cycle_history_next,
["<Up>"] = actions.cycle_history_prev,
["<C-j>"] = actions.move_selection_next,
["<C-k>"] = actions.move_selection_previous,
},
},
extensions = {
repo = {
list = {
fd_opts = {
"--no-ignore-vcs",
},
search_dirs = {
"~/projects",
"~/repos",
"~/workspace",
},
},
},
},
})
telescope.load_extension("repo")
local keymap = vim.keymap.set
local opts = { noremap = true, silent = true }
keymap("n", "<Leader>ff", "<cmd>Telescope find_files<cr>", opts)
keymap("n", "<Leader>fg", "<cmd>Telescope live_grep<cr>", opts)
keymap("n", "<Leader>fb", "<cmd>Telescope buffers<cr>", opts)
keymap("n", "<Leader>fh", "<cmd>Telescope help_tags<cr>", opts)
keymap("n", "<Leader>fr", "<cmd>Telescope repo list<cr>", opts)

35
modules/editors/neovim/lua/config/treesitter.lua Normal file
View File

@ -0,0 +1,35 @@
require("nvim-treesitter.configs").setup({
ignore_install = {},
highlight = {
enable = true,
disable = {},
},
indent = { enable = true },
incremental_selection = {
enable = true,
keymaps = {
init_selection = "gnn",
node_incremental = "grn",
scope_incremental = "grc",
node_decremental = "grm",
},
},
-- Extensions
autotag = { enable = true },
context_commentstring = { enable = true },
matchup = { enable = true },
rainbow = { enable = true },
textobjects = {
select = {
enable = true,
keymaps = {
["af"] = "@function.outer",
["if"] = "@function.inner",
},
},
},
})
vim.opt.foldmethod = "expr"
vim.opt.foldexpr = "nvim_treesitter#foldexpr()"

41
modules/editors/vscode.nix
View File

@ -1,49 +1,16 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.editors.vscode; let cfg = config.modules.editors.vscode;
in { in {
options.modules.editors.vscode = { options.modules.editors.vscode = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
environment.sessionVariables.NIXOS_OZONE_WL = "1";
home.programs.vscode = { home.programs.vscode = {
enable = true; enable = true;
extensions = with pkgs.vscode-extensions; [
asvetliakov.vscode-neovim
brettm12345.nixfmt-vscode
coolbear.systemd-unit-file
editorconfig.editorconfig
golang.go
graphql.vscode-graphql-syntax
mattn.lisp
# mkhl.direnv
ms-python.vscode-pylance
ms-vscode.cpptools
ms-vscode.hexeditor
piousdeer.adwaita-theme
# redhat.java
# sumneko.lua
];
userSettings = {
"editor.renderLineHighlight" = "none";
"extensions.experimental.affinity" = {
"asvetliakov.vscode-neovim" = 1;
};
"files.autoSave" = "off";
"window.autoDetectColorScheme" = true;
"window.commandCenter" = true;
"window.titleBarStyle" = "custom";
"workbench.iconTheme" = null;
"workbench.preferredDarkColorTheme" = "Adwaita Dark";
"workbench.preferredLightColorTheme" = "Adwaita Light";
"workbench.tree.indent" = 12;
};
}; };
}; };
} }

69
modules/hardware/presonus-studio.nix
View File

@ -1,69 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.modules.hardware.presonus-studio;
snd-usb-audio-module = pkgs.callPackage ./snd-usb-audio.nix {
kernel = config.boot.kernelPackages.kernel;
};
patched = snd-usb-audio-module.overrideAttrs (prev: {
patches = [ ./0001-Update-device-ID-for-PreSonus-1824c.patch ];
});
upmixConfig = ''
stream.properties = {
channelmix.upmix = true
channelmix.upmix-method = psd
}
'';
in {
options.modules.hardware.presonus-studio = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
boot.kernelModules = [ "snd-usb-audio" ];
boot.extraModulePackages = [
(patched)
];
environment.etc = {
"pipewire/pipewire.conf.d/10-network.conf".text = ''
context.modules = [
{
name = libpipewire-module-rtp-session
args = {
stream.props = {
node.name = "rtp-source"
}
}
}
]
'';
"pipewire/pipewire.conf.d/surround.conf".text = ''
context.modules = [
{
name = libpipewire-module-loopback
args = {
node.description = "Genelec 4.1 Surround"
capture.props = {
node.name = "Genelec_Speakers"
media.class = "Audio/Sink"
audio.position = [ FL FR SL SR LFE ]
}
playback.props = {
node.name = "playback.Genelec_Speakers"
audio.position = [ AUX0 AUX1 AUX3 AUX4 AUX5 ]
target.object = "alsa_output.usb-PreSonus_Studio_1824c_SC4E21110775-00.multichannel-output"
stream.dont-remix = true
node.passive = true
}
}
}
]
'';
"pipewire/pipewire-pulse.conf.d/40-upmix.conf".text = upmixConfig;
"pipewire/client-rt.conf.d/40-upmix.conf".text = upmixConfig;
};
};
}

14
modules/networking/tailscale.nix
View File

@ -1,19 +1,15 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.networking.tailscale; let cfg = config.modules.networking.tailscale;
in { in {
options.modules.networking.tailscale = { options.modules.networking.tailscale = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false; restrictSSH = mkBoolOpt true;
example = true;
};
restrictSSH = lib.mkOption {
default = true;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
services.tailscale.enable = true; services.tailscale.enable = true;
services.openssh.openFirewall = !cfg.restrictSSH; services.openssh.openFirewall = !cfg.restrictSSH;
networking.firewall = { networking.firewall = {

60
modules/networking/wireless.nix
View File

@ -1,60 +0,0 @@
{ config, lib, pkgs, inputs, ... }:
with lib;
let cfg = config.modules.networking.wireless;
in {
options.modules.networking.wireless = {
enable = mkOption {
default = false;
example = true;
description = mdDoc "Automatically connect to known networks";
};
interfaces = mkOption {
default = [ ]; # All interfaces
example = [ "wlan0" ];
description = mdDoc "Interfaces for `wpa_supplicant` to bind to";
};
};
config = mkIf cfg.enable {
age.secrets."passwords/networks" = {
file = "${inputs.secrets}/passwords/networks.age";
};
networking = {
wireless = {
enable = true;
interfaces = cfg.interfaces;
environmentFile = config.age.secrets."passwords/networks".path;
networks = {
"Apollo 600 Mbps".psk = "@PSK_APOLLO@";
};
};
networkmanager.ensureProfiles.profiles = {
"Apollo" = {
connection = {
id = "Apollo 600 Mbps";
type = "wifi";
};
wifi = {
mode = "infrastructure";
ssid = "Apollo 600 Mbps";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
};
};
};
};
}

23
modules/options.nix
View File

@ -1,20 +1,21 @@
{ config, options, lib, home-manager, inputs, ... }: { config, options, lib, home-manager, ... }:
with lib; with lib;
with lib.my;
{ {
options = with types; { options = with types; {
user = mkOption { type = attrs; default = { }; }; user = mkOpt attrs { };
home = { home = {
configFile = mkOption { type = attrs; default = { }; description = "Files to place in $XDG_CONFIG_HOME"; }; configFile = mkOpt' attrs { } "Files to place in $XDG_CONFIG_HOME";
dataFile = mkOption { type = attrs; default = { }; description = "Files to place in $XDG_DATA_HOME"; }; dataFile = mkOpt' attrs { } "Files to place in $XDG_DATA_HOME";
file = mkOption { type = attrs; default = { }; description = "Files to place directly in $HOME"; }; file = mkOpt' attrs { } "Files to place directly in $HOME";
packages = mkOption { type = attrs; default = { }; description = "User-level installed packages"; }; packages = mkOpt' attrs { } "User-level installed packages";
programs = mkOption { type = attrs; default = { }; description = "Programs managed directly from home-manager"; }; programs = mkOpt' attrs { } "Programs managed directly from home-manager";
services = mkOption { type = attrs; default = { }; description = "Services managed directly from home-manager"; }; services = mkOpt' attrs { } "Services managed directly from home-manager";
}; };
dconf.settings = mkOption { type = attrs; default = { }; description = "dconf settings to enable"; }; dconf.settings = mkOpt' attrs { } "dconf settings to enable";
env = mkOption { env = mkOption {
type = attrsOf (oneOf [ str path (listOf (either str path)) ]); type = attrsOf (oneOf [ str path (listOf (either str path)) ]);
@ -29,7 +30,6 @@ with lib;
}; };
config = { config = {
age.secrets."passwords/users/jordan".file = "${inputs.secrets}/passwords/users/jordan.age";
user = user =
let user = builtins.getEnv "USER"; let user = builtins.getEnv "USER";
name = if elem user [ "" "root" ] then "jordan" else user; name = if elem user [ "" "root" ] then "jordan" else user;
@ -42,7 +42,6 @@ with lib;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
]; ];
hashedPasswordFile = config.age.secrets."passwords/users/jordan".path;
home = "/home/${name}"; home = "/home/${name}";
group = "users"; group = "users";
uid = 1000; uid = 1000;
@ -70,6 +69,8 @@ with lib;
users.users.${config.user.name} = mkAliasDefinitions options.user; users.users.${config.user.name} = mkAliasDefinitions options.user;
nixpkgs.config.allowUnfree = true;
environment.extraInit = environment.extraInit =
concatStringsSep "\n" concatStringsSep "\n"
(mapAttrsToList (n: v: "export ${n}=\"${v}\"") config.env); (mapAttrsToList (n: v: "export ${n}=\"${v}\"") config.env);

9
modules/security/gpg.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.security.gpg; let cfg = config.modules.security.gpg;
in { in {
options.modules.security.gpg = { options.modules.security.gpg = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
home.programs.gpg = { home.programs.gpg = {
enable = true; enable = true;
}; };

9
modules/security/pass.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.security.pass; let cfg = config.modules.security.pass;
in { in {
options.modules.security.pass = { options.modules.security.pass = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
home.programs.password-store = { home.programs.password-store = {
enable = true; enable = true;
package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]); package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);

53
modules/services/borgmatic/default.nix
View File

@ -1,53 +0,0 @@
{ config, lib, pkgs, inputs, ... }:
with lib;
let
cfg = config.modules.services.borgmatic;
hostname = config.networking.hostName;
in {
options.modules.services.borgmatic = {
enable = mkOption {
default = false;
example = true;
description = mdDoc "Enable backups on this host with `borgmatic`";
};
directories = mkOption {
type = types.listOf types.str;
default = [];
example = [
"/home/jordan/Documents"
];
description = mdDoc "List of directories to backup";
};
repoPath = mkOption {
type = types.str;
example = "ssh://example@example.repo.borgbase.com/./repo";
description = mdDoc "Destination borg repository for backup";
};
};
config = mkIf cfg.enable {
age.secrets."passwords/services/borg/${hostname}-passphrase" = {
file = "${inputs.secrets}/passwords/services/borg/${hostname}-passphrase.age";
};
services.borgmatic = {
enable = true;
settings = {
source_directories = cfg.directories;
repositories = [
{ label = "borgbase"; path = cfg.repoPath; }
];
encryption_passcommand = "cat ${config.age.secrets."passwords/services/borg/${hostname}-passphrase".path}";
ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key";
keep_daily = 7;
keep_weekly = 4;
keep_monthly = 6;
};
};
# Without this override, `cat` is unavailable for `encryption_passcommand`
systemd.services.borgmatic.confinement.fullUnit = true;
};
}

60
modules/services/coturn/default.nix
View File

@ -1,60 +0,0 @@
{ config, lib, pkgs, inputs, ... }:
with lib;
let
cfg = config.modules.services.coturn;
in {
options.modules.services.coturn = {
enable = mkOption {
default = false;
example = true;
};
};
config = mkIf cfg.enable {
networking.firewall = {
allowedTCPPorts = [
5349 # STUN TLS
5350 # STUN TLS alt
];
allowedUDPPortRanges = [
{ from = 49152; to = 49999; } # TURN relay
];
};
security.acme.certs = {
"turn.vimium.com" = {
reloadServices = [ "coturn" ];
};
};
age.secrets."passwords/services/coturn/shared-secret" = {
file = "${inputs.secrets}/passwords/services/coturn/shared-secret.age";
owner = "turnserver";
group = "turnserver";
};
services.coturn = {
enable = true;
lt-cred-mech = true;
use-auth-secret = true;
static-auth-secret-file = config.age.secrets."passwords/services/coturn/shared-secret".path;
realm = "turn.vimium.com";
relay-ips = [
"198.244.190.160"
];
no-tcp-relay = true;
extraConfig = ''
cipher-list="HIGH"
no-loopback-peers
no-multicast-peers
'';
secure-stun = true;
cert = "/var/lib/acme/turn.vimium.com/fullchain.pem";
pkey = "/var/lib/acme/turn.vimium.com/key.pem";
min-port = 49152;
max-port = 49999;
};
};
}

83
modules/services/gitea/default.nix
View File

@ -1,83 +0,0 @@
{ config, lib, pkgs, inputs, ... }:
with lib;
let
cfg = config.modules.services.gitea;
in {
options.modules.services.gitea = {
enable = mkOption {
default = false;
example = true;
};
};
config = mkIf cfg.enable {
users = {
users.git = {
isSystemUser = true;
useDefaultShell = true;
group = "git";
extraGroups = [ "gitea" ];
home = config.services.gitea.stateDir;
};
groups.git = { };
};
services.nginx = {
upstreams.gitea = {
servers = {
"unix:${config.services.gitea.settings.server.HTTP_ADDR}" = { };
};
};
virtualHosts = {
"git.vimium.com" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://gitea";
};
};
};
services.gitea = rec {
package = pkgs.unstable.gitea;
enable = true;
user = "git";
appName = "Vimium Git";
stateDir = "/var/lib/gitea";
repositoryRoot = "${stateDir}/repositories";
database = {
type = "sqlite3";
inherit user;
path = "${stateDir}/gitea.db";
};
lfs = {
enable = true;
contentDir = "${stateDir}/lfs";
};
settings = {
server = {
SSH_USER = "git";
SSH_DOMAIN = "git.vimium.com";
SSH_PORT = lib.head config.services.openssh.ports;
OFFLINE_MODE = true;
PROTOCOL = "http+unix";
DOMAIN = config.networking.domain;
ROOT_URL = "https://git.vimium.com/";
};
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
log.ROOT_PATH = "${stateDir}/log";
ui = {
THEMES = "gitea,arc-green,github-dark,bthree-dark";
DEFAULT_THEME = "github-dark";
};
actions.ENABLED = true;
indexer = {
REPO_INDEXER_ENABLED = true;
};
packages.CHUNKED_UPLOAD_PATH = lib.mkForce "${stateDir}/data/tmp/package-upload";
};
};
};
}

43
modules/services/headscale/default.nix
View File

@ -1,43 +0,0 @@
{ config, lib, pkgs, inputs, ... }:
with lib;
let
cfg = config.modules.services.headscale;
in {
options.modules.services.headscale = {
enable = mkOption {
default = false;
example = true;
};
};
config = mkIf cfg.enable {
services.nginx.virtualHosts = {
"headscale.vimium.net" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
};
};
services.headscale = {
enable = true;
port = 8080;
settings = {
server_url = "https://headscale.vimium.net";
dns_config = {
base_domain = "vimium.net";
};
logtail.enabled = false;
};
};
environment.systemPackages = with pkgs; [
config.services.headscale.package
];
};
}

127
modules/services/matrix-synapse/default.nix
View File

@ -1,127 +0,0 @@
{ config, lib, pkgs, inputs, ... }:
with lib;
let
cfg = config.modules.services.matrix-synapse;
matrixClientConfig = {
"m.homeserver" = {
base_url = "https://matrix.vimium.com";
server_name = "vimium.com";
};
"m.identity_server" = {};
};
matrixServerConfig."m.server" = "matrix.vimium.com:443";
mkWellKnown = data: ''
more_set_headers 'Content-Type: application/json';
return 200 '${builtins.toJSON data}';
'';
in {
options.modules.services.matrix-synapse = {
enable = mkOption {
default = false;
example = true;
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [
8448 # Matrix federation
];
security.acme.certs = {
"matrix.vimium.com" = {
reloadServices = [ "matrix-synapse" ];
};
};
services.nginx.virtualHosts = {
"chat.vimium.com" = {
forceSSL = true;
enableACME = true;
root = pkgs.unstable.element-web.override {
conf = {
default_server_config = matrixClientConfig;
brand = "Vimium Chat";
branding = {
auth_header_logo_url = "https://vimium.com/images/logo.svg";
auth_footer_links = [
{ "text" = "Vimium.com"; "url" = "https://vimium.com"; }
];
};
};
};
};
"matrix.vimium.com" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
{
addr = "[::1]";
port = 443;
ssl = true;
}
{
addr = "[::1]";
port = 80;
}
{
addr = "[::1]";
port = 8448;
ssl = true;
}
];
locations = {
"/" = {
proxyPass = "http://localhost:8008";
extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
'';
};
"/_matrix" = {
proxyPass = "http://localhost:8008";
extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
client_max_body_size 50M;
'';
};
"/_synapse/client".proxyPass = "http://localhost:8008";
};
};
"vimium.com" = {
locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig);
locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig);
};
};
services.matrix-synapse = {
enable = true;
settings = {
database.name = "sqlite3";
enable_registration = false;
server_name = "vimium.com";
# turn_shared_secret = "???";
# turn_uris = [
# "turn:turn.vimium.com:5349?transport=udp"
# "turn:turn.vimium.com:5350?transport=udp"
# "turn:turn.vimium.com:5349?transport=tcp"
# "turn:turn.vimium.com:5350?transport=tcp"
# ];
};
};
};
}

157
modules/services/nginx/default.nix
View File

@ -1,157 +0,0 @@
{ config, lib, pkgs, inputs, ... }:
with lib;
let
cfg = config.modules.services.nginx;
nginxErrorPages = ''
location @error_pages {
rewrite ^.*$ /''${status}.html break;
root "/var/www/html/errors";
}
'';
nginxEdgeHeaders = ''
more_set_headers 'Server: Vimium';
more_set_headers 'Access-Control-Allow-Origin: *';
add_header Expect-CT max-age=30 always;
add_header Referrer-Policy strict-origin-when-cross-origin always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header Vimium-Responding-Instance $hostname;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff always;
'';
nginxStrictHeaders = ''
add_header X-Frame-Options SAMEORIGIN always;
add_header Permissions-Policy "fullscreen=(self), sync-xhr=(self)" always;
'';
mkRedirect = from: to: {
"${from}" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.${from}" ];
locations."/".return = "301 https://${to}$request_uri";
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
};
};
in {
options.modules.services.nginx = {
enable = mkOption {
default = false;
example = true;
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [
80 # HTTP
443 # HTTPS
];
services.nginx = {
enable = true;
package = pkgs.openresty;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
clientMaxBodySize = "2G";
sslProtocols = "TLSv1.2 TLSv1.3";
sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
appendHttpConfig = ''
error_page 400 @error_pages;
error_page 401 @error_pages;
error_page 403 @error_pages;
error_page 404 @error_pages;
error_page 405 @error_pages;
error_page 429 @error_pages;
error_page 500 @error_pages;
error_page 501 @error_pages;
error_page 502 @error_pages;
error_page 503 @error_pages;
error_page 504 @error_pages;
client_body_buffer_size 16k;
client_header_buffer_size 8k;
'';
appendConfig = ''
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 50000;
'';
eventsConfig = ''
worker_connections 20000;
multi_accept off;
'';
virtualHosts = {
## Static sites
"jellyfin.vimium.com" = {
forceSSL = true;
enableACME = true;
extraConfig = nginxErrorPages + nginxEdgeHeaders;
locations."/" = {
proxyPass = "http://localhost:8000";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
};
"pki.vimium.com" = {
addSSL = true;
forceSSL = false;
enableACME = true;
extraConfig = ''
${nginxErrorPages}
more_set_headers 'Server: Vimium';
'';
locations."/" = {
root = "/var/www/pki.vimium.com";
};
};
"suhailhussain.com" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.suhailhussain.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/" = {
root = "/var/www/suhailhussain.com";
};
};
"vimium.com" = {
default = true;
forceSSL = true;
enableACME = true;
serverAliases = [ "www.vimium.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders + ''
add_header Content-Security-Policy "default-src 'self' https://vimium.com https://www.vimium.com; style-src 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests" always;
'';
locations."/" = {
root = "/var/www/vimium.com";
};
};
}
## Redirects
// (mkRedirect "h0lt.com" "jdholt.com")
// (mkRedirect "jordanholt.xyz" "jdholt.com")
// (mkRedirect "jdholt.com" "vimium.com")
// (mkRedirect "omnimagic.com" "vimium.com")
// (mkRedirect "omnimagic.net" "vimium.com")
// (mkRedirect "thelostlegend.com" "suhailhussain.com")
// (mkRedirect "vimium.co" "vimium.com")
// (mkRedirect "vimium.co.uk" "vimium.com")
// (mkRedirect "vimium.info" "vimium.com")
// (mkRedirect "vimium.net" "vimium.com")
// (mkRedirect "vimium.org" "vimium.com")
// (mkRedirect "vimium.xyz" "vimium.com");
};
};
}

9
modules/shell/git/default.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.shell.git; let cfg = config.modules.shell.git;
in { in {
options.modules.shell.git = { options.modules.shell.git = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
home.programs.git = { home.programs.git = {
enable = true; enable = true;
aliases = { aliases = {

9
modules/shell/zsh/default.nix
View File

@ -1,15 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
with lib.my;
let cfg = config.modules.shell.zsh; let cfg = config.modules.shell.zsh;
in { in {
options.modules.shell.zsh = { options.modules.shell.zsh = {
enable = lib.mkOption { enable = mkBoolOpt false;
default = false;
example = true;
};
}; };
config = lib.mkIf cfg.enable { config = mkIf cfg.enable {
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
programs.zsh = { programs.zsh = {

2
overlays/gnome.nix
View File

@ -4,7 +4,7 @@ self: super:
mutter = gsuper.mutter.overrideAttrs (oldAttrs: { mutter = gsuper.mutter.overrideAttrs (oldAttrs: {
src = super.fetchurl { src = super.fetchurl {
url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-45/mutter-triple-buffering-v4-45.tar.gz"; url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-45/mutter-triple-buffering-v4-45.tar.gz";
sha256 = "tN+zQ5brk+hc+louIipqPV/Bqft42ghKOzjZZMj5Q8A="; sha256 = "E+AdsQdotqlH/kYskl+Fwv0i+UTK7mfdkJ+zlfLdU9o=";
}; };
}); });
}); });

10
secrets.nix Normal file
View File

@ -0,0 +1,10 @@
let
jordan = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS";
users = [ jordan ];
odyssey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJre8/cjdoUnbTu0x4ClTITcq4lq+FjpEyJBbLbOlox7";
systems = [ odyssey ];
in
{
"secrets/odyssey_borg_passphrase.age".publicKeys = [ jordan odyssey ];
}

BIN
secrets/odyssey_borg_passphrase.age Normal file
View File

Binary file not shown.