jordan/nix-config
1
1
Fork 0
Code Issues 14 Pull Requests Actions Projects 3 Wiki Activity

Compare commits

base: jordan:master
Branches Tags
jordan:master
jordan:hass
jordan:immich
jordan:zitadel
jordan:skycam
jordan:24.05
jordan:lunarvim
jordan:matrix
jordan:docs
jordan:vps1
jordan:wallpapers
jordan:fix-odyssey-nix-store
..
compare: jordan:wallpapers
Branches Tags
jordan:master
jordan:hass
jordan:immich
jordan:zitadel
jordan:skycam
jordan:24.05
jordan:lunarvim
jordan:matrix
jordan:docs
jordan:vps1
jordan:wallpapers
jordan:fix-odyssey-nix-store

1 Commits
master ... wallpapers

Author SHA1 Message Date
Jordan Holt
db6049f8ef
Wallpapers 2023-12-11 23:33:26 +00:00
155 changed files with 2223 additions and 7438 deletions
Show Stats Expand all files Collapse all files

15
.gitea/workflows/check.yml
View File

@ -1,15 +0,0 @@
name: Check flake
on:
push:
branches: ['master']
jobs:
build-amd64-linux:
runs-on: nix
steps:
- uses: actions/checkout@v4
with:
ref: master
- name: Check flake
run: |
echo "Checking flake at ${{ gitea.ref }}"
nix flake check

2
LICENSE
View File

@ -1,4 +1,4 @@
Copyright (C) 2025 by Jordan Holt <jordan@vimium.com>
Copyright (C) 2023 by Jordan Holt <jordan@vimium.com>
Permission to use, copy, modify, and/or distribute this software for any
purpose with or without fee is hereby granted.

52
README.md
View File

@ -6,49 +6,11 @@ System and user configuration for NixOS-based systems.
|-|-|
| **Shell:** | zsh |
| **DE:** | GNOME |
| **Theme:** | Adwaita |
| **Terminal:** | Ghostty |
| **Theme:** | adwaita |
| **Terminal:** | Console |
## Provisioning a new host
> [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) is the module used
> for provisioning
Generate a new SSH host key in "$temp/etc/ssh" as per [this guide](https://nix-community.github.io/nixos-anywhere/howtos/secrets.html#example-decrypting-an-openssh-host-key-with-pass).
```
ssh-keygen -t ed25519 -f /tmp/ssh_host_ed25519_key
```
Update [nix-secrets](/jordan/nix-secrets) with the new host key to enable the system to decrypt
any relevant secrets.
In order to use the borgmatic module for backups, go to [borgbase.com](https://borgbase.com).
Add the generated SSH host key and create a new repository for the system.
Create a new directory under `hosts/` with a system configuration and disk layout.
Boot the NixOS installer (or any Linux distribution) on the target.
Then run:
```
nix run github:nix-community/nixos-anywhere -- \
--disk-encryption-keys /tmp/secret.key /tmp/secret.key \
--extra-files "$temp" \
--flake .#<hostname> \
root@<target-ip>
```
### Post install
If backups are configured, you'll need to run:
```
borgmatic init --encryption repokey-blake2
```
then restart `borgmatic`.
To join the Tailscale network, run:
```
tailscale up --login-server https://headscale.vimium.net
```
then visit the URL, SSH onto `vps1` and run `headscale --user mesh nodes register --key <key>`.
The new node can optionally be given a friendly name with `headscale node rename -i <index> <hostname>`.
## Quick start
1. Copy SSH keypair and `known_hosts` to `~/.ssh`
1. Import GPG keys and set ultimate trust with `echo "KEYID:6:" | gpg --import-ownertrust`
1. `git clone git@git.vimium.com:jordan/nix-config.git projects/jordan/nix-config`
1. `sudo nixos-rebuild switch --flake .#`

1039
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

184
flake.nix
View File

@ -2,161 +2,69 @@
description = "NixOS system configuration";
inputs = {
nixpkgs.url = "nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
# nixpkgs-master.url = "nixpkgs";
nixpkgs.url = "nixpkgs/nixos-23.11";
agenix.url = "github:ryantm/agenix";
deploy-rs.url = "github:serokell/deploy-rs";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager/release-24.11";
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
firefox-gnome-theme = {
url = "github:rafaelmardojai/firefox-gnome-theme";
flake = false;
};
gitea-github-theme = {
url = "git+ssh://git@git.vimium.com/jordan/gitea-github-theme.git?ref=main";
flake = false;
};
impermanence.url = "github:nix-community/impermanence";
kvlibadwaita = {
url = "github:GabePoel/KvLibadwaita";
flake = false;
};
nixos-hardware.url = "github:NixOS/nixos-hardware";
nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
};
nixvim = {
url = "github:nix-community/nixvim/nixos-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
pre-commit-hooks = {
url = "github:cachix/git-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
secrets = {
url = "git+ssh://git@git.vimium.com/jordan/nix-secrets.git";
flake = false;
};
stylix.url = "github:danth/stylix/release-24.11";
thunderbird-gnome-theme = {
url = "github:rafaelmardojai/thunderbird-gnome-theme";
flake = false;
};
wallpapers = {
url = "git+ssh://git@git.vimium.com/jordan/wallpapers.git?shallow=1";
flake = false;
};
};
outputs =
inputs@{ self, nixpkgs, ... }:
outputs = inputs @ { self, nixpkgs, agenix, home-manager, ... }:
let
inherit (nixpkgs) lib;
domain = "mesh.vimium.net";
forEachSystem = lib.genAttrs [
"x86_64-linux"
"aarch64-linux"
nixpkgsForSystem = system: inputs.nixpkgs;
overlays = [
agenix.overlays.default
(import ./overlays/gnome.nix)
];
mkDeployNode = hostName: {
hostname = "${hostName}.${domain}";
profiles.system = {
user = "root";
path =
inputs.deploy-rs.lib.${
self.nixosConfigurations.${hostName}.config.system.build.toplevel.system
}.activate.nixos
self.nixosConfigurations.${hostName};
commonModules = [
agenix.nixosModules.age
home-manager.nixosModule
./modules
];
nixosSystem = system: name:
let
nixpkgs = nixpkgsForSystem system;
lib = (import nixpkgs { inherit overlays system; }).lib;
in
inputs.nixpkgs.lib.nixosSystem {
inherit lib system;
specialArgs = { modulesPath = toString (nixpkgs + "/nixos/modules"); inherit inputs; };
baseModules = import (nixpkgs + "/nixos/modules/module-list.nix");
modules = commonModules ++ [
({ config, ... }:
{
nixpkgs.pkgs = import nixpkgs {
inherit overlays system;
config.allowUnfree = true;
};
networking.hostName = name;
nix = {
extraOptions = "experimental-features = nix-command flakes";
};
})
./hosts/${name}
];
};
nixosConfigurations = {
atlas = nixosSystem "x86_64-linux" "atlas";
eos = nixosSystem "x86_64-linux" "eos";
helios = nixosSystem "x86_64-linux" "helios";
odyssey = nixosSystem "x86_64-linux" "odyssey";
};
in
{
overlays = lib.packagesFromDirectoryRecursive {
callPackage = path: overrides: import path;
directory = ./overlays;
};
legacyPackages = forEachSystem (
system:
lib.packagesFromDirectoryRecursive {
callPackage = nixpkgs.legacyPackages.${system}.callPackage;
directory = ./pkgs;
}
);
nixosConfigurations = lib.pipe ./hosts [
builtins.readDir
(lib.filterAttrs (name: value: value == "directory"))
(lib.mapAttrs (
name: value:
lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
{
networking = {
inherit domain;
hostName = name;
};
}
./hosts/${name}
];
}
))
];
checks =
builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib
// (forEachSystem (system: {
pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks = {
check-case-conflicts.enable = true;
check-executables-have-shebangs.enable = true;
check-merge-conflicts.enable = true;
deadnix = {
enable = true;
settings = {
noLambdaArg = true;
};
};
detect-private-keys.enable = true;
end-of-file-fixer.enable = true;
fix-byte-order-marker.enable = true;
mixed-line-endings.enable = true;
nixfmt-rfc-style.enable = true;
trim-trailing-whitespace.enable = true;
};
};
}));
formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
devShells = forEachSystem (system: {
default = nixpkgs.legacyPackages.${system}.mkShell {
inherit (self.checks.${system}.pre-commit-check) shellHook;
buildInputs = [
inputs.agenix.packages.${system}.agenix
inputs.deploy-rs.packages.${system}.deploy-rs
] ++ self.checks.${system}.pre-commit-check.enabledPackages;
};
});
deploy = {
magicRollback = true;
autoRollback = true;
sshUser = "root";
nodes = lib.genAttrs [
"mail"
# "pi"
# "skycam"
"vps1"
] mkDeployNode;
};
};
{ inherit nixosConfigurations; };
}

67
hosts/atlas/default.nix
View File

@ -1,4 +1,4 @@
{ ... }:
{ config, lib, pkgs, ... }:
{
imports = [
@ -6,32 +6,51 @@
../desktop.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
networking.hostName = "atlas";
networking.hostId = "8425e349";
networking.networkmanager.enable = true;
networking = {
hostId = "8425e349";
networkmanager.enable = true;
};
nix.package = pkgs.nixFlakes;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
virtualisation.virtualbox.host.enable = true;
users.extraGroups.vboxusers.members = [ "jordan" ];
modules = {
services = {
borgmatic = {
enable = true;
directories = [
"/home/jordan/Documents"
];
repoPath = "ssh://uzu2y5b1@uzu2y5b1.repo.borgbase.com/./repo";
};
};
};
users.defaultUserShell = pkgs.zsh;
system.stateVersion = "22.11";
modules = {
desktop = {
apps = {
qbittorrent.enable = true;
thunderbird.enable = true;
};
browsers = {
firefox.enable = true;
};
media.graphics = {
raster.enable = true;
vector.enable = true;
};
office.libreoffice.enable = true;
};
dev = {
node.enable = true;
};
editors = {
neovim.enable = true;
vscode.enable = true;
};
security = {
gpg.enable = true;
pass.enable = true;
};
shell = {
git.enable = true;
zsh.enable = true;
};
};
}

16
hosts/atlas/hardware-configuration.nix
View File

@ -1,9 +1,4 @@
{
config,
lib,
modulesPath,
...
}:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
@ -11,14 +6,7 @@
];
boot = {
initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
initrd.supportedFilesystems = [ "zfs" ];
kernelModules = [ "kvm-intel" ];

125
hosts/common.nix
View File

@ -1,125 +0,0 @@
{
inputs,
config,
pkgs,
...
}:
{
imports = [
inputs.agenix.nixosModules.age
inputs.home-manager.nixosModule
inputs.stylix.nixosModules.stylix
../modules/nixos
];
nixpkgs.overlays = [
inputs.agenix.overlays.default
(import ../overlays/default.nix)
(final: prev: {
unstable = import inputs.nixpkgs-unstable { system = final.system; };
})
];
time.timeZone = "Europe/London";
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_GB.UTF-8";
LC_IDENTIFICATION = "en_GB.UTF-8";
LC_MEASUREMENT = "en_GB.UTF-8";
LC_MONETARY = "en_GB.UTF-8";
LC_NAME = "en_GB.UTF-8";
LC_NUMERIC = "en_GB.UTF-8";
LC_PAPER = "en_GB.UTF-8";
LC_TELEPHONE = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
};
console.keyMap = "uk";
security.sudo.execWheelOnly = true;
services.openssh = {
enable = true;
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
services.journald.extraConfig = ''
SystemMaxUse=4G
MaxRetentionSec=90day
'';
users.defaultUserShell = pkgs.zsh;
programs.zsh = {
enable = true;
enableCompletion = false;
};
environment.pathsToLink = [ "/share/zsh" ];
nix = {
package = pkgs.nixVersions.stable;
extraOptions = ''
experimental-features = nix-command flakes
'';
buildMachines = [
{
hostName = "10.0.1.79";
sshUser = "root";
system = "aarch64-linux";
maxJobs = 6;
speedFactor = 1;
supportedFeatures = [
"big-parallel"
"benchmark"
];
}
];
distributedBuilds = true;
settings = {
connect-timeout = 5;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
fallback = true;
trusted-users = [ "@wheel" ];
auto-optimise-store = true;
substituters = [
"http://odyssey.mesh.vimium.net"
"https://cache.nixos.org"
];
trusted-public-keys = [
"odyssey.mesh.vimium.net:ZhQhjscPWjoN4rlZwoMELznEiBnZ9O26iyGA27ibilQ="
];
};
gc = {
automatic = true;
dates = "weekly";
options = "-d --delete-older-than 7d";
};
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
sharedModules = [
inputs.nixvim.homeManagerModules.nixvim
{
home.stateVersion = config.system.stateVersion;
}
];
extraSpecialArgs = {
inherit inputs;
};
};
environment.systemPackages = with pkgs; [
git
neovim
];
}

123
hosts/desktop.nix
View File

@ -1,21 +1,35 @@
{
pkgs,
...
}:
{ config, lib, pkgs, ... }:
{
imports = [
./common.nix
../users/jordan
];
time.timeZone = "Europe/London";
nixpkgs.overlays = [
(import ../overlays/gnome.nix)
];
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_GB.UTF-8";
LC_IDENTIFICATION = "en_GB.UTF-8";
LC_MEASUREMENT = "en_GB.UTF-8";
LC_MONETARY = "en_GB.UTF-8";
LC_NAME = "en_GB.UTF-8";
LC_NUMERIC = "en_GB.UTF-8";
LC_PAPER = "en_GB.UTF-8";
LC_TELEPHONE = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
};
console.keyMap = "uk";
services.printing.enable = true;
services.openssh.startWhenNeeded = true;
services.openssh = {
enable = true;
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
PermitRootLogin = "no";
};
startWhenNeeded = true;
};
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
@ -25,65 +39,34 @@
pulse.enable = true;
};
fileSystems."/mnt/library" = {
device = "library.mesh.vimium.net:/mnt/library";
fsType = "nfs";
options = [
"nfsvers=4.2"
"bg"
"soft"
"timeo=20"
"retry=5"
"nocto"
"ro"
"x-systemd.automount"
"x-systemd.requires=tailscaled.service"
"noauto"
];
};
system.autoUpgrade = {
enable = true;
flake = "git+ssh://git@git.vimium.com/jordan/nix-config.git";
randomizedDelaySec = "10min";
};
systemd.services.NetworkManager-wait-online.enable = false;
fonts.packages = with pkgs; [
noto-fonts
(nerdfonts.override {
fonts = [
"BigBlueTerminal"
"ComicShannsMono"
"Terminus"
"UbuntuMono"
];
})
];
modules = {
system.desktop.gnome.enable = true;
services.tailscale.enable = true;
};
environment.systemPackages = with pkgs; [
bind
bmon
fd
ffmpeg
iotop
# unstable.nix-du
# unstable.nix-melt
unstable.nix-tree
unstable.nix-visualize
ripgrep
rsync
tcpdump
tokei
tree
wl-clipboard
git
neovim
];
environment.sessionVariables.NIXOS_OZONE_WL = "1";
nix = {
settings = {
connect-timeout = 5;
log-lines = 25;
min-free = 128000000;
max-free = 1000000000;
fallback = true;
auto-optimise-store = true;
substituters = [
"http://odyssey.mesh.vimium.net"
"https://cache.nixos.org"
];
trusted-public-keys = [
"odyssey.mesh.vimium.net:ZhQhjscPWjoN4rlZwoMELznEiBnZ9O26iyGA27ibilQ="
];
};
gc = {
automatic = true;
dates = "weekly";
options = "-d --delete-older-than 7d";
};
};
modules.desktop.gnome.enable = true;
modules.networking.tailscale.enable = true;
}

52
hosts/eos/default.nix
View File

@ -1,4 +1,4 @@
{ ... }:
{ config, lib, pkgs, ... }:
{
imports = [
@ -6,17 +6,49 @@
../desktop.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
networking.hostName = "eos";
networking.hostId = "cc858347";
networking.networkmanager.enable = true;
networking = {
hostId = "cc858347";
networkmanager.enable = true;
};
nix.package = pkgs.nixFlakes;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
nix.settings.auto-optimise-store = true;
users.defaultUserShell = pkgs.zsh;
system.stateVersion = "22.11";
dconf.settings = {
"org/gnome/desktop/interface" = {
show-battery-percentage = true;
};
};
modules = {
desktop = {
apps.qbittorrent.enable = true;
browsers = {
firefox.enable = true;
};
};
dev = {
node.enable = true;
};
editors = {
neovim.enable = true;
};
security = {
gpg.enable = true;
pass.enable = true;
};
shell = {
git.enable = true;
zsh.enable = true;
};
};
}

22
hosts/eos/hardware-configuration.nix
View File

@ -1,9 +1,4 @@
{
config,
lib,
modulesPath,
...
}:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
@ -11,19 +6,12 @@
];
boot = {
initrd.availableKernelModules = [
"ehci_pci"
"ahci"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
initrd.kernelModules = [ ];
initrd.supportedFilesystems = [ "zfs" ];
kernel.sysctl = {
"kernel.nmi_watchdog" = 0;
"vm.laptop_mode" = 5;
};
kernelModules = [ ];
kernelParams = [ "elevator=none" ];
extraModulePackages = [ ];
supportedFilesystems = [ "zfs" ];
};

74
hosts/helios/default.nix
View File

@ -1,52 +1,48 @@
{
pkgs,
lib,
...
}:
{ config, lib, pkgs, ... }:
let
inherit (lib) mkForce;
in
{
imports = [
./hardware-configuration.nix
../desktop.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.zfsSupport = true;
boot = {
loader.grub = {
enable = true;
device = "/dev/sda";
zfsSupport = true;
};
};
networking.hostName = "helios";
networking.hostId = "47d23505";
networking.networkmanager.enable = true;
networking = {
hostId = "47d23505";
networkmanager.enable = true;
};
nix.package = pkgs.nixFlakes;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
environment.systemPackages = [
pkgs.moonlight-qt
];
modules = {
services = {
borgmatic = {
enable = true;
directories = [
"/home/jordan/Documents"
];
repoPath = "ssh://b9cjl9hq@b9cjl9hq.repo.borgbase.com/./repo";
};
};
system.desktop = {
gnome.enable = mkForce false;
hyprland.enable = true;
};
};
users.defaultUserShell = pkgs.zsh;
system.stateVersion = "22.11";
modules = {
desktop = {
apps.qbittorrent.enable = true;
browsers = {
firefox.enable = true;
};
};
dev = {
node.enable = true;
};
editors = {
neovim.enable = true;
};
security = {
gpg.enable = true;
pass.enable = true;
};
shell = {
git.enable = true;
zsh.enable = true;
};
};
}

17
hosts/helios/hardware-configuration.nix
View File

@ -1,9 +1,4 @@
{
config,
lib,
modulesPath,
...
}:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
@ -11,15 +6,7 @@
];
boot = {
initrd.availableKernelModules = [
"ehci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
"sr_mod"
"zfs"
];
initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" "zfs" ];
initrd.kernelModules = [ ];
initrd.supportedFilesystems = [ "zfs" ];
kernelModules = [ "kvm-intel" ];

101
hosts/hypnos/0001-Add-apple_set_os-EFI-boot-service.patch
View File

@ -1,101 +0,0 @@
From d310ddee0fb8e7a5a8b89668c6cb8f9dc863ce94 Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Sun, 28 Apr 2024 15:59:52 +0100
Subject: [PATCH] Add apple_set_os EFI boot service
---
drivers/firmware/efi/libstub/x86-stub.c | 59 +++++++++++++++++++++++++
include/linux/efi.h | 1 +
2 files changed, 60 insertions(+)
diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
index d5a8182cf..be722c43a 100644
--- a/drivers/firmware/efi/libstub/x86-stub.c
+++ b/drivers/firmware/efi/libstub/x86-stub.c
@@ -449,6 +449,63 @@ static void setup_graphics(struct boot_params *boot_params)
}
}
+typedef struct {
+ u64 version;
+ void (*set_os_version) (const char *os_version);
+ void (*set_os_vendor) (const char *os_vendor);
+} apple_set_os_interface_t;
+
+static efi_status_t apple_set_os()
+{
+ apple_set_os_interface_t *set_os;
+ efi_guid_t set_os_guid = APPLE_SET_OS_PROTOCOL_GUID;
+ efi_status_t status;
+ void **handles;
+ unsigned long i, nr_handles, size = 0;
+
+ status = efi_bs_call(locate_handle, EFI_LOCATE_BY_PROTOCOL,
+ &set_os_guid, NULL, &size, handles);
+
+ if (status == EFI_BUFFER_TOO_SMALL) {
+ status = efi_bs_call(allocate_pool, EFI_LOADER_DATA,
+ size, &handles);
+
+ if (status != EFI_SUCCESS)
+ return status;
+
+ status = efi_bs_call(locate_handle, EFI_LOCATE_BY_PROTOCOL,
+ &set_os_guid, NULL, &size, handles);
+ }
+
+ if (status != EFI_SUCCESS)
+ goto free_handle;
+
+ nr_handles = size / sizeof(void *);
+ for (i = 0; i < nr_handles; i++) {
+ void *h = handles[i];
+
+ status = efi_bs_call(handle_protocol, h,
+ &set_os_guid, &set_os);
+
+ if (status != EFI_SUCCESS || !set_os)
+ continue;
+
+ if (set_os->version > 0) {
+ efi_bs_call((unsigned long)set_os->set_os_version,
+ "Mac OS X 10.9");
+ }
+
+ if (set_os->version >= 2) {
+ efi_bs_call((unsigned long)set_os->set_os_vendor,
+ "Apple Inc.");
+ }
+ }
+
+free_handle:
+ efi_bs_call(free_pool, uga_handle);
+
+ return status;
+}
static void __noreturn efi_exit(efi_handle_t handle, efi_status_t status)
{
@@ -951,6 +1008,8 @@ void __noreturn efi_stub_entry(efi_handle_t handle,
setup_unaccepted_memory();
+ apple_set_os();
+
status = exit_boot(boot_params, handle);
if (status != EFI_SUCCESS) {
efi_err("exit_boot() failed!\n");
diff --git a/include/linux/efi.h b/include/linux/efi.h
index d59b0947f..81158014f 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -385,6 +385,7 @@ void efi_native_runtime_setup(void);
#define EFI_MEMORY_ATTRIBUTES_TABLE_GUID EFI_GUID(0xdcfa911d, 0x26eb, 0x469f, 0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20)
#define EFI_CONSOLE_OUT_DEVICE_GUID EFI_GUID(0xd3b36f2c, 0xd551, 0x11d4, 0x9a, 0x46, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d)
#define APPLE_PROPERTIES_PROTOCOL_GUID EFI_GUID(0x91bd12fe, 0xf6c3, 0x44fb, 0xa5, 0xb7, 0x51, 0x22, 0xab, 0x30, 0x3a, 0xe0)
+#define APPLE_SET_OS_PROTOCOL_GUID EFI_GUID(0xc5c5da95, 0x7d5c, 0x45e6, 0xb2, 0xf1, 0x3f, 0xd5, 0x2b, 0xb1, 0x00, 0x77)
#define EFI_TCG2_PROTOCOL_GUID EFI_GUID(0x607f766c, 0x7455, 0x42be, 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f)
#define EFI_TCG2_FINAL_EVENTS_TABLE_GUID EFI_GUID(0x1e2ed096, 0x30e2, 0x4254, 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25)
#define EFI_LOAD_FILE_PROTOCOL_GUID EFI_GUID(0x56ec3091, 0x954c, 0x11d2, 0x8e, 0x3f, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b)
--
2.42.0

35
hosts/hypnos/README.md
View File

@ -1,35 +0,0 @@
# Hypnos
## Overview
15-inch MacBook Pro 11,3 (Mid 2014).
## Specs
* CPU - Intel Core i7-4870HQ @ 2.50GHz
* Memory - 16 GB DDR3
* GPU - Intel Iris Pro 5200
* GPU - NVIDIA GeForce GT 750M
* NIC - Broadcom BCM43xx 802.11ac
### Disks
Device | Partitions _(filesystem, size, usage)_
--- | ---
Apple SSD SM0512F | `/dev/sda1` (EFI, 256 MiB, NixOS Boot) <br> `/dev/sda2` (ZFS, 500 GiB, NixOS Root)
#### ZFS pool layout
```
rpool/
├── local
│ ├── nix
│ └── tmp
├── system
│ ├── root
│ └── var
└── user
└── home
```
See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind these datasets.
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `hypnos.mesh.vimium.net`.

50
hosts/hypnos/default.nix
View File

@ -1,50 +0,0 @@
{
inputs,
lib,
pkgs,
...
}:
{
imports = [
inputs.disko.nixosModules.disko
./hardware-configuration.nix
./disko-config.nix
../desktop.nix
];
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
allowUnfree = true;
nvidia.acceptLicense = true;
};
};
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
networking.hostId = "cf791898";
# nvidia 470 driver doesn't work with Wayland
services = {
xserver = {
displayManager.gdm.wayland = lib.mkForce false;
videoDrivers = [ "nvidia" ];
};
displayManager = {
defaultSession = "gnome-xorg";
};
};
# Workaround for label rendering bug in GTK4 with nvidia 470 driver
environment.sessionVariables.GSK_RENDERER = "gl";
environment.systemPackages = [
pkgs.moonlight-qt
];
system.stateVersion = "22.11";
}

125
hosts/hypnos/disko-config.nix
View File

@ -1,125 +0,0 @@
{ ... }:
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/ata-APPLE_SSD_SM0512F_S1K5NYBF736152";
content = {
type = "gpt";
partitions = {
ESP = {
size = "256M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "rpool";
};
};
};
};
};
};
zpool = {
rpool = {
type = "zpool";
options = {
ashift = "12";
};
rootFsOptions = {
canmount = "off";
mountpoint = "none";
dnodesize = "auto";
xattr = "sa";
};
postCreateHook = "zfs snapshot rpool@blank";
datasets = {
local = {
type = "zfs_fs";
options = {
mountpoint = "none";
};
};
"local/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options = {
atime = "off";
mountpoint = "legacy";
};
};
"local/tmp" = {
type = "zfs_fs";
mountpoint = "/tmp";
options = {
setuid = "off";
devices = "off";
mountpoint = "legacy";
};
};
system = {
type = "zfs_fs";
mountpoint = "/";
options = {
mountpoint = "legacy";
};
};
"system/var" = {
type = "zfs_fs";
mountpoint = "/var";
options = {
mountpoint = "legacy";
};
};
"system/var/tmp" = {
type = "zfs_fs";
mountpoint = "/var/tmp";
options = {
devices = "off";
mountpoint = "legacy";
};
};
"system/var/log" = {
type = "zfs_fs";
mountpoint = "/var/log";
options = {
compression = "on";
acltype = "posix";
mountpoint = "legacy";
};
};
user = {
type = "zfs_fs";
options = {
mountpoint = "none";
encryption = "aes-256-gcm";
keyformat = "passphrase";
keylocation = "file:///tmp/secret.key";
};
# use this to read the key during boot
postCreateHook = ''
zfs set keylocation="prompt" "rpool/$name";
'';
};
"user/home" = {
type = "zfs_fs";
mountpoint = "/home";
options = {
setuid = "off";
devices = "off";
mountpoint = "legacy";
};
};
};
};
};
};
}

56
hosts/hypnos/hardware-configuration.nix
View File

@ -1,56 +0,0 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
kernel.sysctl = {
"kernel.nmi_watchdog" = 0;
"vm.laptop_mode" = 5;
};
kernelModules = [
"applesmc"
"kvm-intel"
"wl"
];
extraModulePackages = [
config.boot.kernelPackages.broadcom_sta
config.boot.kernelPackages.nvidiaPackages.legacy_470
];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
modesetting.enable = true;
powerManagement.enable = true;
};
graphics = {
enable = true;
extraPackages = with pkgs; [
libvdpau-va-gl
];
enable32Bit = true;
};
};
}

45
hosts/library/README.md
View File

@ -1,45 +0,0 @@
# Library
## Overview
Media and public file server.
## Specs
* CPU - AMD Ryzen 5 5600G @ 3.90GHz
* Chipset - AMD B550
* Memory - 64 GB DDR4
* Motherboard - ASRock B550M Pro4
* Case - Fractal Design Node 804
### Disks
Device | Partitions _(filesystem, size, usage)_
--- | ---
Samsung 980 Evo | `/dev/nvme0n1p1` (EFI, 512 MiB, NixOS Boot) <br> `/dev/nvme0n1p2` (ZFS `rpool`, 200 GiB, NixOS Root)
#### ZFS datasets
```
rpool/
├── local
│ ├── nix
│ └── tmp
├── system
│ ├── root
│ └── var
└── user
└── home
library/
├── books
├── fonts
├── movies
├── music
├── software
├── tv
├── videos
└── web
```
See [Graham Christensen's article](https://grahamc.com/blog/nixos-on-zfs/#datasets) for the motivation behind the `rpool` datasets.
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `library.mesh.vimium.net`.

198
hosts/library/default.nix
View File

@ -1,198 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
../server.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
zfs.extraPools = [ "library" ];
};
networking = {
hostId = "d24ae953";
hosts = {
"100.64.0.1" = [ "auth.vimium.com" ];
};
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
];
};
};
services.zfs = {
autoScrub = {
enable = true;
pools = [ "library" ];
};
autoSnapshot = {
enable = true;
flags = "-k -p --utc";
frequent = 0;
hourly = 0;
daily = 7;
monthly = 1;
};
};
services.nfs.server = {
enable = true;
};
services.grafana = {
enable = true;
settings = {
server = {
domain = "library.mesh.vimium.net";
http_addr = "0.0.0.0";
http_port = 3000;
};
};
};
services.prometheus = {
enable = true;
port = 9001;
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
port = 9002;
};
zfs = {
enable = true;
port = 9003;
};
};
scrapeConfigs = [
{
job_name = "node";
static_configs = [
{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
"127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}"
];
}
];
}
];
};
systemd.services.vps1-tunnel = {
enable = true;
description = "vps1.mesh.vimium.net SSH tunnel";
after = [
"network-online.target"
"jellyfin.service"
];
wants = [ "network-online.target" ];
serviceConfig = {
Type = "simple";
ExecStart = pkgs.lib.mkForce ''
${pkgs.openssh}/bin/ssh \
-NT \
-o ExitOnForwardFailure=yes \
-o ServerAliveInterval=60 \
-o TCPKeepAlive=no \
-i %h/.ssh/id_jellyfin \
-R localhost:8000:localhost:8000 \
jellyfin@vps1.mesh.vimium.net
'';
Restart = "always";
RestartSec = 20;
};
wantedBy = [ "default.target" ];
};
services.nginx =
let
proxyConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
in
{
enable = true;
package = pkgs.openresty;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
clientMaxBodySize = "2G";
virtualHosts = {
"library.mesh.vimium.net" = {
locations."/" = {
root = "/mnt/library";
extraConfig = ''
autoindex on;
'';
};
};
"jellyfin.vimium.com" = {
default = true;
listen = [
{
addr = "127.0.0.1";
port = 8000;
}
];
locations."/" = {
proxyPass = "http://localhost:8096";
extraConfig = proxyConfig;
};
locations."/metrics" = {
return = "404";
};
};
};
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
vaapiVdpau
];
};
users.users.jellyfin.extraGroups = [
"video"
"render"
];
services.jellyfin = {
enable = true;
package = pkgs.unstable.jellyfin;
cacheDir = "/var/cache/jellyfin";
dataDir = "/var/lib/jellyfin";
};
modules = {
podman.enable = true;
services = {
borgmatic = {
enable = true;
directories = [
config.services.jellyfin.dataDir
"/home/jordan"
];
repoPath = "ssh://b61758r4@b61758r4.repo.borgbase.com/./repo";
};
};
};
system.stateVersion = "22.11";
}

78
hosts/library/hardware-configuration.nix
View File

@ -1,78 +0,0 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"sd_mod"
];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "rpool/system/root";
fsType = "zfs";
};
fileSystems."/var" = {
device = "rpool/system/var";
fsType = "zfs";
};
fileSystems."/var/log" = {
device = "rpool/system/var/log";
fsType = "zfs";
};
fileSystems."/var/tmp" = {
device = "rpool/system/var/tmp";
fsType = "zfs";
};
fileSystems."/var/lib/containers/storage" = {
device = "rpool/system/var/lib-containers-storage";
fsType = "zfs";
};
fileSystems."/nix" = {
device = "rpool/local/nix";
fsType = "zfs";
};
fileSystems."/tmp" = {
device = "rpool/local/tmp";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/user/home";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/F697-F1C0";
fsType = "vfat";
};
swapDevices = [ ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

17
hosts/mail/README.md
View File

@ -1,17 +0,0 @@
# Mail server
## Overview
Mail server hosted in OVH.
## Specs
* CPU - ??
* Memory - ??
### Disks
Device | Partitions _(filesystem, usage)_
--- | ---
NVMe | `/dev/sda1` (ext4, NixOS Root)
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `mail.mesh.vimium.net`.

42
hosts/mail/default.nix
View File

@ -1,42 +0,0 @@
{
inputs,
...
}:
{
imports = [
inputs.disko.nixosModules.disko
./hardware-configuration.nix
./disko-config.nix
./mail.nix
../server.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
networking = {
hostId = "08ac2f14";
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
];
};
};
modules = {
services = {
borgmatic = {
enable = true;
directories = [
"/var/dkim"
"/var/lib"
"/var/vmail"
];
repoPath = "ssh://kg2mpt28@kg2mpt28.repo.borgbase.com/./repo";
};
};
};
system.stateVersion = "22.11";
}

55
hosts/mail/disko-config.nix
View File

@ -1,55 +0,0 @@
{ lib, ... }:
{
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "2M";
type = "EF02";
};
esp = {
name = "ESP";
size = "300M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

29
hosts/mail/hardware-configuration.nix
View File

@ -1,29 +0,0 @@
{
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
initrd = {
availableKernelModules = [
"ata_piix"
"uhci_hcd"
"xen_blkfront"
"vmw_pvscsi"
];
kernelModules = [ "nvme" ];
};
loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
tmp.cleanOnBoot = true;
};
zramSwap.enable = true;
}

74
hosts/mail/mail.nix
View File

@ -1,74 +0,0 @@
{
inputs,
config,
...
}:
let
domains = [
"h0lt.com"
"jdholt.com"
"jordanholt.xyz"
"vimium.co"
"vimium.com"
"vimium.co.uk"
"vimium.info"
"vimium.net"
"vimium.org"
"vimium.xyz"
];
in
{
imports = [
inputs.nixos-mailserver.nixosModule
];
age.secrets."passwords/users/jordan".file = "${inputs.secrets}/passwords/users/jordan.age";
services.roundcube = {
enable = true;
hostName = config.mailserver.fqdn;
extraConfig = ''
$config['smtp_server'] = "tls://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
plugins = [ "contextmenu" ];
};
services.nginx.enable = true;
networking.firewall.allowedTCPPorts = [
80
443
];
mailserver = {
enable = true;
fqdn = "mail.vimium.com";
domains = domains;
indexDir = "/var/lib/dovecot/indices";
certificateDomains = [
"imap.vimium.com"
"smtp.vimium.com"
];
certificateScheme = "acme-nginx";
fullTextSearch.enable = true;
loginAccounts = {
"jordan@vimium.com" = {
hashedPasswordFile = config.age.secrets."passwords/users/jordan".path;
catchAll = domains;
};
};
extraVirtualAliases = {
"hostmaster@vimium.com" = "jordan@vimium.com";
"postmaster@vimium.com" = "jordan@vimium.com";
"webmaster@vimium.com" = "jordan@vimium.com";
"abuse@vimium.com" = "jordan@vimium.com";
};
};
}

17
modules/nixos/hardware/presonus-studio/0001-Update-device-ID-for-PreSonus-1824c.patch → hosts/odyssey/0001-Update-device-ID-for-PreSonus-1824c.patch
View File

@ -15,16 +15,16 @@ index ab5fed9f55b6..da50a4782414 100644
--- a/sound/usb/format.c
+++ b/sound/usb/format.c
@@ -378,8 +378,8 @@ static int parse_uac2_sample_rate_range(struct snd_usb_audio *chip,
for (rate = min; rate <= max; rate += res) {
- /* Filter out invalid rates on Presonus Studio 1810c */
- if (chip->usb_id == USB_ID(0x194f, 0x010c) &&
+ /* Filter out invalid rates on Presonus Studio 1824c */
+ if (chip->usb_id == USB_ID(0x194f, 0x010d) &&
!s1810c_valid_sample_rate(fp, rate))
goto skip_rate;
diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c
index 898bc3baca7b..c3135459c38c 100644
--- a/sound/usb/mixer_quirks.c
@ -32,7 +32,7 @@ index 898bc3baca7b..c3135459c38c 100644
@@ -3445,7 +3445,7 @@ int snd_usb_mixer_apply_create_quirk(struct usb_mixer_interface *mixer)
err = snd_rme_controls_create(mixer);
break;
- case USB_ID(0x194f, 0x010c): /* Presonus Studio 1810c */
+ case USB_ID(0x194f, 0x010d): /* Presonus Studio 1824c */
err = snd_sc1810_init_mixer(mixer);
@ -44,7 +44,7 @@ index fac4bbc6b275..5bc2e66d452c 100644
+++ b/sound/usb/mixer_s1810c.c
@@ -552,7 +552,7 @@ int snd_sc1810_init_mixer(struct usb_mixer_interface *mixer)
return 0;
dev_info(&dev->dev,
- "Presonus Studio 1810c, device_setup: %u\n", chip->setup);
+ "Presonus Studio 1824c, device_setup: %u\n", chip->setup);
@ -64,7 +64,8 @@ index ab2b938502eb..b86832edaaa0 100644
+ /* presonus studio 1824c: skip altsets incompatible with device_setup */
+ if (chip->usb_id == USB_ID(0x194f, 0x010d))
return s1810c_skip_setting_quirk(chip, iface, altno);
--
--
2.42.0

8
hosts/odyssey/README.md
View File

@ -4,10 +4,10 @@
Primary workstation.
## Specs
* CPU - AMD Ryzen 9 9950X3D @ 4.30GHz
* Chipset - AMD X870E
* Memory - 96 GB DDR5
* Motherboard - ASUS ProArt X870E-Creator WiFi
* CPU - Intel Core i7-5930K @ 4.10GHz
* Chipset - Intel X99
* Memory - 64 GB DDR4
* Motherboard - ASUS X99-A
* GPU - NVIDIA RTX 3090
* Case - Thermaltake A500

45
hosts/odyssey/audio.nix Normal file
View File

@ -0,0 +1,45 @@
{ config, pkgs, ... }:
let
snd-usb-audio-module = pkgs.callPackage ./snd-usb-audio.nix {
kernel = config.boot.kernelPackages.kernel;
};
upmixConfig = ''
stream.properties = {
channelmix.upmix = true
channelmix.upmix-method = psd
}
'';
in {
boot.extraModulePackages = [
(snd-usb-audio-module.overrideAttrs (_: {
patches = [ ./0001-Update-device-ID-for-PreSonus-1824c.patch ];
}))
];
environment.etc = {
"pipewire/pipewire.conf.d/surround.conf".text = ''
context.modules = [
{
name = libpipewire-module-loopback
args = {
node.description = "Genelec 4.1 Surround"
capture.props = {
node.name = "Genelec_Speakers"
media.class = "Audio/Sink"
audio.position = [ FL FR SL SR LFE ]
}
playback.props = {
node.name = "playback.Genelec_Speakers"
audio.position = [ AUX0 AUX1 AUX3 AUX4 AUX5 ]
target.object = "alsa_output.usb-PreSonus_Studio_1824c_SC4E21110775-00.multichannel-output"
stream.dont-remix = true
node.passive = true
}
}
}
]
'';
"pipewire/pipewire-pulse.conf.d/40-upmix.conf".text = upmixConfig;
"pipewire/client-rt.conf.d/40-upmix.conf".text = upmixConfig;
};
}

165
hosts/odyssey/default.nix
View File

@ -1,76 +1,115 @@
{
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./gitea-runner.nix
./nix-serve.nix
./audio.nix
../desktop.nix
];
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
allowUnfree = true;
nvidia.acceptLicense = true;
};
};
boot.loader = {
systemd-boot = {
enable = true;
graceful = true;
netbootxyz.enable = true;
};
efi.canTouchEfiVariables = true;
};
networking = {
hostId = "c5e68d78";
networkmanager.enable = true;
firewall.trustedInterfaces = [
"lxdbr0"
"virbr0"
]; # Work around https://github.com/NixOS/nixpkgs/issues/263359
};
virtualisation = {
libvirtd.enable = true;
lxd.enable = true;
};
services.sunshine = {
boot.loader.systemd-boot = {
enable = true;
package = pkgs.unstable.sunshine;
capSysAdmin = true;
graceful = true;
netbootxyz.enable = true;
};
boot.loader.efi.canTouchEfiVariables = true;
modules = {
hardware.presonus-studio.enable = true;
services = {
borgmatic = {
enable = true;
directories = [
"/home/jordan/Documents"
"/home/jordan/Downloads"
"/home/jordan/Music"
"/home/jordan/Pictures"
"/home/jordan/projects"
"/home/jordan/Videos"
"/home/jordan/.mozilla"
];
repoPath = "ssh://iqwu22oq@iqwu22oq.repo.borgbase.com/./repo";
};
};
system.desktop = {
gnome.enable = lib.mkForce false;
hyprland.enable = true;
};
};
networking.hostName = "odyssey";
networking.hostId = "c5e68d78";
networking.networkmanager.enable = true;
nix.package = pkgs.nixFlakes;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
virtualisation.libvirtd.enable = true;
virtualisation.lxd.enable = true;
users.defaultUserShell = pkgs.zsh;
system.stateVersion = "22.11";
services.journald.extraConfig = ''
SystemMaxUse=4G
MaxRetentionSec=90day
'';
services.nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"odyssey.mesh.vimium.net" = {
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
age.secrets."odyssey_borg_passphrase" = {
file = ../../secrets/odyssey_borg_passphrase.age;
};
services.borgmatic = {
enable = true;
settings = {
location = {
source_directories = [
"/home/jordan/Documents"
];
repositories = [
"ssh://iqwu22oq@iqwu22oq.repo.borgbase.com/./repo"
];
};
storage = {
encryption_passcommand = "cat ${config.age.secrets.odyssey_borg_passphrase.path}";
ssh_command = "ssh -i /etc/ssh/ssh_host_ed25519_key";
};
retention = {
keep_daily = 7;
keep_weekly = 4;
keep_monthly = 6;
};
};
};
# Without this override, `cat` is unavailable for `encryption_passcommand`
systemd.services.borgmatic.confinement.fullUnit = true;
modules = {
desktop = {
apps.qbittorrent.enable = true;
browsers = {
firefox.enable = true;
};
media.graphics = {
modeling.enable = true;
raster.enable = true;
vector.enable = true;
};
media.recording = {
audio.enable = true;
video.enable = true;
};
};
dev = {
node.enable = true;
};
editors = {
neovim.enable = true;
vscode.enable = true;
};
security = {
gpg.enable = true;
pass.enable = true;
};
shell = {
git.enable = true;
zsh.enable = true;
};
};
}

228
hosts/odyssey/gitea-runner.nix
View File

@ -1,228 +0,0 @@
{
inputs,
pkgs,
config,
...
}:
# Based on: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
let
hostname = config.networking.hostName;
giteaUrl = "https://git.vimium.com";
storeDepsBins = with pkgs; [
coreutils
findutils
gnugrep
gawk
git
nix
nix-update
bash
jq
nodejs
];
storeDeps = pkgs.runCommand "store-deps" { } ''
mkdir -p $out/bin
for dir in ${toString storeDepsBins}; do
for bin in "$dir"/bin/*; do
ln -s "$bin" "$out/bin/$(basename "$bin")"
done
done
# Add SSL CA certs
mkdir -p $out/etc/ssl/certs
cp -a "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" $out/etc/ssl/certs/ca-bundle.crt
'';
in
{
modules.podman.enable = true;
systemd.services = {
gitea-runner-nix-image = {
wantedBy = [ "multi-user.target" ];
after = [ "podman.service" ];
requires = [ "podman.service" ];
path = [
config.virtualisation.podman.package
pkgs.gnutar
pkgs.shadow
pkgs.getent
];
script = ''
set -eux -o pipefail
mkdir -p etc/nix
# Create an unpriveleged user that we can use also without the run-as-user.sh script
touch etc/passwd etc/group
groupid=$(cut -d: -f3 < <(getent group nix-ci-user))
userid=$(cut -d: -f3 < <(getent passwd nix-ci-user))
groupadd --prefix $(pwd) --gid "$groupid" nix-ci-user
emptypassword='$6$1ero.LwbisiU.h3D$GGmnmECbPotJoPQ5eoSTD6tTjKnSWZcjHoVTkxFLZP17W9hRi/XkmCiAMOfWruUwy8gMjINrBMNODc7cYEo4K.'
useradd --prefix $(pwd) -p "$emptypassword" -m -d /tmp -u "$userid" -g "$groupid" -G nix-ci-user nix-ci-user
cat <<NIX_CONFIG > etc/nix/nix.conf
accept-flake-config = true
experimental-features = nix-command flakes
NIX_CONFIG
cat <<NSSWITCH > etc/nsswitch.conf
passwd: files mymachines systemd
group: files mymachines systemd
shadow: files
hosts: files mymachines dns myhostname
networks: files
ethers: files
services: files
protocols: files
rpc: files
NSSWITCH
# list the content as it will be imported into the container
tar -cv . | tar -tvf -
tar -cv . | podman import - gitea-runner-nix
'';
serviceConfig = {
RuntimeDirectory = "gitea-runner-nix-image";
WorkingDirectory = "/run/gitea-runner-nix-image";
Type = "oneshot";
RemainAfterExit = true;
};
};
gitea-runner-nix = {
after = [ "gitea-runner-nix-image.service" ];
requires = [ "gitea-runner-nix-image.service" ];
serviceConfig = {
# Hardening (may overlap with DynamicUser=)
# The following options are only for optimizing output of systemd-analyze
AmbientCapabilities = "";
CapabilityBoundingSet = "";
# ProtectClock= adds DeviceAllow=char-rtc r
DeviceAllow = "";
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
UMask = "0066";
ProtectProc = "invisible";
SystemCallFilter = [
"~@clock"
"~@cpu-emulation"
"~@module"
"~@mount"
"~@obsolete"
"~@raw-io"
"~@reboot"
"~@swap"
# needed by go?
#"~@resources"
"~@privileged"
"~capset"
"~setdomainname"
"~sethostname"
];
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
"AF_NETLINK"
];
# Needs network access
PrivateNetwork = false;
# Cannot be true due to Node
MemoryDenyWriteExecute = false;
# The more restrictive "pid" option makes `nix` commands in CI emit
# "GC Warning: Couldn't read /proc/stat"
# You may want to set this to "pid" if not using `nix` commands
ProcSubset = "all";
# Coverage programs for compiled code such as `cargo-tarpaulin` disable
# ASLR (address space layout randomization) which requires the
# `personality` syscall
# You may want to set this to `true` if not using coverage tooling on
# compiled code
LockPersonality = false;
# Note that this has some interactions with the User setting; so you may
# want to consult the systemd docs if using both.
DynamicUser = true;
};
};
};
users.users.nix-ci-user = {
group = "nix-ci-user";
description = "Used for running nix-based CI jobs";
home = "/var/empty";
isSystemUser = true;
};
users.groups.nix-ci-user = { };
age.secrets."files/services/gitea-runner/${hostname}-token" = {
file = "${inputs.secrets}/files/services/gitea-runner/${hostname}-token.age";
group = "podman";
};
services.gitea-actions-runner.instances = {
act = {
enable = true;
url = giteaUrl;
name = "act-runner-${hostname}";
tokenFile = config.age.secrets."files/services/gitea-runner/${hostname}-token".path;
settings = {
cache.enabled = true;
runner.capacity = 4;
};
labels = [
"debian-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
"ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
];
};
nix = {
enable = true;
url = giteaUrl;
name = "nix-runner-${hostname}";
tokenFile = config.age.secrets."files/services/gitea-runner/${hostname}-token".path;
settings = {
cache.enabled = true;
container = {
options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nix-ci-user";
network = "host";
valid_volumes = [
"/nix"
"${storeDeps}/bin"
"${storeDeps}/etc/ssl"
];
};
runner.capacity = 4;
};
labels = [
"nix:docker://gitea-runner-nix"
];
};
};
}

36
hosts/odyssey/hardware-configuration.nix
View File

@ -1,10 +1,4 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
@ -12,39 +6,23 @@
];
boot = {
initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
initrd.supportedFilesystems = [ "zfs" ];
kernelModules = [ "kvm-amd" ];
kernelPackages = pkgs.linuxPackages_6_12;
kernelModules = [ "kvm-intel" ];
kernelPackages = pkgs.linuxPackages;
supportedFilesystems = [ "ntfs" ];
binfmt.emulatedSystems = [ "aarch64-linux" ];
};
hardware = {
bluetooth = {
enable = true;
powerOnBoot = true;
};
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nvidia = {
modesetting.enable = true;
open = true;
package = config.boot.kernelPackages.nvidiaPackages.beta;
powerManagement.enable = true;
nvidiaSettings = false;
};
};
powerManagement.cpuFreqGovernor = "schedutil";
services.xserver.videoDrivers = [ "nvidia" ];
fileSystems."/" = {
@ -86,9 +64,5 @@
networking.useDHCP = lib.mkDefault true;
environment.systemPackages = [
pkgs.apfs-fuse
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

22
hosts/odyssey/nix-serve.nix
View File

@ -1,22 +0,0 @@
{
config,
...
}:
{
services.nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"odyssey.mesh.vimium.net" = {
locations."/".proxyPass =
"http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
}

14
modules/nixos/hardware/presonus-studio/snd-usb-audio.nix → hosts/odyssey/snd-usb-audio.nix
View File

@ -1,17 +1,8 @@
{
pkgs,
lib,
kernel ? pkgs.linuxPackages_latest.kernel,
}:
{ pkgs, lib, kernel ? pkgs.linuxPackages_latest.kernel }:
pkgs.stdenv.mkDerivation {
pname = "snd-usb-audio";
inherit (kernel)
src
version
postPatch
nativeBuildInputs
;
inherit (kernel) src version postPatch nativeBuildInputs;
kernel_dev = kernel.dev;
kernelVersion = kernel.modDirVersion;
@ -42,3 +33,4 @@ pkgs.stdenv.mkDerivation {
license = lib.licenses.gpl2;
};
}

25
hosts/pi/README.md
View File

@ -1,25 +0,0 @@
# Pi
## Overview
Raspberry Pi 4
## Specs
* SoC - Broadcom BCM2711
* CPU - ARM Cortex-A72 @ 1.8 GHz
* Memory - 8 GB LPDDR4
### Disks
Device | Partitions _(filesystem, usage)_
--- | ---
SD card | `/dev/mmcblk0` (ext4, NixOS Root)
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `pi.mesh.vimium.net`.
## Devices and connections
- SONOFF Zigbee 3.0 USB Dongle Plus (connected to USB 2.0 port to avoid [interference](https://www.unit3compliance.co.uk/2-4ghz-intra-system-or-self-platform-interference-demonstration/))
- HDMI to ONKYO HT-R990
- S/PDIF to ONKYO HT-R990
- Ethernet to ONKYO HT-R990

148
hosts/pi/default.nix
View File

@ -1,148 +0,0 @@
{
inputs,
pkgs,
...
}:
{
imports = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4
./hardware-configuration.nix
./home-assistant
../server.nix
];
nixpkgs.hostPlatform = "aarch64-linux";
hardware = {
raspberry-pi."4" = {
apply-overlays-dtmerge.enable = true;
audio.enable = false;
fkms-3d.enable = false;
xhci.enable = false;
};
deviceTree = {
enable = true;
filter = "*rpi-4-*.dtb";
overlays = [
{
name = "audio-off-overlay";
dtsText = ''
/dts-v1/;
/plugin/;
/ {
compatible = "brcm,bcm2711";
fragment@0 {
target = <&vchiq>;
__overlay__ {
status = "disabled";
};
};
};
'';
}
{
# Adapted from: https://github.com/raspberrypi/linux/blob/rpi-6.1.y/arch/arm/boot/dts/overlays/hifiberry-digi-pro-overlay.dts
# changes:
# - modified top-level "compatible" field from bcm2835 to bcm2711
# - s/i2s_clk_consumer/i2s/ (name on bcm2711 platform)
name = "hifiberry-digi-pro";
dtsText = ''
/dts-v1/;
/plugin/;
/ {
compatible = "brcm,bcm2711";
fragment@0 {
target = <&i2s>;
__overlay__ {
status = "okay";
};
};
fragment@1 {
target = <&i2c1>;
__overlay__ {
#address-cells = <1>;
#size-cells = <0>;
status = "okay";
wm8804@3b {
#sound-dai-cells = <0>;
compatible = "wlf,wm8804";
reg = <0x3b>;
PVDD-supply = <&vdd_3v3_reg>;
DVDD-supply = <&vdd_3v3_reg>;
status = "okay";
};
};
};
fragment@2 {
target = <&sound>;
__overlay__ {
compatible = "hifiberry,hifiberry-digi";
i2s-controller = <&i2s>;
status = "okay";
clock44-gpio = <&gpio 5 0>;
clock48-gpio = <&gpio 6 0>;
};
};
};
'';
}
];
};
firmware = with pkgs; [
firmwareLinuxNonfree
wireless-regdb
];
};
networking.hostId = "731d1660";
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
modules = {
system = {
wireless = {
enable = true;
interfaces = [ "wlan0" ];
};
};
services = {
borgmatic = {
enable = true;
repoPath = "ssh://qcw86s11@qcw86s11.repo.borgbase.com/./repo";
};
};
};
# Connection to ONKYO HT-R990
networking.interfaces.end0 = {
ipv4.addresses = [
{
address = "172.16.0.1";
prefixLength = 30;
}
];
};
environment.systemPackages = with pkgs; [
python311Packages.onkyo-eiscp
libraspberrypi
raspberrypi-eeprom
];
system.stateVersion = "22.11";
}

98
hosts/pi/hardware-configuration.nix
View File

@ -1,98 +0,0 @@
{
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
];
boot = {
kernelPackages =
let
version = "6.1.73";
tag = "stable_20240124";
srcHash = "sha256-P4ExzxWqZj+9FZr9U2tmh7rfs/3+iHEv0m74PCoXVuM=";
in
pkgs.linuxPackagesFor (
pkgs.linux_rpi4.override {
argsOverride = {
src = pkgs.fetchFromGitHub {
owner = "raspberrypi";
repo = "linux";
rev = tag;
hash = srcHash;
};
version = version;
modDirVersion = version;
structuredExtraConfig = { };
kernelPatches = [
{
name = "drm-rp1-depends-on-instead-of-select-MFD_RP1.patch";
patch = pkgs.fetchpatch {
url = "https://github.com/peat-psuwit/rpi-linux/commit/6de0bb51929cd3ad4fa27b2a421a2af12e6468f5.patch";
hash = "sha256-9pHcbgWTiztu48SBaLPVroUnxnXMKeCGt5vEo9V8WGw=";
};
}
{
name = "iommu-bcm2712-don-t-allow-building-as-module.patch";
patch = pkgs.fetchpatch {
url = "https://github.com/peat-psuwit/rpi-linux/commit/693a5e69bddbcbe1d1b796ebc7581c3597685b1b.patch";
hash = "sha256-8BYYQDM5By8cTk48ASYKJhGVQnZBIK4PXtV70UtfS+A=";
};
}
];
};
}
);
# Stop ZFS kernel being built
supportedFilesystems = lib.mkForce [
"btrfs"
"cifs"
"f2fs"
"jfs"
"ntfs"
"reiserfs"
"vfat"
"xfs"
];
tmp.cleanOnBoot = true;
};
# Fix missing modules
# https://github.com/NixOS/nixpkgs/issues/154163
nixpkgs.overlays = [
(final: prev: {
makeModulesClosure = x: prev.makeModulesClosure (x // { allowMissing = true; });
})
(final: prev: {
raspberrypifw =
let
version = "1.20240529";
srcHash = "sha256-KsCo7ZG6vKstxRyFljZtbQvnDSqiAPdUza32xTY/tlA=";
in
pkgs.raspberrypifw.override {
argsOverride = {
src = prev.fetchFromGitHub {
owner = "raspberrypi";
repo = "firmware";
rev = "${version}";
hash = srcHash;
};
};
};
})
];
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
};
};
}

297
hosts/pi/home-assistant/default.nix
View File

@ -1,297 +0,0 @@
{
inputs,
config,
pkgs,
...
}:
{
imports = [
./floorplan/default.nix
./mqtt.nix
];
age.secrets."files/services/home-assistant/secrets.yaml" = {
file = "${inputs.secrets}/files/services/home-assistant/secrets.yaml.age";
path = "${config.services.home-assistant.configDir}/secrets.yaml";
owner = "hass";
group = "hass";
};
services.home-assistant = {
enable = true;
config = {
automation = "!include automations.yaml";
backup = { };
binary_sensor = [ ];
default_config = { };
http = {
server_host = "::1";
trusted_proxies = [ "::1" ];
use_x_forwarded_for = true;
};
ffmpeg = { };
homeassistant = {
name = "Home";
latitude = "!secret latitude";
longitude = "!secret longitude";
country = "GB";
temperature_unit = "C";
time_zone = config.time.timeZone;
unit_system = "metric";
auth_providers = [
{
type = "trusted_networks";
trusted_networks = [
"100.64.0.0/10"
"127.0.0.1"
];
allow_bypass_login = true;
}
{
type = "homeassistant";
}
];
};
logger = {
default = "info";
logs = { };
};
lovelace = {
mode = "yaml";
};
media_player = [ ];
mobile_app = { };
onkyo = { };
open_meteo = { };
recorder = {
purge_keep_days = 365;
};
scene = "!include scenes.yaml";
script = "!include scripts.yaml";
sensor = [ ];
system_health = { };
zeroconf = { };
};
extraComponents = [
"air_quality"
"airly"
"alert"
"api"
"application_credentials"
"asuswrt"
"auth"
"automation"
"bayesian"
"binary_sensor"
# "blackbird"
"blueprint"
"bluetooth_adapters"
"bluetooth_le_tracker"
"button"
"calendar"
"camera"
"cast"
"cert_expiry"
"climate"
"co2signal"
"color_extractor"
"command_line"
"compensation"
"configurator"
"counter"
"cover"
"cpuspeed"
"default_config"
"demo"
"derivative"
"device_automation"
"device_sun_light_trigger"
"device_tracker"
"dlna_dmr"
"dlna_dms"
"dnsip"
"esphome"
"fail2ban"
"fan"
"feedreader"
"ffmpeg"
"file"
"file_upload"
"filesize"
"folder"
"folder_watcher"
"forecast_solar"
"frontend"
"gdacs"
"generic"
"generic_hygrostat"
"generic_thermostat"
"geo_json_events"
"geo_location"
"geo_rss_events"
"github"
"group"
"hardware"
"hdmi_cec"
"history_stats"
"homeassistant"
"homekit"
"homekit_controller"
"html5"
"http"
"humidifier"
"icloud"
"image_processing"
"input_boolean"
"input_button"
"input_datetime"
"input_number"
"input_select"
"input_text"
"integration"
"ios"
"jellyfin"
"light"
"local_calendar"
"local_file"
"local_ip"
"local_todo"
"lock"
"logentries"
"logger"
"lovelace"
"manual"
"manual_mqtt"
"matter"
"media_player"
"min_max"
"mjpeg"
"modern_forms"
"mold_indicator"
"moon"
"mysensors"
"network"
"nmap_tracker"
"notify"
"number"
"onboarding"
"onkyo"
"panel_custom"
"persistent_notification"
"person"
"ping"
"plant"
"prometheus"
"proximity"
"push"
"proximity"
"python_script"
"radio_browser"
"random"
"recorder"
"remote"
"repairs"
"rest"
"rest_command"
"rss_feed_template"
"scene"
"schedule"
"scrape"
"script"
"search"
"season"
"select"
"sense"
"sensor"
"sensorpush"
"shell_command"
"shopping_list"
"siren"
"smtp"
"snmp"
"sql"
"statistics"
"sun"
"switch"
"switch_as_x"
"system_health"
"system_log"
"systemmonitor"
"tag"
"tailscale"
"tcp"
"template"
"text"
"thread"
"threshold"
"time_date"
"timer"
"tod"
"todo"
"tomorrowio"
"trend"
"universal"
"upb"
"update"
"upnp"
"uptime"
"utility_meter"
"vacuum"
"vlc"
"vlc_telnet"
"wake_on_lan"
"water_heater"
"weather"
"websocket_api"
"wled"
"workday"
"worldclock"
"zone"
];
extraPackages =
python3Packages: with python3Packages; [
onkyo-eiscp
zeroconf
];
customComponents = with pkgs; [
home-assistant-browser-mod
];
customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
bubble-card
button-card
card-mod
light-entity-card
mini-graph-card
mini-media-player
mushroom
sankey-chart
universal-remote-card
];
lovelaceConfigWritable = true;
};
modules.services.borgmatic.directories = [
config.services.home-assistant.configDir
];
services.nginx = {
enable = true;
virtualHosts."home.mesh.vimium.net" = {
forceSSL = false;
extraConfig = ''
proxy_buffering off;
'';
locations."/" = {
proxyPass = "http://[::1]:8123";
proxyWebsockets = true;
};
};
};
}

87
hosts/pi/home-assistant/floorplan/default.nix
View File

@ -1,87 +0,0 @@
{
pkgs,
...
}:
{
services.home-assistant = {
customLovelaceModules = [
pkgs.lovelace-floorplan
];
};
environment.etc."home-assistant/www/floorplan/style.css".source = ./style.css;
environment.etc."home-assistant/www/floorplan/config.yaml".text = builtins.toJSON {
image = {
location = "/local/floorplan/beetham.svg";
cache = false;
};
stylesheet = {
location = "/local/floorplan/style.css";
cache = false;
};
defaults = {
hover_action = "hover-info";
hold_action = "toggle";
tap_action = "more-info";
};
rules = [
{
name = "Rooms";
entities = [
{
entity = "light.bedroom_lamps";
element = "area.bedroom";
}
{
entity = "light.hallway_spots";
element = "area.hallway";
}
{
entity = "light.living_room_lamps";
element = "area.livingroom";
}
{
entity = "light.office_lamps";
element = "area.office";
}
];
tap_action = "light.toggle";
state_action = {
service = "floorplan.class_set";
service_data = ''
if (entity.state === "on") {
return "light-on";
}
return "light-off";
'';
};
}
{
name = "Temperature";
entities = [
"sensor.motion_sensor_temperature"
];
state_action = [
{
service = "floorplan.text_set";
service_data = ''
if (!isNaN(entity.state)) {
return Math.round(entity.state * 10) / 10 + "°";
}
return "Unknown";
'';
}
{
service = "floorplan.class_set";
service_data = {
class = "static-temp";
};
}
];
}
];
};
}

27
hosts/pi/home-assistant/floorplan/style.css
View File

@ -1,27 +0,0 @@
#floorplan {
padding: 10px;
}
svg, svg * {
vector-effect: non-scaling-stroke !important;
pointer-events: all !important;
}
path[id*="area."].light-on {
opacity: 0 !important;
}
path[id*="area."] {
opacity: 0.5 !important;
transition: opacity .25s;
-moz-transition: opacity .25s;
-webkit-transition: opacity .25s;
}
svg tspan {
fill: var(--primary-text-color);
}
.static-temp, .static-temp tspan {
fill: #ffffff;
}

87
hosts/pi/home-assistant/mqtt.nix
View File

@ -1,87 +0,0 @@
{
inputs,
config,
lib,
pkgs,
...
}:
{
services.mosquitto = {
enable = true;
listeners = [
{
acl = [ "pattern readwrite #" ];
omitPasswordAuth = true;
port = 1883;
settings = {
allow_anonymous = true;
};
}
];
};
age.secrets."files/services/zigbee2mqtt/secret.yaml" = {
file = "${inputs.secrets}/files/services/zigbee2mqtt/secret.yaml.age";
path = "${config.services.zigbee2mqtt.dataDir}/secret.yaml";
owner = "zigbee2mqtt";
group = "zigbee2mqtt";
};
services.zigbee2mqtt = {
package = pkgs.unstable.zigbee2mqtt;
enable = true;
dataDir = "/var/lib/zigbee2mqtt";
settings = {
homeassistant = lib.optionalAttrs config.services.home-assistant.enable {
discovery_topic = "homeassistant";
status_topic = "hass/status";
};
availability = true;
frontend = true;
device_options = {
retain = true;
};
serial = {
port = "/dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0";
adapter = "zstack";
};
advanced = {
channel = 20;
network_key = "!secret.yaml network_key";
pan_id = 13001;
ext_pan_id = [
79
1
73
47
250
136
124
222
];
transmit_power = 20;
};
mqtt = {
version = 5;
server = "mqtt://localhost:1883";
};
};
};
modules.services.borgmatic.directories = [
config.services.mosquitto.dataDir
config.services.zigbee2mqtt.dataDir
];
services.home-assistant = {
config.mqtt = { };
extraComponents = [
"mqtt"
"mqtt_eventstream"
"mqtt_json"
"mqtt_room"
"mqtt_statestream"
];
};
}

25
hosts/pi/music-assistant.nix
View File

@ -1,25 +0,0 @@
{
config,
...
}:
{
services = {
nginx.virtualHosts."music-assistant.${config.networking.hostName}" = {
extraConfig = ''
proxy_buffering off;
'';
locations."/" = {
proxyPass = "http://[::1]:8095";
proxyWebsockets = true;
};
};
music-assistant = {
enable = true;
providers = [
"hass"
"jellyfin"
];
};
};
}

105
hosts/server.nix
View File

@ -1,78 +1,49 @@
{
lib,
...
}:
{ config, lib, pkgs, ... }:
let
inherit (lib) mkForce;
in
{
imports = [
./common.nix
time.timeZone = "Europe/London";
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_GB.UTF-8";
LC_IDENTIFICATION = "en_GB.UTF-8";
LC_MEASUREMENT = "en_GB.UTF-8";
LC_MONETARY = "en_GB.UTF-8";
LC_NAME = "en_GB.UTF-8";
LC_NUMERIC = "en_GB.UTF-8";
LC_PAPER = "en_GB.UTF-8";
LC_TELEPHONE = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
};
console.keyMap = "uk";
services.openssh = {
enable = true;
settings = {
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
environment.systemPackages = with pkgs; [
git
neovim
];
documentation.enable = false;
fonts.fontconfig.enable = false;
security = {
acme = {
acceptTerms = true;
defaults = {
email = "hostmaster@vimium.com";
group = "nginx";
webroot = "/var/lib/acme/acme-challenge";
};
nix = {
settings = {
auto-optimise-store = true;
};
# auditd.enable = true;
# audit = {
# enable = true;
# rules = [
# "-a exit,always -F arch=b64 -S execve"
# ];
# };
};
users = {
users = {
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
];
};
gc = {
automatic = true;
dates = "weekly";
options = "-d --delete-older-than 7d";
};
};
systemd = {
enableEmergencyMode = false;
sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
'';
watchdog = {
runtimeTime = "20s";
rebootTime = "30s";
};
};
services.fail2ban = {
enable = true;
bantime = "1h";
bantime-increment = {
enable = true;
maxtime = "24h";
rndtime = "7m";
};
ignoreIP = [
"100.64.0.0/10"
];
};
services.openssh.settings.PermitRootLogin = mkForce "prohibit-password";
modules.services.tailscale = {
modules.networking.tailscale = {
enable = true;
restrictSSH = false;
};

28
hosts/skycam/README.md
View File

@ -1,28 +0,0 @@
# Skycam
## Overview
Raspberry Pi 4-based webcam
## Specs
* SoC - Broadcom BCM2711
* CPU - ARM Cortex-A72 @ 1.8 GHz
* Memory - 8 GB LPDDR4
### Disks
Device | Partitions _(filesystem, usage)_
--- | ---
SD card | `/dev/mmcblk0` (ext4, NixOS Root)
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `skycam.mesh.vimium.net`.
## Devices and connections
- Camera Module 3 with wide-angle lens
## Building
To generate a compressed SD card image for Skycam, run:
`nix build '.#nixosConfigurations.skycam.config.system.build.sdImage'`
Once a card is imaged, the existing SSH host keys should be copied to
`/etc/ssh` manually to enable secret decryption.

118
hosts/skycam/default.nix
View File

@ -1,118 +0,0 @@
{
inputs,
config,
pkgs,
...
}:
{
imports = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4
./hardware-configuration.nix
../server.nix
];
nixpkgs.hostPlatform = "aarch64-linux";
hardware = {
raspberry-pi."4" = {
apply-overlays-dtmerge.enable = true;
audio.enable = false;
xhci.enable = false;
};
deviceTree = {
enable = true;
filter = "*rpi-4-*.dtb";
# From https://github.com/Electrostasy/dots/blob/3b81723feece67610a252ce754912f6769f0cd34/hosts/phobos/klipper.nix#L43-L65
overlays =
let
mkCompatibleDtsFile =
dtbo:
let
drv =
pkgs.runCommand "fix-dts"
{
nativeBuildInputs = with pkgs; [
dtc
gnused
];
}
''
mkdir "$out"
dtc -I dtb -O dts ${dtbo} | sed -e 's/bcm2835/bcm2711/' > $out/overlay.dts
'';
in
"${drv}/overlay.dts";
inherit (config.boot.kernelPackages) kernel;
in
[
{
name = "imx708.dtbo";
dtsFile = mkCompatibleDtsFile "${kernel}/dtbs/overlays/imx708.dtbo";
}
{
name = "vc4-kms-v3d-pi4.dtbo";
dtsFile = mkCompatibleDtsFile "${kernel}/dtbs/overlays/vc4-kms-v3d-pi4.dtbo";
}
];
};
firmware = with pkgs; [
firmwareLinuxNonfree
];
};
services.udev.extraRules = ''
SUBSYSTEM=="rpivid-*", GROUP="video", MODE="0660"
KERNEL=="vcsm-cma", GROUP="video", MODE="0660"
SUBSYSTEM=="dma_heap", GROUP="video", MODE="0660"
'';
nixpkgs.overlays = [
(import ./../../overlays/libcamera.nix)
];
networking = {
hostId = "731d1660";
firewall = {
enable = true;
allowedTCPPorts = [ 8080 ];
allowedUDPPorts = [ 8080 ];
};
};
systemd.services.ustreamer = {
enable = true;
description = "uStreamer service";
unitConfig = {
Type = "simple";
ConditionPathExists = "/sys/bus/i2c/drivers/imx708/10-001a/video4linux";
};
serviceConfig = {
ExecStart = ''
${pkgs.libcamera}/bin/libcamerify ${pkgs.unstable.ustreamer}/bin/ustreamer \
--host=0.0.0.0 \
--resolution=4608x2592
'';
DynamicUser = "yes";
SupplementaryGroups = [ "video" ];
Restart = "always";
RestartSec = 10;
};
wantedBy = [ "network-online.target" ];
confinement.mode = "chroot-only";
};
environment.systemPackages = with pkgs; [
camera-streamer
git
neovim
libcamera
libraspberrypi
raspberrypi-eeprom
v4l-utils
unstable.ustreamer
];
system.stateVersion = "24.05";
}

39
hosts/skycam/hardware-configuration.nix
View File

@ -1,39 +0,0 @@
{
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
];
boot = {
kernelModules = [ "bcm2835-v4l2" ];
kernelParams = [
"cma=512M"
"panic=0"
];
supportedFilesystems = lib.mkForce [
"f2fs"
"vfat"
"xfs"
];
tmp.cleanOnBoot = false;
};
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; });
})
];
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "noatime" ];
};
};
}

17
hosts/vps1/README.md
View File

@ -1,17 +0,0 @@
# vps1
## Overview
VPS hosted in OVH.
## Specs
* CPU - ??
* Memory - ??
### Disks
Device | Partitions _(filesystem, usage)_
--- | ---
NVMe | `/dev/sda1` (ext4, NixOS Root)
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `vps1.mesh.vimium.net`.

117
hosts/vps1/coturn.nix
View File

@ -1,117 +0,0 @@
{
inputs,
config,
lib,
...
}:
let
realm = "turn.vimium.com";
matrixIntegration = true;
in
{
networking.firewall =
let
range =
with config.services.coturn;
lib.singleton {
from = min-port;
to = max-port;
};
in
{
allowedTCPPorts = [
3478 # TURN listener
5349 # STUN TLS
5350 # STUN TLS alt
];
allowedUDPPorts = [
3478 # TURN listener
5349 # TLS
5350 # TLS alt
];
allowedUDPPortRanges = range; # TURN peer relays
};
security.acme.certs = {
"${config.services.coturn.realm}" = {
group = "turnserver";
reloadServices = [ "coturn" ];
};
};
age.secrets =
{
"passwords/services/coturn/static-auth-secret" = {
file = "${inputs.secrets}/passwords/services/coturn/static-auth-secret.age";
owner = "turnserver";
group = "turnserver";
};
}
// (
if matrixIntegration then
{
"passwords/services/coturn/matrix-turn-config.yml" = {
file = "${inputs.secrets}/passwords/services/coturn/matrix-turn-config.yml.age";
owner = "matrix-synapse";
group = "matrix-synapse";
};
}
else
{ }
);
services.coturn = {
enable = true;
realm = realm;
use-auth-secret = true;
static-auth-secret-file = config.age.secrets."passwords/services/coturn/static-auth-secret".path;
cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
min-port = 49000;
max-port = 50000;
no-cli = true;
no-tcp-relay = true;
extraConfig = ''
cipher-list="HIGH"
no-multicast-peers
# Ban private CIDR blocks
denied-peer-ip=0.0.0.0-0.255.255.255
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=100.64.0.0-100.127.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=169.254.0.0-169.254.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
denied-peer-ip=192.0.0.0-192.0.0.255
denied-peer-ip=192.0.2.0-192.0.2.255
denied-peer-ip=192.88.99.0-192.88.99.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=198.18.0.0-198.19.255.255
denied-peer-ip=198.51.100.0-198.51.100.255
denied-peer-ip=203.0.113.0-203.0.113.255
denied-peer-ip=240.0.0.0-255.255.255.255
denied-peer-ip=::1
denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255
denied-peer-ip=100::-100::ffff:ffff:ffff:ffff
denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
'';
};
services.matrix-synapse = lib.mkIf matrixIntegration {
settings = with config.services.coturn; {
turn_uris = [
"turn:${realm}:3478?transport=udp"
"turn:${realm}:3478?transport=tcp"
];
turn_user_lifetime = "1h";
};
extraConfigFiles = [
config.age.secrets."passwords/services/coturn/matrix-turn-config.yml".path
];
};
}

65
hosts/vps1/default.nix
View File

@ -1,65 +0,0 @@
{
...
}:
{
imports = [
./hardware-configuration.nix
./coturn.nix
./gitea.nix
./headscale.nix
./kanidm.nix
./matrix.nix
./nginx.nix
./outline.nix
./photoprism.nix
../server.nix
];
nixpkgs = {
hostPlatform = "x86_64-linux";
};
networking = {
hostId = "08bf6db3";
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
];
};
};
users = {
users = {
jellyfin = {
isSystemUser = true;
group = "jellyfin";
shell = "/bin/sh";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaaS+KMAEAymZhIJGC4LK8aMhUzhpmloUgvP2cxeBH4 jellyfin"
];
};
};
groups = {
jellyfin = { };
};
};
modules = {
services = {
borgmatic = {
enable = true;
directories = [
"/home"
"/var/lib"
"/var/www"
];
repoPath = "ssh://p91y8oh7@p91y8oh7.repo.borgbase.com/./repo";
};
postgresql.enable = true;
};
};
system.stateVersion = "22.11";
}

89
hosts/vps1/gitea.nix
View File

@ -1,89 +0,0 @@
{
inputs,
config,
lib,
pkgs,
...
}:
let
domain = "git.vimium.com";
in
{
users = {
users.git = {
isSystemUser = true;
useDefaultShell = true;
group = "git";
extraGroups = [ "gitea" ];
home = config.services.gitea.stateDir;
};
groups.git = { };
};
services.nginx = {
upstreams.gitea = {
servers = {
"unix:${config.services.gitea.settings.server.HTTP_ADDR}" = { };
};
};
virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://gitea";
};
};
};
systemd.tmpfiles.rules = [
"d '${config.services.gitea.customDir}/public/assets/css' 0750 ${config.services.gitea.user} ${config.services.gitea.group} - -"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github.css' - - - - ${inputs.gitea-github-theme}/theme-github.css"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-auto.css' - - - - ${inputs.gitea-github-theme}/theme-github-auto.css"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-dark.css' - - - - ${inputs.gitea-github-theme}/theme-github-dark.css"
];
services.gitea = rec {
package = pkgs.unstable.gitea;
enable = true;
user = "git";
appName = "Vimium Git";
stateDir = "/var/lib/gitea";
repositoryRoot = "${stateDir}/repositories";
database = {
type = "sqlite3";
inherit user;
path = "${stateDir}/gitea.db";
};
lfs = {
enable = true;
contentDir = "${stateDir}/lfs";
};
settings = {
server = {
DOMAIN = config.networking.domain;
LANDING_PAGE = "explore";
OFFLINE_MODE = true;
PROTOCOL = "http+unix";
SSH_USER = "git";
SSH_DOMAIN = "${domain}";
SSH_PORT = lib.head config.services.openssh.ports;
ROOT_URL = "https://${domain}/";
};
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
log = {
ROOT_PATH = "${stateDir}/log";
"logger.router.MODE" = "";
};
ui = {
THEMES = "gitea,arc-green,github,github-auto,github-dark";
DEFAULT_THEME = "github-dark";
};
actions.ENABLED = true;
indexer = {
REPO_INDEXER_ENABLED = true;
};
packages.CHUNKED_UPLOAD_PATH = lib.mkForce "${stateDir}/data/tmp/package-upload";
};
};
}

33
hosts/vps1/hardware-configuration.nix
View File

@ -1,33 +0,0 @@
{
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
initrd = {
availableKernelModules = [
"ata_piix"
"uhci_hcd"
"xen_blkfront"
"vmw_pvscsi"
];
kernelModules = [ "nvme" ];
};
loader.grub.device = "/dev/sda";
tmp.cleanOnBoot = true;
};
zramSwap.enable = true;
fileSystems = {
"/" = {
device = "/dev/sda1";
fsType = "ext4";
};
};
}

61
hosts/vps1/headscale.nix
View File

@ -1,61 +0,0 @@
{
config,
pkgs,
...
}:
let
domain = "headscale.vimium.net";
in
{
environment.systemPackages = [ pkgs.headscale ];
services.headscale = {
enable = true;
port = 8080;
settings = {
policy.path = null;
ip_prefixes = [
"100.64.0.0/10"
];
server_url = "https://${domain}";
derp = {
auto_update_enable = false;
update_frequency = "24h";
};
dns = {
base_domain = "mesh.vimium.net";
extra_records = [
{
name = "grafana.mesh.vimium.net";
type = "A";
value = "100.64.0.6";
}
{
name = "home.mesh.vimium.net";
type = "A";
value = "100.64.0.7";
}
];
magic_dns = true;
nameservers.global = [
"9.9.9.9"
];
};
logtail.enabled = false;
};
};
services.nginx.virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
};
};
}

51
hosts/vps1/kanidm.nix
View File

@ -1,51 +0,0 @@
{
config,
pkgs,
...
}:
let
baseDomain = "vimium.com";
domain = "auth.${baseDomain}";
in
{
services.kanidm =
let
uri = "https://${domain}";
in
{
package = pkgs.unstable.kanidm;
enableClient = true;
enableServer = true;
clientSettings = {
inherit uri;
};
serverSettings = {
bindaddress = "127.0.0.1:3013";
ldapbindaddress = "100.64.0.1:636";
domain = baseDomain;
origin = uri;
tls_chain = "${config.security.acme.certs.${domain}.directory}/full.pem";
tls_key = "${config.security.acme.certs.${domain}.directory}/key.pem";
};
};
services.nginx.virtualHosts = {
"${domain}" = {
useACMEHost = "${domain}";
forceSSL = true;
locations."/" = {
proxyPass = "https://127.0.0.1:3013";
};
};
};
users.extraGroups.acme.members = [
"kanidm"
"nginx"
];
security.acme.certs."${domain}" = {
postRun = "systemctl restart kanidm.service";
group = "acme";
};
}

221
hosts/vps1/matrix.nix
View File

@ -1,221 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
serverName = "vimium.com";
useElement = true;
usePostgresql = true;
bridges = {
signal = true;
whatsapp = true;
};
matrixSubdomain = "matrix.${serverName}";
elementSubdomain = "chat.${serverName}";
matrixClientConfig = {
"m.homeserver" = {
base_url = "https://${matrixSubdomain}";
server_name = serverName;
};
"m.identity_server" = {
"base_url" = "https://vector.im";
};
};
matrixServerConfig."m.server" = "${matrixSubdomain}:443";
commonBridgeSettings = bridge: {
appservice = {
database = lib.mkIf usePostgresql {
type = "postgres";
uri = "postgresql:///${bridge}?host=/run/postgresql";
};
};
bridge = {
encryption = {
allow = true;
default = true;
require = true;
};
permissions = {
"${serverName}" = "user";
"@jordan:${serverName}" = "admin";
};
provisioning = {
shared_secret = "disable";
};
};
homeserver = {
address = "https://${matrixSubdomain}";
domain = serverName;
};
};
in
{
networking.firewall.allowedTCPPorts = [
8448 # Matrix federation
];
security.acme.certs = {
"${matrixSubdomain}" = {
reloadServices = [ "matrix-synapse" ];
};
};
services.nginx.virtualHosts =
{
"${matrixSubdomain}" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
{
addr = "[::1]";
port = 443;
ssl = true;
}
{
addr = "[::1]";
port = 80;
}
{
addr = "[::1]";
port = 8448;
ssl = true;
}
];
locations = {
"/" = {
proxyPass = "http://localhost:8008";
extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
'';
};
"/_matrix" = {
proxyPass = "http://localhost:8008";
extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
client_max_body_size 50M;
'';
};
"/_synapse/client".proxyPass = "http://localhost:8008";
};
};
"${serverName}" =
let
mkWellKnown = data: ''
more_set_headers 'Content-Type: application/json';
return 200 '${builtins.toJSON data}';
'';
in
{
locations."= /.well-known/matrix/server".extraConfig = (mkWellKnown matrixServerConfig);
locations."= /.well-known/matrix/client".extraConfig = (mkWellKnown matrixClientConfig);
};
}
// (
if useElement then
{
"${elementSubdomain}" = {
forceSSL = true;
enableACME = true;
root = pkgs.unstable.element-web.override {
conf = {
default_server_config = matrixClientConfig;
brand = "Vimium Chat";
branding = {
auth_header_logo_url = "https://vimium.com/images/logo.svg";
auth_footer_links = [
{
"text" = "Vimium.com";
"url" = "https://vimium.com";
}
];
};
};
};
};
}
else
{ }
);
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
"olm-3.2.16"
];
services.matrix-synapse = {
enable = true;
enableRegistrationScript = true;
settings = {
database.name = (if usePostgresql then "psycopg2" else "sqlite3");
enable_metrics = false;
enable_registration = false;
max_upload_size = "100M";
report_stats = false;
server_name = serverName;
};
};
systemd.services.matrix-synapse.serviceConfig.SupplementaryGroups = (
lib.optional bridges.whatsapp config.systemd.services.mautrix-whatsapp.serviceConfig.Group
);
services.postgresql = lib.mkIf usePostgresql {
ensureUsers =
[
{
name = "matrix-synapse";
ensureDBOwnership = true;
}
]
++ (lib.optional bridges.signal {
name = "mautrix-signal";
ensureDBOwnership = true;
})
++ (lib.optional bridges.whatsapp {
name = "mautrix-whatsapp";
ensureDBOwnership = true;
});
ensureDatabases =
[
"matrix-synapse"
]
++ (lib.optional bridges.signal "mautrix-signal")
++ (lib.optional bridges.whatsapp "mautrix-whatsapp");
};
services.mautrix-signal = lib.mkIf bridges.signal {
enable = true;
settings = commonBridgeSettings "mautrix-signal";
};
services.mautrix-whatsapp = lib.mkIf bridges.whatsapp {
enable = true;
settings = {
bridge = {
history_sync = {
backfill = true;
max_initial_conversations = -1;
message_count = 50;
request_full_sync = true;
};
mute_bridging = true;
};
} // commonBridgeSettings "mautrix-whatsapp";
};
}

179
hosts/vps1/nginx.nix
View File

@ -1,179 +0,0 @@
{
pkgs,
...
}:
let
nginxErrorPages = ''
location @error_pages {
rewrite ^.*$ /''${status}.html break;
root "/var/www/html/errors";
}
'';
nginxEdgeHeaders = ''
more_set_headers 'Server: Vimium';
more_set_headers 'Access-Control-Allow-Origin: *';
add_header Expect-CT max-age=30 always;
add_header Referrer-Policy strict-origin-when-cross-origin always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header Vimium-Responding-Instance $hostname;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff always;
'';
nginxStrictHeaders = ''
add_header X-Frame-Options SAMEORIGIN always;
add_header Permissions-Policy "fullscreen=(self), sync-xhr=(self)" always;
'';
mkRedirect = from: to: {
"${from}" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.${from}" ];
locations."/".return = "301 https://${to}$request_uri";
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
};
};
in
{
networking.firewall.allowedTCPPorts = [
80 # HTTP
443 # HTTPS
];
services.nginx = {
enable = true;
package = pkgs.openresty;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
clientMaxBodySize = "2G";
sslProtocols = "TLSv1.2 TLSv1.3";
sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
appendHttpConfig = ''
error_page 400 @error_pages;
error_page 401 @error_pages;
error_page 403 @error_pages;
error_page 404 @error_pages;
error_page 405 @error_pages;
error_page 429 @error_pages;
error_page 500 @error_pages;
error_page 501 @error_pages;
error_page 502 @error_pages;
error_page 503 @error_pages;
error_page 504 @error_pages;
client_body_buffer_size 16k;
client_header_buffer_size 8k;
'';
appendConfig = ''
worker_processes auto;
worker_cpu_affinity auto;
worker_rlimit_nofile 50000;
'';
eventsConfig = ''
worker_connections 20000;
multi_accept off;
'';
proxyCachePath = {
"skycam" = {
enable = true;
keysZoneName = "skycam_cache";
maxSize = "100m";
};
};
virtualHosts =
{
## Static sites
"jellyfin.vimium.com" = {
forceSSL = true;
enableACME = true;
extraConfig = nginxErrorPages + nginxEdgeHeaders;
locations."/" = {
proxyPass = "http://localhost:8000";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
};
"jdholt.com" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.jdholt.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/skycam/snapshot.jpg" = {
extraConfig = ''
set $backend "skycam.mesh.vimium.net:8080";
resolver 100.100.100.100;
proxy_pass http://$backend/snapshot;
proxy_cache skycam_cache;
proxy_cache_valid any 10s;
proxy_ignore_headers Cache-Control Expires Set-Cookie;
'';
};
locations."/".return = "301 https://vimium.com$request_uri";
};
"pki.vimium.com" = {
addSSL = true;
forceSSL = false;
enableACME = true;
extraConfig = ''
${nginxErrorPages}
more_set_headers 'Server: Vimium';
'';
locations."/" = {
root = "/var/www/pki.vimium.com";
};
};
"suhailhussain.com" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.suhailhussain.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/" = {
root = "/var/www/suhailhussain.com";
};
};
"vimium.com" = {
default = true;
forceSSL = true;
enableACME = true;
serverAliases = [ "www.vimium.com" ];
extraConfig =
nginxErrorPages
+ nginxEdgeHeaders
+ nginxStrictHeaders
+ ''
add_header Content-Security-Policy "default-src 'self' https://vimium.com https://www.vimium.com; style-src 'unsafe-inline'; object-src 'none'; upgrade-insecure-requests" always;
'';
locations."/" = {
root = "/var/www/vimium.com";
};
};
}
## Redirects
// (mkRedirect "h0lt.com" "jdholt.com")
// (mkRedirect "jordanholt.xyz" "jdholt.com")
// (mkRedirect "omnimagic.com" "vimium.com")
// (mkRedirect "omnimagic.net" "vimium.com")
// (mkRedirect "thelostlegend.com" "suhailhussain.com")
// (mkRedirect "vimium.co" "vimium.com")
// (mkRedirect "vimium.co.uk" "vimium.com")
// (mkRedirect "vimium.info" "vimium.com")
// (mkRedirect "vimium.net" "vimium.com")
// (mkRedirect "vimium.org" "vimium.com")
// (mkRedirect "vimium.xyz" "vimium.com");
};
}

53
hosts/vps1/outline.nix
View File

@ -1,53 +0,0 @@
{
inputs,
config,
...
}:
let
domain = "outline.vimium.com";
in
{
nixpkgs.config.allowUnfree = true;
services.nginx.virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
'';
};
};
};
age.secrets."passwords/services/outline/oidc-client-secret" = {
file = "${inputs.secrets}/passwords/services/outline/oidc-client-secret.age";
owner = "outline";
group = "outline";
};
services.outline = {
enable = true;
forceHttps = false;
oidcAuthentication = {
clientId = "outline";
clientSecretFile = config.age.secrets."passwords/services/outline/oidc-client-secret".path;
displayName = "Vimium";
authUrl = "https://auth.vimium.com/ui/oauth2";
tokenUrl = "https://auth.vimium.com/oauth2/token";
userinfoUrl = "https://auth.vimium.com/oauth2/openid/outline/userinfo";
};
publicUrl = "https://${domain}";
storage.storageType = "local";
};
}

49
hosts/vps1/photoprism.nix
View File

@ -1,49 +0,0 @@
{
inputs,
config,
...
}:
let
domain = "gallery.vimium.com";
in
{
services.nginx.virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.photoprism.port}";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
};
};
age.secrets."passwords/services/photoprism/admin" = {
file = "${inputs.secrets}/passwords/services/photoprism/admin.age";
};
services.photoprism = {
enable = true;
address = "localhost";
passwordFile = config.age.secrets."passwords/services/photoprism/admin".path;
originalsPath = "${config.services.photoprism.storagePath}/originals";
settings = {
PHOTOPRISM_APP_NAME = "Vimium Gallery";
PHOTOPRISM_SITE_AUTHOR = "Vimium";
PHOTOPRISM_SITE_TITLE = "Vimium Gallery";
PHOTOPRISM_SITE_CAPTION = "Vimium Gallery";
PHOTOPRISM_DISABLE_TLS = "true";
PHOTOPRISM_SPONSOR = "true";
};
};
}

34
modules/default.nix Normal file
View File

@ -0,0 +1,34 @@
{
imports = [
./options.nix
./desktop/gnome.nix
./desktop/mimeapps.nix
./desktop/apps/qbittorrent.nix
./desktop/apps/slack.nix
./desktop/apps/thunderbird.nix
./desktop/apps/zoom.nix
./desktop/browsers/firefox.nix
./desktop/gaming/emulators.nix
./desktop/gaming/lutris.nix
./desktop/gaming/steam.nix
./desktop/media/graphics.nix
./desktop/media/recording.nix
./desktop/office/libreoffice.nix
./dev/cc.nix
./dev/java.nix
./dev/lua.nix
./dev/node.nix
./dev/python.nix
./dev/rust.nix
./dev/scala.nix
./dev/shell.nix
./dev/zig.nix
./editors/neovim
./editors/vscode.nix
./networking/tailscale.nix
./security/gpg.nix
./security/pass.nix
./shell/git
./shell/zsh
];
}

17
modules/desktop/apps/qbittorrent.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.apps.qbittorrent;
in {
options.modules.desktop.apps.qbittorrent = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
qbittorrent
];
};
}

17
modules/desktop/apps/slack.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.apps.slack;
in {
options.modules.desktop.apps.slack = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
slack
];
};
}

33
modules/desktop/apps/thunderbird.nix Normal file
View File

@ -0,0 +1,33 @@
{ config, lib, pkgs, inputs, ... }:
let cfg = config.modules.desktop.apps.thunderbird;
in {
options.modules.desktop.apps.thunderbird = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
home.file.".thunderbird/Default/chrome/thunderbird-gnome-theme".source = inputs.thunderbird-gnome-theme;
home.programs.thunderbird = {
enable = true;
profiles.Default = {
isDefault = true;
userChrome = ''
@import "thunderbird-gnome-theme/userChrome.css";
'';
userContent = ''
@import "thunderbird-gnome-theme/userContent.css";
'';
settings = {
## GNOME theme
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"svg.context-properties.content.enabled" = true;
};
};
};
};
}

17
modules/desktop/apps/zoom.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.apps.zoom;
in {
options.modules.desktop.apps.zoom = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
zoom-us
];
};
}

134
modules/desktop/browsers/firefox.nix Normal file
View File

@ -0,0 +1,134 @@
{ config, lib, pkgs, inputs, ... }:
let cfg = config.modules.desktop.browsers.firefox;
in {
options.modules.desktop.browsers.firefox = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
home.file.".mozilla/firefox/Default/chrome/firefox-gnome-theme".source = inputs.firefox-gnome-theme;
home.programs.firefox = {
enable = true;
profiles.Default = {
search = {
default = "DuckDuckGo";
force = true;
};
userChrome = ''
@import "firefox-gnome-theme/userChrome.css";
'';
userContent = ''
@import "firefox-gnome-theme/userContent.css";
'';
settings = {
## GNOME theme
"toolkit.legacyUserProfileCustomizations.stylesheets" = true; # Enable customChrome.css
"browser.uidensity" = 0; # Set UI density to normal
"svg.context-properties.content.enabled" = true; # Enable SVG context-propertes
"browser.theme.dark-private-windows" = false; # Disable private window dark theme
"widget.gtk.rounded-bottom-corners.enabled" = true; # Enable rounded bottom window corners
## Preferences
"browser.ctrlTab.sortByRecentlyUsed" = true;
"browser.newtabpage.enabled" = false;
"browser.search.widget.inNavBar" = true;
"browser.startup.page" = 3;
"browser.startup.homepage" = "https://www.vimium.com";
"browser.toolbars.bookmarks.visibility" = "never";
## Experiments
"app.normandy.enabled" = false;
"app.normandy.api_url" = "";
"app.normandy.user_id" = "";
"extensions.screenshots.disabled" = true;
"extensions.screenshots.upload-disabled" = true;
"experiments.supported" = false;
"experiments.enabled" = false;
"experiments.manifest.uri" = "";
"network.allow-experiments" = false;
"privacy.trackingprotection.enabled" = false;
## Geo
"geo.enabled" = false;
"geo.provider.use_gpsd" = false;
"geo.wifi.uri" = "";
"browser.search.geoip.url" = "";
"browser.search.geoSpecificDefaults" = false;
"browser.search.geoSpecificDefaults.url" = "";
## Window meddling / popups
"dom.disable_window_open_feature.close" = true;
"dom.disable_window_open_feature.location" = true;
"dom.disable_window_open_feature.menubar" = true;
"dom.disable_window_open_feature.minimizable" = true;
"dom.disable_window_open_feature.personalbar" = true;
"dom.disable_window_open_feature.resizable" = true;
"dom.disable_window_open_feature.status" = true;
"dom.disable_window_open_feature.titlebar" = true;
"dom.disable_window_open_feature.toolbar" = true;
"dom.disable_window_move_resize" = true;
"browser.link.open_newwindow" = 3;
"browser.link.open_newwindow.restriction" = 0;
"dom.disable_open_during_load" = true;
"dom.popup_allowed_events" = "click dblclick";
## Workers
# "dom.serviceWorkers.enabled" = false;
"dom.push.enabled" = false;
"dom.webnotifications.enabled" = false;
"dom.webnotifications.serviceworker.enabled" = false;
"permissions.default.desktop-notification" = 2;
## DOM / JavaScript
# "dom.event.clipboardevents.enabled" = false;
"middlemouse.paste" = false;
# "dom.allow_cut_copy" = false;
"dom.disable_beforeunload" = true;
"dom.vibrator.enabled" = false;
# "javascript.options.asmjs" = false;
# "javascript.options.wasm" = false;
"dom.targetBlankNoOpener.enabled" = true;
## Hardware fingerprinting
"dom.battery.enabled" = false;
"dom.vr.enabled" = false;
"media.navigator.enabled" = false;
"dom.webaudio.enabled" = false;
## Isolation
"privacy.firstparty.isolate" = true;
"privacy.firstparty.isolate.restrict_opener_access" = true;
## Pocket/Hello
"loop.enabled" = false;
"loop.feedback.baseUrl" = "";
"loop.gettingStarted.url" = "";
"loop.learnMoreUrl" = "";
"loop.legal.ToS_url" = "";
"loop.legal.privacy_url" = "";
"loop.oauth.google.redirect_uri" = "";
"loop.oauth.google.scope" = "";
"loop.server" = "";
"loop.soft_start_hostname" = "";
"loop.support_url" = "";
"loop.throttled2" = false;
"loop.logDomains" = false;
"browser.pocket.enabled" = false;
"browser.pocket.api" = "";
"browser.pocket.site" = "";
"browser.pocket.oAuthConsumerKey" = "";
"browser.pocket.useLocaleList" = false;
"brwoser.pocket.enabledLocales" = "";
## Misc
"browser.selfsupport.url" = "";
};
};
};
};
}

59
modules/desktop/gaming/emulators.nix Normal file
View File

@ -0,0 +1,59 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.gaming.emulators;
in {
options.modules.desktop.gaming.emulators = {
ds.enable = lib.mkOption {
default = false;
example = true;
};
gb.enable = lib.mkOption {
default = false;
example = true;
};
gba.enable = lib.mkOption {
default = false;
example = true;
};
gamecube.enable = lib.mkOption {
default = false;
example = true;
};
ps2.enable = lib.mkOption {
default = false;
example = true;
};
ps3.enable = lib.mkOption {
default = false;
example = true;
};
psp.enable = lib.mkOption {
default = false;
example = true;
};
snes.enable = lib.mkOption {
default = false;
example = true;
};
wii.enable = lib.mkOption {
default = false;
example = true;
};
};
config = {
user.packages = with pkgs; [
(lib.mkIf cfg.ps2.enable pcsx2)
(lib.mkIf cfg.ps3.enable rpcs3)
(lib.mkIf cfg.psp.enable ppsspp)
(lib.mkIf cfg.ds.enable desmume)
(lib.mkIf (cfg.gba.enable ||
cfg.gb.enable ||
cfg.snes.enable)
higan)
(lib.mkIf (cfg.wii.enable ||
cfg.gamecube.enable)
dolphin-emu)
];
};
}

25
modules/desktop/gaming/lutris.nix Normal file
View File

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.gaming.lutris;
in {
options.modules.desktop.gaming.lutris = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
lutris
vulkan-loader
vulkan-tools
];
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
};
}

17
modules/desktop/gaming/steam.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.gaming.steam;
in {
options.modules.desktop.gaming.steam = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
programs.steam.enable = true;
systemd.extraConfig = "DefaultLimitNOFILE=1048576";
};
}

207
modules/desktop/gnome.nix Normal file
View File

@ -0,0 +1,207 @@
{ config, lib, pkgs, inputs, ... }:
let cfg = config.modules.desktop.gnome;
in {
options.modules.desktop.gnome = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
services.xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
};
services.flatpak.enable = true;
programs.dconf.enable = true;
dconf.settings = {
"org/gnome/shell" = {
disable-user-extensions = false;
enabled-extensions = [
# "another-window-session-manager@gmail.com"
"blur-my-shell@aunetx"
"burn-my-windows@schneegans.github.com"
# "desktop-cube@schneegans.github.com"
# "desktop-zoom@colin.kinlo.ch"
"espresso@coadmunkee.github.com"
# "flypie@schneegans.github.com"
# "forge@jmmaranan.com"
"hue-lights@chlumskyvaclav@gmail.com"
"just-perfection-desktop@just-perfection"
# "pano@elhan.io"
# "paperwm@hedning:matrix.org"
# "search-light@icedman.github.com"
"space-bar@luchrioh"
# "smart-auto-move@khimaros.com"
# "systemd-manager@hardpixel.eu"
# "tailscale-status@maxgallup.github.com"
# "tiling-assistant@leleat-on-github"
"Vitals@CoreCoding.com"
# "wsmatrix@martin.zurowietz.de"
];
favorite-apps = [
"firefox.desktop"
"org.gnome.Nautilus.desktop"
];
};
"org/gnome/shell/extensions/another-window-session-manager" = {
enable-autorestore-sessions = true;
};
"org/gnome/shell/extensions/blur-my-shell/panel" = {
static-blur = true;
};
"org/gnome/shell/extensions/blur-my-shell/applications" = {
blur = false;
};
"org/gnome/shell/extensions/burn-my-windows" = {
fire-close-effect = false;
glide-open-effect = true;
glide-close-effect = true;
};
"org/gnome/shell/extensions/desktop-zoom" = {
mag-factor-delta = 0.07;
};
"org/gnome/shell/extensions/espresso" = {
enable-fullscreen = true;
show-indicator = true;
show-notifications = false;
inhibit-apps = [
"com.obsproject.Studio.desktop"
];
};
"org/gnome/shell/extensions/paperwm" = {
use-default-background = true;
};
"org/gnome/shell/extensions/forge" = {
window-gap-size = 8;
window-gap-hidden-on-single = false;
};
"org/gnome/shell/extensions/just-perfection" = {
activities-button = false;
window-demands-attention-focus = true;
workspace-wrap-around = true;
};
"org/gnome/shell/extensions/space-bar/behavior" = {
enable-activate-workspace-shortcuts = true;
show-empty-workspaces = true;
smart-workspace-names = false;
};
"org/gnome/shell/extensions/tiling-assistant" = {
screen-top-gap = 8;
screen-right-gap = 8;
screen-bottom-gap = 8;
screen-left-gap = 8;
window-gap = 8;
};
"org/gnome/desktop/background" = {
picture-uri = "file://${inputs.wallpapers}/Aqua.png";
picture-uri-dark = "file://${inputs.wallpapers}/Aqua.png";
};
"org/gtk/settings/file-chooser" = {
show-hidden = true;
sort-directories-first = true;
};
"org/gtk/gtk4/settings/file-chooser" = {
show-hidden = true;
sort-directories-first = true;
};
"org/gnome/settings-daemon/plugins/media-keys" = {
volume-up = [
"<Shift>F12"
"XF86AudioRaiseVolume"
];
volume-down = [
"<Shift>F11"
"XF86AudioLowerVolume"
];
};
"org/gnome/gnome-session" = {
auto-save-session = true;
};
"org/gnome/gnome-system-monitor" = {
show-dependencies = true;
};
"org/gnome/Console" = {
font-scale = 1.4;
};
"org/gnome/mutter" = {
center-new-windows = true;
experimental-features = [ "scale-monitor-framebuffer" ];
};
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
enable-hot-corners = false;
monospace-font-name = "Ubuntu Mono 11";
};
"org/gnome/desktop/wm/keybindings" = {
switch-group = [ "<Super>grave" ];
switch-group-backward = [ "<Shift><Super>grave" ];
};
"io/github/celluloid-player/celluloid" = {
draggable-video-area-enable = true;
};
};
fonts.packages = with pkgs; [
noto-fonts
ubuntu_font_family
];
user.packages = with pkgs; [
celluloid
fragments
mission-center
];
environment.systemPackages = with pkgs; [
bind
bmon
fd
ffmpeg
gnome.gnome-boxes
gnomeExtensions.another-window-session-manager
# gnomeExtensions.bifocals
gnomeExtensions.blur-my-shell
gnomeExtensions.browser-tabs
gnomeExtensions.burn-my-windows
gnomeExtensions.desktop-cube
gnomeExtensions.desktop-zoom
gnomeExtensions.espresso
gnome44Extensions."flypie@schneegans.github.com"
# gnomeExtensions.forge
# gnomeExtensions.gsnap
gnomeExtensions.hue-lights
gnomeExtensions.just-perfection
# gnomeExtensions.mutter-primary-gpu
gnomeExtensions.pano
gnomeExtensions.paperwm
# gnomeExtensions.pip-on-top
gnomeExtensions.rounded-window-corners
gnomeExtensions.search-light
gnomeExtensions.smart-auto-move
gnomeExtensions.space-bar
gnomeExtensions.systemd-manager
gnomeExtensions.tailscale-status
gnomeExtensions.tiling-assistant
# gnomeExtensions.todotxt
gnomeExtensions.vitals
# gnomeExtensions.window-is-ready-remover
# gnomeExtensions.worksets
# gnomeExtensions.workspace-matrix
iotop
ripgrep
rsync
tcpdump
tokei
tree
wl-clipboard
];
home.services.gpg-agent.pinentryFlavor = "gnome3";
};
}

28
modules/desktop/media/graphics.nix Normal file
View File

@ -0,0 +1,28 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.media.graphics;
in {
options.modules.desktop.media.graphics = {
modeling.enable = lib.mkOption {
default = false;
example = true;
};
raster.enable = lib.mkOption {
default = false;
example = true;
};
vector.enable = lib.mkOption {
default = false;
example = true;
};
};
config = {
user.packages = with pkgs; [
(lib.mkIf cfg.modeling.enable blender)
(lib.mkIf cfg.raster.enable gimp)
(lib.mkIf cfg.raster.enable krita)
(lib.mkIf cfg.vector.enable inkscape)
];
};
}

28
modules/desktop/media/recording.nix Normal file
View File

@ -0,0 +1,28 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.media.recording;
in {
options.modules.desktop.media.recording = {
audio.enable = lib.mkOption {
default = false;
example = true;
};
video.enable = lib.mkOption {
default = false;
example = true;
};
};
config = {
user.packages = with pkgs;
(if cfg.audio.enable then [
ardour
audacity
] else []) ++
(if cfg.video.enable then [
handbrake
mkvtoolnix
obs-studio
] else []);
};
}

13
modules/nixos/system/desktop/mimeapps.nix → modules/desktop/mimeapps.nix
View File

@ -1,16 +1,11 @@
{
config,
lib,
...
}:
{ config, lib, pkgs, ... }:
let
cfg = config.modules.system.desktop.mimeapps;
cfg = config.modules.desktop.mimeapps;
avApp = "io.github.celluloid_player.Celluloid.desktop";
imageApp = "org.gnome.eog.desktop";
in
{
options.modules.system.desktop.mimeapps = {
in {
options.modules.desktop.mimeapps = {
enable = lib.mkOption {
default = false;
example = true;

17
modules/desktop/office/libreoffice.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.office.libreoffice;
in {
options.modules.desktop.office.libreoffice = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
libreoffice
];
};
}

21
modules/dev/cc.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.cc;
in {
options.modules.dev.cc = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
clang
gcc
gdb
cmake
llvmPackages.libcxx
];
};
}

17
modules/dev/java.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.java;
in {
options.modules.dev.java = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
jdk
];
};
}

17
modules/dev/lua.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.lua;
in {
options.modules.dev.lua = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
lua
];
};
}

17
modules/dev/node.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.node;
in {
options.modules.dev.node = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
nodejs_latest
];
};
}

17
modules/dev/python.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.python;
in {
options.modules.dev.python = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
python310
];
};
}

20
modules/dev/rust.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.rust;
in {
options.modules.dev.rust = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
rustc
rustup
rustfmt
rust-bindgen
];
};
}

19
modules/dev/scala.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.scala;
in {
options.modules.dev.scala = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
jdk
sbt
scala
];
};
}

17
modules/dev/shell.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.shell;
in {
options.modules.dev.shell = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
shellcheck
];
};
}

17
modules/dev/zig.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.dev.zig;
in {
options.modules.dev.zig = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
zig
];
};
}

135
modules/editors/neovim/default.nix Normal file
View File

@ -0,0 +1,135 @@
{ config, lib, pkgs, ... }:
let
cfg = config.modules.editors.neovim;
dev = config.modules.dev;
in {
options.modules.editors.neovim = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
user.packages = with pkgs; [
(neovim.override {
configure = {
customRC = ''
luafile ~/.config/nvim/init.lua
'';
packages.myPlugins = with pkgs.vimPlugins; {
start = [
(nvim-treesitter.withPlugins (
plugins: with plugins; [
bash
c
cmake
cpp
css
dockerfile
elm
glsl
graphql
haskell
http
html
java
javascript
jsdoc
json
json5
latex
lua
markdown
ninja
nix
org
perl
php
pug
python
regex
rst
ruby
rust
scala
scss
toml
tsx
typescript
vim
yaml
zig
]
))
nvim-treesitter-context
nvim-treesitter-textobjects
nvim-lspconfig
];
};
};
})
] ++
# Install appropriate language servers
(if dev.cc.enable then [
ccls # C/C++
] else []) ++
(if dev.java.enable then [
java-language-server # Java
ltex-ls # LaTeX
] else []) ++
(if dev.lua.enable then [
sumneko-lua-language-server # Lua
] else []) ++
(if dev.node.enable then [
nodePackages.bash-language-server # Bash
nodePackages.dockerfile-language-server-nodejs # Dockerfile
nodePackages.graphql-language-service-cli # GraphQL
nodePackages.purescript-language-server # PureScript
nodePackages.svelte-language-server # Svelte
nodePackages.typescript-language-server # JavaScript/TypeScript
nodePackages.vim-language-server # Vim
nodePackages.vscode-langservers-extracted # HTML, CSS, JSON, ESLint
nodePackages.vue-language-server # Vue.js
nodePackages.yaml-language-server # YAML
] else []) ++
(if dev.python.enable then [
cmake-language-server # CMake
python310Packages.python-lsp-server # Python
] else []) ++
(if dev.rust.enable then [
rust-analyzer # Rust
] else []) ++
(if dev.scala.enable then [
metals # Scala
] else []) ++
(if dev.zig.enable then [
zls # Zig
] else []);
home.configFile = {
"nvim/init.lua".source = ./init.lua;
"nvim/lua" = { source = ./lua; recursive = true; };
"nvim/lua/config/lsp.lua".text = ''
-- This file is autogenerated, do not edit.
${if dev.cc.enable then "require('config.lsp.cc')\n" else ""}
${if dev.java.enable then "require('config.lsp.java')\n" else ""}
${if dev.lua.enable then "require('config.lsp.lua')\n" else ""}
${if dev.node.enable then "require('config.lsp.node')\n" else ""}
${if dev.python.enable then "require('config.lsp.python')\n" else ""}
${if dev.rust.enable then "require('config.lsp.rust')\n" else ""}
${if dev.scala.enable then "require('config.lsp.scala')\n" else ""}
${if dev.zig.enable then "require('config.lsp.zig')\n" else ""}
'';
};
env.EDITOR = "nvim";
environment.shellAliases = {
vim = "nvim";
v = "nvim";
};
};
}

6
modules/editors/neovim/init.lua Normal file
View File

@ -0,0 +1,6 @@
require("config.core")
require("config.keymap")
require("config.treesitter")
require("config.plugins")
require("config.lsp")

36
modules/editors/neovim/lua/config/core.lua Normal file
View File

@ -0,0 +1,36 @@
local o = vim.opt
local wo = vim.wo
local bo = vim.bo
-- Global dirs
local cachedir = os.getenv("XDG_CACHE_HOME")
o.backupdir = cachedir .. "/nvim/backup/"
o.directory = cachedir .. "/nvim/swap/"
o.undodir = cachedir .. "/nvim/undo/"
-- Global
o.breakindent = true
o.clipboard = "unnamedplus"
o.compatible = false
o.encoding = "utf-8"
o.expandtab = true
o.foldlevel = 99
o.hidden = true
o.hlsearch = false
o.ignorecase = true
o.laststatus = 2
o.listchars = { eol = '', tab = '', trail = '·' }
o.relativenumber = true
o.shiftwidth = 2
o.showmode = false
o.smartcase = true
o.smarttab = true
o.softtabstop = 2
o.synmaxcol = 150
o.tabstop = 4
o.undofile = true
o.wildmenu = true
-- Window
-- Buffer

35
modules/editors/neovim/lua/config/keymap.lua Normal file
View File

@ -0,0 +1,35 @@
local keymap = vim.keymap.set
local opts = { noremap = true, silent = true }
vim.g.mapleader = ","
-- Modes
-- Normal = "n",
-- Insert = "i",
-- Visual = "v",
-- Visual Block = "x",
-- Term = "t",
-- Command = "c"
keymap("n", "<Left>", "<Nop>", opts)
keymap("n", "<Right>", "<Nop>", opts)
keymap("n", "<Up>", "<Nop>", opts)
keymap("n", "<Down>", "<Nop>", opts)
keymap("n", "<C-h>", "<C-w>h", { noremap = true })
keymap("n", "<C-j>", "<C-w>j", { noremap = true })
keymap("n", "<C-k>", "<C-w>k", { noremap = true })
keymap("n", "<C-l>", "<C-w>l", { noremap = true })
keymap("n", "gV", "`[v`]", opts)
keymap("n", ";", ":", { noremap = true })
-- Bubble single lines with vim-unimpaired
keymap("n", "<C-Up>", "[e", opts)
keymap("n", "<C-Down>", "]e", opts)
-- Bubble multiple lines with vim-unimpaired
keymap("v", "<C-Up>", "[egv", opts)
keymap("v", "<C-Down>", "]egv", opts)

5
modules/editors/neovim/lua/config/lsp/cc.lua Normal file
View File

@ -0,0 +1,5 @@
lspconfig = require('lspconfig')
-- Requires C/C++
lspconfig.ccls.setup{}

6
modules/editors/neovim/lua/config/lsp/java.lua Normal file
View File

@ -0,0 +1,6 @@
lspconfig = require('lspconfig')
-- Requires Java
lspconfig.java_language_server.setup{}
lspconfig.ltex.setup{}

22
modules/editors/neovim/lua/config/lsp/lua.lua Normal file
View File

@ -0,0 +1,22 @@
lspconfig = require('lspconfig')
-- Requires Lua
lspconfig.sumneko_lua.setup {
settings = {
Lua = {
runtime = {
-- Tell the language server which version of Lua you're using (most likely LuaJIT in the case of Neovim)
version = 'LuaJIT',
},
diagnostics = {
-- Get the language server to recognize the `vim` global
globals = {'vim'},
},
-- Do not send telemetry data containing a randomized but unique identifier
telemetry = {
enable = false,
},
},
},
}

17
modules/editors/neovim/lua/config/lsp/node.lua Normal file
View File

@ -0,0 +1,17 @@
lspconfig = require('lspconfig')
-- Requires Node.js
lspconfig.bashls.setup{}
lspconfig.cssls.setup{}
lspconfig.dockerls.setup{}
lspconfig.eslint.setup{}
lspconfig.graphql.setup{}
lspconfig.html.setup{}
lspconfig.jsonls.setup{}
lspconfig.purescriptls.setup{}
lspconfig.svelte.setup{}
lspconfig.tsserver.setup{}
lspconfig.vimls.setup{}
lspconfig.vuels.setup{}
lspconfig.yamlls.setup{}

6
modules/editors/neovim/lua/config/lsp/python.lua Normal file
View File

@ -0,0 +1,6 @@
lspconfig = require('lspconfig')
-- Requires Python
lspconfig.cmake.setup{}
lspconfig.pylsp.setup{}

5
modules/editors/neovim/lua/config/lsp/rust.lua Normal file
View File

@ -0,0 +1,5 @@
lspconfig = require('lspconfig')
-- Requires Rust
lspconfig.rls.setup{}

5
modules/editors/neovim/lua/config/lsp/scala.lua Normal file
View File

@ -0,0 +1,5 @@
lspconfig = require('lspconfig')
-- Requires Scala
lspconfig.metals.setup{}

5
modules/editors/neovim/lua/config/lsp/zig.lua Normal file
View File

@ -0,0 +1,5 @@
lspconfig = require('lspconfig')
-- Requires Zig
lspconfig.zls.setup{}

77
modules/editors/neovim/lua/config/plugins.lua Normal file
View File

@ -0,0 +1,77 @@
local fn = vim.fn
local install_path = fn.stdpath "data" .. "/site/pack/packer/start/packer.nvim"
if fn.empty(fn.glob(install_path)) > 0 then
PACKER_BOOTSTRAP = fn.system {
"git",
"clone",
"--depth",
"1",
"https://github.com/wbthomason/packer.nvim",
install_path,
}
print "Installing packer close and reopen Neovim..."
vim.cmd [[packadd packer.nvim]]
end
vim.cmd [[
augroup packer_user_config
autocmd!
autocmd BufWritePost plugins.lua source <afile> | PackerSync
augroup end
]]
local status_ok, packer = pcall(require, "packer")
if not status_ok then
return
end
packer.init {
display = {
open_fn = function()
return require("packer.util").float { border = "rounded" }
end,
},
}
return packer.startup(function(use)
-- Utilities
use { "wbthomason/packer.nvim", opt = true }
use { "mbbill/undotree" }
use { "nvim-lua/plenary.nvim" }
use { "tpope/vim-fugitive", event = "User InGitRepo" }
-- Editing
use { "andymass/vim-matchup" }
use { "godlygeek/tabular" }
use { "JoosepAlviste/nvim-ts-context-commentstring" }
use { "kana/vim-textobj-user" }
use { "mg979/vim-visual-multi", branch = "master" }
use { "p00f/nvim-ts-rainbow" }
use { "terryma/vim-expand-region" }
use { "tommcdo/vim-exchange", event = "VimEnter" }
use { "tpope/vim-abolish" }
use { "tpope/vim-commentary", event = "VimEnter" }
use { "tpope/vim-repeat", event = "VimEnter" }
use { "tpope/vim-surround", event = "VimEnter" }
use { "windwp/nvim-autopairs" }
use { "windwp/nvim-ts-autotag" }
-- UI
use { "junegunn/goyo.vim" }
use { "junegunn/limelight.vim" }
use { "markonm/traces.vim" }
-- Searching
use { "nvim-telescope/telescope.nvim", config = [[require('config.telescope')]] }
use { "cljoly/telescope-repo.nvim", requires = "telescope.nvim" }
use { "dyng/ctrlsf.vim" }
-- LSP
use { "jose-elias-alvarez/null-ls.nvim" }
if PACKER_BOOTSTRAP then
require("packer").sync()
end
end)

46
modules/editors/neovim/lua/config/telescope.lua Normal file
View File

@ -0,0 +1,46 @@
local status_ok, telescope = pcall(require, "telescope")
if not status_ok then
return
end
local actions = require("telescope.actions")
telescope.setup({
defaults = {
file_ignore_patterns = { ".git/", "node_modules" },
},
mappings = {
i = {
["<Down>"] = actions.cycle_history_next,
["<Up>"] = actions.cycle_history_prev,
["<C-j>"] = actions.move_selection_next,
["<C-k>"] = actions.move_selection_previous,
},
},
extensions = {
repo = {
list = {
fd_opts = {
"--no-ignore-vcs",
},
search_dirs = {
"~/projects",
"~/repos",
"~/workspace",
},
},
},
},
})
telescope.load_extension("repo")
local keymap = vim.keymap.set
local opts = { noremap = true, silent = true }
keymap("n", "<Leader>ff", "<cmd>Telescope find_files<cr>", opts)
keymap("n", "<Leader>fg", "<cmd>Telescope live_grep<cr>", opts)
keymap("n", "<Leader>fb", "<cmd>Telescope buffers<cr>", opts)
keymap("n", "<Leader>fh", "<cmd>Telescope help_tags<cr>", opts)
keymap("n", "<Leader>fr", "<cmd>Telescope repo list<cr>", opts)

35
modules/editors/neovim/lua/config/treesitter.lua Normal file
View File

@ -0,0 +1,35 @@
require("nvim-treesitter.configs").setup({
ignore_install = {},
highlight = {
enable = true,
disable = {},
},
indent = { enable = true },
incremental_selection = {
enable = true,
keymaps = {
init_selection = "gnn",
node_incremental = "grn",
scope_incremental = "grc",
node_decremental = "grm",
},
},
-- Extensions
autotag = { enable = true },
context_commentstring = { enable = true },
matchup = { enable = true },
rainbow = { enable = true },
textobjects = {
select = {
enable = true,
keymaps = {
["af"] = "@function.outer",
["if"] = "@function.inner",
},
},
},
})
vim.opt.foldmethod = "expr"
vim.opt.foldexpr = "nvim_treesitter#foldexpr()"

49
modules/editors/vscode.nix Normal file
View File

@ -0,0 +1,49 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.editors.vscode;
in {
options.modules.editors.vscode = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
environment.sessionVariables.NIXOS_OZONE_WL = "1";
home.programs.vscode = {
enable = true;
extensions = with pkgs.vscode-extensions; [
asvetliakov.vscode-neovim
brettm12345.nixfmt-vscode
coolbear.systemd-unit-file
editorconfig.editorconfig
golang.go
graphql.vscode-graphql-syntax
mattn.lisp
# mkhl.direnv
ms-python.vscode-pylance
ms-vscode.cpptools
ms-vscode.hexeditor
piousdeer.adwaita-theme
# redhat.java
# sumneko.lua
];
userSettings = {
"editor.renderLineHighlight" = "none";
"extensions.experimental.affinity" = {
"asvetliakov.vscode-neovim" = 1;
};
"files.autoSave" = "off";
"window.autoDetectColorScheme" = true;
"window.commandCenter" = true;
"window.titleBarStyle" = "custom";
"workbench.iconTheme" = null;
"workbench.preferredDarkColorTheme" = "Adwaita Dark";
"workbench.preferredLightColorTheme" = "Adwaita Light";
"workbench.tree.indent" = 12;
};
};
};
}

25
modules/networking/tailscale.nix Normal file
View File

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.networking.tailscale;
in {
options.modules.networking.tailscale = {
enable = lib.mkOption {
default = false;
example = true;
};
restrictSSH = lib.mkOption {
default = true;
example = true;
};
};
config = lib.mkIf cfg.enable {
services.tailscale.enable = true;
services.openssh.openFirewall = !cfg.restrictSSH;
networking.firewall = {
checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ];
allowedUDPPorts = [ config.services.tailscale.port ];
};
};
}

13
modules/nixos/default.nix
View File

@ -1,13 +0,0 @@
{
imports = [
./hardware/presonus-studio
./podman.nix
./services/borgmatic.nix
./services/postgresql.nix
./services/tailscale.nix
./system/desktop/gnome.nix
./system/desktop/hyprland.nix
./system/desktop/mimeapps.nix
./system/wireless.nix
];
}

106
modules/nixos/hardware/presonus-studio/default.nix
View File

@ -1,106 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.modules.hardware.presonus-studio;
snd-usb-audio-module = pkgs.callPackage ./snd-usb-audio.nix {
kernel = config.boot.kernelPackages.kernel;
};
patched = snd-usb-audio-module.overrideAttrs (prev: {
patches = [ ./0001-Update-device-ID-for-PreSonus-1824c.patch ];
});
upmixConfig = {
"stream.properties" = {
"channelmix.upmix" = true;
"channelmix.upmix-method" = "psd";
};
};
in
{
options.modules.hardware.presonus-studio = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
boot.kernelModules = [ "snd-usb-audio" ];
boot.extraModulePackages = [
(patched)
];
# Workaround for mainline module loading instead of patched module
systemd.services.reload-snd-usb-audio = {
description = "Reload snd_usb_audio kernel module";
wantedBy = [ "sound.target" ];
serviceConfig.Type = "oneshot";
path = with pkgs; [
kmod
];
script = ''
# Only reload if device hasn't been initialised
if ! cat /proc/asound/card*/usbmixer | grep -q "Mute Main Out Switch"; then
rmmod snd_usb_audio
insmod /run/booted-system/kernel-modules/lib/modules/$(uname -r)/extra/snd-usb-audio.ko.xz
fi
'';
};
services.pipewire.extraConfig = {
pipewire = {
"10-network" = {
"context.modules" = [
{
"name" = "libpipewire-module-rtp-session";
"args" = {
"stream.props" = {
"node.name" = "rtp-source";
};
};
}
];
};
"surround" = {
"context.modules" = [
{
"name" = "libpipewire-module-loopback";
"args" = {
"node.description" = "Genelec 4.1 Surround";
"capture.props" = {
"node.name" = "Genelec_Speakers";
"media.class" = "Audio/Sink";
"audio.position" = [
"FL"
"FR"
"SL"
"SR"
"LFE"
];
};
"playback.props" = {
"node.name" = "playback.Genelec_Speakers";
"audio.position" = [
"AUX0"
"AUX1"
"AUX3"
"AUX4"
"AUX5"
];
"target.object" = "alsa_output.usb-PreSonus_Studio_1824c_SC4E21110775-00.multichannel-output";
"stream.dont-remix" = true;
"node.passive" = true;
};
};
}
];
};
};
pipewire-pulse."40-upmix" = upmixConfig;
client-rt."40-upmix" = upmixConfig;
};
};
}

48
modules/nixos/podman.nix
View File

@ -1,48 +0,0 @@
{
pkgs,
lib,
config,
...
}:
with lib;
let
cfg = config.modules.podman;
in
{
options.modules.podman = {
enable = mkOption {
default = false;
example = true;
description = mdDoc "Enable podman on this host";
};
};
config = mkIf cfg.enable {
virtualisation = {
podman = {
enable = true;
defaultNetwork.settings.dns_enabled = true;
autoPrune = {
enable = true;
dates = "weekly";
flags = [ "--all" ];
};
extraPackages = [ pkgs.zfs ];
};
containers.storage.settings.storage = {
driver = "zfs";
graphroot = "/var/lib/containers/storage";
runroot = "/run/containers/storage";
};
};
networking.firewall.interfaces."podman+" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
};
}

Some files were not shown because too many files have changed in this diff Show More