From 015243847225ba527f809091d0329d816197af74 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Thu, 21 Aug 2025 20:05:58 -0500 Subject: [PATCH] more cleanup --- homes/aarch64-linux/matt@pi4/default.nix | 27 +++--- homes/x86_64-linux/admin@nas/default.nix | 27 ++++-- homes/x86_64-linux/matt@desktop/default.nix | 23 +++--- modules/home/shell-aliases/default.nix | 57 +++++++++++++ modules/nixos/development/default.nix | 92 +++++++++++++++++++++ modules/nixos/monitoring/default.nix | 53 ++++++++++++ modules/nixos/raspberry-pi/default.nix | 92 +++++++++++++++++++++ systems/aarch64-linux/pi4/default.nix | 54 ++---------- systems/aarch64-linux/pi5/default.nix | 73 ++-------------- systems/x86_64-linux/nas/default.nix | 61 +++----------- systems/x86_64-linux/nuc/default.nix | 25 ------ 11 files changed, 365 insertions(+), 219 deletions(-) create mode 100644 modules/home/shell-aliases/default.nix create mode 100644 modules/nixos/development/default.nix create mode 100644 modules/nixos/monitoring/default.nix create mode 100644 modules/nixos/raspberry-pi/default.nix diff --git a/homes/aarch64-linux/matt@pi4/default.nix b/homes/aarch64-linux/matt@pi4/default.nix index a1d3834..f203cfe 100755 --- a/homes/aarch64-linux/matt@pi4/default.nix +++ b/homes/aarch64-linux/matt@pi4/default.nix @@ -1,18 +1,22 @@ { lib, ... }: -let - shellAliases = { - ll = "ls -alh"; - update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3"; - update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3"; - update-flake = "nix flake update pi4-nixpkgs pi4-home-manager pi4-impermanence pi4-sops-nix pi4-nixos-hardware pi4-nixos-raspberrypi pi4-disko --flake /etc/nixos"; - update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas"; - nas-ssh = "kitten ssh admin@10.0.1.3"; - ducks = "du -cksh * | sort -hr | head -n 15"; - }; -in { home.username = "matt"; + mjallen = { + shell-aliases = { + enable = true; + flakeInputs = [ + "pi4-nixpkgs" + "pi4-home-manager" + "pi4-impermanence" + "pi4-sops-nix" + "pi4-nixos-hardware" + "pi4-nixos-raspberrypi" + "pi4-disko" + ]; + }; + }; + sops = { age.keyFile = "/home/matt/.config/sops/age/keys.txt"; defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; @@ -50,7 +54,6 @@ in programs = { mangohud.enable = lib.mkForce true; - zsh.shellAliases = shellAliases; }; services = { diff --git a/homes/x86_64-linux/admin@nas/default.nix b/homes/x86_64-linux/admin@nas/default.nix index 39dc490..5764e0e 100755 --- a/homes/x86_64-linux/admin@nas/default.nix +++ b/homes/x86_64-linux/admin@nas/default.nix @@ -1,16 +1,27 @@ { pkgs, ... }: -let - shellAliases = { - update-boot = "sudo nixos-rebuild boot --max-jobs 10"; - update-switch = "sudo nixos-rebuild switch --max-jobs 10"; - update-flake = "nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix --flake /etc/nixos"; - }; -in { home.username = "admin"; # mjallen.home.enable = true; + mjallen = { + shell-aliases = { + enable = true; + buildHost = ""; # NAS builds locally + flakeInputs = [ + "nas-nixpkgs" + "nas-authentik-nix" + "nas-cosmic" + "nas-crowdsec" + "nas-home-manager" + "nas-impermanence" + "nas-lanzaboote" + "nas-nixos-hardware" + "nas-sops-nix" + ]; + }; + }; + sops = { age.keyFile = "/home/admin/.config/sops/age/keys.txt"; defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; @@ -60,8 +71,6 @@ in } ]; }; - - zsh.shellAliases = shellAliases; }; # services.nixai = { diff --git a/homes/x86_64-linux/matt@desktop/default.nix b/homes/x86_64-linux/matt@desktop/default.nix index 6d5ed76..ee65782 100755 --- a/homes/x86_64-linux/matt@desktop/default.nix +++ b/homes/x86_64-linux/matt@desktop/default.nix @@ -1,12 +1,4 @@ { pkgs, ... }: -let - shellAliases = { - update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3"; - update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3"; - update-flake = "nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager --flake /etc/nixos"; - update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas"; - }; -in { home.username = "matt"; @@ -14,6 +6,19 @@ in sops = { enable = true; }; + shell-aliases = { + enable = true; + flakeInputs = [ + "desktop-nixpkgs" + "desktop-chaotic" + "desktop-home-manager" + "desktop-impermanence" + "desktop-lanzaboote" + "desktop-nixos-hardware" + "desktop-sops-nix" + "desktop-steam-rom-manager" + ]; + }; }; services = { @@ -25,8 +30,6 @@ in programs = { password-store.enable = true; - - zsh.shellAliases = shellAliases; }; home.packages = with pkgs; [ diff --git a/modules/home/shell-aliases/default.nix b/modules/home/shell-aliases/default.nix new file mode 100644 index 0000000..8d51a92 --- /dev/null +++ b/modules/home/shell-aliases/default.nix @@ -0,0 +1,57 @@ +{ + config, + lib, + ... +}: +let + cfg = config.mjallen.shell-aliases; +in +{ + options.mjallen.shell-aliases = { + enable = lib.mkEnableOption "Common shell aliases"; + + buildHost = lib.mkOption { + type = lib.types.str; + default = "admin@10.0.1.3"; + description = "Build host for nixos-rebuild commands"; + }; + + flakeInputs = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = "List of flake inputs to update"; + }; + + extraAliases = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { }; + description = "Additional host-specific aliases"; + }; + }; + + config = lib.mkIf cfg.enable { + programs.zsh.shellAliases = { + # Common file operations + ll = "ls -alh"; + ducks = "du -cksh * | sort -hr | head -n 15"; + + # NixOS rebuild commands + update-boot = + "sudo nixos-rebuild boot --max-jobs 10" + + lib.optionalString (cfg.buildHost != "") " --build-host ${cfg.buildHost}"; + update-switch = + "sudo nixos-rebuild switch --max-jobs 10" + + lib.optionalString (cfg.buildHost != "") " --build-host ${cfg.buildHost}"; + + # Flake update command + update-flake = lib.mkIf ( + cfg.flakeInputs != [ ] + ) "nix flake update ${lib.concatStringsSep " " cfg.flakeInputs} --flake /etc/nixos"; + + # NAS management + update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas"; + nas-ssh = "kitten ssh admin@10.0.1.3"; + } + // cfg.extraAliases; + }; +} diff --git a/modules/nixos/development/default.nix b/modules/nixos/development/default.nix new file mode 100644 index 0000000..dbd418b --- /dev/null +++ b/modules/nixos/development/default.nix @@ -0,0 +1,92 @@ +{ + config, + lib, + pkgs, + namespace, + ... +}: +let + cfg = config.${namespace}.development; +in +{ + options.${namespace}.development = { + enable = lib.mkEnableOption "Common development tools and packages"; + + includeLanguages = lib.mkOption { + type = lib.types.listOf ( + lib.types.enum [ + "python" + "c" + "rust" + "nodejs" + ] + ); + default = [ + "python" + "c" + ]; + description = "Programming languages to include tools for"; + }; + + includeContainers = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Include container development tools"; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = + with pkgs; + [ + # Version control + git + + # Build tools + cmake + ninja + binutils + + # System utilities + jq + + # Text processing + + ] + ++ lib.optionals (builtins.elem "python" cfg.includeLanguages) [ + python3 + python3Packages.pip + ] + ++ lib.optionals (builtins.elem "c" cfg.includeLanguages) [ + gcc + gdb + ] + ++ lib.optionals (builtins.elem "rust" cfg.includeLanguages) [ + rustc + cargo + ] + ++ lib.optionals (builtins.elem "nodejs" cfg.includeLanguages) [ + nodejs + npm + ] + ++ lib.optionals cfg.includeContainers [ + docker-compose + podman-compose + ]; + + # Enable container support if requested + virtualisation.podman = lib.mkIf cfg.includeContainers { + enable = true; + dockerCompat = true; + autoPrune.enable = true; + defaultNetwork.settings = { + dns_enabled = true; + }; + }; + + # Common development programs + programs = { + nix-ld.enable = lib.mkDefault true; + }; + }; +} diff --git a/modules/nixos/monitoring/default.nix b/modules/nixos/monitoring/default.nix new file mode 100644 index 0000000..ce48395 --- /dev/null +++ b/modules/nixos/monitoring/default.nix @@ -0,0 +1,53 @@ +{ + config, + lib, + pkgs, + namespace, + ... +}: +let + cfg = config.${namespace}.monitoring; +in +{ + options.${namespace}.monitoring = { + enable = lib.mkEnableOption "Common monitoring and system tools"; + + includeNetworkTools = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Include network monitoring tools"; + }; + + includePerformanceTools = lib.mkOption { + type = lib.types.bool; + default = true; + description = "Include performance monitoring tools"; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = + with pkgs; + [ + # Basic system monitoring + htop + + ] + ++ lib.optionals cfg.includePerformanceTools [ + glances + nmon + iotop + + ] + ++ lib.optionals cfg.includeNetworkTools [ + speedtest-cli + iftop + nethogs + tcpdump + wireshark-cli + ]; + + # Enable common system services for monitoring + programs.screen.enable = lib.mkDefault true; + }; +} diff --git a/modules/nixos/raspberry-pi/default.nix b/modules/nixos/raspberry-pi/default.nix new file mode 100644 index 0000000..fe1110c --- /dev/null +++ b/modules/nixos/raspberry-pi/default.nix @@ -0,0 +1,92 @@ +{ + config, + lib, + pkgs, + namespace, + ... +}: +let + cfg = config.${namespace}.hardware.raspberry-pi; +in +{ + options.${namespace}.hardware.raspberry-pi = { + enable = lib.mkEnableOption "Raspberry Pi common configuration"; + + variant = lib.mkOption { + type = lib.types.enum [ + "4" + "5" + ]; + description = "Raspberry Pi variant (4 or 5)"; + }; + }; + + config = lib.mkIf cfg.enable { + # Common Raspberry Pi packages + environment.systemPackages = + with pkgs; + [ + libraspberrypi + raspberrypi-eeprom + raspberrypifw + raspberrypiWirelessFirmware + raspberrypi-armstubs + ] + ++ lib.optionals (cfg.variant == "4") [ + i2c-tools + ] + ++ lib.optionals (cfg.variant == "5") [ + erofs-utils + fex + squashfuse + squashfsTools + ]; + + # Common nixpkgs overlays for Raspberry Pi + nixpkgs.overlays = lib.mkAfter [ + (_self: super: { + # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least + # enableRedistributableFirmware is enabled + inherit (super) raspberrypiWirelessFirmware; + # Some derivations want to use it as an input, + # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules + inherit (super) raspberrypifw; + }) + ]; + + # Common Bluetooth configuration + systemd.services.btattach = { + before = [ "bluetooth.service" ]; + after = [ "dev-ttyAMA0.device" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000"; + }; + }; + + # Common hardware settings + hardware.i2c.enable = lib.mkIf (cfg.variant == "4") true; + + # Pi 5 specific settings + hardware.graphics.enable32Bit = lib.mkIf (cfg.variant == "5") (lib.mkForce false); + zramSwap.enable = lib.mkIf (cfg.variant == "5") true; + + # Pi 5 specific system tags + system.nixos.tags = lib.mkIf (cfg.variant == "5") ( + let + bootCfg = config.boot.loader.raspberry-pi; + in + [ + "raspberry-pi-${bootCfg.variant}" + bootCfg.bootloader + config.boot.kernelPackages.kernel.version + ] + ); + + # Common programs + programs.kdeconnect.enable = lib.mkDefault false; + + # Root user shell configuration + users.users.root.shell = pkgs.zsh; + }; +} diff --git a/systems/aarch64-linux/pi4/default.nix b/systems/aarch64-linux/pi4/default.nix index 2c57ce0..e852dc0 100755 --- a/systems/aarch64-linux/pi4/default.nix +++ b/systems/aarch64-linux/pi4/default.nix @@ -3,14 +3,9 @@ # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { - lib, - pkgs, namespace, ... }: -let - kernelBundle = pkgs.linuxAndFirmware.latest; -in { imports = [ ./adguard.nix @@ -20,7 +15,13 @@ in ]; ${namespace} = { - hardware.disko.enable = true; + hardware = { + disko.enable = true; + raspberry-pi = { + enable = true; + variant = "4"; + }; + }; user = { name = "matt"; password = "BogieDudie1"; @@ -51,50 +52,9 @@ in }; }; - # Configure nixpkgs - nixpkgs = { - overlays = lib.mkAfter [ - (_self: _super: { - # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least - # enableRedistributableFirmware is enabled - # I know no easier way to override this package - inherit (kernelBundle) raspberrypiWirelessFirmware; - # Some derivations want to use it as an input, - # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules - inherit (kernelBundle) raspberrypifw; - }) - ]; - }; - hardware.i2c.enable = true; - - systemd.services.btattach = { - before = [ "bluetooth.service" ]; - after = [ "dev-ttyAMA0.device" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000"; - }; - }; - - environment = { - systemPackages = with pkgs; [ - i2c-tools - libraspberrypi - raspberrypi-eeprom - raspberrypifw - raspberrypiWirelessFirmware - raspberrypi-armstubs - ]; - }; - # Root user configuration - explicit to avoid conflicts with home-manager users.users.root = { isSystemUser = true; isNormalUser = false; - shell = pkgs.zsh; - }; - - programs = { - kdeconnect.enable = false; }; } diff --git a/systems/aarch64-linux/pi5/default.nix b/systems/aarch64-linux/pi5/default.nix index 89fb7d9..6b4b096 100644 --- a/systems/aarch64-linux/pi5/default.nix +++ b/systems/aarch64-linux/pi5/default.nix @@ -3,15 +3,9 @@ # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { - config, - lib, - pkgs, namespace, ... }: -let - kernelBundle = pkgs.linuxAndFirmware.latest; -in { imports = [ ./boot.nix @@ -21,7 +15,13 @@ in ]; ${namespace} = { - hardware.disko.enable = true; + hardware = { + disko.enable = true; + raspberry-pi = { + enable = true; + variant = "5"; + }; + }; desktop.hyprland.enable = false; user = { name = "matt"; @@ -46,63 +46,4 @@ in }; }; }; - - # Configure nixpkgs - nixpkgs = { - overlays = lib.mkAfter [ - (_self: _super: { - # This is used in (modulesPath + "/hardware/all-firmware.nix") when at least - # enableRedistributableFirmware is enabled - # I know no easier way to override this package - inherit (kernelBundle) raspberrypiWirelessFirmware; - # Some derivations want to use it as an input, - # e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules - inherit (kernelBundle) raspberrypifw; - }) - ]; - }; - - system.nixos.tags = - let - cfg = config.boot.loader.raspberry-pi; - in - [ - "raspberry-pi-${cfg.variant}" - cfg.bootloader - config.boot.kernelPackages.kernel.version - ]; - - systemd.services.btattach = { - before = [ "bluetooth.service" ]; - after = [ "dev-ttyAMA0.device" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000"; - }; - }; - - environment = { - systemPackages = with pkgs; [ - erofs-utils - fex - libraspberrypi - raspberrypi-eeprom - raspberrypifw - raspberrypiWirelessFirmware - raspberrypi-armstubs - squashfuse - squashfsTools - ]; - }; - - hardware.graphics.enable32Bit = lib.mkForce false; - - # Root user configuration - users.users.root.shell = pkgs.zsh; - - programs = { - kdeconnect.enable = false; - }; - - zramSwap.enable = true; } diff --git a/systems/x86_64-linux/nas/default.nix b/systems/x86_64-linux/nas/default.nix index 1cfaf33..1918095 100755 --- a/systems/x86_64-linux/nas/default.nix +++ b/systems/x86_64-linux/nas/default.nix @@ -5,7 +5,6 @@ { config, pkgs, - lib, namespace, ... }: @@ -32,6 +31,15 @@ ${namespace} = { bootloader.lanzaboote.enable = true; desktop.cosmic.enable = false; + development = { + enable = true; + includeLanguages = [ + "python" + "c" + ]; + includeContainers = true; + }; + monitoring.enable = true; hardware.nvidia = { enable = true; enableBeta = true; @@ -126,34 +134,25 @@ systemPackages = with pkgs; [ attic-client bcachefs-tools - binutils cryptsetup clevis - cmake deconz duperemove efibootmgr ffmpeg - gcc - glances ipset - jq llama-cpp - ninja # inputs.nas-nixai.packages.x86_64-linux.nixai networkmanagerapplet - nmon nut packagekit pass protonmail-bridge protonvpn-cli - python3 python3Packages.llama-cpp-python qrencode rcon sbctl - speedtest-cli tigervnc tpm2-tools tpm2-tss @@ -163,8 +162,6 @@ # Configure programs programs = { virt-manager.enable = true; - nix-ld.enable = true; - screen.enable = true; coolercontrol = { enable = true; nvidiaSupport = true; @@ -213,42 +210,6 @@ ''; }; - # Virtualisation - virtualisation = { - podman = { - enable = true; - dockerCompat = true; - autoPrune.enable = true; - defaultNetwork.settings = { - dns_enabled = true; - }; - }; - - libvirtd.enable = true; - }; - - # Enable nix flakes and nix-command tools - nix = { - settings = { - substituters = [ - "https://nix-community.cachix.org" - "https://cache.nixos.org/" - ]; - trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - warn-dirty = lib.mkForce false; - experimental-features = lib.mkForce [ - "nix-command" - "flakes" - ]; - trusted-users = [ "@wheel" ]; - }; - - # Garbage collect automatically every week - gc.automatic = lib.mkDefault true; - gc.options = lib.mkDefault "--delete-older-than 30d"; - - optimise.automatic = lib.mkDefault true; - }; + # Additional virtualization beyond what's in development module + virtualisation.libvirtd.enable = true; } diff --git a/systems/x86_64-linux/nuc/default.nix b/systems/x86_64-linux/nuc/default.nix index b380706..b6b6f2f 100644 --- a/systems/x86_64-linux/nuc/default.nix +++ b/systems/x86_64-linux/nuc/default.nix @@ -1,5 +1,4 @@ { - lib, namespace, ... }: @@ -49,28 +48,4 @@ }; }; - # Enable nix flakes and nix-command tools - nix = { - settings = { - substituters = [ - "https://nix-community.cachix.org" - "https://cache.nixos.org/" - ]; - trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - warn-dirty = lib.mkForce false; - experimental-features = lib.mkForce [ - "nix-command" - "flakes" - ]; - trusted-users = [ "@wheel" ]; - }; - - # Garbage collect automatically every week - gc.automatic = lib.mkDefault true; - gc.options = lib.mkDefault "--delete-older-than 30d"; - - optimise.automatic = lib.mkDefault true; - }; }