mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

more cleanup

Browse Source
This commit is contained in:
mjallen18
2025-08-21 20:05:58 -05:00
parent f9b07deb19
commit 0152438472
11 changed files with 365 additions and 219 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
homes/aarch64-linux/matt@pi4/default.nix
View File

@@ -1,18 +1,22 @@
{ lib, ... }: { lib, ... }:
let
shellAliases = {
ll = "ls -alh";
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
update-flake = "nix flake update pi4-nixpkgs pi4-home-manager pi4-impermanence pi4-sops-nix pi4-nixos-hardware pi4-nixos-raspberrypi pi4-disko --flake /etc/nixos";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
nas-ssh = "kitten ssh admin@10.0.1.3";
ducks = "du -cksh * | sort -hr | head -n 15";
};
in
{ {
home.username = "matt"; home.username = "matt";
mjallen = {
shell-aliases = {
enable = true;
flakeInputs = [
"pi4-nixpkgs"
"pi4-home-manager"
"pi4-impermanence"
"pi4-sops-nix"
"pi4-nixos-hardware"
"pi4-nixos-raspberrypi"
"pi4-disko"
];
};
};
sops = { sops = {
age.keyFile = "/home/matt/.config/sops/age/keys.txt"; age.keyFile = "/home/matt/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
@@ -50,7 +54,6 @@ in
programs = { programs = {
mangohud.enable = lib.mkForce true; mangohud.enable = lib.mkForce true;
zsh.shellAliases = shellAliases;
}; };
services = { services = {

27
homes/x86_64-linux/admin@nas/default.nix
View File

@@ -1,16 +1,27 @@
{ pkgs, ... }: { pkgs, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10";
update-switch = "sudo nixos-rebuild switch --max-jobs 10";
update-flake = "nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix --flake /etc/nixos";
};
in
{ {
home.username = "admin"; home.username = "admin";
# mjallen.home.enable = true; # mjallen.home.enable = true;
mjallen = {
shell-aliases = {
enable = true;
buildHost = ""; # NAS builds locally
flakeInputs = [
"nas-nixpkgs"
"nas-authentik-nix"
"nas-cosmic"
"nas-crowdsec"
"nas-home-manager"
"nas-impermanence"
"nas-lanzaboote"
"nas-nixos-hardware"
"nas-sops-nix"
];
};
};
sops = { sops = {
age.keyFile = "/home/admin/.config/sops/age/keys.txt"; age.keyFile = "/home/admin/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
@@ -60,8 +71,6 @@ in
} }
]; ];
}; };
zsh.shellAliases = shellAliases;
}; };
# services.nixai = { # services.nixai = {

23
homes/x86_64-linux/matt@desktop/default.nix
View File

@@ -1,12 +1,4 @@
{ pkgs, ... }: { pkgs, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
update-flake = "nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager --flake /etc/nixos";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
};
in
{ {
home.username = "matt"; home.username = "matt";
@@ -14,6 +6,19 @@ in
sops = { sops = {
enable = true; enable = true;
}; };
shell-aliases = {
enable = true;
flakeInputs = [
"desktop-nixpkgs"
"desktop-chaotic"
"desktop-home-manager"
"desktop-impermanence"
"desktop-lanzaboote"
"desktop-nixos-hardware"
"desktop-sops-nix"
"desktop-steam-rom-manager"
];
};
}; };
services = { services = {
@@ -25,8 +30,6 @@ in
programs = { programs = {
password-store.enable = true; password-store.enable = true;
zsh.shellAliases = shellAliases;
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [

57
modules/home/shell-aliases/default.nix Normal file
View File

@@ -0,0 +1,57 @@
{
config,
lib,
...
}:
let
cfg = config.mjallen.shell-aliases;
in
{
options.mjallen.shell-aliases = {
enable = lib.mkEnableOption "Common shell aliases";
buildHost = lib.mkOption {
type = lib.types.str;
default = "admin@10.0.1.3";
description = "Build host for nixos-rebuild commands";
};
flakeInputs = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "List of flake inputs to update";
};
extraAliases = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = { };
description = "Additional host-specific aliases";
};
};
config = lib.mkIf cfg.enable {
programs.zsh.shellAliases = {
# Common file operations
ll = "ls -alh";
ducks = "du -cksh * | sort -hr | head -n 15";
# NixOS rebuild commands
update-boot =
"sudo nixos-rebuild boot --max-jobs 10"
+ lib.optionalString (cfg.buildHost != "") " --build-host ${cfg.buildHost}";
update-switch =
"sudo nixos-rebuild switch --max-jobs 10"
+ lib.optionalString (cfg.buildHost != "") " --build-host ${cfg.buildHost}";
# Flake update command
update-flake = lib.mkIf (
cfg.flakeInputs != [ ]
) "nix flake update ${lib.concatStringsSep " " cfg.flakeInputs} --flake /etc/nixos";
# NAS management
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
nas-ssh = "kitten ssh admin@10.0.1.3";
}
// cfg.extraAliases;
};
}

92
modules/nixos/development/default.nix Normal file
View File

@@ -0,0 +1,92 @@
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.development;
in
{
options.${namespace}.development = {
enable = lib.mkEnableOption "Common development tools and packages";
includeLanguages = lib.mkOption {
type = lib.types.listOf (
lib.types.enum [
"python"
"c"
"rust"
"nodejs"
]
);
default = [
"python"
"c"
];
description = "Programming languages to include tools for";
};
includeContainers = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Include container development tools";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages =
with pkgs;
[
# Version control
git
# Build tools
cmake
ninja
binutils
# System utilities
jq
# Text processing
]
++ lib.optionals (builtins.elem "python" cfg.includeLanguages) [
python3
python3Packages.pip
]
++ lib.optionals (builtins.elem "c" cfg.includeLanguages) [
gcc
gdb
]
++ lib.optionals (builtins.elem "rust" cfg.includeLanguages) [
rustc
cargo
]
++ lib.optionals (builtins.elem "nodejs" cfg.includeLanguages) [
nodejs
npm
]
++ lib.optionals cfg.includeContainers [
docker-compose
podman-compose
];
# Enable container support if requested
virtualisation.podman = lib.mkIf cfg.includeContainers {
enable = true;
dockerCompat = true;
autoPrune.enable = true;
defaultNetwork.settings = {
dns_enabled = true;
};
};
# Common development programs
programs = {
nix-ld.enable = lib.mkDefault true;
};
};
}

53
modules/nixos/monitoring/default.nix Normal file
View File

@@ -0,0 +1,53 @@
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.monitoring;
in
{
options.${namespace}.monitoring = {
enable = lib.mkEnableOption "Common monitoring and system tools";
includeNetworkTools = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Include network monitoring tools";
};
includePerformanceTools = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Include performance monitoring tools";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages =
with pkgs;
[
# Basic system monitoring
htop
]
++ lib.optionals cfg.includePerformanceTools [
glances
nmon
iotop
]
++ lib.optionals cfg.includeNetworkTools [
speedtest-cli
iftop
nethogs
tcpdump
wireshark-cli
];
# Enable common system services for monitoring
programs.screen.enable = lib.mkDefault true;
};
}

92
modules/nixos/raspberry-pi/default.nix Normal file
View File

@@ -0,0 +1,92 @@
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.hardware.raspberry-pi;
in
{
options.${namespace}.hardware.raspberry-pi = {
enable = lib.mkEnableOption "Raspberry Pi common configuration";
variant = lib.mkOption {
type = lib.types.enum [
"4"
"5"
];
description = "Raspberry Pi variant (4 or 5)";
};
};
config = lib.mkIf cfg.enable {
# Common Raspberry Pi packages
environment.systemPackages =
with pkgs;
[
libraspberrypi
raspberrypi-eeprom
raspberrypifw
raspberrypiWirelessFirmware
raspberrypi-armstubs
]
++ lib.optionals (cfg.variant == "4") [
i2c-tools
]
++ lib.optionals (cfg.variant == "5") [
erofs-utils
fex
squashfuse
squashfsTools
];
# Common nixpkgs overlays for Raspberry Pi
nixpkgs.overlays = lib.mkAfter [
(_self: super: {
# This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
# enableRedistributableFirmware is enabled
inherit (super) raspberrypiWirelessFirmware;
# Some derivations want to use it as an input,
# e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
inherit (super) raspberrypifw;
})
];
# Common Bluetooth configuration
systemd.services.btattach = {
before = [ "bluetooth.service" ];
after = [ "dev-ttyAMA0.device" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
};
};
# Common hardware settings
hardware.i2c.enable = lib.mkIf (cfg.variant == "4") true;
# Pi 5 specific settings
hardware.graphics.enable32Bit = lib.mkIf (cfg.variant == "5") (lib.mkForce false);
zramSwap.enable = lib.mkIf (cfg.variant == "5") true;
# Pi 5 specific system tags
system.nixos.tags = lib.mkIf (cfg.variant == "5") (
let
bootCfg = config.boot.loader.raspberry-pi;
in
[
"raspberry-pi-${bootCfg.variant}"
bootCfg.bootloader
config.boot.kernelPackages.kernel.version
]
);
# Common programs
programs.kdeconnect.enable = lib.mkDefault false;
# Root user shell configuration
users.users.root.shell = pkgs.zsh;
};
}

54
systems/aarch64-linux/pi4/default.nix
View File

@@ -3,14 +3,9 @@
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ {
lib,
pkgs,
namespace, namespace,
... ...
}: }:
let
kernelBundle = pkgs.linuxAndFirmware.latest;
in
{ {
imports = [ imports = [
./adguard.nix ./adguard.nix
@@ -20,7 +15,13 @@ in
]; ];
${namespace} = { ${namespace} = {
hardware.disko.enable = true; hardware = {
disko.enable = true;
raspberry-pi = {
enable = true;
variant = "4";
};
};
user = { user = {
name = "matt"; name = "matt";
password = "BogieDudie1"; password = "BogieDudie1";
@@ -51,50 +52,9 @@ in
}; };
}; };
# Configure nixpkgs
nixpkgs = {
overlays = lib.mkAfter [
(_self: _super: {
# This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
# enableRedistributableFirmware is enabled
# I know no easier way to override this package
inherit (kernelBundle) raspberrypiWirelessFirmware;
# Some derivations want to use it as an input,
# e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
inherit (kernelBundle) raspberrypifw;
})
];
};
hardware.i2c.enable = true;
systemd.services.btattach = {
before = [ "bluetooth.service" ];
after = [ "dev-ttyAMA0.device" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
};
};
environment = {
systemPackages = with pkgs; [
i2c-tools
libraspberrypi
raspberrypi-eeprom
raspberrypifw
raspberrypiWirelessFirmware
raspberrypi-armstubs
];
};
# Root user configuration - explicit to avoid conflicts with home-manager # Root user configuration - explicit to avoid conflicts with home-manager
users.users.root = { users.users.root = {
isSystemUser = true; isSystemUser = true;
isNormalUser = false; isNormalUser = false;
shell = pkgs.zsh;
};
programs = {
kdeconnect.enable = false;
}; };
} }

73
systems/aarch64-linux/pi5/default.nix
View File

@@ -3,15 +3,9 @@
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ {
config,
lib,
pkgs,
namespace, namespace,
... ...
}: }:
let
kernelBundle = pkgs.linuxAndFirmware.latest;
in
{ {
imports = [ imports = [
./boot.nix ./boot.nix
@@ -21,7 +15,13 @@ in
]; ];
${namespace} = { ${namespace} = {
hardware.disko.enable = true; hardware = {
disko.enable = true;
raspberry-pi = {
enable = true;
variant = "5";
};
};
desktop.hyprland.enable = false; desktop.hyprland.enable = false;
user = { user = {
name = "matt"; name = "matt";
@@ -46,63 +46,4 @@ in
}; };
}; };
}; };
# Configure nixpkgs
nixpkgs = {
overlays = lib.mkAfter [
(_self: _super: {
# This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
# enableRedistributableFirmware is enabled
# I know no easier way to override this package
inherit (kernelBundle) raspberrypiWirelessFirmware;
# Some derivations want to use it as an input,
# e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
inherit (kernelBundle) raspberrypifw;
})
];
};
system.nixos.tags =
let
cfg = config.boot.loader.raspberry-pi;
in
[
"raspberry-pi-${cfg.variant}"
cfg.bootloader
config.boot.kernelPackages.kernel.version
];
systemd.services.btattach = {
before = [ "bluetooth.service" ];
after = [ "dev-ttyAMA0.device" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
};
};
environment = {
systemPackages = with pkgs; [
erofs-utils
fex
libraspberrypi
raspberrypi-eeprom
raspberrypifw
raspberrypiWirelessFirmware
raspberrypi-armstubs
squashfuse
squashfsTools
];
};
hardware.graphics.enable32Bit = lib.mkForce false;
# Root user configuration
users.users.root.shell = pkgs.zsh;
programs = {
kdeconnect.enable = false;
};
zramSwap.enable = true;
} }

61
systems/x86_64-linux/nas/default.nix
View File

@@ -5,7 +5,6 @@
{ {
config, config,
pkgs, pkgs,
lib,
namespace, namespace,
... ...
}: }:
@@ -32,6 +31,15 @@
${namespace} = { ${namespace} = {
bootloader.lanzaboote.enable = true; bootloader.lanzaboote.enable = true;
desktop.cosmic.enable = false; desktop.cosmic.enable = false;
development = {
enable = true;
includeLanguages = [
"python"
"c"
];
includeContainers = true;
};
monitoring.enable = true;
hardware.nvidia = { hardware.nvidia = {
enable = true; enable = true;
enableBeta = true; enableBeta = true;
@@ -126,34 +134,25 @@
systemPackages = with pkgs; [ systemPackages = with pkgs; [
attic-client attic-client
bcachefs-tools bcachefs-tools
binutils
cryptsetup cryptsetup
clevis clevis
cmake
deconz deconz
duperemove duperemove
efibootmgr efibootmgr
ffmpeg ffmpeg
gcc
glances
ipset ipset
jq
llama-cpp llama-cpp
ninja
# inputs.nas-nixai.packages.x86_64-linux.nixai # inputs.nas-nixai.packages.x86_64-linux.nixai
networkmanagerapplet networkmanagerapplet
nmon
nut nut
packagekit packagekit
pass pass
protonmail-bridge protonmail-bridge
protonvpn-cli protonvpn-cli
python3
python3Packages.llama-cpp-python python3Packages.llama-cpp-python
qrencode qrencode
rcon rcon
sbctl sbctl
speedtest-cli
tigervnc tigervnc
tpm2-tools tpm2-tools
tpm2-tss tpm2-tss
@@ -163,8 +162,6 @@
# Configure programs # Configure programs
programs = { programs = {
virt-manager.enable = true; virt-manager.enable = true;
nix-ld.enable = true;
screen.enable = true;
coolercontrol = { coolercontrol = {
enable = true; enable = true;
nvidiaSupport = true; nvidiaSupport = true;
@@ -213,42 +210,6 @@
''; '';
}; };
# Virtualisation # Additional virtualization beyond what's in development module
virtualisation = { virtualisation.libvirtd.enable = true;
podman = {
enable = true;
dockerCompat = true;
autoPrune.enable = true;
defaultNetwork.settings = {
dns_enabled = true;
};
};
libvirtd.enable = true;
};
# Enable nix flakes and nix-command tools
nix = {
settings = {
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
warn-dirty = lib.mkForce false;
experimental-features = lib.mkForce [
"nix-command"
"flakes"
];
trusted-users = [ "@wheel" ];
};
# Garbage collect automatically every week
gc.automatic = lib.mkDefault true;
gc.options = lib.mkDefault "--delete-older-than 30d";
optimise.automatic = lib.mkDefault true;
};
} }

25
systems/x86_64-linux/nuc/default.nix
View File

@@ -1,5 +1,4 @@
{ {
lib,
namespace, namespace,
... ...
}: }:
@@ -49,28 +48,4 @@
}; };
}; };
# Enable nix flakes and nix-command tools
nix = {
settings = {
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
warn-dirty = lib.mkForce false;
experimental-features = lib.mkForce [
"nix-command"
"flakes"
];
trusted-users = [ "@wheel" ];
};
# Garbage collect automatically every week
gc.automatic = lib.mkDefault true;
gc.options = lib.mkDefault "--delete-older-than 30d";
optimise.automatic = lib.mkDefault true;
};
} }