mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

idk man

Browse Source
This commit is contained in:
mjallen18
2025-06-09 09:43:37 -05:00
parent 85d98ab453
commit 0f18c97b0c
5 changed files with 295 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
hosts/deck/configuration.nix
View File

@@ -22,7 +22,18 @@
trusted-public-keys = [ trusted-public-keys = [
"cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc=" "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
]; ];
builders-use-substitutes = true;
}; };
distributedBuilds = true;
buildMachines = [
{
hostName = "jalle-nas.local";
system = "x86_64-linux";
maxJobs = 10;
sshUser = "admin";
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
}
];
}; };
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.

2
hosts/nas/apps/traefik/default.nix
View File

@@ -372,7 +372,7 @@ in
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`cache.${domain}`)"; rule = "Host(`cache.${domain}`)";
service = "cache"; service = "cache";
middlewares = [ "crowdsec" "whitelist-geoblock" "authentik" ]; middlewares = [ "crowdsec" "whitelist-geoblock" ];
priority = 10; priority = 10;
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };

398
hosts/nas/nix-serve.nix
View File

@@ -14,126 +14,288 @@ in
}; };
# Improved systemd service with better error handling # Improved systemd service with better error handling
systemd.services.nix-rebuild-cache = { systemd = {
enable = true; services = {
description = "Rebuild all NixOS configurations for cache"; nix-rebuild-cache-desktop = {
serviceConfig = { enable = true;
Type = "oneshot"; description = "Rebuild desktop NixOS configurations for cache";
User = "admin"; serviceConfig = {
Group = "jallen-nas"; Type = "oneshot";
WorkingDirectory = "/etc/nixos"; User = "admin";
StandardOutput = "journal+console"; Group = "jallen-nas";
StandardError = "journal+console"; WorkingDirectory = "/etc/nixos";
Restart = "no"; StandardOutput = "journal+console";
# Increase timeout for large builds StandardError = "journal+console";
TimeoutStartSec = "2h"; Restart = "no";
# Increase timeout for large builds
TimeoutStartSec = "2h";
};
path = with pkgs; [
nix
git
uutils-coreutils
gnugrep
gnused
openssh
];
script = ''
#!/usr/bin/env bash
# Pull latest changes if in a git repo
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
fi
echo "Starting build of matt-nixos at $(date)"
if nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager nixpkgs-unstable nixpkgs-stable nix-darwin; then
echo "matt-nixos flake updated successfully at $(date)"
else
echo "matt-nixos failed to build at $(date)"
fi
if nix build .\#nixosConfigurations.matt-nixos.config.system.build.toplevel --no-link; then
echo "matt-nixos built successfully at $(date)"
git add .
git commit -m "Desktop Updates $(date)"
else
echo "matt-nixos failed to build at $(date)"
git reset --hard
fi
'';
};
nix-rebuild-cache-steamdeck = {
enable = true;
description = "Rebuild steamdeck NixOS configurations for cache";
serviceConfig = {
Type = "oneshot";
User = "admin";
Group = "jallen-nas";
WorkingDirectory = "/etc/nixos";
StandardOutput = "journal+console";
StandardError = "journal+console";
Restart = "no";
# Increase timeout for large builds
TimeoutStartSec = "2h";
};
path = with pkgs; [
nix
git
uutils-coreutils
gnugrep
gnused
openssh
];
script = ''
#!/usr/bin/env bash
# Pull latest changes if in a git repo
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
fi
echo "Starting build of steamdeck at $(date)"
if nix flake update steamdeck-nixpkgs steamdeck-chaotic steamdeck-home-manager steamdeck-impermanence steamdeck-jovian steamdeck-lanzaboote steamdeck-nixos-hardware steamdeck-sops-nix steamdeck-steam-rom-manager; then
echo "steamdeck flake updated successfully at $(date)"
else
echo "steamdeck flake failed to update at $(date)"
git reset --hard
fi
if nix build .\#nixosConfigurations.steamdeck.config.system.build.toplevel --no-link; then
echo "steamdeck built successfully at $(date)"
git add .
git commit -m "Steamdeck Updates $(date)"
else
echo "steamdeck failed to build at $(date)"
git reset --hard
fi
'';
};
nix-rebuild-cache-pi4 = {
enable = true;
description = "Rebuild pi4 NixOS configurations for cache";
serviceConfig = {
Type = "oneshot";
User = "admin";
Group = "jallen-nas";
WorkingDirectory = "/etc/nixos";
StandardOutput = "journal+console";
StandardError = "journal+console";
Restart = "no";
# Increase timeout for large builds
TimeoutStartSec = "2h";
};
path = with pkgs; [
nix
git
uutils-coreutils
gnugrep
gnused
openssh
];
script = ''
#!/usr/bin/env bash
# Pull latest changes if in a git repo
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
fi
echo "Starting build of pi4 at $(date)"
if nix flake update pi4-nixpkgs pi4-home-manager pi4-impermanence pi4-sops-nix pi4-nixos-hardware pi4-nixos-raspberrypi pi4-disko; then
echo "pi4 flake updated successfully at $(date)"
else
echo "pif flake failed to update at $(date)"
fi
if nix build .\#nixosConfigurations.pi4.config.system.build.toplevel --no-link --impure; then
echo "pi4 built successfully at $(date)"
git add .
git commit -m "Pi4 Updates $(date)"
else
echo "pi4 failed to build at $(date)"
git reset --hard
fi
'';
};
nix-rebuild-cache-pi5 = {
enable = true;
description = "Rebuild pi5 NixOS configurations for cache";
serviceConfig = {
Type = "oneshot";
User = "admin";
Group = "jallen-nas";
WorkingDirectory = "/etc/nixos";
StandardOutput = "journal+console";
StandardError = "journal+console";
Restart = "no";
# Increase timeout for large builds
TimeoutStartSec = "2h";
};
path = with pkgs; [
nix
git
uutils-coreutils
gnugrep
gnused
openssh
];
script = ''
#!/usr/bin/env bash
# Pull latest changes if in a git repo
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
fi
echo "Starting build of pi5 at $(date)"
if nix flake update pi5-nixpkgs pi5-home-manager pi5-impermanence pi5-nixos-hardware pi5-sops-nix nixos-raspberrypi; then
echo "pi5 flake updated successfully at $(date)"
else
echo "pi5 flake failed to update at $(date)"
fi
if nix build .\#nixosConfigurations.pi5.config.system.build.toplevel --no-link; then
echo "pi5 built successfully at $(date)"
git add .
git commit -m "Pi5 Updates $(date)"
else
echo "pi5 failed to build at $(date)"
git reset --hard
fi
'';
};
nix-rebuild-cache-nas = {
enable = true;
description = "Rebuild nas NixOS configurations for cache";
serviceConfig = {
Type = "oneshot";
User = "admin";
Group = "jallen-nas";
WorkingDirectory = "/etc/nixos";
StandardOutput = "journal+console";
StandardError = "journal+console";
Restart = "no";
# Increase timeout for large builds
TimeoutStartSec = "2h";
};
path = with pkgs; [
nix
git
uutils-coreutils
gnugrep
gnused
openssh
];
script = ''
#!/usr/bin/env bash
# Pull latest changes if in a git repo
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
fi
echo "Starting build of jallen-nas at $(date)"
if nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix; then
echo "jallen-nas flake updated successfully at $(date)"
else
echo "jallen-nas flake failed to update at $(date)"
fi
export NIXPKGS_ALLOW_UNFREE=1
if nix build .\#nixosConfigurations.jallen-nas.config.system.build.toplevel --no-link --impure; then
echo "jallen-nas built successfully at $(date)"
git add .
git commit -m "Jallen-NAS Updates $(date)"
else
echo "jallen-nas failed to build at $(date)"
git reset --hard
fi
'';
};
}; };
path = with pkgs; [
nix
git
uutils-coreutils
gnugrep
gnused
openssh
# nix-build-mail
];
script = ''
#!/usr/bin/env bash
# Pull latest changes if in a git repo timers = {
if [ -d .git ]; then nix-rebuild-cache-desktop = {
git pull || echo "Warning: Could not pull latest changes" description = "Timer for rebuilding desktop NixOS configurations cache";
fi wantedBy = [ "timers.target" ];
timerConfig = {
echo "Starting build of matt-nixos at $(date)" OnCalendar = "weekly";
if nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager nixpkgs-unstable nixpkgs-stable nix-darwin; then Persistent = true;
echo "matt-nixos flake updated successfully at $(date)" RandomizedDelaySec = "24h";
else };
echo "matt-nixos failed to build at $(date)" };
fi nix-rebuild-cache-steamdeck = {
if nix build .\#nixosConfigurations.matt-nixos.config.system.build.toplevel --no-link; then description = "Timer for rebuilding steamdeck NixOS configurations cache";
echo "matt-nixos built successfully at $(date)" wantedBy = [ "timers.target" ];
git add . timerConfig = {
git commit -m "Desktop Updates $(date)" OnCalendar = "weekly";
else Persistent = true;
echo "matt-nixos failed to build at $(date)" RandomizedDelaySec = "24h";
git reset --hard };
fi };
nix-rebuild-cache-pi4 = {
echo "Starting build of steamdeck at $(date)" description = "Timer for rebuilding pi4 NixOS configurations cache";
if nix flake update steamdeck-nixpkgs steamdeck-chaotic steamdeck-home-manager steamdeck-impermanence steamdeck-jovian steamdeck-lanzaboote steamdeck-nixos-hardware steamdeck-sops-nix steamdeck-steam-rom-manager; then wantedBy = [ "timers.target" ];
echo "steamdeck flake updated successfully at $(date)" timerConfig = {
else OnCalendar = "weekly";
echo "steamdeck flake failed to update at $(date)" Persistent = true;
git reset --hard RandomizedDelaySec = "24h";
fi };
if nix build .\#nixosConfigurations.steamdeck.config.system.build.toplevel --no-link; then };
echo "steamdeck built successfully at $(date)" nix-rebuild-cache-pi5 = {
git add . description = "Timer for rebuilding pi5 NixOS configurations cache";
git commit -m "Steamdeck Updates $(date)" wantedBy = [ "timers.target" ];
else timerConfig = {
echo "steamdeck failed to build at $(date)" OnCalendar = "weekly";
git reset --hard Persistent = true;
fi RandomizedDelaySec = "24h";
};
echo "Starting build of pi4 at $(date)" };
if nix flake update pi4-nixpkgs pi4-home-manager pi4-impermanence pi4-sops-nix pi4-nixos-hardware pi4-nixos-raspberrypi pi4-disko; then nix-rebuild-cache-nas = {
echo "pi4 flake updated successfully at $(date)" description = "Timer for rebuilding nas NixOS configurations cache";
else wantedBy = [ "timers.target" ];
echo "pif flake failed to update at $(date)" timerConfig = {
fi OnCalendar = "weekly";
if nix build .\#nixosConfigurations.pi4.config.system.build.toplevel --no-link --impure; then Persistent = true;
echo "pi4 built successfully at $(date)" RandomizedDelaySec = "24h";
git add . };
git commit -m "Pi4 Updates $(date)" };
else
echo "pi4 failed to build at $(date)"
git reset --hard
fi
echo "Starting build of pi5 at $(date)"
if nix flake update pi5-nixpkgs pi5-home-manager pi5-impermanence pi5-nixos-hardware pi5-sops-nix nixos-raspberrypi; then
echo "pi5 flake updated successfully at $(date)"
else
echo "pi5 flake failed to update at $(date)"
fi
if nix build .\#nixosConfigurations.pi5.config.system.build.toplevel --no-link; then
echo "pi5 built successfully at $(date)"
git add .
git commit -m "Pi5 Updates $(date)"
else
echo "pi5 failed to build at $(date)"
git reset --hard
fi
echo "Starting build of jallen-nas at $(date)"
if nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix; then
echo "jallen-nas flake updated successfully at $(date)"
else
echo "jallen-nas flake failed to update at $(date)"
fi
export NIXPKGS_ALLOW_UNFREE=1
if nix build .\#nixosConfigurations.jallen-nas.config.system.build.toplevel --no-link --impure; then
echo "jallen-nas built successfully at $(date)"
git add .
git commit -m "Jallen-NAS Updates $(date)"
else
echo "jallen-nas failed to build at $(date)"
git reset --hard
fi
'';
# onSuccess = [ "git push" ];
# Send an email on failure
# onFailure = [ "nix-build-mail" ];
};
systemd.timers.nix-rebuild-cache = {
description = "Timer for rebuilding NixOS configurations cache";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "weekly"; # Or your preferred schedule
Persistent = true;
RandomizedDelaySec = "1h"; # Spread load
}; };
}; };

3
hosts/pi5/sops.nix
View File

@@ -5,7 +5,8 @@ in
{ {
sops = { sops = {
defaultSopsFile = ../../secrets/pi5-secrets.yaml; defaultSopsFile = ../../secrets/pi5-secrets.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
age.keyFile = "/home/matt/.config/sops/age/keys.txt";
# ------------------------------ # ------------------------------
# Secrets # Secrets

2
share/home/vscode.nix
View File

@@ -17,7 +17,7 @@
vscode-extensions.ms-python.debugpy vscode-extensions.ms-python.debugpy
vscode-extensions.ms-python.pylint vscode-extensions.ms-python.pylint
vscode-extensions.ms-python.python vscode-extensions.ms-python.python
vscode-extensions.ms-python.vscode-pylance # vscode-extensions.ms-python.vscode-pylance
vscode-extensions.redhat.vscode-xml vscode-extensions.redhat.vscode-xml
vscode-extensions.redhat.vscode-yaml vscode-extensions.redhat.vscode-yaml
vscode-extensions.yy0931.vscode-sqlite3-editor vscode-extensions.yy0931.vscode-sqlite3-editor