mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

so many sops

Browse Source
This commit is contained in:
mjallen18
2025-03-17 21:34:52 -05:00
parent 7741fc575f
commit 32eadb044d
53 changed files with 801 additions and 591 deletions
Download Patch File Download Diff File Expand all files Collapse all files

256
hosts/desktop/configuration.nix
View File

@@ -12,100 +12,19 @@
let
user = "matt";
passwordFile = config.sops.secrets."desktop/matt_password".path;
hostname = "matt-nixos";
fixWifiScript = pkgs.writeScriptBin "fix-wifi" ''
#!/usr/bin/env python3
import subprocess
import socket
import logging
from typing import List, Optional
def check_internet_connection(hosts_to_check: Optional[List[str]] = None) -> bool:
"""
Check internet connectivity by attempting to connect to reliable hosts.
:param hosts_to_check: Optional list of hosts to check.
:return: Boolean indicating if internet connection is available
"""
if hosts_to_check is None:
hosts_to_check = [
"8.8.8.8", # Google DNS
"1.1.1.1", # Cloudflare DNS
"9.9.9.9" # Quad9 DNS
]
for host in hosts_to_check:
try:
# Create a socket connection with a 5-second timeout
socket.create_connection((host, 53), timeout=5)
return True
except (socket.error, socket.timeout):
continue
return False
def reset_wifi_card() -> bool:
"""
Execute WiFi card reset commands.
:return: Boolean indicating if reset commands were successful
"""
reset_commands = [
"echo 1 | sudo -u root tee /sys/bus/pci/devices/0000:09:00.0/reset",
"sudo rmmod iwlwifi",
"sudo modprobe iwlwifi"
]
try:
for command in reset_commands:
result = subprocess.run(
command,
shell=True,
check=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
text=True
)
print(f"Executed: {command}")
print(f"Output: {result.stdout}")
return True
except subprocess.CalledProcessError as e:
print(f"Error resetting WiFi: {e}")
print(f"Error output: {e.stderr}")
return False
def main():
"""
Check internet connection and reset WiFi if not connected.
"""
if not check_internet_connection():
print("No internet connection detected. Attempting WiFi reset...")
reset_wifi_card()
else:
print("Internet connection is stable. No reset needed.")
if __name__ == "__main__":
main()
'';
in
{
imports = [
# Include the results of the hardware scan.
../../modules/apps/discover-wrapped
./hardware-configuration.nix
./boot.nix
./filesystems.nix
./hardware-configuration.nix
./networking.nix
./services.nix
./sops.nix
../default.nix
../../share/amd
# specialisations
# ./cosmic
# ./hyprland
];
apps.discover-wrapped.enable = lib.mkDefault false;
chaotic.mesa-git.enable = true;
# Enable nix flakes and nix-command tools
@@ -125,99 +44,10 @@ in
"nix-command"
"flakes"
];
trusted-users = lib.mkDefault [
"root"
user
];
trusted-users = [ user ];
};
};
services = {
# Enable Desktop Environment.
xserver = {
desktopManager.gnome.enable = true;
# Enable Desktop Environment.
displayManager = {
gdm.enable = lib.mkForce true;
gdm.wayland = lib.mkForce true;
};
};
# Enable Flatpak
flatpak.enable = lib.mkDefault false;
# enable auto discovery of printers
avahi = {
enable = lib.mkDefault true;
nssmdns4 = lib.mkDefault true;
openFirewall = lib.mkDefault true;
};
restic.backups = {
jallen-nas = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
environmentFile = config.sops.templates."restic.env".path;
passwordFile = config.sops.secrets."desktop/restic/password".path;
repository = "rest:http://admin:BogieDudie1@10.0.1.18:8008";
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Games"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
proton-drive = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
passwordFile = config.sops.secrets."desktop/restic/password".path;
rcloneConfigFile = "/home/matt/.config/rclone/rclone.conf";
repository = "rclone:proton-drive:backup-nix";
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Games"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
};
btrfs = {
autoScrub.enable = lib.mkDefault true;
autoScrub.fileSystems = lib.mkDefault [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
];
};
ratbagd.enable = lib.mkDefault true;
};
# xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ];
share.hardware.amd = {
enable = lib.mkDefault true;
lact.enable = lib.mkDefault true;
@@ -225,62 +55,6 @@ in
share.gaming.enable = true;
systemd = {
services = {
fix-wifi = {
enable = lib.mkDefault true;
path = [
pkgs.bash
pkgs.python3
pkgs.networkmanager
pkgs.kmod
fixWifiScript
];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = [ "${fixWifiScript}/bin/fix-wifi" ];
};
};
};
user.services = {
rclone-home-proton = {
enable = lib.mkDefault false;
path = [
pkgs.bash
pkgs.rclone
];
script = ''
rclone sync /home/matt proton-drive:backup-nix --exclude '/home/matt/Games/**' --exclude '/home/matt/1TB/**' --exclude '/home/matt/Downloads/**'
'';
};
rsync-home = {
enable = lib.mkDefault false;
path = [
pkgs.bash
pkgs.rsync
pkgs.openssh
];
script = ''
rsync -rtpogvPlHzs --ignore-existing --exclude={'/home/matt/Games', '/home/matt/1TB', '/home/matt/Downloads/*', '/home/matt/.cache'} -e ssh /home/matt admin@10.0.1.18:/media/nas/main/backup/desktop-nix/home
'';
};
};
};
# Networking configs
networking = {
hostName = hostname;
# Enable Network Manager
networkmanager.enable = lib.mkDefault true;
networkmanager.wifi.powersave = lib.mkDefault false;
networkmanager.settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
};
# Time config
time = {
hardwareClockInLocalTime = lib.mkDefault false;
@@ -289,11 +63,9 @@ in
virtualisation.libvirtd.enable = lib.mkDefault true;
virtualisation.waydroid.enable = lib.mkDefault true;
programs.gamemode.enable = lib.mkDefault true;
programs.coolercontrol = {
enable = true;
programs = {
gamemode.enable = true;
coolercontrol.enable = true;
};
# Configure environment
@@ -311,7 +83,6 @@ in
clinfo
direnv
efibootmgr
fixWifiScript
gparted
grsync
kmod
@@ -341,11 +112,9 @@ in
vulkan-tools
wget
winetricks
# native wayland support (unstable)
wineWowPackages.waylandFull
];
etc."lact/config.yaml".text = ''
etc."lact/config.yaml".text = ''
daemon:
log_level: info
admin_groups:
@@ -375,17 +144,22 @@ in
performance_level: auto
voltage_offset: 0
power_states: {}
'';
'';
variables = {
STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
GDK_SCALE = "1";
EDITOR = "code --wait";
VISUAL = "code --wait";
};
};
# Configure nixpkgs
nixpkgs = {
overlays = [ outputs.overlays.nixpkgs-unstable outputs.overlays.nixpkgs-stable ];
overlays = [
outputs.overlays.nixpkgs-unstable
outputs.overlays.nixpkgs-stable
];
config.permittedInsecurePackages = [
# ...
];