mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

nixfmt

Browse Source
This commit is contained in:
mjallen18
2025-07-24 11:06:08 -05:00
parent f05972d6ae
commit 3d213c8769
164 changed files with 1777 additions and 1257 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
systems/aarch64-darwin/macbook-pro/default.nix
View File

@@ -1,4 +1,9 @@
{ config, inputs, pkgs, ... }:
{
config,
inputs,
pkgs,
...
}:
{
imports = [
./nix.nix

2
systems/aarch64-darwin/macbook-pro/homebrew.nix
View File

@@ -63,4 +63,4 @@
};
# homebrew.global.autoUpdate = true;
}
}

2
systems/aarch64-darwin/macbook-pro/nix.nix
View File

@@ -14,4 +14,4 @@
config.allowUnfree = true;
hostPlatform = "aarch64-darwin";
};
}
}

4
systems/aarch64-darwin/macbook-pro/programs.nix
View File

@@ -19,6 +19,6 @@
};
};
zsh.enable = true; # default shell on catalina
zsh.enable = true; # default shell on catalina
};
}
}

2
systems/aarch64-linux/macbook-pro-nixos/boot.nix
View File

@@ -20,4 +20,4 @@
'';
m1n1CustomLogo = ./NixOS.png;
};
}
}

3
systems/aarch64-linux/macbook-pro-nixos/default.nix
View File

@@ -52,7 +52,6 @@ in
"name:steam, monitor:${display.input}, default:false, special, class:(.*[Ss]team.*)"
];
windowRule = [
"size 2160 3356, tag:horizonrdp"
];
@@ -78,7 +77,7 @@ in
"lp"
"video"
"i2c"
]; # Enable sudo for the user.
]; # Enable sudo for the user.
shell = pkgs.zsh;
packages = with pkgs; [
firefox

115
systems/aarch64-linux/macbook-pro-nixos/hardware-configuration.nix
View File

@@ -4,61 +4,90 @@
{ lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "uas" "sdhci_pci" ];
boot.initrd.availableKernelModules = [
"uas"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=root" ];
};
fileSystems."/root" = {
device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [
"compress=zstd"
"noatime"
"subvol=root"
];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=etc" ];
};
fileSystems."/etc" = {
device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [
"compress=zstd"
"noatime"
"subvol=etc"
];
};
fileSystems."/tmp" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=tmp" ];
};
fileSystems."/tmp" = {
device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [
"compress=zstd"
"noatime"
"subvol=tmp"
];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=nix" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [
"compress=zstd"
"noatime"
"subvol=nix"
];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=log" ];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [
"compress=zstd"
"noatime"
"subvol=log"
];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "subvol=home" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [
"compress=zstd"
"subvol=home"
];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/23FA-AD3E";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/23FA-AD3E";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
# swapDevices = [
# {

6
systems/aarch64-linux/macbook-pro-nixos/hyprland-settings.nix
View File

@@ -19,7 +19,7 @@ in
monitor = [
"${display.input},${display.resolution}@${display.refreshRate},0x0,1.25,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
];
# monitorv2 = {
# output = "eDP-1";
# mode = "3456x2234@60.00000";
@@ -27,7 +27,7 @@ in
# scale = "1.25";
# #bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
# };
workspace = [
"name:firefox, monitor:${display.input}, default:false, special, class:(.*firefox.*)"
"name:discord, monitor:${display.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
@@ -79,4 +79,4 @@ in
};
};
};
}
}

4
systems/aarch64-linux/macbook-pro-nixos/networking.nix
View File

@@ -8,7 +8,7 @@
enable = true;
settings = {
General = {
EnableNetworkConfiguration = true;
EnableNetworkConfiguration = true;
};
Rank = {
BandModifier2_4GHz = 1.0;
@@ -41,4 +41,4 @@
iptables -I INPUT -p udp -m udp --match multiport --dports 1990,2021 -j ACCEPT
'';
};
}
}

14
systems/aarch64-linux/macbook-pro-nixos/services.nix
View File

@@ -13,7 +13,7 @@
# minimum cpu frequency (in kHz)
# example: for 800 MHz = 800000 kHz --> scaling_min_freq = 800000
# Available: 912 MHz, 1284 MHz, 1752 MHz, 2004 MHz, 2256 MHz, 2424 MHz
# 702000 948000 1188000 1452000 1704000 1968000 2208000 2400000 2568000 2724000 2868000 3000000 3132000 3264000
# 702000 948000 1188000 1452000 1704000 1968000 2208000 2400000 2568000 2724000 2868000 3000000 3132000 3264000
# see conversion info: https://www.rapidtables.com/convert/frequency/mhz-to-hz.html
# to use this feature, uncomment the following line and set the value accordingly
scaling_min_freq = 912000;
@@ -33,7 +33,7 @@
# minimum cpu frequency (in kHz)
# example: for 800 MHz = 800000 kHz --> scaling_min_freq = 800000
# Available: 912 MHz, 1284 MHz, 1752 MHz, 2004 MHz, 2256 MHz, 2424 MHz
# 702000 948000 1188000 1452000 1704000 1968000 2208000 2400000 2568000 2724000 2868000 3000000 3132000 3264000
# 702000 948000 1188000 1452000 1704000 1968000 2208000 2400000 2568000 2724000 2868000 3000000 3132000 3264000
# see conversion info: https://www.rapidtables.com/convert/frequency/mhz-to-hz.html
# to use this feature, uncomment the following line and set the value accordingly
scaling_min_freq = 912000;
@@ -50,7 +50,7 @@
};
};
};
displayManager = {
sddm = {
enable = lib.mkForce true;
@@ -58,7 +58,7 @@
};
gdm.enable = lib.mkForce false;
};
desktopManager = {
plasma6.enable = lib.mkForce false;
gnome.enable = lib.mkForce false;
@@ -93,9 +93,9 @@
"`" = "A-f6";
# App shortcuts
c = "C-insert"; # Copy
v = "S-insert"; # Paste
x = "S-delete"; # Cut
c = "C-insert"; # Copy
v = "S-insert"; # Paste
x = "S-delete"; # Cut
"1" = "A-1";
"2" = "A-2";

32
systems/aarch64-linux/pi4/boot.nix
View File

@@ -21,18 +21,25 @@
# # cp -r ${uefi_pi4}/share/uefi_rpi4/* /boot/firmware/
# # '';
# }
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
kernelBundle = pkgs.linuxAndFirmware.latest;
in
{
system.nixos.tags = let
cfg = config.boot.loader.raspberry-pi;
in [
"raspberry-pi-${cfg.variant}"
cfg.bootloader
config.boot.kernelPackages.kernel.version
];
system.nixos.tags =
let
cfg = config.boot.loader.raspberry-pi;
in
[
"raspberry-pi-${cfg.variant}"
cfg.bootloader
config.boot.kernelPackages.kernel.version
];
boot = lib.mkForce {
loader.raspberry-pi = {
@@ -41,9 +48,10 @@ in
};
kernelPackages = kernelBundle.linuxPackages_rpi4;
};
hardware.raspberry-pi.config = {
all = { # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
all = {
# [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
base-dt-params = {
i2c_arm = {
@@ -63,14 +71,14 @@ in
options = {
# https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart
# in conjunction with `console=serial0,115200` in kernel command line (`cmdline.txt`)
# creates a serial console, accessible using GPIOs 14 and 15 (pins
# creates a serial console, accessible using GPIOs 14 and 15 (pins
# 8 and 10 on the 40-pin header)
enable_uart = {
enable = true;
value = true;
};
# https://www.raspberrypi.com/documentation/computers/config_txt.html#uart_2ndstage
# enable debug logging to the UART, also automatically enables
# enable debug logging to the UART, also automatically enables
# UART logging in `start.elf`
uart_2ndstage = {
enable = true;

10
systems/aarch64-linux/pi4/default.nix
View File

@@ -2,7 +2,13 @@
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, namespace, ... }:
{
config,
lib,
pkgs,
namespace,
...
}:
let
user = "matt";
# password = config.sops.secrets."pi4/matt-password".path;
@@ -37,7 +43,7 @@ in
nixpkgs = {
overlays = lib.mkAfter [
(self: super: {
# This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
# This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
# enableRedistributableFirmware is enabled
# I know no easier way to override this package
inherit (kernelBundle) raspberrypiWirelessFirmware;

2
systems/aarch64-linux/pi4/networking.nix
View File

@@ -24,7 +24,7 @@ in
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
ensureProfiles = {
environmentFiles = [
config.sops.secrets.wifi.path
config.sops.secrets.wifi.path
];
profiles = {

8
systems/aarch64-linux/pi4/sops.nix
View File

@@ -5,10 +5,10 @@ in
{
sops = {
defaultSopsFile = lib.mkForce ../../../secrets/pi4-secrets.yaml;
# age = {
# generateKey = true;
# sshKeyPaths = [ "/etc/ssd/ssh_host_ed25519_key" ];
# };
# age = {
# generateKey = true;
# sshKeyPaths = [ "/etc/ssd/ssh_host_ed25519_key" ];
# };
age.keyFile = "/home/matt/.config/sops/age/keys.txt";
validateSopsFiles = false;
# ------------------------------

9
systems/aarch64-linux/pi5/boot.nix
View File

@@ -7,21 +7,22 @@ in
loader.raspberry-pi.firmwarePackage = kernelBundle.raspberrypifw;
kernelPackages = kernelBundle.linuxPackages_rpi5;
};
hardware.raspberry-pi.config = {
all = { # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
all = {
# [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
options = {
# https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart
# in conjunction with `console=serial0,115200` in kernel command line (`cmdline.txt`)
# creates a serial console, accessible using GPIOs 14 and 15 (pins
# creates a serial console, accessible using GPIOs 14 and 15 (pins
# 8 and 10 on the 40-pin header)
enable_uart = {
enable = true;
value = true;
};
# https://www.raspberrypi.com/documentation/computers/config_txt.html#uart_2ndstage
# enable debug logging to the UART, also automatically enables
# enable debug logging to the UART, also automatically enables
# UART logging in `start.elf`
uart_2ndstage = {
enable = true;

28
systems/aarch64-linux/pi5/default.nix
View File

@@ -2,7 +2,13 @@
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, namespace, ... }:
{
config,
lib,
pkgs,
namespace,
...
}:
let
user = "matt";
password = config.sops.secrets."pi5/matt-password".path;
@@ -42,7 +48,7 @@ in
nixpkgs = {
overlays = lib.mkAfter [
(self: super: {
# This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
# This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
# enableRedistributableFirmware is enabled
# I know no easier way to override this package
inherit (kernelBundle) raspberrypiWirelessFirmware;
@@ -53,13 +59,15 @@ in
];
};
system.nixos.tags = let
cfg = config.boot.loader.raspberry-pi;
in [
"raspberry-pi-${cfg.variant}"
cfg.bootloader
config.boot.kernelPackages.kernel.version
];
system.nixos.tags =
let
cfg = config.boot.loader.raspberry-pi;
in
[
"raspberry-pi-${cfg.variant}"
cfg.bootloader
config.boot.kernelPackages.kernel.version
];
systemd.services.btattach = {
before = [ "bluetooth.service" ];
@@ -90,7 +98,7 @@ in
mutableUsers = false;
users."${user}" = {
isNormalUser = true;
# hashedPasswordFile = password;
# hashedPasswordFile = password;
password = lib.mkForce "BogieDudie1";
extraGroups = [
"wheel"

2
systems/aarch64-linux/pi5/networking.nix
View File

@@ -15,4 +15,4 @@ in
allowPing = true;
};
};
}
}

4
systems/x86_64-linux/desktop/boot.nix
View File

@@ -1,7 +1,7 @@
{ config, pkgs, ... }:
let
kernel = pkgs.linuxPackages_cachyos;
pkgsVersion = pkgs; #.unstable;
pkgsVersion = pkgs; # .unstable;
in
{
# Configure bootloader with lanzaboot and secureboot
@@ -12,7 +12,7 @@ in
"i2c-dev"
"ddcci_backlight"
];
extraModulePackages = [config.boot.kernelPackages.ddcci-driver];
extraModulePackages = [ config.boot.kernelPackages.ddcci-driver ];
loader = {
efi = {
canTouchEfiVariables = true;

2
systems/x86_64-linux/desktop/configuration.nix
View File

@@ -8,7 +8,7 @@
...
}:
let
pkgsVersion = pkgs; #.unstable;
pkgsVersion = pkgs; # .unstable;
environmentVariables = {
STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
GDK_SCALE = "1";

38
systems/x86_64-linux/desktop/default.nix
View File

@@ -1,22 +1,23 @@
{ # Snowfall Lib provides a customized `lib` instance with access to your flake's library
# as well as the libraries available from your flake's inputs.
# lib,
# # An instance of `pkgs` with your overlays and packages applied is also available.
# pkgs,
# # You also have access to your flake's inputs.
# inputs,
# Snowfall Lib provides a customized `lib` instance with access to your flake's library
{
# as well as the libraries available from your flake's inputs.
# lib,
# # An instance of `pkgs` with your overlays and packages applied is also available.
# pkgs,
# # You also have access to your flake's inputs.
# inputs,
# Additional metadata is provided by Snowfall Lib.
namespace, # The namespace used for your flake, defaulting to "internal" if not set.
# system, # The system architecture for this host (eg. `x86_64-linux`).
# target, # The Snowfall Lib target for this system (eg. `x86_64-iso`).
# format, # A normalized name for the system target (eg. `iso`).
# virtual, # A boolean to determine whether this system is a virtual target using nixos-generators.
# systems, # An attribute map of your defined hosts.
# Additional metadata is provided by Snowfall Lib.
namespace, # The namespace used for your flake, defaulting to "internal" if not set.
# system, # The system architecture for this host (eg. `x86_64-linux`).
# target, # The Snowfall Lib target for this system (eg. `x86_64-iso`).
# format, # A normalized name for the system target (eg. `iso`).
# virtual, # A boolean to determine whether this system is a virtual target using nixos-generators.
# systems, # An attribute map of your defined hosts.
# All other arguments come from the system system.
config,
...
# All other arguments come from the system system.
config,
...
}:
let
passwordFile = config.sops.secrets."desktop/matt_password".path;
@@ -31,7 +32,6 @@ in
./nix.nix
./sops.nix
./specialisations/hyprland
];
@@ -45,4 +45,4 @@ in
passwordFile = passwordFile;
};
};
}
}

6
systems/x86_64-linux/desktop/filesystems.nix
View File

@@ -13,10 +13,10 @@ let
];
defaultLocalOptions = [
"compress=zstd"
# "autodefrag"
# "autodefrag"
"nofail"
# "x-systemd.automount"
# "auto"
# "x-systemd.automount"
# "auto"
"rw"
];
in

2
systems/x86_64-linux/desktop/hardware-configuration.nix
View File

@@ -12,7 +12,7 @@ let
"compress=zstd"
"autodefrag"
];
in
in
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

2
systems/x86_64-linux/desktop/networking.nix
View File

@@ -43,4 +43,4 @@ in
};
};
};
}
}

9
systems/x86_64-linux/desktop/nix.nix
View File

@@ -26,8 +26,13 @@ in
system = "x86_64-linux";
maxJobs = 10;
sshUser = "admin";
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
}
];
};
}
}

2
systems/x86_64-linux/desktop/services/btrfs/default.nix
View File

@@ -10,4 +10,4 @@
"/home"
];
};
}
}

8
systems/x86_64-linux/desktop/services/keyd/default.nix
View File

@@ -17,9 +17,9 @@
"`" = "A-f6";
# App shortcuts
c = "C-insert"; # Copy
v = "S-insert"; # Paste
x = "S-delete"; # Cut
c = "C-insert"; # Copy
v = "S-insert"; # Paste
x = "S-delete"; # Cut
"1" = "A-1";
"2" = "A-2";
@@ -46,4 +46,4 @@
};
};
};
}
}

2
systems/x86_64-linux/desktop/services/ratbagd/default.nix
View File

@@ -1,4 +1,4 @@
{ lib, ... }:
{
services.ratbagd.enable = lib.mkDefault true;
}
}

2
systems/x86_64-linux/desktop/services/restic/default.nix
View File

@@ -50,4 +50,4 @@
];
};
};
}
}

2
systems/x86_64-linux/desktop/sops.nix
View File

@@ -129,7 +129,7 @@ in
RESTIC_REST_USER=${config.sops.placeholder."desktop/restic/user"}
RESTIC_REST_PASSWORD=${config.sops.placeholder."desktop/restic/password"}
'';
restartUnits = [
restartUnits = [
"restic-backups-jallen-nas.service"
"restic-backups-proton-drive.service"
];

2
systems/x86_64-linux/desktop/specialisations/hyprland/default.nix
View File

@@ -31,7 +31,7 @@ in
"${displayLeft.input},${displayLeft.resolution}@${displayLeft.refreshRate},0x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
"${displayRight.input},${displayRight.resolution}@${displayRight.refreshRate},3840x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.5,sdrsaturation,0.98"
];
workspace = [
"name:firefox, monitor:${displayRight.input}, default:false, special, class:(.*firefox.*)"
"name:discord, monitor:${displayRight.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"

6
systems/x86_64-linux/desktop/specialisations/hyprland/home/default.nix
View File

@@ -6,7 +6,7 @@ let
in
{
mjallen = {
desktop.hyprland = {
desktop.hyprland = {
enable = true;
defaultApps = {
browser = pkgs.firefox;
@@ -60,7 +60,7 @@ in
tooltip = false;
exec = "waybar-hass --get_light light.living_room_lights";
interval = "once";
format = "{text}";#"󱉓";
format = "{text}"; # "󱉓";
on-click = "waybar-hass --toggle_light light.living_room_lights";
return-type = "json";
};
@@ -83,4 +83,4 @@ in
wofi.enable = true;
};
};
}
}

11
systems/x86_64-linux/desktop/users.nix
View File

@@ -1,9 +1,14 @@
{ config, namespace, lib, ... }:
{
config,
namespace,
lib,
...
}:
let
passwordFile = config.sops.secrets."desktop/matt_password".path;
in
in
{
${namespace}.user = {
passwordFile = lib.mkForce passwordFile;
};
}
}

6
systems/x86_64-linux/desktop/wifi-fixer.nix
View File

@@ -1,5 +1,5 @@
{ lib, pkgs, ... }:
let
let
fixWifiScript = pkgs.writeScriptBin "fix-wifi" ''
#!/usr/bin/env python3
@@ -75,7 +75,7 @@ let
if __name__ == "__main__":
main()
'';
pkgsVersion = pkgs; #.unstable;
pkgsVersion = pkgs; # .unstable;
in
{
systemd = {
@@ -98,4 +98,4 @@ in
};
};
};
}
}

10
systems/x86_64-linux/nas/apps.nix
View File

@@ -23,7 +23,10 @@
reverseProxy = {
enable = true;
host = "actual.mjallen.dev";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
};
};
@@ -78,7 +81,10 @@
reverseProxy = {
enable = true;
host = "gitea.mjallen.dev";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
};
};

71
systems/x86_64-linux/nas/apps/options.nix
View File

@@ -4,43 +4,48 @@ let
in
{
options.nas-apps = mkOption {
type = types.attrsOf (types.submodule ({ config, name, ... }: {
options = {
enable = mkOption {
type = types.bool;
default = false;
};
type = types.attrsOf (
types.submodule (
{ config, name, ... }:
{
options = {
enable = mkOption {
type = types.bool;
default = false;
};
port = mkOption {
type = types.int;
default = 80;
};
port = mkOption {
type = types.int;
default = 80;
};
localAddress = mkOption {
type = types.str;
default = "127.0.0.1";
};
localAddress = mkOption {
type = types.str;
default = "127.0.0.1";
};
dataDir = mkOption {
type = types.str;
default = "";
};
dataDir = mkOption {
type = types.str;
default = "";
};
reverseProxy = {
enable = mkOption {
type = types.bool;
default = false;
reverseProxy = {
enable = mkOption {
type = types.bool;
default = false;
};
host = mkOption {
type = types.str;
default = "";
};
middlewares = mkOption {
type = with types; listOf str;
default = [ ];
};
};
};
host = mkOption {
type = types.str;
default = "";
};
middlewares = mkOption {
type = with types; listOf str;
default = [ ];
};
};
};
}));
}
)
);
};
}

8
systems/x86_64-linux/nas/default.nix
View File

@@ -207,7 +207,9 @@
];
};
};
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"vscode-extension-github-copilot"
];
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"vscode-extension-github-copilot"
];
}

34
systems/x86_64-linux/nas/grafana.nix
View File

@@ -14,7 +14,7 @@ in
"diskstats"
"meminfo"
"cpu"
"systemd" # Ensures systemd collector is enabled
"systemd" # Ensures systemd collector is enabled
"processes"
];
extraFlags = [
@@ -40,15 +40,19 @@ in
scrapeConfigs = [
{
job_name = "node";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
}];
static_configs = [
{
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
}
];
}
{
job_name = "traefik";
static_configs = [{
targets = [ "localhost:8082" ];
}];
static_configs = [
{
targets = [ "localhost:8082" ];
}
];
}
];
};
@@ -66,15 +70,17 @@ in
provision = {
enable = true;
datasources.settings.datasources = [{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://localhost:${toString config.services.prometheus.port}";
}];
datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://localhost:${toString config.services.prometheus.port}";
}
];
};
};
};
# Open firewall ports for Grafana
networking.firewall.allowedTCPPorts = [ 9999 ];
}
}

39
systems/x86_64-linux/nas/nix-serve.nix
View File

@@ -1,7 +1,7 @@
{ config, pkgs, ... }:
let
nix-build-mail = pkgs.writeShellScript "echo -e \"Content-Type: text/plain\\r\\nSubject: NixOS cache rebuild failed\\r\\n\\r\\nThe nix-rebuild-cache service failed at $(date).\" | sendmail jalle008@proton.me";
in
in
{
# "https://cache.mjallen.dev"
# "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
@@ -9,10 +9,10 @@ in
enable = false;
package = pkgs.nix-serve-ng;
secretKeyFile = "/etc/nix/cache-priv-key.pem";
port = 5000; # Choose your preferred port
port = 5000; # Choose your preferred port
openFirewall = true;
};
services.atticd = {
enable = true;
environmentFile = config.sops.secrets."jallen-nas/attic-key".path;
@@ -42,11 +42,11 @@ in
attic-client
];
script = ''
#!/usr/bin/env bash
attic watch-store nas-cache
#!/usr/bin/env bash
attic watch-store nas-cache
'';
};
nix-rebuild-cache-desktop = {
enable = true;
description = "Rebuild desktop NixOS configurations for cache";
@@ -71,12 +71,12 @@ in
];
script = ''
#!/usr/bin/env bash
# Pull latest changes if in a git repo
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
fi
echo "Starting build of matt-nixos at $(date)"
if nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager nixpkgs-unstable nixpkgs-stable nix-darwin; then
echo "matt-nixos flake updated successfully at $(date)"
@@ -117,12 +117,12 @@ in
];
script = ''
#!/usr/bin/env bash
# Pull latest changes if in a git repo
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
fi
echo "Starting build of steamdeck at $(date)"
if nix flake update steamdeck-nixpkgs steamdeck-chaotic steamdeck-home-manager steamdeck-impermanence steamdeck-jovian steamdeck-lanzaboote steamdeck-nixos-hardware steamdeck-sops-nix steamdeck-steam-rom-manager; then
echo "steamdeck flake updated successfully at $(date)"
@@ -164,12 +164,12 @@ in
];
script = ''
#!/usr/bin/env bash
# Pull latest changes if in a git repo
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
fi
echo "Starting build of pi4 at $(date)"
if nix flake update pi4-nixpkgs pi4-home-manager pi4-impermanence pi4-sops-nix pi4-nixos-hardware pi4-nixos-raspberrypi pi4-disko; then
echo "pi4 flake updated successfully at $(date)"
@@ -210,12 +210,12 @@ in
];
script = ''
#!/usr/bin/env bash
# Pull latest changes if in a git repo
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
fi
echo "Starting build of pi5 at $(date)"
if nix flake update pi5-nixpkgs pi5-home-manager pi5-impermanence pi5-nixos-hardware pi5-sops-nix nixos-raspberrypi; then
echo "pi5 flake updated successfully at $(date)"
@@ -256,12 +256,12 @@ in
];
script = ''
#!/usr/bin/env bash
# Pull latest changes if in a git repo
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
fi
echo "Starting build of jallen-nas at $(date)"
if nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix; then
echo "jallen-nas flake updated successfully at $(date)"
@@ -339,7 +339,12 @@ in
system = "aarch64-linux";
maxJobs = 4;
sshUser = "matt";
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
}
];
};

5
systems/x86_64-linux/nas/nixpkgs.nix
View File

@@ -8,7 +8,8 @@
# enable cuda support
cudaSupport = true;
allowUnfreePredicate = p:
allowUnfreePredicate =
p:
builtins.all (
license:
license.free
@@ -21,4 +22,4 @@
) (if builtins.isList p.meta.license then p.meta.license else [ p.meta.license ]);
};
};
}
}

18
systems/x86_64-linux/nas/services.nix
View File

@@ -176,7 +176,7 @@ in
htpasswd-file = "/media/nas/main/backup/restic/.htpasswd";
};
};
systemd.user.services = {
protonmail-bridge = {
description = "Protonmail Bridge";
@@ -218,7 +218,7 @@ in
# This ensures the service only runs when the filesystem is mounted
requires = [ "local-fs.target" ];
after = [ "local-fs.target" ];
# The actual balance command
script = ''
# Start with lower usage to handle the most fragmented blocks first
@@ -229,14 +229,14 @@ in
serviceConfig = {
Type = "oneshot";
Nice = 19; # Lowest CPU priority
IOSchedulingClass = "idle"; # Lowest I/O priority
Nice = 19; # Lowest CPU priority
IOSchedulingClass = "idle"; # Lowest I/O priority
# Prevent multiple instances from running simultaneously
ExecStartPre = "${pkgs.coreutils}/bin/rm -f /var/run/btrfs-balance.stamp";
ExecStopPost = "${pkgs.coreutils}/bin/touch /var/run/btrfs-balance.stamp";
};
};
system-update-check = {
description = "Check for system configuration updates";
@@ -342,7 +342,7 @@ in
btrfs-balance = {
description = "Timer for BTRFS Balance Service";
wantedBy = [ "timers.target" ];
timerConfig = {
# Run weekly on Sunday at 2am
OnCalendar = "Sun *-*-* 02:00:00";
@@ -355,11 +355,11 @@ in
system-update-check = {
description = "Timer for system configuration updates";
wantedBy = [ "timers.target" ];
# Timer configuration
timerConfig = {
OnCalendar = "daily"; # Check every day
Persistent = true; # Run immediately if last run was missed
OnCalendar = "daily"; # Check every day
Persistent = true; # Run immediately if last run was missed
Unit = "system-update-check.service";
};
};

2
systems/x86_64-linux/nas/settings.nix
View File

@@ -2,4 +2,4 @@
username = "admin";
hostAddress = "10.0.1.3";
hostName = "jallen-nas";
}
}

12
systems/x86_64-linux/nas/sops.nix
View File

@@ -31,7 +31,7 @@ in
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
};
"wifi" = {
sopsFile = ../../../secrets/secrets.yaml;
};
@@ -39,7 +39,7 @@ in
# ------------------------------
# ups
# ------------------------------
"jallen-nas/ups_password" = {
mode = "0777";
restartUnits = [
@@ -234,7 +234,7 @@ in
mode = "0640";
};
"jallen-nas/attic-key" = {
# owner = "atticd";
# owner = "atticd";
};
};
@@ -264,7 +264,11 @@ in
PAPERLESS_SECRET = ${config.sops.placeholder."jallen-nas/paperless/secret"}
PAPERLESS_ENABLE_ALLAUTH = true
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect"
PAPERLESS_SOCIALACCOUNT_PROVIDERS = {"openid_connect":{"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"${config.sops.placeholder."jallen-nas/paperless/authentik-client-id"}","secret":"${config.sops.placeholder."jallen-nas/paperless/authentik-client-secret"}","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}}
PAPERLESS_SOCIALACCOUNT_PROVIDERS = {"openid_connect":{"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"${
config.sops.placeholder."jallen-nas/paperless/authentik-client-id"
}","secret":"${
config.sops.placeholder."jallen-nas/paperless/authentik-client-secret"
}","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}}
'';
mode = "0650";
owner = config.users.users."${user}".name;

9
systems/x86_64-linux/nas/users.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
user = "admin";
passwordFile = config.sops.secrets."jallen-nas/admin_password".path;
@@ -93,4 +98,4 @@ in
users.root.shell = pkgs.zsh;
};
}
}

2
systems/x86_64-linux/nuc/sops.nix
View File

@@ -25,7 +25,7 @@ in
# Secrets
# ------------------------------
secrets = {
"wifi" = {
sopsFile = ../../../secrets/secrets.yaml;
};

2
systems/x86_64-linux/nuc/users.nix
View File

@@ -43,4 +43,4 @@ in
};
};
};
}
}

8
systems/x86_64-linux/steamdeck/boot.nix
View File

@@ -28,8 +28,8 @@ in
lanzaboote = {
settings = {
console-mode = "max";
timeout = "0";
};
timeout = "0";
};
};
plymouth = {
@@ -53,10 +53,10 @@ in
# Disable CPU mitigations messages
"mitigations=off"
];
bootspec.enable = true;
};
# Further reduce systemd output
systemd = {
services.systemd-udev-settle.enable = false;

16
systems/x86_64-linux/steamdeck/configuration.nix
View File

@@ -2,7 +2,13 @@
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, namespace, ... }:
{
config,
lib,
pkgs,
namespace,
...
}:
{
nix = {
@@ -22,7 +28,12 @@
system = "x86_64-linux";
maxJobs = 10;
sshUser = "admin";
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
}
];
};
@@ -80,4 +91,3 @@
};
};
}

43
systems/x86_64-linux/steamdeck/default.nix
View File

@@ -1,24 +1,25 @@
{ # Snowfall Lib provides a customized `lib` instance with access to your flake's library
# as well as the libraries available from your flake's inputs.
lib,
# An instance of `pkgs` with your overlays and packages applied is also available.
pkgs,
# You also have access to your flake's inputs.
inputs,
# Snowfall Lib provides a customized `lib` instance with access to your flake's library
{
# as well as the libraries available from your flake's inputs.
lib,
# An instance of `pkgs` with your overlays and packages applied is also available.
pkgs,
# You also have access to your flake's inputs.
inputs,
# Additional metadata is provided by Snowfall Lib.
namespace, # The namespace used for your flake, defaulting to "internal" if not set.
system, # The system architecture for this host (eg. `x86_64-linux`).
target, # The Snowfall Lib target for this system (eg. `x86_64-iso`).
format, # A normalized name for the system target (eg. `iso`).
virtual, # A boolean to determine whether this system is a virtual target using nixos-generators.
systems, # An attribute map of your defined hosts.
# Additional metadata is provided by Snowfall Lib.
namespace, # The namespace used for your flake, defaulting to "internal" if not set.
system, # The system architecture for this host (eg. `x86_64-linux`).
target, # The Snowfall Lib target for this system (eg. `x86_64-iso`).
format, # A normalized name for the system target (eg. `iso`).
virtual, # A boolean to determine whether this system is a virtual target using nixos-generators.
systems, # An attribute map of your defined hosts.
# All other arguments come from the system system.
config,
...
}:
{
# All other arguments come from the system system.
config,
...
}:
{
imports = [
./boot.nix
./configuration.nix
@@ -26,7 +27,7 @@
./networking.nix
./sops.nix
];
${namespace} = {
hardware.disko.enable = true;
bootloader.lanzaboote.enable = true;
@@ -36,4 +37,4 @@
};
network.hostName = "steamdeck";
};
}
}

2
systems/x86_64-linux/steamdeck/jovian.nix
View File

@@ -21,4 +21,4 @@
hardware.has.amd.gpu = true;
};
}
}

21
systems/x86_64-linux/steamdeck/sops.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
let
user = config.${namespace}.user.name;
in
@@ -67,37 +72,37 @@ in
# ------------------------------
"secureboot/GUID" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
# path = "/etc/secureboot/GUID";
# path = "/etc/secureboot/GUID";
mode = "0600";
};
"secureboot/keys/db-key" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
# path = "/etc/secureboot/keys/db/db.key";
# path = "/etc/secureboot/keys/db/db.key";
mode = "0600";
};
"secureboot/keys/db-pem" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
# path = "/etc/secureboot/keys/db/db.pem";
# path = "/etc/secureboot/keys/db/db.pem";
mode = "0600";
};
"secureboot/keys/KEK-key" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
# path = "/etc/secureboot/keys/KEK/KEK.key";
# path = "/etc/secureboot/keys/KEK/KEK.key";
mode = "0600";
};
"secureboot/keys/KEK-pem" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
# path = "/etc/secureboot/keys/KEK/KEK.pem";
# path = "/etc/secureboot/keys/KEK/KEK.pem";
mode = "0600";
};
"secureboot/keys/PK-key" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
# path = "/etc/secureboot/keys/PK/PK.key";
# path = "/etc/secureboot/keys/PK/PK.key";
mode = "0600";
};
"secureboot/keys/PK-pem" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
# path = "/etc/secureboot/keys/PK/PK.pem";
# path = "/etc/secureboot/keys/PK/PK.pem";
mode = "0600";
};
};