mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

nixfmt

Browse Source
This commit is contained in:
mjallen18
2025-07-24 11:06:08 -05:00
parent f05972d6ae
commit 3d213c8769
164 changed files with 1777 additions and 1257 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
systems/x86_64-linux/nas/apps.nix
View File

@@ -23,7 +23,10 @@
reverseProxy = {
enable = true;
host = "actual.mjallen.dev";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
};
};
@@ -78,7 +81,10 @@
reverseProxy = {
enable = true;
host = "gitea.mjallen.dev";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
};
};

71
systems/x86_64-linux/nas/apps/options.nix
View File

@@ -4,43 +4,48 @@ let
in
{
options.nas-apps = mkOption {
type = types.attrsOf (types.submodule ({ config, name, ... }: {
options = {
enable = mkOption {
type = types.bool;
default = false;
};
type = types.attrsOf (
types.submodule (
{ config, name, ... }:
{
options = {
enable = mkOption {
type = types.bool;
default = false;
};
port = mkOption {
type = types.int;
default = 80;
};
port = mkOption {
type = types.int;
default = 80;
};
localAddress = mkOption {
type = types.str;
default = "127.0.0.1";
};
localAddress = mkOption {
type = types.str;
default = "127.0.0.1";
};
dataDir = mkOption {
type = types.str;
default = "";
};
dataDir = mkOption {
type = types.str;
default = "";
};
reverseProxy = {
enable = mkOption {
type = types.bool;
default = false;
reverseProxy = {
enable = mkOption {
type = types.bool;
default = false;
};
host = mkOption {
type = types.str;
default = "";
};
middlewares = mkOption {
type = with types; listOf str;
default = [ ];
};
};
};
host = mkOption {
type = types.str;
default = "";
};
middlewares = mkOption {
type = with types; listOf str;
default = [ ];
};
};
};
}));
}
)
);
};
}

8
systems/x86_64-linux/nas/default.nix
View File

@@ -207,7 +207,9 @@
];
};
};
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"vscode-extension-github-copilot"
];
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"vscode-extension-github-copilot"
];
}

34
systems/x86_64-linux/nas/grafana.nix
View File

@@ -14,7 +14,7 @@ in
"diskstats"
"meminfo"
"cpu"
"systemd" # Ensures systemd collector is enabled
"systemd" # Ensures systemd collector is enabled
"processes"
];
extraFlags = [
@@ -40,15 +40,19 @@ in
scrapeConfigs = [
{
job_name = "node";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
}];
static_configs = [
{
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
}
];
}
{
job_name = "traefik";
static_configs = [{
targets = [ "localhost:8082" ];
}];
static_configs = [
{
targets = [ "localhost:8082" ];
}
];
}
];
};
@@ -66,15 +70,17 @@ in
provision = {
enable = true;
datasources.settings.datasources = [{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://localhost:${toString config.services.prometheus.port}";
}];
datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://localhost:${toString config.services.prometheus.port}";
}
];
};
};
};
# Open firewall ports for Grafana
networking.firewall.allowedTCPPorts = [ 9999 ];
}
}

39
systems/x86_64-linux/nas/nix-serve.nix
View File

@@ -1,7 +1,7 @@
{ config, pkgs, ... }:
let
nix-build-mail = pkgs.writeShellScript "echo -e \"Content-Type: text/plain\\r\\nSubject: NixOS cache rebuild failed\\r\\n\\r\\nThe nix-rebuild-cache service failed at $(date).\" | sendmail jalle008@proton.me";
in
in
{
# "https://cache.mjallen.dev"
# "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
@@ -9,10 +9,10 @@ in
enable = false;
package = pkgs.nix-serve-ng;
secretKeyFile = "/etc/nix/cache-priv-key.pem";
port = 5000; # Choose your preferred port
port = 5000; # Choose your preferred port
openFirewall = true;
};
services.atticd = {
enable = true;
environmentFile = config.sops.secrets."jallen-nas/attic-key".path;
@@ -42,11 +42,11 @@ in
attic-client
];
script = ''
#!/usr/bin/env bash
attic watch-store nas-cache
#!/usr/bin/env bash
attic watch-store nas-cache
'';
};
nix-rebuild-cache-desktop = {
enable = true;
description = "Rebuild desktop NixOS configurations for cache";
@@ -71,12 +71,12 @@ in
];
script = ''
#!/usr/bin/env bash
# Pull latest changes if in a git repo
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
fi
echo "Starting build of matt-nixos at $(date)"
if nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager nixpkgs-unstable nixpkgs-stable nix-darwin; then
echo "matt-nixos flake updated successfully at $(date)"
@@ -117,12 +117,12 @@ in
];
script = ''
#!/usr/bin/env bash
# Pull latest changes if in a git repo
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
fi
echo "Starting build of steamdeck at $(date)"
if nix flake update steamdeck-nixpkgs steamdeck-chaotic steamdeck-home-manager steamdeck-impermanence steamdeck-jovian steamdeck-lanzaboote steamdeck-nixos-hardware steamdeck-sops-nix steamdeck-steam-rom-manager; then
echo "steamdeck flake updated successfully at $(date)"
@@ -164,12 +164,12 @@ in
];
script = ''
#!/usr/bin/env bash
# Pull latest changes if in a git repo
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
fi
echo "Starting build of pi4 at $(date)"
if nix flake update pi4-nixpkgs pi4-home-manager pi4-impermanence pi4-sops-nix pi4-nixos-hardware pi4-nixos-raspberrypi pi4-disko; then
echo "pi4 flake updated successfully at $(date)"
@@ -210,12 +210,12 @@ in
];
script = ''
#!/usr/bin/env bash
# Pull latest changes if in a git repo
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
fi
echo "Starting build of pi5 at $(date)"
if nix flake update pi5-nixpkgs pi5-home-manager pi5-impermanence pi5-nixos-hardware pi5-sops-nix nixos-raspberrypi; then
echo "pi5 flake updated successfully at $(date)"
@@ -256,12 +256,12 @@ in
];
script = ''
#!/usr/bin/env bash
# Pull latest changes if in a git repo
if [ -d .git ]; then
git pull || echo "Warning: Could not pull latest changes"
fi
echo "Starting build of jallen-nas at $(date)"
if nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix; then
echo "jallen-nas flake updated successfully at $(date)"
@@ -339,7 +339,12 @@ in
system = "aarch64-linux";
maxJobs = 4;
sshUser = "matt";
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
}
];
};

5
systems/x86_64-linux/nas/nixpkgs.nix
View File

@@ -8,7 +8,8 @@
# enable cuda support
cudaSupport = true;
allowUnfreePredicate = p:
allowUnfreePredicate =
p:
builtins.all (
license:
license.free
@@ -21,4 +22,4 @@
) (if builtins.isList p.meta.license then p.meta.license else [ p.meta.license ]);
};
};
}
}

18
systems/x86_64-linux/nas/services.nix
View File

@@ -176,7 +176,7 @@ in
htpasswd-file = "/media/nas/main/backup/restic/.htpasswd";
};
};
systemd.user.services = {
protonmail-bridge = {
description = "Protonmail Bridge";
@@ -218,7 +218,7 @@ in
# This ensures the service only runs when the filesystem is mounted
requires = [ "local-fs.target" ];
after = [ "local-fs.target" ];
# The actual balance command
script = ''
# Start with lower usage to handle the most fragmented blocks first
@@ -229,14 +229,14 @@ in
serviceConfig = {
Type = "oneshot";
Nice = 19; # Lowest CPU priority
IOSchedulingClass = "idle"; # Lowest I/O priority
Nice = 19; # Lowest CPU priority
IOSchedulingClass = "idle"; # Lowest I/O priority
# Prevent multiple instances from running simultaneously
ExecStartPre = "${pkgs.coreutils}/bin/rm -f /var/run/btrfs-balance.stamp";
ExecStopPost = "${pkgs.coreutils}/bin/touch /var/run/btrfs-balance.stamp";
};
};
system-update-check = {
description = "Check for system configuration updates";
@@ -342,7 +342,7 @@ in
btrfs-balance = {
description = "Timer for BTRFS Balance Service";
wantedBy = [ "timers.target" ];
timerConfig = {
# Run weekly on Sunday at 2am
OnCalendar = "Sun *-*-* 02:00:00";
@@ -355,11 +355,11 @@ in
system-update-check = {
description = "Timer for system configuration updates";
wantedBy = [ "timers.target" ];
# Timer configuration
timerConfig = {
OnCalendar = "daily"; # Check every day
Persistent = true; # Run immediately if last run was missed
OnCalendar = "daily"; # Check every day
Persistent = true; # Run immediately if last run was missed
Unit = "system-update-check.service";
};
};

2
systems/x86_64-linux/nas/settings.nix
View File

@@ -2,4 +2,4 @@
username = "admin";
hostAddress = "10.0.1.3";
hostName = "jallen-nas";
}
}

12
systems/x86_64-linux/nas/sops.nix
View File

@@ -31,7 +31,7 @@ in
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
};
"wifi" = {
sopsFile = ../../../secrets/secrets.yaml;
};
@@ -39,7 +39,7 @@ in
# ------------------------------
# ups
# ------------------------------
"jallen-nas/ups_password" = {
mode = "0777";
restartUnits = [
@@ -234,7 +234,7 @@ in
mode = "0640";
};
"jallen-nas/attic-key" = {
# owner = "atticd";
# owner = "atticd";
};
};
@@ -264,7 +264,11 @@ in
PAPERLESS_SECRET = ${config.sops.placeholder."jallen-nas/paperless/secret"}
PAPERLESS_ENABLE_ALLAUTH = true
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect"
PAPERLESS_SOCIALACCOUNT_PROVIDERS = {"openid_connect":{"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"${config.sops.placeholder."jallen-nas/paperless/authentik-client-id"}","secret":"${config.sops.placeholder."jallen-nas/paperless/authentik-client-secret"}","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}}
PAPERLESS_SOCIALACCOUNT_PROVIDERS = {"openid_connect":{"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"${
config.sops.placeholder."jallen-nas/paperless/authentik-client-id"
}","secret":"${
config.sops.placeholder."jallen-nas/paperless/authentik-client-secret"
}","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}}
'';
mode = "0650";
owner = config.users.users."${user}".name;

9
systems/x86_64-linux/nas/users.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
user = "admin";
passwordFile = config.sops.secrets."jallen-nas/admin_password".path;
@@ -93,4 +98,4 @@ in
users.root.shell = pkgs.zsh;
};
}
}