mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

nixfmt

Browse Source
This commit is contained in:
mjallen18
2025-07-24 11:06:08 -05:00
parent f05972d6ae
commit 3d213c8769
164 changed files with 1777 additions and 1257 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
checks/pre-commit-hooks/default.nix
View File

@@ -1,6 +1,7 @@
{ {
inputs, inputs,
pkgs, pkgs,
lib,
... ...
}: }:
let let
@@ -11,8 +12,8 @@ pre-commit-hooks-nix.lib.${pkgs.system}.run {
hooks = { hooks = {
pre-commit-hook-ensure-sops.enable = true; pre-commit-hook-ensure-sops.enable = true;
treefmt = { treefmt = {
enable = true; enable = lib.mkForce true;
settings.fail-on-change = false; settings.fail-on-change = lib.mkForce false;
packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs ../../treefmt.nix; packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs ../../treefmt.nix;
}; };
}; };

3
flake.nix
View File

@@ -84,7 +84,8 @@
}; };
# We will handle this in the next section. # We will handle this in the next section.
outputs = inputs: outputs =
inputs:
inputs.snowfall-lib.mkFlake { inputs.snowfall-lib.mkFlake {
# You must provide our flake inputs to Snowfall Lib. # You must provide our flake inputs to Snowfall Lib.
inherit inputs; inherit inputs;

7
homes/aarch64-darwin/mattjallen@macbook-pro/default.nix
View File

@@ -1,4 +1,9 @@
{ lib, pkgs, home, ... }: {
lib,
pkgs,
home,
...
}:
let let
shellAliases = { shellAliases = {
update-switch = "darwin-rebuild switch --flake ~/nix-config"; update-switch = "darwin-rebuild switch --flake ~/nix-config";

1
homes/aarch64-linux/matt@macbook-pro-nixos/default.nix
View File

@@ -41,7 +41,6 @@ in
"name:steam, monitor:${display.input}, default:false, special, class:(.*[Ss]team.*)" "name:steam, monitor:${display.input}, default:false, special, class:(.*[Ss]team.*)"
]; ];
windowRule = [ windowRule = [
"size 2160 3356, tag:horizonrdp" "size 2160 3356, tag:horizonrdp"
]; ];

8
homes/aarch64-linux/matt@pi5/default.nix
View File

@@ -1,4 +1,10 @@
{ pkgs, lib, config, namespace, ... }: {
pkgs,
lib,
config,
namespace,
...
}:
let let
shellAliases = { shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3"; update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";

10
homes/x86_64-linux/deck@steamdeck/default.nix
View File

@@ -44,7 +44,15 @@ in
enable = true; enable = true;
package = pkgs.dolphin-emu; package = pkgs.dolphin-emu;
romFolder = "gc"; romFolder = "gc";
fileTypes = [ ".iso" ".ISO" ".gcm" ".GCM" ".ciso" ".CISO" "rvz" ]; fileTypes = [
".iso"
".ISO"
".gcm"
".GCM"
".ciso"
".CISO"
"rvz"
];
extraArgs = "-b -e \"\${filePath}\""; extraArgs = "-b -e \"\${filePath}\"";
}; };

7
modules/home/desktop/gnome/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.mjallen.desktop.gnome; cfg = config.mjallen.desktop.gnome;
in in

13
modules/home/desktop/hyprland/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mjallen.desktop.hyprland; cfg = config.mjallen.desktop.hyprland;
@@ -390,14 +395,16 @@ in
}; };
}; };
extraConfig = '' extraConfig =
''
exec-once = dbus-update-activation-environment --systemd --all exec-once = dbus-update-activation-environment --systemd --all
exec-once = systemctl --user import-environment WAYLAND_DISPLAY XDG_CURRENT_DESKTOP exec-once = systemctl --user import-environment WAYLAND_DISPLAY XDG_CURRENT_DESKTOP
exec-once = /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1 exec-once = /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1
exec-once = xhost +SI:localuser:root exec-once = xhost +SI:localuser:root
exec-once = nwg-look -a exec-once = nwg-look -a
exec-once = nwg-dock-hyprland -d exec-once = nwg-dock-hyprland -d
'' + cfg.extraConfig or ''''; ''
+ cfg.extraConfig or '''';
}; };
}; };
} }

40
modules/home/desktop/hyprland/options.nix
View File

@@ -92,14 +92,38 @@ with lib;
defaultApps = mkOption { defaultApps = mkOption {
type = types.submodule { type = types.submodule {
options = { options = {
browser = mkOption { type = types.package; default = pkgs.firefox; }; browser = mkOption {
editor = mkOption { type = types.package; default = pkgs.micro; }; type = types.package;
fileExplorer = mkOption { type = types.package; default = pkgs.nemo; }; default = pkgs.firefox;
visual = mkOption { type = types.package; default = pkgs.vscodium; }; };
terminal = mkOption { type = types.package; default = pkgs.kitty; }; editor = mkOption {
office = mkOption { type = types.package; default = pkgs.onlyoffice-bin_latest; }; type = types.package;
video = mkOption { type = types.package; default = pkgs.vlc; }; default = pkgs.micro;
imageViewer = mkOption { type = types.package; default = pkgs.nomacs; }; };
fileExplorer = mkOption {
type = types.package;
default = pkgs.nemo;
};
visual = mkOption {
type = types.package;
default = pkgs.vscodium;
};
terminal = mkOption {
type = types.package;
default = pkgs.kitty;
};
office = mkOption {
type = types.package;
default = pkgs.onlyoffice-bin_latest;
};
video = mkOption {
type = types.package;
default = pkgs.vlc;
};
imageViewer = mkOption {
type = types.package;
default = pkgs.nomacs;
};
}; };
}; };
description = "Default applications used across the system."; description = "Default applications used across the system.";

7
modules/home/desktop/hyprland/packages.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mjallen.desktop.hyprland; cfg = config.mjallen.desktop.hyprland;

7
modules/home/desktop/hyprland/services/hypridle/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
let let
cfg = config.${namespace}.desktop.hyprland; cfg = config.${namespace}.desktop.hyprland;
in in

7
modules/home/desktop/hyprland/services/hyprlock/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
let let
cfg = config.${namespace}.desktop.hyprland; cfg = config.${namespace}.desktop.hyprland;
in in

7
modules/home/desktop/hyprland/services/hyprpaper/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
let let
cfg = config.${namespace}.desktop.hyprland; cfg = config.${namespace}.desktop.hyprland;
in in

7
modules/home/desktop/hyprland/theme.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mjallen.desktop.hyprland; cfg = config.mjallen.desktop.hyprland;

7
modules/home/home/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
home = { home = {
enableNixpkgsReleaseCheck = lib.mkDefault false; enableNixpkgsReleaseCheck = lib.mkDefault false;

22
modules/home/programs/code/default.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, pkgs, system, ... }: {
config,
lib,
pkgs,
system,
...
}:
let let
isArm = "aarch64-linux" == system; isArm = "aarch64-linux" == system;
open-remote-ssh = pkgs.vscode-utils.buildVscodeExtension { open-remote-ssh = pkgs.vscode-utils.buildVscodeExtension {
@@ -27,7 +33,9 @@ in
default = { default = {
enableUpdateCheck = false; enableUpdateCheck = false;
enableExtensionUpdateCheck = false; enableExtensionUpdateCheck = false;
extensions = with pkgs; [ extensions =
with pkgs;
[
vscode-extensions.arrterian.nix-env-selector vscode-extensions.arrterian.nix-env-selector
vscode-extensions.bbenoist.nix vscode-extensions.bbenoist.nix
vscode-extensions.brettm12345.nixfmt-vscode vscode-extensions.brettm12345.nixfmt-vscode
@@ -45,7 +53,9 @@ in
# open-remote-ssh # open-remote-ssh
# nix-vscode-extensions.open-vsx.jeanp413.open-remote-ssh # nix-vscode-extensions.open-vsx.jeanp413.open-remote-ssh
# open-vsx.jeanp413.open-remote-ssh # open-vsx.jeanp413.open-remote-ssh
] ++ ( if !isArm then x86_only else [ ] ) ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ ]
++ (if !isArm then x86_only else [ ])
++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
{ {
name = "copilot-mcp"; name = "copilot-mcp";
publisher = "automatalabs"; publisher = "automatalabs";
@@ -110,10 +120,12 @@ in
# You can write arbitary Nix expressions here, to produce valid "options" declaration result. # You can write arbitary Nix expressions here, to produce valid "options" declaration result.
# Tip: for flake-based configuration, utilize `builtins.getFlake` # Tip: for flake-based configuration, utilize `builtins.getFlake`
"nixos" = { "nixos" = {
"expr" = "(builtins.getFlake \"${config.home.homeDirectory}/nix-config\").nixosConfigurations.<name>.options"; "expr" =
"(builtins.getFlake \"${config.home.homeDirectory}/nix-config\").nixosConfigurations.<name>.options";
}; };
"home-manager" = { "home-manager" = {
"expr" = "(builtins.getFlake \"${config.home.homeDirectory}/nix-config\").homeConfigurations.<name>.options"; "expr" =
"(builtins.getFlake \"${config.home.homeDirectory}/nix-config\").homeConfigurations.<name>.options";
}; };
# # Tip: use ${workspaceFolder} variable to define path # # Tip: use ${workspaceFolder} variable to define path
# "nix-darwin" = { # "nix-darwin" = {

3
modules/home/programs/librewolf/default.nix
View File

@@ -36,7 +36,8 @@
"browser.newtabpage.activity-stream.topSitesRows" = 3; # Set number of rows for top sites on new tab page "browser.newtabpage.activity-stream.topSitesRows" = 3; # Set number of rows for top sites on new tab page
"layout.css.light-dark.enabled" = true; # Enable light/dark theme support "layout.css.light-dark.enabled" = true; # Enable light/dark theme support
"extensions.activeThemeID" = "default-theme@mozilla.org"; # Set active theme "extensions.activeThemeID" = "default-theme@mozilla.org"; # Set active theme
"extensions.webextensions.uuids" = "{\"formautofill@mozilla.org\" =\"851c83b7-26d5-449c-8cc9-d8951a0ce78d\",\"pictureinpicture@mozilla.org\" =\"42fa2650-5134-4bef-bafa-b73f9ae51bad\",\"screenshots@mozilla.org\" =\"efd2b692-43c4-433a-aea5-0cb79f8312d4\",\"webcompat-reporter@mozilla.org\" =\"c43a6be2-fb56-4253-b384-ce8e09a89999\",\"webcompat@mozilla.org\" =\"e25fd1bb-7c53-413f-9528-bb922c322a56\",\"default-theme@mozilla.org\" =\"610b67c3-9145-46f7-814f-d8ee2cc8edff\",\"addons-search-detection@mozilla.com\:\"caedb3ca-5cf5-4e23-a251-d742f23e6fc8\",\"uBlock0@raymondhill.net\" =\"7e7d9fd9-12bf-42d3-9c7c-9ffd05420ec7\",\"78272b6fa58f4a1abaac99321d503a20@proton.me\" =\"7242a067-06d8-430b-94a3-00d264cdd57b\",\"addon@darkreader.org\" =\"2f02b112-6acd-4bdc-af2c-1432eb527339\",\"jid1-xUfzOsOFlzSOXg@jetpack\" =\"d0c72046-9903-4118-8160-a028840bf928\",\"chrome-gnome-shell@gnome.org\" =\"a1ab53e6-b765-4f25-8349-383cc04682a0\",\"user-agent-switcher@ninetailed.ninja\" =\"259d07cc-bb32-4ed5-b90f-6d73abdeb7bb\",\"firefoxdav@icloud.com\" =\"110e6e2c-18f8-461d-9f26-b8f04482b6f1\",\"ciscowebexstart1@cisco.com\" =\"a4062240-e73a-4353-bddb-d608d84881f7\",\"{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}\" =\"9164e437-812b-4a07-8dfd-2fd73b39329b\",\"{036a55b4-5e72-4d05-a06c-cba2dfcc134a}\" =\"648fc678-a6fb-47cd-9792-fb9520678c17\",\"{446900e4-71c2-419f-a6a7-df9c091e268b}\" =\"f0b43422-070e-466e-85c9-6543f209f075\",\"jid1-MnnxcxisBPnSXQ@jetpack\" =\"4c448202-c843-4cae-b5c3-d11f2da58fa3\",\"soundfixer@unrelenting.technology\" =\"59b35eb8-1c85-4919-a905-80d120993ddc\",\"floccus@handmadeideas.org\" =\"8ad2956c-8091-41af-a689-7d2108f5958d\",\"{79b9dbcf-cc5a-4cda-89ef-c4ab097eb074}\" =\"c2a223a7-32e0-4726-9f20-17236702b1f5\",\"linkgopher@oooninja.com\" =\"a257858c-0dce-415b-b123-6222876cf843\"}"; "extensions.webextensions.uuids" =
"{\"formautofill@mozilla.org\" =\"851c83b7-26d5-449c-8cc9-d8951a0ce78d\",\"pictureinpicture@mozilla.org\" =\"42fa2650-5134-4bef-bafa-b73f9ae51bad\",\"screenshots@mozilla.org\" =\"efd2b692-43c4-433a-aea5-0cb79f8312d4\",\"webcompat-reporter@mozilla.org\" =\"c43a6be2-fb56-4253-b384-ce8e09a89999\",\"webcompat@mozilla.org\" =\"e25fd1bb-7c53-413f-9528-bb922c322a56\",\"default-theme@mozilla.org\" =\"610b67c3-9145-46f7-814f-d8ee2cc8edff\",\"addons-search-detection@mozilla.com\:\"caedb3ca-5cf5-4e23-a251-d742f23e6fc8\",\"uBlock0@raymondhill.net\" =\"7e7d9fd9-12bf-42d3-9c7c-9ffd05420ec7\",\"78272b6fa58f4a1abaac99321d503a20@proton.me\" =\"7242a067-06d8-430b-94a3-00d264cdd57b\",\"addon@darkreader.org\" =\"2f02b112-6acd-4bdc-af2c-1432eb527339\",\"jid1-xUfzOsOFlzSOXg@jetpack\" =\"d0c72046-9903-4118-8160-a028840bf928\",\"chrome-gnome-shell@gnome.org\" =\"a1ab53e6-b765-4f25-8349-383cc04682a0\",\"user-agent-switcher@ninetailed.ninja\" =\"259d07cc-bb32-4ed5-b90f-6d73abdeb7bb\",\"firefoxdav@icloud.com\" =\"110e6e2c-18f8-461d-9f26-b8f04482b6f1\",\"ciscowebexstart1@cisco.com\" =\"a4062240-e73a-4353-bddb-d608d84881f7\",\"{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}\" =\"9164e437-812b-4a07-8dfd-2fd73b39329b\",\"{036a55b4-5e72-4d05-a06c-cba2dfcc134a}\" =\"648fc678-a6fb-47cd-9792-fb9520678c17\",\"{446900e4-71c2-419f-a6a7-df9c091e268b}\" =\"f0b43422-070e-466e-85c9-6543f209f075\",\"jid1-MnnxcxisBPnSXQ@jetpack\" =\"4c448202-c843-4cae-b5c3-d11f2da58fa3\",\"soundfixer@unrelenting.technology\" =\"59b35eb8-1c85-4919-a905-80d120993ddc\",\"floccus@handmadeideas.org\" =\"8ad2956c-8091-41af-a689-7d2108f5958d\",\"{79b9dbcf-cc5a-4cda-89ef-c4ab097eb074}\" =\"c2a223a7-32e0-4726-9f20-17236702b1f5\",\"linkgopher@oooninja.com\" =\"a257858c-0dce-415b-b123-6222876cf843\"}";
}; };
}; };
} }

7
modules/home/programs/nwg-dock/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mjallen.programs.nwg-dock; cfg = config.mjallen.programs.nwg-dock;

7
modules/home/programs/nwg-drawer/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mjallen.programs.nwg-drawer; cfg = config.mjallen.programs.nwg-drawer;

40
modules/home/programs/nwg-panel/options.nix
View File

@@ -7,14 +7,38 @@ with lib;
defaultApps = mkOption { defaultApps = mkOption {
type = types.submodule { type = types.submodule {
options = { options = {
browser = mkOption { type = types.package; default = pkgs.firefox; }; browser = mkOption {
editor = mkOption { type = types.package; default = pkgs.micro; }; type = types.package;
fileExplorer = mkOption { type = types.package; default = pkgs.nemo; }; default = pkgs.firefox;
visual = mkOption { type = types.package; default = pkgs.vscodium; }; };
terminal = mkOption { type = types.package; default = pkgs.kitty; }; editor = mkOption {
office = mkOption { type = types.package; default = pkgs.onlyoffice-bin_latest; }; type = types.package;
video = mkOption { type = types.package; default = pkgs.vlc; }; default = pkgs.micro;
imageViewer = mkOption { type = types.package; default = pkgs.gnome-photos; }; };
fileExplorer = mkOption {
type = types.package;
default = pkgs.nemo;
};
visual = mkOption {
type = types.package;
default = pkgs.vscodium;
};
terminal = mkOption {
type = types.package;
default = pkgs.kitty;
};
office = mkOption {
type = types.package;
default = pkgs.onlyoffice-bin_latest;
};
video = mkOption {
type = types.package;
default = pkgs.vlc;
};
imageViewer = mkOption {
type = types.package;
default = pkgs.gnome-photos;
};
}; };
}; };
description = "Default applications used across the system."; description = "Default applications used across the system.";

6
modules/home/programs/waybar/default.nix
View File

@@ -296,7 +296,8 @@ in
# * { font-size: 13px; } # * { font-size: 13px; }
# window.eDP-1 * { font-size: 10px; } # window.eDP-1 * { font-size: 10px; }
style = '' style =
''
.blink_me { .blink_me {
animation: blinker 1s linear infinite; animation: blinker 1s linear infinite;
} }
@@ -528,7 +529,8 @@ in
} }
/* ------------- */ /* ------------- */
'' + cfg.extraModulesStyle or ''''; ''
+ cfg.extraModulesStyle or '''';
}; };
}; };
} }

8
modules/home/programs/waybar/scripts/hass.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, namespace, pkgs, ... }: {
config,
lib,
namespace,
pkgs,
...
}:
let let
cfg = config.mjallen.programs.waybar; cfg = config.mjallen.programs.waybar;

7
modules/home/programs/waybar/scripts/weather.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.mjallen.programs.waybar; cfg = config.mjallen.programs.waybar;

7
modules/home/sops/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
let let
cfg = config.mjallen.sops; cfg = config.mjallen.sops;

12
modules/nixos/actual/default.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
cfg = config.nas-apps.actual; cfg = config.nas-apps.actual;
@@ -24,7 +29,8 @@ in
}; };
}; };
config = { lib, ... }: config =
{ lib, ... }:
{ {
services.actual = { services.actual = {
enable = true; enable = true;
@@ -69,7 +75,7 @@ in
ExecStart = lib.mkForce "${pkgs.actual-server}/bin/actual-server --config ${dataDir}/config.json"; ExecStart = lib.mkForce "${pkgs.actual-server}/bin/actual-server --config ${dataDir}/config.json";
WorkingDirectory = lib.mkForce dataDir; WorkingDirectory = lib.mkForce dataDir;
StateDirectory = lib.mkForce dataDir; StateDirectory = lib.mkForce dataDir;
StateDirectoryMode = lib.mkForce 0700; StateDirectoryMode = lib.mkForce 700;
DynamicUser = lib.mkForce false; DynamicUser = lib.mkForce false;
ProtectSystem = lib.mkForce null; ProtectSystem = lib.mkForce null;
}; };

22
modules/nixos/arrs/default.nix
View File

@@ -40,7 +40,9 @@ in
{ {
nixpkgs.config = { nixpkgs.config = {
allowUnfree = lib.mkForce true; allowUnfree = lib.mkForce true;
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"unrar" "unrar"
]; ];
}; };
@@ -232,8 +234,22 @@ in
]; ];
}; };
firewall = { firewall = {
allowedTCPPorts = [ cfg.radarr.port cfg.sonarr.port cfg.sabnzbd.port 8080 cfg.deluge.port cfg.jackett.port ]; allowedTCPPorts = [
allowedUDPPorts = [ cfg.radarr.port cfg.sonarr.port cfg.sabnzbd.port 8080 cfg.deluge.port cfg.jackett.port ]; cfg.radarr.port
cfg.sonarr.port
cfg.sabnzbd.port
8080
cfg.deluge.port
cfg.jackett.port
];
allowedUDPPorts = [
cfg.radarr.port
cfg.sonarr.port
cfg.sabnzbd.port
8080
cfg.deluge.port
cfg.jackett.port
];
}; };
}; };
}; };

7
modules/nixos/boot/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, system, lib, ... }: {
pkgs,
system,
lib,
...
}:
let let
isArm = ("aarch64-linux" == system); isArm = ("aarch64-linux" == system);
in in

7
modules/nixos/boot/lanzaboote/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.bootloader.lanzaboote; cfg = config.${namespace}.bootloader.lanzaboote;

19
modules/nixos/crowdsec/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.nas-apps.crowdsec; cfg = config.nas-apps.crowdsec;
@@ -7,14 +12,16 @@ in
imports = [ ./options.nix ]; imports = [ ./options.nix ];
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services = { services = {
crowdsec = let crowdsec =
let
yaml = (pkgs.formats.yaml { }).generate; yaml = (pkgs.formats.yaml { }).generate;
acquisitions_file = yaml "acquisitions.yaml" { acquisitions_file = yaml "acquisitions.yaml" {
source = "journalctl"; source = "journalctl";
journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ]; journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ];
labels.type = "syslog"; labels.type = "syslog";
}; };
in { in
{
enable = true; enable = true;
enrollKeyFile = "${cfg.dataDir}/enroll.key"; enrollKeyFile = "${cfg.dataDir}/enroll.key";
settings = { settings = {
@@ -35,7 +42,8 @@ in
}; };
systemd.services.crowdsec.serviceConfig = { systemd.services.crowdsec.serviceConfig = {
ExecStartPre = let ExecStartPre =
let
script = pkgs.writeScriptBin "register-bouncer" '' script = pkgs.writeScriptBin "register-bouncer" ''
#!${pkgs.runtimeShell} #!${pkgs.runtimeShell}
set -eu set -eu
@@ -45,7 +53,8 @@ in
cscli bouncers add "nas-bouncer" --key "${cfg.apiKey}" cscli bouncers add "nas-bouncer" --key "${cfg.apiKey}"
fi fi
''; '';
in ["${script}/bin/register-bouncer"]; in
[ "${script}/bin/register-bouncer" ];
}; };
networking = { networking = {

7
modules/nixos/desktop/cosmic/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
let let
cfg = config.${namespace}.desktop.cosmic; cfg = config.${namespace}.desktop.cosmic;
in in

8
modules/nixos/desktop/gnome/default.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, pkgs, namespace, ... }: {
config,
lib,
pkgs,
namespace,
...
}:
let let
cfg = config.${namespace}.desktop.gnome; cfg = config.${namespace}.desktop.gnome;
in in

13
modules/nixos/desktop/hyprland/default.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, lib, namespace, ... }: {
config,
pkgs,
lib,
namespace,
...
}:
let let
cfg = config.${namespace}.desktop.hyprland; cfg = config.${namespace}.desktop.hyprland;
@@ -26,7 +32,10 @@ in
imports = [ ../../../home/desktop/hyprland/options.nix ]; imports = [ ../../../home/desktop/hyprland/options.nix ];
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = [ bing-wallpaper pkgs.jq ]; environment.systemPackages = [
bing-wallpaper
pkgs.jq
];
services = { services = {
displayManager = { displayManager = {

7
modules/nixos/disko/aarch64-linux/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, system, ... }: {
config,
lib,
system,
...
}:
let let
isArm = builtins.match "aarch64*" system != null; isArm = builtins.match "aarch64*" system != null;
rootDisk = "/dev/nvme0n1"; rootDisk = "/dev/nvme0n1";

8
modules/nixos/disko/x86_64-linux/default.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, system, namespace, ... }: {
config,
lib,
system,
namespace,
...
}:
let let
cfg = config.${namespace}.hardware.disko; cfg = config.${namespace}.hardware.disko;
isArm = builtins.match "aarch64*" system != null; isArm = builtins.match "aarch64*" system != null;

7
modules/nixos/fonts/default.nix
View File

@@ -1,11 +1,14 @@
{ lib, pkgs, ... }: { lib, pkgs, ... }:
{ {
fonts.packages = with pkgs; [ fonts.packages =
with pkgs;
[
font-awesome font-awesome
noto-fonts noto-fonts
noto-fonts-color-emoji noto-fonts-color-emoji
meslo-lgs-nf meslo-lgs-nf
] ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts); ]
++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
fonts.fontconfig.defaultFonts = { fonts.fontconfig.defaultFonts = {
emoji = [ emoji = [

7
modules/nixos/gaming/default.nix
View File

@@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.share.gaming; cfg = config.share.gaming;
pkgsVersion = pkgs; # .unstable; pkgsVersion = pkgs; # .unstable;

18
modules/nixos/gitea/default.nix
View File

@@ -34,7 +34,8 @@ in
}; };
}; };
config = { lib, ... }: config =
{ lib, ... }:
{ {
services.gitea = { services.gitea = {
enable = true; enable = true;
@@ -71,7 +72,10 @@ in
networking = { networking = {
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [ cfg.httpPort cfg.sshPort ]; allowedTCPPorts = [
cfg.httpPort
cfg.sshPort
];
}; };
# Use systemd-resolved inside the container # Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
@@ -122,8 +126,14 @@ in
]; ];
}; };
firewall = { firewall = {
allowedTCPPorts = [ cfg.httpPort cfg.sshPort ]; allowedTCPPorts = [
allowedUDPPorts = [ cfg.httpPort cfg.sshPort ]; cfg.httpPort
cfg.sshPort
];
allowedUDPPorts = [
cfg.httpPort
cfg.sshPort
];
}; };
}; };
}; };

11
modules/nixos/home/default.nix
View File

@@ -51,12 +51,17 @@ in
}; };
# Make ALL external HM modules available globally # Make ALL external HM modules available globally
sharedModules = with inputs; [ sharedModules =
with inputs;
[
sops-nix.homeManagerModules.sops sops-nix.homeManagerModules.sops
# Add any other external HM modules here # Add any other external HM modules here
] ++ (if (!isArm) then with inputs; [ steam-rom-manager.homeManagerModules.default ] else [ ]); ]
++ (if (!isArm) then with inputs; [ steam-rom-manager.homeManagerModules.default ] else [ ]);
users.${config.${namespace}.user.name} = lib.mkAliasDefinitions options.${namespace}.home.extraOptions; users.${config.${namespace}.user.name} =
lib.mkAliasDefinitions
options.${namespace}.home.extraOptions;
# users.admin = lib.mkAliasDefinitions options.${namespace}.home.extraOptions; # users.admin = lib.mkAliasDefinitions options.${namespace}.home.extraOptions;
verbose = true; verbose = true;

17
modules/nixos/homeassistant/default.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, pkgs, namespace, ... }: {
config,
lib,
pkgs,
namespace,
...
}:
let let
cfg = config.${namespace}.services.home-assistant; cfg = config.${namespace}.services.home-assistant;
mosquittoPort = 1883; mosquittoPort = 1883;
@@ -106,7 +112,8 @@ in
zigbee2mqtt-networkmap zigbee2mqtt-networkmap
]; ];
# use postgresql instead of sqlite # use postgresql instead of sqlite
extraPackages = ps: with ps; [ extraPackages =
ps: with ps; [
# Core functionality # Core functionality
aiohttp aiohttp
aiodns aiodns
@@ -262,10 +269,12 @@ in
postgresql = { postgresql = {
enable = true; enable = true;
ensureDatabases = [ "hass" ]; ensureDatabases = [ "hass" ];
ensureUsers = [{ ensureUsers = [
{
name = "hass"; name = "hass";
ensureDBOwnership = true; ensureDBOwnership = true;
}]; }
];
}; };
# Enable and configure Mosquitto MQTT broker # Enable and configure Mosquitto MQTT broker

7
modules/nixos/immich/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.immich; cfg = config.${namespace}.services.immich;

7
modules/nixos/jellyfin/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.jellyfin; cfg = config.${namespace}.services.jellyfin;

7
modules/nixos/jellyseerr/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.jellyseerr; cfg = config.${namespace}.services.jellyseerr;

7
modules/nixos/lubelogger/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.lubelogger; cfg = config.${namespace}.services.lubelogger;

8
modules/nixos/network/default.nix
View File

@@ -56,8 +56,8 @@ in
id = "Joey's Jungle 6G"; id = "Joey's Jungle 6G";
type = "wifi"; type = "wifi";
}; };
ipv4 = if (cfg.ipv4.method == "auto") ipv4 =
then if (cfg.ipv4.method == "auto") then
{ {
method = "auto"; method = "auto";
} }
@@ -87,8 +87,8 @@ in
id = "Joey's Jungle 5G"; id = "Joey's Jungle 5G";
type = "wifi"; type = "wifi";
}; };
ipv4 = if (cfg.ipv4.method == "auto") ipv4 =
then if (cfg.ipv4.method == "auto") then
{ {
method = "auto"; method = "auto";
} }

15
modules/nixos/nextcloud/default.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, pkgs, namespace, ... }: {
config,
lib,
pkgs,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.nextcloud; cfg = config.${namespace}.services.nextcloud;
@@ -60,7 +66,12 @@ in
}; };
config = config =
{ pkgs, lib, namespace, ... }: {
pkgs,
lib,
namespace,
...
}:
{ {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking.extraHosts = '' networking.extraHosts = ''

8
modules/nixos/ollama/default.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, pkgs, namespace, ... }: {
config,
lib,
pkgs,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.ollama; cfg = config.${namespace}.services.ollama;

7
modules/nixos/paperless/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.paperless; cfg = config.${namespace}.services.paperless;

83
modules/nixos/traefik/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.traefik; cfg = config.${namespace}.services.traefik;
@@ -76,7 +81,9 @@ in
"traefik.env" = { "traefik.env" = {
content = '' content = ''
CLOUDFLARE_DNS_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"} CLOUDFLARE_DNS_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"}
CLOUDFLARE_ZONE_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"} CLOUDFLARE_ZONE_API_TOKEN = ${
config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"
}
CLOUDFLARE_API_KEY = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"} CLOUDFLARE_API_KEY = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"}
CLOUDFLARE_EMAIL = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"} CLOUDFLARE_EMAIL = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"}
''; '';
@@ -129,7 +136,12 @@ in
entryPoint = "metrics"; entryPoint = "metrics";
addEntryPointsLabels = true; addEntryPointsLabels = true;
addServicesLabels = true; addServicesLabels = true;
buckets = [0.1 0.3 1.2 5.0]; # Response time buckets buckets = [
0.1
0.3
1.2
5.0
]; # Response time buckets
}; };
}; };
@@ -215,8 +227,7 @@ in
}; };
}; };
}; };
internal-ipallowlist = internal-ipallowlist = {
{
ipAllowList = { ipAllowList = {
sourceRange = [ sourceRange = [
"127.0.0.1/32" "127.0.0.1/32"
@@ -305,7 +316,10 @@ in
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)"; rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth"; service = "auth";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
priority = 15; priority = 15;
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
@@ -314,21 +328,30 @@ in
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`actual.${domain}`)"; rule = "Host(`actual.${domain}`)";
service = "actual"; service = "actual";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
authentik = { authentik = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`authentik.${domain}`)"; rule = "Host(`authentik.${domain}`)";
service = "authentik"; service = "authentik";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
cache = { cache = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`cache.${domain}`)"; rule = "Host(`cache.${domain}`)";
service = "cache"; service = "cache";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
priority = 10; priority = 10;
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
@@ -336,21 +359,31 @@ in
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`cloud.${domain}`)"; rule = "Host(`cloud.${domain}`)";
service = "cloud"; service = "cloud";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
gitea = { gitea = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`gitea.${domain}`)"; rule = "Host(`gitea.${domain}`)";
service = "gitea"; service = "gitea";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
hass = { hass = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)"; rule = "Host(`hass.${domain}`)";
service = "hass"; service = "hass";
middlewares = [ "crowdsec" "whitelist-geoblock" "authentik" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
"authentik"
];
priority = 10; priority = 10;
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
@@ -358,35 +391,51 @@ in
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`immich.${domain}`)"; rule = "Host(`immich.${domain}`)";
service = "immich"; service = "immich";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
jellyfin = { jellyfin = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.${domain}`)"; rule = "Host(`jellyfin.${domain}`)";
service = "jellyfin"; service = "jellyfin";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
jellyseerr = { jellyseerr = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`jellyseerr.${domain}`)"; rule = "Host(`jellyseerr.${domain}`)";
service = "jellyseerr"; service = "jellyseerr";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
lubelogger = { lubelogger = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`lubelogger.${domain}`)"; rule = "Host(`lubelogger.${domain}`)";
service = "lubelogger"; service = "lubelogger";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
onlyoffice = { onlyoffice = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`office.${domain}`)"; rule = "Host(`office.${domain}`)";
service = "onlyoffice"; service = "onlyoffice";
middlewares = [ "crowdsec" "whitelist-geoblock" "onlyoffice-websocket" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
"onlyoffice-websocket"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
}; };

7
modules/nixos/wyoming/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.wyoming; cfg = config.${namespace}.services.wyoming;

7
packages/ha-anycubic/default.nix
View File

@@ -1,4 +1,9 @@
{ buildHomeAssistantComponent, pkgs, namespace, ... }: {
buildHomeAssistantComponent,
pkgs,
namespace,
...
}:
buildHomeAssistantComponent rec { buildHomeAssistantComponent rec {
owner = "adamoutler"; owner = "adamoutler";
domain = "anycubic_wifi"; domain = "anycubic_wifi";

7
packages/ha-bambulab/default.nix
View File

@@ -1,4 +1,9 @@
{ buildHomeAssistantComponent, python3Packages, fetchFromGitHub, ... }: {
buildHomeAssistantComponent,
python3Packages,
fetchFromGitHub,
...
}:
buildHomeAssistantComponent rec { buildHomeAssistantComponent rec {
owner = "greghesp"; owner = "greghesp";
domain = "bambu_lab"; domain = "bambu_lab";

8
packages/ha-gehome/default.nix
View File

@@ -1,4 +1,10 @@
{ buildHomeAssistantComponent, fetchFromGitHub, python3Packages, namespace, ... }: {
buildHomeAssistantComponent,
fetchFromGitHub,
python3Packages,
namespace,
...
}:
buildHomeAssistantComponent rec { buildHomeAssistantComponent rec {
owner = "simbaja"; owner = "simbaja";
domain = "ge_home"; domain = "ge_home";

7
packages/ha-icloud3/default.nix
View File

@@ -1,4 +1,9 @@
{ buildHomeAssistantComponent, fetchFromGitHub, python3Packages, ... }: {
buildHomeAssistantComponent,
fetchFromGitHub,
python3Packages,
...
}:
buildHomeAssistantComponent rec { buildHomeAssistantComponent rec {
owner = "gcobb321"; owner = "gcobb321";
domain = "icloud3"; domain = "icloud3";

7
packages/ha-mail-and-packages/default.nix
View File

@@ -1,4 +1,9 @@
{ buildHomeAssistantComponent, fetchFromGitHub, python3Packages, ... }: {
buildHomeAssistantComponent,
fetchFromGitHub,
python3Packages,
...
}:
buildHomeAssistantComponent rec { buildHomeAssistantComponent rec {
owner = "moralmunky"; owner = "moralmunky";
domain = "mail_and_packages"; domain = "mail_and_packages";

8
packages/ha-nanokvm/default.nix
View File

@@ -1,4 +1,10 @@
{ buildHomeAssistantComponent, fetchFromGitHub, pkgs, namespace, ... }: {
buildHomeAssistantComponent,
fetchFromGitHub,
pkgs,
namespace,
...
}:
buildHomeAssistantComponent rec { buildHomeAssistantComponent rec {
owner = "Wouter0100"; owner = "Wouter0100";
domain = "nanokvm"; domain = "nanokvm";

8
packages/ha-overseerr/default.nix
View File

@@ -1,4 +1,10 @@
{ buildHomeAssistantComponent, fetchFromGitHub, pkgs, namespace, ... }: {
buildHomeAssistantComponent,
fetchFromGitHub,
pkgs,
namespace,
...
}:
buildHomeAssistantComponent rec { buildHomeAssistantComponent rec {
owner = "vaparr"; owner = "vaparr";
domain = "overseerr"; domain = "overseerr";

8
packages/ha-wyzeapi/default.nix
View File

@@ -1,4 +1,10 @@
{ buildHomeAssistantComponent, fetchFromGitHub, pkgs, namespace, ... }: {
buildHomeAssistantComponent,
fetchFromGitHub,
pkgs,
namespace,
...
}:
buildHomeAssistantComponent rec { buildHomeAssistantComponent rec {
owner = "SecKatie"; owner = "SecKatie";
domain = "wyzeapi"; domain = "wyzeapi";

5
packages/homeassistant-api/default.nix
View File

@@ -10,7 +10,10 @@ python3Packages.buildPythonPackage rec {
# do not run tests # do not run tests
doCheck = false; doCheck = false;
nativeBuildInputs = with python3Packages; [ poetry-core requests-cache ]; nativeBuildInputs = with python3Packages; [
poetry-core
requests-cache
];
dependencies = with python3Packages; [ dependencies = with python3Packages; [
requests-cache requests-cache
pydantic pydantic

7
packages/magicattr/default.nix
View File

@@ -1,4 +1,9 @@
{ lib, python3Packages, fetchFromGitHub, ... }: {
lib,
python3Packages,
fetchFromGitHub,
...
}:
python3Packages.buildPythonPackage rec { python3Packages.buildPythonPackage rec {
pname = "magicattr"; pname = "magicattr";

7
systems/aarch64-darwin/macbook-pro/default.nix
View File

@@ -1,4 +1,9 @@
{ config, inputs, pkgs, ... }: {
config,
inputs,
pkgs,
...
}:
{ {
imports = [ imports = [
./nix.nix ./nix.nix

1
systems/aarch64-linux/macbook-pro-nixos/default.nix
View File

@@ -52,7 +52,6 @@ in
"name:steam, monitor:${display.input}, default:false, special, class:(.*[Ss]team.*)" "name:steam, monitor:${display.input}, default:false, special, class:(.*[Ss]team.*)"
]; ];
windowRule = [ windowRule = [
"size 2160 3356, tag:horizonrdp" "size 2160 3356, tag:horizonrdp"
]; ];

81
systems/aarch64-linux/macbook-pro-nixos/hardware-configuration.nix
View File

@@ -4,60 +4,89 @@
{ lib, modulesPath, ... }: { lib, modulesPath, ... }:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "uas" "sdhci_pci" ]; boot.initrd.availableKernelModules = [
"uas"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "none"; device = "none";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/root" = fileSystems."/root" = {
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc"; device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=root" ]; options = [
"compress=zstd"
"noatime"
"subvol=root"
];
}; };
fileSystems."/etc" = fileSystems."/etc" = {
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc"; device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=etc" ]; options = [
"compress=zstd"
"noatime"
"subvol=etc"
];
}; };
fileSystems."/tmp" = fileSystems."/tmp" = {
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc"; device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=tmp" ]; options = [
"compress=zstd"
"noatime"
"subvol=tmp"
];
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc"; device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=nix" ]; options = [
"compress=zstd"
"noatime"
"subvol=nix"
];
}; };
fileSystems."/var/log" = fileSystems."/var/log" = {
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc"; device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=log" ]; options = [
"compress=zstd"
"noatime"
"subvol=log"
];
}; };
fileSystems."/home" = fileSystems."/home" = {
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc"; device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd" "subvol=home" ]; options = [
"compress=zstd"
"subvol=home"
];
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/23FA-AD3E"; device = "/dev/disk/by-uuid/23FA-AD3E";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ]; options = [
"fmask=0022"
"dmask=0022"
];
}; };
# swapDevices = [ # swapDevices = [

16
systems/aarch64-linux/pi4/boot.nix
View File

@@ -21,14 +21,21 @@
# # cp -r ${uefi_pi4}/share/uefi_rpi4/* /boot/firmware/ # # cp -r ${uefi_pi4}/share/uefi_rpi4/* /boot/firmware/
# # ''; # # '';
# } # }
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
kernelBundle = pkgs.linuxAndFirmware.latest; kernelBundle = pkgs.linuxAndFirmware.latest;
in in
{ {
system.nixos.tags = let system.nixos.tags =
let
cfg = config.boot.loader.raspberry-pi; cfg = config.boot.loader.raspberry-pi;
in [ in
[
"raspberry-pi-${cfg.variant}" "raspberry-pi-${cfg.variant}"
cfg.bootloader cfg.bootloader
config.boot.kernelPackages.kernel.version config.boot.kernelPackages.kernel.version
@@ -43,7 +50,8 @@ in
}; };
hardware.raspberry-pi.config = { hardware.raspberry-pi.config = {
all = { # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters all = {
# [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
base-dt-params = { base-dt-params = {
i2c_arm = { i2c_arm = {

8
systems/aarch64-linux/pi4/default.nix
View File

@@ -2,7 +2,13 @@
# your system. Help is available in the configuration.nix(5) man page, on # your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, namespace, ... }: {
config,
lib,
pkgs,
namespace,
...
}:
let let
user = "matt"; user = "matt";
# password = config.sops.secrets."pi4/matt-password".path; # password = config.sops.secrets."pi4/matt-password".path;

3
systems/aarch64-linux/pi5/boot.nix
View File

@@ -9,7 +9,8 @@ in
}; };
hardware.raspberry-pi.config = { hardware.raspberry-pi.config = {
all = { # [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters all = {
# [all] conditional filter, https://www.raspberrypi.com/documentation/computers/config_txt.html#conditional-filters
options = { options = {
# https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart # https://www.raspberrypi.com/documentation/computers/config_txt.html#enable_uart

14
systems/aarch64-linux/pi5/default.nix
View File

@@ -2,7 +2,13 @@
# your system. Help is available in the configuration.nix(5) man page, on # your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, namespace, ... }: {
config,
lib,
pkgs,
namespace,
...
}:
let let
user = "matt"; user = "matt";
password = config.sops.secrets."pi5/matt-password".path; password = config.sops.secrets."pi5/matt-password".path;
@@ -53,9 +59,11 @@ in
]; ];
}; };
system.nixos.tags = let system.nixos.tags =
let
cfg = config.boot.loader.raspberry-pi; cfg = config.boot.loader.raspberry-pi;
in [ in
[
"raspberry-pi-${cfg.variant}" "raspberry-pi-${cfg.variant}"
cfg.bootloader cfg.bootloader
config.boot.kernelPackages.kernel.version config.boot.kernelPackages.kernel.version

4
systems/x86_64-linux/desktop/default.nix
View File

@@ -1,4 +1,5 @@
{ # Snowfall Lib provides a customized `lib` instance with access to your flake's library # Snowfall Lib provides a customized `lib` instance with access to your flake's library
{
# as well as the libraries available from your flake's inputs. # as well as the libraries available from your flake's inputs.
# lib, # lib,
# # An instance of `pkgs` with your overlays and packages applied is also available. # # An instance of `pkgs` with your overlays and packages applied is also available.
@@ -31,7 +32,6 @@ in
./nix.nix ./nix.nix
./sops.nix ./sops.nix
./specialisations/hyprland ./specialisations/hyprland
]; ];

7
systems/x86_64-linux/desktop/nix.nix
View File

@@ -26,7 +26,12 @@ in
system = "x86_64-linux"; system = "x86_64-linux";
maxJobs = 10; maxJobs = 10;
sshUser = "admin"; sshUser = "admin";
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
} }
]; ];
}; };

7
systems/x86_64-linux/desktop/users.nix
View File

@@ -1,4 +1,9 @@
{ config, namespace, lib, ... }: {
config,
namespace,
lib,
...
}:
let let
passwordFile = config.sops.secrets."desktop/matt_password".path; passwordFile = config.sops.secrets."desktop/matt_password".path;
in in

10
systems/x86_64-linux/nas/apps.nix
View File

@@ -23,7 +23,10 @@
reverseProxy = { reverseProxy = {
enable = true; enable = true;
host = "actual.mjallen.dev"; host = "actual.mjallen.dev";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
}; };
}; };
@@ -78,7 +81,10 @@
reverseProxy = { reverseProxy = {
enable = true; enable = true;
host = "gitea.mjallen.dev"; host = "gitea.mjallen.dev";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
}; };
}; };

9
systems/x86_64-linux/nas/apps/options.nix
View File

@@ -4,7 +4,10 @@ let
in in
{ {
options.nas-apps = mkOption { options.nas-apps = mkOption {
type = types.attrsOf (types.submodule ({ config, name, ... }: { type = types.attrsOf (
types.submodule (
{ config, name, ... }:
{
options = { options = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
@@ -41,6 +44,8 @@ in
}; };
}; };
}; };
})); }
)
);
}; };
} }

4
systems/x86_64-linux/nas/default.nix
View File

@@ -207,7 +207,9 @@
]; ];
}; };
}; };
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"vscode-extension-github-copilot" "vscode-extension-github-copilot"
]; ];
} }

18
systems/x86_64-linux/nas/grafana.nix
View File

@@ -40,15 +40,19 @@ in
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "node"; job_name = "node";
static_configs = [{ static_configs = [
{
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
}]; }
];
} }
{ {
job_name = "traefik"; job_name = "traefik";
static_configs = [{ static_configs = [
{
targets = [ "localhost:8082" ]; targets = [ "localhost:8082" ];
}]; }
];
} }
]; ];
}; };
@@ -66,12 +70,14 @@ in
provision = { provision = {
enable = true; enable = true;
datasources.settings.datasources = [{ datasources.settings.datasources = [
{
name = "Prometheus"; name = "Prometheus";
type = "prometheus"; type = "prometheus";
access = "proxy"; access = "proxy";
url = "http://localhost:${toString config.services.prometheus.port}"; url = "http://localhost:${toString config.services.prometheus.port}";
}]; }
];
}; };
}; };
}; };

7
systems/x86_64-linux/nas/nix-serve.nix
View File

@@ -339,7 +339,12 @@ in
system = "aarch64-linux"; system = "aarch64-linux";
maxJobs = 4; maxJobs = 4;
sshUser = "matt"; sshUser = "matt";
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
} }
]; ];
}; };

3
systems/x86_64-linux/nas/nixpkgs.nix
View File

@@ -8,7 +8,8 @@
# enable cuda support # enable cuda support
cudaSupport = true; cudaSupport = true;
allowUnfreePredicate = p: allowUnfreePredicate =
p:
builtins.all ( builtins.all (
license: license:
license.free license.free

6
systems/x86_64-linux/nas/sops.nix
View File

@@ -264,7 +264,11 @@ in
PAPERLESS_SECRET = ${config.sops.placeholder."jallen-nas/paperless/secret"} PAPERLESS_SECRET = ${config.sops.placeholder."jallen-nas/paperless/secret"}
PAPERLESS_ENABLE_ALLAUTH = true PAPERLESS_ENABLE_ALLAUTH = true
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect" PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect"
PAPERLESS_SOCIALACCOUNT_PROVIDERS = {"openid_connect":{"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"${config.sops.placeholder."jallen-nas/paperless/authentik-client-id"}","secret":"${config.sops.placeholder."jallen-nas/paperless/authentik-client-secret"}","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}} PAPERLESS_SOCIALACCOUNT_PROVIDERS = {"openid_connect":{"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"${
config.sops.placeholder."jallen-nas/paperless/authentik-client-id"
}","secret":"${
config.sops.placeholder."jallen-nas/paperless/authentik-client-secret"
}","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}}
''; '';
mode = "0650"; mode = "0650";
owner = config.users.users."${user}".name; owner = config.users.users."${user}".name;

7
systems/x86_64-linux/nas/users.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
let let
user = "admin"; user = "admin";
passwordFile = config.sops.secrets."jallen-nas/admin_password".path; passwordFile = config.sops.secrets."jallen-nas/admin_password".path;

16
systems/x86_64-linux/steamdeck/configuration.nix
View File

@@ -2,7 +2,13 @@
# your system. Help is available in the configuration.nix(5) man page, on # your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, namespace, ... }: {
config,
lib,
pkgs,
namespace,
...
}:
{ {
nix = { nix = {
@@ -22,7 +28,12 @@
system = "x86_64-linux"; system = "x86_64-linux";
maxJobs = 10; maxJobs = 10;
sshUser = "admin"; sshUser = "admin";
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
} }
]; ];
}; };
@@ -80,4 +91,3 @@
}; };
}; };
} }

3
systems/x86_64-linux/steamdeck/default.nix
View File

@@ -1,4 +1,5 @@
{ # Snowfall Lib provides a customized `lib` instance with access to your flake's library # Snowfall Lib provides a customized `lib` instance with access to your flake's library
{
# as well as the libraries available from your flake's inputs. # as well as the libraries available from your flake's inputs.
lib, lib,
# An instance of `pkgs` with your overlays and packages applied is also available. # An instance of `pkgs` with your overlays and packages applied is also available.

7
systems/x86_64-linux/steamdeck/sops.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
let let
user = config.${namespace}.user.name; user = config.${namespace}.user.name;
in in

33
treefmt.nix
View File

@@ -2,17 +2,17 @@
projectRootFile = "flake.nix"; projectRootFile = "flake.nix";
programs = { programs = {
actionlint.enable = true; actionlint.enable = false;
biome = { biome = {
enable = true; enable = false;
settings.formatter.formatWithErrors = true; settings.formatter.formatWithErrors = true;
}; };
clang-format.enable = true; clang-format.enable = false;
deadnix = { deadnix = {
enable = true; enable = true;
}; };
deno = { deno = {
enable = true; enable = false;
# Using biome for these # Using biome for these
excludes = [ excludes = [
"*.ts" "*.ts"
@@ -21,26 +21,27 @@
"*.jsonc" "*.jsonc"
]; ];
}; };
fantomas.enable = true; fantomas.enable = false;
fish_indent.enable = true; fish_indent.enable = false;
gofmt.enable = true; gofmt.enable = false;
isort.enable = true; isort.enable = false;
nixfmt.enable = true; nixfmt.enable = true;
# nufmt.enable = true; # nufmt.enable = true;
ruff-check.enable = true; ruff-check.enable = false;
ruff-format.enable = true; ruff-format.enable = false;
rustfmt.enable = true; rustfmt.enable = false;
shfmt = { shfmt = {
enable = true; enable = false;
indent_size = 4; indent_size = 4;
}; };
statix.enable = true; statix.enable = false;
stylua.enable = true; stylua.enable = false;
taplo.enable = true; taplo.enable = false;
yamlfmt.enable = true; yamlfmt.enable = true;
}; };
settings = { settings = {
fail-on-change = false;
global.excludes = [ global.excludes = [
"*.editorconfig" "*.editorconfig"
"*.envrc" "*.envrc"
@@ -77,6 +78,6 @@
"*makefile" "*makefile"
]; ];
formatter.ruff-format.options = [ "--isolated" ]; #formatter.ruff-format.options = [ "--isolated" ];
}; };
} }