mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

basic pi stuff, ugly but functional

Browse Source
This commit is contained in:
mjallen18
2025-07-21 14:09:41 -05:00
parent 4abbd0ef33
commit ac9ee8e67b
14 changed files with 520 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
checks/pre-commit-hooks/default.nix
View File

@@ -10,5 +10,10 @@ git-hooks-nix.lib.${pkgs.system}.run {
src = ../..;
hooks = {
pre-commit-hook-ensure-sops.enable = true;
treefmt = {
enable = true;
settings.fail-on-change = false;
packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs ../../treefmt.nix;
};
};
}

122
flake.lock generated
View File

@@ -86,11 +86,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1752511627,
"narHash": "sha256-b8vYxLdVqIFIVa8GaAI50WAGqs37rl76zRMIsjP8/fU=",
"lastModified": 1753035671,
"narHash": "sha256-F1EAebqC+De5rog6rK/jVTetEGrCKHR7q8wQHx3VqAM=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "26106678ea5170e9db5907bfd2992bdfc26ecd7b",
"rev": "57509273a21933c184eb1985efc06381879c09f1",
"type": "github"
},
"original": {
@@ -504,11 +504,11 @@
]
},
"locked": {
"lastModified": 1752402455,
"narHash": "sha256-mCHfZhQKdTj2JhCFcqfOfa3uKZbwUkPQbd0/zPnhOE8=",
"lastModified": 1752783339,
"narHash": "sha256-RXxejsGIWtJ5rJKLAm8Kh159euZHPMi7CtbOoHLsm2c=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "bf893ad4cbf46610dd1b620c974f824e266cd1df",
"rev": "7c78e592a895f2f1921f0024848fe193e2f8518e",
"type": "github"
},
"original": {
@@ -524,11 +524,11 @@
]
},
"locked": {
"lastModified": 1752603129,
"narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=",
"lastModified": 1753056897,
"narHash": "sha256-AVVMBFcuOXqIgmShvRv9TED3fkiZhQ0ZvlhsPoFfkNE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b",
"rev": "13a83d1b6545b7f0e8f7689bad62e7a3b1d63771",
"type": "github"
},
"original": {
@@ -540,11 +540,11 @@
"homebrew-cask": {
"flake": false,
"locked": {
"lastModified": 1752694079,
"narHash": "sha256-BR9ESr26ncVQgLOtYmdqD3QeJJGbMEUu6QGZ0D9pJDY=",
"lastModified": 1753115487,
"narHash": "sha256-3uZaS9DHqZxfE57aAPDAsepLRU140RV6FYDUREXK47c=",
"owner": "homebrew",
"repo": "homebrew-cask",
"rev": "c9441728d76b4a789e607a04a6a8713fddb4e9ab",
"rev": "3b67ce4096f29acf817bf666b5a4dfc98733ed6b",
"type": "github"
},
"original": {
@@ -556,11 +556,11 @@
"homebrew-core": {
"flake": false,
"locked": {
"lastModified": 1752689765,
"narHash": "sha256-cLVorIY5xViq+wU3HtYo63ykxYIFNLK/A2ZeI8Ooyis=",
"lastModified": 1753113580,
"narHash": "sha256-lKbdUt+//YX4bC5OpLTY6dGKb4Z84Gbr2sMB6V6TuRk=",
"owner": "homebrew",
"repo": "homebrew-core",
"rev": "990381d37dd3c257451a9ca948caa8dfe1e5b45d",
"rev": "551941d43131806a6c9332ac1a1d85d28ecc52c9",
"type": "github"
},
"original": {
@@ -593,11 +593,11 @@
]
},
"locked": {
"lastModified": 1752340638,
"narHash": "sha256-9+vBdRt/jg8fAll1VD3NXBibkRq9F8Wq/mW45I5jlvc=",
"lastModified": 1752755091,
"narHash": "sha256-H/k35QJLyQxkFnXR5ckMv/Z+ElNa5f22qNKdyGBMAn4=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "1129c951dcc2a269a12cb74d64bd64e44e724ecb",
"rev": "0d09755fe1df1886e5f07dbb16f7ed373080f86a",
"type": "github"
},
"original": {
@@ -612,11 +612,11 @@
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1752662387,
"narHash": "sha256-bfZ8F86kLGqwB0h477GZggG0Dc0y/oqvq8zi3d12HJE=",
"lastModified": 1752755091,
"narHash": "sha256-H/k35QJLyQxkFnXR5ckMv/Z+ElNa5f22qNKdyGBMAn4=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "f008426af6f0276b847305fefd40b6aa9c52dd19",
"rev": "0d09755fe1df1886e5f07dbb16f7ed373080f86a",
"type": "github"
},
"original": {
@@ -738,17 +738,37 @@
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1752985182,
"narHash": "sha256-sX8Neff8lp3TCHai6QmgLr5AD8MdsQQX3b52C1DVXR8=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "fafdcb505ba605157ff7a7eeea452bc6d6cbc23c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-index-database",
"type": "github"
}
},
"nix-vscode-extensions": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1752631969,
"narHash": "sha256-G32IrtEm/WJnEvhOfSu+fyysZmnhQyun5d9xdB9FZjk=",
"lastModified": 1753064291,
"narHash": "sha256-SthlGBO9W1NXCAHBxV5DrWOt3daYXlSR8lAtOaKWCPw=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "575022736bf7c2eadea38de48b9b20cd93bbfce8",
"rev": "9648256bb966f178586cb96cc397985c82e514b8",
"type": "github"
},
"original": {
@@ -782,11 +802,11 @@
"nixpkgs": "nixpkgs_10"
},
"locked": {
"lastModified": 1751622568,
"narHash": "sha256-EE3NBsej517VRa1x+ylAghrvngftxf1KgfHlE9OYyXE=",
"lastModified": 1753029310,
"narHash": "sha256-GqH4hhdpWnaKR2Zl1rYXXdX2acw6pGQH65VCWF3D6Uc=",
"owner": "nix-community",
"repo": "nixos-apple-silicon",
"rev": "eba4b40c816e5aff8951ae231ac237e8aab8ec1d",
"rev": "fe61e1be8f134efe47b290c26e8496a3a03ae8ec",
"type": "github"
},
"original": {
@@ -922,11 +942,11 @@
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1752620740,
"narHash": "sha256-f3pO+9lg66mV7IMmmIqG4PL3223TYMlnlw+pnpelbss=",
"lastModified": 1752866191,
"narHash": "sha256-NV4S2Lf2hYmZQ3Qf4t/YyyBaJNuxLPyjzvDma0zPp/M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "32a4e87942101f1c9f9865e04dc3ddb175f5f32e",
"rev": "f01fe91b0108a7aff99c99f2e9abbc45db0adc2a",
"type": "github"
},
"original": {
@@ -970,11 +990,11 @@
},
"nixpkgs_12": {
"locked": {
"lastModified": 1752480373,
"narHash": "sha256-JHQbm+OcGp32wAsXTE/FLYGNpb+4GLi5oTvCxwSoBOA=",
"lastModified": 1752950548,
"narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "62e0f05ede1da0d54515d4ea8ce9c733f12d9f08",
"rev": "c87b95e25065c028d31a94f06a62927d18763fdf",
"type": "github"
},
"original": {
@@ -1018,11 +1038,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1751984180,
"narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
"lastModified": 1752950548,
"narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
"rev": "c87b95e25065c028d31a94f06a62927d18763fdf",
"type": "github"
},
"original": {
@@ -1255,6 +1275,7 @@
"jovian": "jovian_2",
"lanzaboote": "lanzaboote",
"nix-homebrew": "nix-homebrew",
"nix-index-database": "nix-index-database",
"nix-vscode-extensions": "nix-vscode-extensions",
"nixai": "nixai",
"nixos-apple-silicon": "nixos-apple-silicon",
@@ -1265,7 +1286,8 @@
"pre-commit-hooks-nix": "pre-commit-hooks-nix_2",
"snowfall-lib": "snowfall-lib",
"sops-nix": "sops-nix",
"steam-rom-manager": "steam-rom-manager"
"steam-rom-manager": "steam-rom-manager",
"treefmt-nix": "treefmt-nix"
}
},
"rust-overlay": {
@@ -1276,11 +1298,11 @@
]
},
"locked": {
"lastModified": 1752374969,
"narHash": "sha256-Ky3ynEkJXih7mvWyt9DWoiSiZGqPeHLU1tlBU4b0mcc=",
"lastModified": 1752720268,
"narHash": "sha256-XCiJdtXIN09Iv0i1gs5ajJ9CVHk537Gy1iG/4nIdpVI=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "75fb000638e6d0f57cb1e8b7a4550cbdd8c76f1d",
"rev": "dc221f842e9ddc8c0416beae8d77f2ea356b91ae",
"type": "github"
},
"original": {
@@ -1469,6 +1491,26 @@
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1753006367,
"narHash": "sha256-tzbhc4XttkyEhswByk5R38l+ztN9UDbnj0cTcP6Hp9A=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "421b56313c65a0815a52b424777f55acf0b56ddf",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"uv2nix": {
"inputs": {
"nixpkgs": [

81
flake.nix
View File

@@ -69,12 +69,24 @@
nixos-apple-silicon.url = "github:nix-community/nixos-apple-silicon";
pre-commit-hooks-nix.url = "github:cachix/pre-commit-hooks.nix";
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
};
# We will handle this in the next section.
outputs = inputs:
inputs.snowfall-lib.mkFlake {
let
snowfall = inputs.snowfall-lib.mkFlake {
# You must provide our flake inputs to Snowfall Lib.
inherit inputs;
@@ -92,6 +104,7 @@
impermanence.nixosModules.impermanence
lanzaboote.nixosModules.lanzaboote
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
];
# common darwin modules
@@ -129,6 +142,7 @@
nixos-hardware.nixosModules.common-cpu-amd-pstate
nixos-hardware.nixosModules.common-cpu-amd-zenpower
nixos-hardware.nixosModules.common-hidpi
home-manager.nixosModules.home-manager
];
# overlays = with inputs; [ crowdsec.overlays.default ];
};
@@ -169,6 +183,7 @@
homes = {
modules = with inputs; [
nix-index-database.homeModules.nix-index
sops-nix.homeManagerModules.sops
];
@@ -177,11 +192,11 @@
];
users = {
"matt@desktop" = {
modules = with inputs; [
sops-nix.homeManagerModules.sops
];
};
# "matt@desktop" = {
# modules = with inputs; [
# sops-nix.homeManagerModules.sops
# ];
# };
"deck@deck" = {
modules = with inputs; [
steam-rom-manager.homeManagerModules.default
@@ -206,5 +221,57 @@
title = "mjallen Flake";
};
};
outputs-builder = channels: {
formatter = inputs.treefmt-nix.lib.mkWrapper channels.nixpkgs ./treefmt.nix;
};
};
piSystems = {
pi4 = inputs.nixos-raspberrypi.lib.nixosSystem {
specialArgs = inputs // {
# Add any special args you need
};
system = "aarch64-linux";
modules = [
# Import your Snowfall modules manually
./systems/aarch64-linux/pi4
inputs.disko.nixosModules.disko
./systems/aarch64-linux/pi4/disko.nix
inputs.nixos-hardware.nixosModules.raspberry-pi-4
{
imports = with inputs.nixos-raspberrypi.nixosModules; [
raspberry-pi-4.base
raspberry-pi-4.display-vc4
raspberry-pi-4.bluetooth
raspberry-pi-4.case-argonone
];
}
inputs.impermanence.nixosModules.impermanence
inputs.sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "backup";
home-manager.extraSpecialArgs = { inherit inputs; };
home-manager.sharedModules = [
inputs.sops-nix.homeManagerModules.sops
];
home-manager.users.matt = import (./homes/aarch64-linux + "/matt@pi4/default.nix");
home-manager.users.root = { ... }: {
imports = [
# Your root user config
inputs.sops-nix.homeManagerModules.sops
];
home.stateVersion = "23.11";
};
}
];
};
};
in
snowfall // {
nixosConfigurations = snowfall.nixosConfigurations // piSystems;
};
}

6
homes/aarch64-linux/matt@pi4/default.nix
View File

@@ -12,9 +12,9 @@ let
in
{
imports = [
../../share/home/defaults.nix
../../share/home/git.nix
../../share/home/shell.nix
../../../modules/home/home
../../../modules/home/programs/git
../../../modules/home/programs/zsh
];
home.username = "matt";

66
homes/x86_64-linux/admin@nas/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs,... }:
{ pkgs, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10";
@@ -9,40 +9,42 @@ in
{
home.username = "admin";
sops = {
age.keyFile = "/home/admin/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/jallen-nas" = {
path = "/home/admin/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/jallen-nas" = {
path = "/home/admin/.ssh/id_ed25519";
mode = "0600";
};
"ssh-keys-public/desktop-nixos" = {
path = "/home/admin/.ssh/authorized_keys";
mode = "0600";
};
# mjallen.home.enable = true;
"ssh-keys-public/desktop-nixos-root" = {
path = "/home/admin/.ssh/authorized_keys2";
mode = "0600";
};
# sops = {
# age.keyFile = "/home/admin/.config/sops/age/keys.txt";
# defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
# validateSopsFiles = false;
# secrets = {
# "ssh-keys-public/jallen-nas" = {
# path = "/home/admin/.ssh/id_ed25519.pub";
# mode = "0644";
# };
# "ssh-keys-private/jallen-nas" = {
# path = "/home/admin/.ssh/id_ed25519";
# mode = "0600";
# };
# "ssh-keys-public/desktop-nixos" = {
# path = "/home/admin/.ssh/authorized_keys";
# mode = "0600";
# };
"ssh-keys-public/desktop-windows" = {
path = "/home/admin/.ssh/authorized_keys3";
mode = "0600";
};
# "ssh-keys-public/desktop-nixos-root" = {
# path = "/home/admin/.ssh/authorized_keys2";
# mode = "0600";
# };
"ssh-keys-public/macbook-macos" = {
path = "/home/admin/.ssh/authorized_keys4";
mode = "0600";
};
};
};
# "ssh-keys-public/desktop-windows" = {
# path = "/home/admin/.ssh/authorized_keys3";
# mode = "0600";
# };
# "ssh-keys-public/macbook-macos" = {
# path = "/home/admin/.ssh/authorized_keys4";
# mode = "0600";
# };
# };
# };
programs = {
neovim = {

58
modules/home/sops/default.nix
View File

@@ -1,18 +1,44 @@
{ config, ... }:
{ config, lib, ... }:
let
cfg = config.mjallen.sops;
in
{
# sops = {
# age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
# defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
# validateSopsFiles = false;
# secrets = {
# "ssh-keys-public/desktop-nixos" = {
# path = "/home/matt/.ssh/id_ed25519.pub";
# mode = "0644";
# };
# "ssh-keys-private/desktop-nixos" = {
# path = "/home/matt/.ssh/id_ed25519";
# mode = "0600";
# };
# };
# };
imports = [ ./options.nix ];
config = lib.mkIf cfg.enable {
sops = {
age.keyFile = "/home/admin/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/jallen-nas" = {
path = "/home/admin/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/jallen-nas" = {
path = "/home/admin/.ssh/id_ed25519";
mode = "0600";
};
"ssh-keys-public/desktop-nixos" = {
path = "/home/admin/.ssh/authorized_keys";
mode = "0600";
};
"ssh-keys-public/desktop-nixos-root" = {
path = "/home/admin/.ssh/authorized_keys2";
mode = "0600";
};
"ssh-keys-public/desktop-windows" = {
path = "/home/admin/.ssh/authorized_keys3";
mode = "0600";
};
"ssh-keys-public/macbook-macos" = {
path = "/home/admin/.ssh/authorized_keys4";
mode = "0600";
};
};
};
};
}

12
modules/home/sops/options.nix Normal file
View File

@@ -0,0 +1,12 @@
{ lib, ... }:
with lib;
{
options.mjallen.sops = {
enable = mkEnableOption "enable sops";
defaultSopsFile = mkOption {
type = types.str;
default = null;
};
};
}

62
modules/nixos/home/default.nix Normal file
View File

@@ -0,0 +1,62 @@
{
config,
lib,
options,
namespace,
inputs,
...
}:
{
options.${namespace}.home = with lib.types; {
configFile = lib.mkOption {
type = attrs;
default = { };
description = "A set of files to be managed by home-manager's <option>xdg.configFile</option>.";
};
extraOptions = lib.mkOption {
type = attrs;
default = { };
description = "Options to pass directly to home-manager.";
};
file = lib.mkOption {
type = attrs;
default = { };
description = "A set of files to be managed by home-manager's <option>home.file</option>.";
};
};
config = {
# ${namespace}.home.extraOptions = {
# home.file = lib.mkAliasDefinitions options.${namespace}.home.file;
# home.stateVersion = lib.mkOptionDefault config.system.stateVersion;
# xdg.configFile = lib.mkAliasDefinitions options.${namespace}.home.configFile;
# xdg.enable = lib.mkOptionDefault true;
# };
home-manager = {
# enables backing up existing files instead of erroring if conflicts exist
backupFileExtension = "backup";
useGlobalPkgs = true;
useUserPackages = true;
# Pass inputs so external modules can access them
extraSpecialArgs = {
inherit inputs;
};
# Make ALL external HM modules available globally
sharedModules = with inputs; [
sops-nix.homeManagerModules.sops
steam-rom-manager.homeManagerModules.default
# Add any other external HM modules here
];
# users.${config.${namespace}.user.name} = lib.types.mkAliasDefinitions options.${namespace}.home.extraOptions;
users.admin = lib.mkAliasDefinitions options.${namespace}.home.extraOptions;
verbose = true;
};
};
}

0
systems/aarch64-linux/pi4/configuration.nix → systems/aarch64-linux/pi4/default.nix
View File

102
systems/aarch64-linux/pi4/disko.nix Normal file
View File

@@ -0,0 +1,102 @@
{ config, lib, ... }:
let
rootDisk = "/dev/sda1";
in
{
disko.devices = {
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"mode=755"
"defaults"
"size=2G"
];
};
# root disk setup
disk.main = {
type = "disk";
device = rootDisk;
imageSize = "15G";
content = {
type = "gpt";
# specify partitions
partitions = {
# /boot/firmware
FIRMWARE = {
priority = 1;
name = "FIRMWARE";
start = "1M";
end = "1G";
type = "0700";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/firmware";
mountOptions = [ "umask=0077" ];
};
};
# /boot
ESP = {
priority = 2;
name = "ESP";
# start = "1G";
# end = "2G";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
name = "btrfs-root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
"home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"root" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/root";
};
"nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"etc" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/etc";
};
"log" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/var/log";
};
};
};
};
};
};
};
};
}

10
systems/aarch64-linux/pi4/sops.nix
View File

@@ -4,7 +4,7 @@ let
in
{
sops = {
defaultSopsFile = ../../secrets/pi4-secrets.yaml;
defaultSopsFile = ../../../secrets/pi4-secrets.yaml;
# age = {
# generateKey = true;
# sshKeyPaths = [ "/etc/ssd/ssh_host_ed25519_key" ];
@@ -16,7 +16,7 @@ in
# ------------------------------
secrets = {
"wifi" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
};
"pi4/matt-password" = {
neededForUsers = true;
@@ -30,21 +30,21 @@ in
# ------------------------------
"ssh-keys-public/pi4" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
mode = "0644";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-private/pi4" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ];
};
"ssh-keys-public/pi5" = {
sopsFile = ../../secrets/secrets.yaml;
sopsFile = ../../../secrets/secrets.yaml;
neededForUsers = true;
mode = "0600";
owner = config.users.users.root.name;

24
systems/x86_64-linux/nas/apps/nextcloud/default.nix
View File

@@ -6,12 +6,23 @@ let
jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
nextcloudUserId = config.users.users.nix-apps.uid;
nextcloudGroupId = config.users.groups.jallen-nas.gid;
nextcloudPackage = pkgs.nextcloud31;
nextcloudPackage = pkgs.stable.nextcloud31;
hostAddress = settings.hostAddress;
localAddress = "10.0.2.18";
nextcloudPortExtHttp = 9988;
nextcloudPortExtHttps = 9943;
onlyofficePortExt = 9943;
systemPackages = with pkgs.stable; [
cudaPackages.cudnn
cudatoolkit
ffmpeg
# libtensorflow-bin
nextcloud31
nodejs
onlyoffice-documentserver
sqlite
];
in
{
containers.nextcloud = {
@@ -137,16 +148,7 @@ in
};
# System packages
environment.systemPackages = with pkgs; [
cudaPackages.cudnn
cudatoolkit
ffmpeg
# libtensorflow-bin
nextcloud31
nodejs
onlyoffice-documentserver
sqlite
];
environment.systemPackages = systemPackages;
# Create required users and groups
users.users.nextcloud = {

4
systems/x86_64-linux/nas/default.nix
View File

@@ -27,6 +27,10 @@
./sops.nix
];
snowfallorg.users.admin.home.config = {
mjallen.sops.enable = true;
};
powerManagement.cpuFreqGovernor = "powersave";
${namespace} = {

82
treefmt.nix Normal file
View File

@@ -0,0 +1,82 @@
{
projectRootFile = "flake.nix";
programs = {
actionlint.enable = true;
biome = {
enable = true;
settings.formatter.formatWithErrors = true;
};
clang-format.enable = true;
deadnix = {
enable = true;
};
deno = {
enable = true;
# Using biome for these
excludes = [
"*.ts"
"*.js"
"*.json"
"*.jsonc"
];
};
fantomas.enable = true;
fish_indent.enable = true;
gofmt.enable = true;
isort.enable = true;
nixfmt.enable = true;
nufmt.enable = true;
ruff-check.enable = true;
ruff-format.enable = true;
rustfmt.enable = true;
shfmt = {
enable = true;
indent_size = 4;
};
statix.enable = true;
stylua.enable = true;
taplo.enable = true;
yamlfmt.enable = true;
};
settings = {
global.excludes = [
"*.editorconfig"
"*.envrc"
"*.gitconfig"
"*.git-blame-ignore-revs"
"*.gitignore"
"*.gitattributes"
"*.luacheckrc"
"*CODEOWNERS"
"*LICENSE"
"*flake.lock"
"*.conf"
"*.gif"
"*.ico"
"*.ini"
"*.micro"
"*.png"
"*.svg"
"*.tmux"
"*/config"
# TODO: formatters?
"*.ac"
"*.css" # Exclude CSS files from formatting since we use Nix template variables
"*.csproj"
"*.fsproj"
"*.in"
"*.kdl"
"*.kvconfig"
"*.rasi"
"*.sln"
"*.xml"
"*.zsh"
"*Makefile"
"*makefile"
];
formatter.ruff-format.options = [ "--isolated" ];
};
}