From ac9ee8e67bbd4667054da3b59ea839b401c95479 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Mon, 21 Jul 2025 14:09:41 -0500 Subject: [PATCH] basic pi stuff, ugly but functional --- checks/pre-commit-hooks/default.nix | 5 + flake.lock | 122 ++++++++++++------ flake.nix | 81 +++++++++++- homes/aarch64-linux/matt@pi4/default.nix | 6 +- homes/x86_64-linux/admin@nas/default.nix | 66 +++++----- modules/home/sops/default.nix | 58 ++++++--- modules/home/sops/options.nix | 12 ++ modules/nixos/home/default.nix | 62 +++++++++ .../pi4/{configuration.nix => default.nix} | 0 systems/aarch64-linux/pi4/disko.nix | 102 +++++++++++++++ systems/aarch64-linux/pi4/sops.nix | 10 +- .../nas/apps/nextcloud/default.nix | 24 ++-- systems/x86_64-linux/nas/default.nix | 4 + treefmt.nix | 82 ++++++++++++ 14 files changed, 520 insertions(+), 114 deletions(-) create mode 100644 modules/home/sops/options.nix create mode 100644 modules/nixos/home/default.nix rename systems/aarch64-linux/pi4/{configuration.nix => default.nix} (100%) create mode 100644 systems/aarch64-linux/pi4/disko.nix create mode 100644 treefmt.nix diff --git a/checks/pre-commit-hooks/default.nix b/checks/pre-commit-hooks/default.nix index 6f56b49..cfd5ea3 100644 --- a/checks/pre-commit-hooks/default.nix +++ b/checks/pre-commit-hooks/default.nix @@ -10,5 +10,10 @@ git-hooks-nix.lib.${pkgs.system}.run { src = ../..; hooks = { pre-commit-hook-ensure-sops.enable = true; + treefmt = { + enable = true; + settings.fail-on-change = false; + packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs ../../treefmt.nix; + }; }; } \ No newline at end of file diff --git a/flake.lock b/flake.lock index 03f11ac..e24930a 100644 --- a/flake.lock +++ b/flake.lock @@ -86,11 +86,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1752511627, - "narHash": "sha256-b8vYxLdVqIFIVa8GaAI50WAGqs37rl76zRMIsjP8/fU=", + "lastModified": 1753035671, + "narHash": "sha256-F1EAebqC+De5rog6rK/jVTetEGrCKHR7q8wQHx3VqAM=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "26106678ea5170e9db5907bfd2992bdfc26ecd7b", + "rev": "57509273a21933c184eb1985efc06381879c09f1", "type": "github" }, "original": { @@ -504,11 +504,11 @@ ] }, "locked": { - "lastModified": 1752402455, - "narHash": "sha256-mCHfZhQKdTj2JhCFcqfOfa3uKZbwUkPQbd0/zPnhOE8=", + "lastModified": 1752783339, + "narHash": "sha256-RXxejsGIWtJ5rJKLAm8Kh159euZHPMi7CtbOoHLsm2c=", "owner": "nix-community", "repo": "home-manager", - "rev": "bf893ad4cbf46610dd1b620c974f824e266cd1df", + "rev": "7c78e592a895f2f1921f0024848fe193e2f8518e", "type": "github" }, "original": { @@ -524,11 +524,11 @@ ] }, "locked": { - "lastModified": 1752603129, - "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=", + "lastModified": 1753056897, + "narHash": "sha256-AVVMBFcuOXqIgmShvRv9TED3fkiZhQ0ZvlhsPoFfkNE=", "owner": "nix-community", "repo": "home-manager", - "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b", + "rev": "13a83d1b6545b7f0e8f7689bad62e7a3b1d63771", "type": "github" }, "original": { @@ -540,11 +540,11 @@ "homebrew-cask": { "flake": false, "locked": { - "lastModified": 1752694079, - "narHash": "sha256-BR9ESr26ncVQgLOtYmdqD3QeJJGbMEUu6QGZ0D9pJDY=", + "lastModified": 1753115487, + "narHash": "sha256-3uZaS9DHqZxfE57aAPDAsepLRU140RV6FYDUREXK47c=", "owner": "homebrew", "repo": "homebrew-cask", - "rev": "c9441728d76b4a789e607a04a6a8713fddb4e9ab", + "rev": "3b67ce4096f29acf817bf666b5a4dfc98733ed6b", "type": "github" }, "original": { @@ -556,11 +556,11 @@ "homebrew-core": { "flake": false, "locked": { - "lastModified": 1752689765, - "narHash": "sha256-cLVorIY5xViq+wU3HtYo63ykxYIFNLK/A2ZeI8Ooyis=", + "lastModified": 1753113580, + "narHash": "sha256-lKbdUt+//YX4bC5OpLTY6dGKb4Z84Gbr2sMB6V6TuRk=", "owner": "homebrew", "repo": "homebrew-core", - "rev": "990381d37dd3c257451a9ca948caa8dfe1e5b45d", + "rev": "551941d43131806a6c9332ac1a1d85d28ecc52c9", "type": "github" }, "original": { @@ -593,11 +593,11 @@ ] }, "locked": { - "lastModified": 1752340638, - "narHash": "sha256-9+vBdRt/jg8fAll1VD3NXBibkRq9F8Wq/mW45I5jlvc=", + "lastModified": 1752755091, + "narHash": "sha256-H/k35QJLyQxkFnXR5ckMv/Z+ElNa5f22qNKdyGBMAn4=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "1129c951dcc2a269a12cb74d64bd64e44e724ecb", + "rev": "0d09755fe1df1886e5f07dbb16f7ed373080f86a", "type": "github" }, "original": { @@ -612,11 +612,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1752662387, - "narHash": "sha256-bfZ8F86kLGqwB0h477GZggG0Dc0y/oqvq8zi3d12HJE=", + "lastModified": 1752755091, + "narHash": "sha256-H/k35QJLyQxkFnXR5ckMv/Z+ElNa5f22qNKdyGBMAn4=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "f008426af6f0276b847305fefd40b6aa9c52dd19", + "rev": "0d09755fe1df1886e5f07dbb16f7ed373080f86a", "type": "github" }, "original": { @@ -738,17 +738,37 @@ "type": "github" } }, + "nix-index-database": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1752985182, + "narHash": "sha256-sX8Neff8lp3TCHai6QmgLr5AD8MdsQQX3b52C1DVXR8=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "fafdcb505ba605157ff7a7eeea452bc6d6cbc23c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, "nix-vscode-extensions": { "inputs": { "flake-utils": "flake-utils_3", "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1752631969, - "narHash": "sha256-G32IrtEm/WJnEvhOfSu+fyysZmnhQyun5d9xdB9FZjk=", + "lastModified": 1753064291, + "narHash": "sha256-SthlGBO9W1NXCAHBxV5DrWOt3daYXlSR8lAtOaKWCPw=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "575022736bf7c2eadea38de48b9b20cd93bbfce8", + "rev": "9648256bb966f178586cb96cc397985c82e514b8", "type": "github" }, "original": { @@ -782,11 +802,11 @@ "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1751622568, - "narHash": "sha256-EE3NBsej517VRa1x+ylAghrvngftxf1KgfHlE9OYyXE=", + "lastModified": 1753029310, + "narHash": "sha256-GqH4hhdpWnaKR2Zl1rYXXdX2acw6pGQH65VCWF3D6Uc=", "owner": "nix-community", "repo": "nixos-apple-silicon", - "rev": "eba4b40c816e5aff8951ae231ac237e8aab8ec1d", + "rev": "fe61e1be8f134efe47b290c26e8496a3a03ae8ec", "type": "github" }, "original": { @@ -922,11 +942,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1752620740, - "narHash": "sha256-f3pO+9lg66mV7IMmmIqG4PL3223TYMlnlw+pnpelbss=", + "lastModified": 1752866191, + "narHash": "sha256-NV4S2Lf2hYmZQ3Qf4t/YyyBaJNuxLPyjzvDma0zPp/M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "32a4e87942101f1c9f9865e04dc3ddb175f5f32e", + "rev": "f01fe91b0108a7aff99c99f2e9abbc45db0adc2a", "type": "github" }, "original": { @@ -970,11 +990,11 @@ }, "nixpkgs_12": { "locked": { - "lastModified": 1752480373, - "narHash": "sha256-JHQbm+OcGp32wAsXTE/FLYGNpb+4GLi5oTvCxwSoBOA=", + "lastModified": 1752950548, + "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62e0f05ede1da0d54515d4ea8ce9c733f12d9f08", + "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", "type": "github" }, "original": { @@ -1018,11 +1038,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1751984180, - "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", + "lastModified": 1752950548, + "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", + "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", "type": "github" }, "original": { @@ -1255,6 +1275,7 @@ "jovian": "jovian_2", "lanzaboote": "lanzaboote", "nix-homebrew": "nix-homebrew", + "nix-index-database": "nix-index-database", "nix-vscode-extensions": "nix-vscode-extensions", "nixai": "nixai", "nixos-apple-silicon": "nixos-apple-silicon", @@ -1265,7 +1286,8 @@ "pre-commit-hooks-nix": "pre-commit-hooks-nix_2", "snowfall-lib": "snowfall-lib", "sops-nix": "sops-nix", - "steam-rom-manager": "steam-rom-manager" + "steam-rom-manager": "steam-rom-manager", + "treefmt-nix": "treefmt-nix" } }, "rust-overlay": { @@ -1276,11 +1298,11 @@ ] }, "locked": { - "lastModified": 1752374969, - "narHash": "sha256-Ky3ynEkJXih7mvWyt9DWoiSiZGqPeHLU1tlBU4b0mcc=", + "lastModified": 1752720268, + "narHash": "sha256-XCiJdtXIN09Iv0i1gs5ajJ9CVHk537Gy1iG/4nIdpVI=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "75fb000638e6d0f57cb1e8b7a4550cbdd8c76f1d", + "rev": "dc221f842e9ddc8c0416beae8d77f2ea356b91ae", "type": "github" }, "original": { @@ -1469,6 +1491,26 @@ "type": "github" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1753006367, + "narHash": "sha256-tzbhc4XttkyEhswByk5R38l+ztN9UDbnj0cTcP6Hp9A=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "421b56313c65a0815a52b424777f55acf0b56ddf", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "uv2nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index a7ddb2c..e54eed1 100644 --- a/flake.nix +++ b/flake.nix @@ -69,12 +69,24 @@ nixos-apple-silicon.url = "github:nix-community/nixos-apple-silicon"; pre-commit-hooks-nix.url = "github:cachix/pre-commit-hooks.nix"; + + treefmt-nix = { + url = "github:numtide/treefmt-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nix-index-database = { + url = "github:nix-community/nix-index-database"; + inputs = { + nixpkgs.follows = "nixpkgs"; + }; + }; }; # We will handle this in the next section. outputs = inputs: - - inputs.snowfall-lib.mkFlake { + let + snowfall = inputs.snowfall-lib.mkFlake { # You must provide our flake inputs to Snowfall Lib. inherit inputs; @@ -92,6 +104,7 @@ impermanence.nixosModules.impermanence lanzaboote.nixosModules.lanzaboote sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager ]; # common darwin modules @@ -129,6 +142,7 @@ nixos-hardware.nixosModules.common-cpu-amd-pstate nixos-hardware.nixosModules.common-cpu-amd-zenpower nixos-hardware.nixosModules.common-hidpi + home-manager.nixosModules.home-manager ]; # overlays = with inputs; [ crowdsec.overlays.default ]; }; @@ -169,6 +183,7 @@ homes = { modules = with inputs; [ + nix-index-database.homeModules.nix-index sops-nix.homeManagerModules.sops ]; @@ -177,11 +192,11 @@ ]; users = { - "matt@desktop" = { - modules = with inputs; [ - sops-nix.homeManagerModules.sops - ]; - }; + # "matt@desktop" = { + # modules = with inputs; [ + # sops-nix.homeManagerModules.sops + # ]; + # }; "deck@deck" = { modules = with inputs; [ steam-rom-manager.homeManagerModules.default @@ -206,5 +221,57 @@ title = "mjallen Flake"; }; }; + + outputs-builder = channels: { + formatter = inputs.treefmt-nix.lib.mkWrapper channels.nixpkgs ./treefmt.nix; + }; + }; + + piSystems = { + pi4 = inputs.nixos-raspberrypi.lib.nixosSystem { + specialArgs = inputs // { + # Add any special args you need + }; + system = "aarch64-linux"; + modules = [ + # Import your Snowfall modules manually + ./systems/aarch64-linux/pi4 + inputs.disko.nixosModules.disko + ./systems/aarch64-linux/pi4/disko.nix + inputs.nixos-hardware.nixosModules.raspberry-pi-4 + { + imports = with inputs.nixos-raspberrypi.nixosModules; [ + raspberry-pi-4.base + raspberry-pi-4.display-vc4 + raspberry-pi-4.bluetooth + raspberry-pi-4.case-argonone + ]; + } + inputs.impermanence.nixosModules.impermanence + inputs.sops-nix.nixosModules.sops + inputs.home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.sharedModules = [ + inputs.sops-nix.homeManagerModules.sops + ]; + home-manager.users.matt = import (./homes/aarch64-linux + "/matt@pi4/default.nix"); + home-manager.users.root = { ... }: { + imports = [ + # Your root user config + inputs.sops-nix.homeManagerModules.sops + ]; + home.stateVersion = "23.11"; + }; + } + ]; + }; + }; + in + snowfall // { + nixosConfigurations = snowfall.nixosConfigurations // piSystems; }; } \ No newline at end of file diff --git a/homes/aarch64-linux/matt@pi4/default.nix b/homes/aarch64-linux/matt@pi4/default.nix index 0b8c610..831a18f 100755 --- a/homes/aarch64-linux/matt@pi4/default.nix +++ b/homes/aarch64-linux/matt@pi4/default.nix @@ -12,9 +12,9 @@ let in { imports = [ - ../../share/home/defaults.nix - ../../share/home/git.nix - ../../share/home/shell.nix + ../../../modules/home/home + ../../../modules/home/programs/git + ../../../modules/home/programs/zsh ]; home.username = "matt"; diff --git a/homes/x86_64-linux/admin@nas/default.nix b/homes/x86_64-linux/admin@nas/default.nix index a60f201..fcf5dbb 100755 --- a/homes/x86_64-linux/admin@nas/default.nix +++ b/homes/x86_64-linux/admin@nas/default.nix @@ -1,4 +1,4 @@ -{ pkgs,... }: +{ pkgs, ... }: let shellAliases = { update-boot = "sudo nixos-rebuild boot --max-jobs 10"; @@ -9,40 +9,42 @@ in { home.username = "admin"; - sops = { - age.keyFile = "/home/admin/.config/sops/age/keys.txt"; - defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; - validateSopsFiles = false; - secrets = { - "ssh-keys-public/jallen-nas" = { - path = "/home/admin/.ssh/id_ed25519.pub"; - mode = "0644"; - }; - "ssh-keys-private/jallen-nas" = { - path = "/home/admin/.ssh/id_ed25519"; - mode = "0600"; - }; - "ssh-keys-public/desktop-nixos" = { - path = "/home/admin/.ssh/authorized_keys"; - mode = "0600"; - }; + # mjallen.home.enable = true; - "ssh-keys-public/desktop-nixos-root" = { - path = "/home/admin/.ssh/authorized_keys2"; - mode = "0600"; - }; + # sops = { + # age.keyFile = "/home/admin/.config/sops/age/keys.txt"; + # defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; + # validateSopsFiles = false; + # secrets = { + # "ssh-keys-public/jallen-nas" = { + # path = "/home/admin/.ssh/id_ed25519.pub"; + # mode = "0644"; + # }; + # "ssh-keys-private/jallen-nas" = { + # path = "/home/admin/.ssh/id_ed25519"; + # mode = "0600"; + # }; + # "ssh-keys-public/desktop-nixos" = { + # path = "/home/admin/.ssh/authorized_keys"; + # mode = "0600"; + # }; - "ssh-keys-public/desktop-windows" = { - path = "/home/admin/.ssh/authorized_keys3"; - mode = "0600"; - }; + # "ssh-keys-public/desktop-nixos-root" = { + # path = "/home/admin/.ssh/authorized_keys2"; + # mode = "0600"; + # }; - "ssh-keys-public/macbook-macos" = { - path = "/home/admin/.ssh/authorized_keys4"; - mode = "0600"; - }; - }; - }; + # "ssh-keys-public/desktop-windows" = { + # path = "/home/admin/.ssh/authorized_keys3"; + # mode = "0600"; + # }; + + # "ssh-keys-public/macbook-macos" = { + # path = "/home/admin/.ssh/authorized_keys4"; + # mode = "0600"; + # }; + # }; + # }; programs = { neovim = { diff --git a/modules/home/sops/default.nix b/modules/home/sops/default.nix index f64cef1..583c2cd 100644 --- a/modules/home/sops/default.nix +++ b/modules/home/sops/default.nix @@ -1,18 +1,44 @@ -{ config, ... }: +{ config, lib, ... }: +let + cfg = config.mjallen.sops; +in { - # sops = { - # age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt"; - # defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; - # validateSopsFiles = false; - # secrets = { - # "ssh-keys-public/desktop-nixos" = { - # path = "/home/matt/.ssh/id_ed25519.pub"; - # mode = "0644"; - # }; - # "ssh-keys-private/desktop-nixos" = { - # path = "/home/matt/.ssh/id_ed25519"; - # mode = "0600"; - # }; - # }; - # }; + imports = [ ./options.nix ]; + + config = lib.mkIf cfg.enable { + sops = { + age.keyFile = "/home/admin/.config/sops/age/keys.txt"; + defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; + validateSopsFiles = false; + secrets = { + "ssh-keys-public/jallen-nas" = { + path = "/home/admin/.ssh/id_ed25519.pub"; + mode = "0644"; + }; + "ssh-keys-private/jallen-nas" = { + path = "/home/admin/.ssh/id_ed25519"; + mode = "0600"; + }; + "ssh-keys-public/desktop-nixos" = { + path = "/home/admin/.ssh/authorized_keys"; + mode = "0600"; + }; + + "ssh-keys-public/desktop-nixos-root" = { + path = "/home/admin/.ssh/authorized_keys2"; + mode = "0600"; + }; + + "ssh-keys-public/desktop-windows" = { + path = "/home/admin/.ssh/authorized_keys3"; + mode = "0600"; + }; + + "ssh-keys-public/macbook-macos" = { + path = "/home/admin/.ssh/authorized_keys4"; + mode = "0600"; + }; + }; + }; + }; } \ No newline at end of file diff --git a/modules/home/sops/options.nix b/modules/home/sops/options.nix new file mode 100644 index 0000000..7fda5ea --- /dev/null +++ b/modules/home/sops/options.nix @@ -0,0 +1,12 @@ +{ lib, ... }: +with lib; +{ + options.mjallen.sops = { + enable = mkEnableOption "enable sops"; + + defaultSopsFile = mkOption { + type = types.str; + default = null; + }; + }; +} \ No newline at end of file diff --git a/modules/nixos/home/default.nix b/modules/nixos/home/default.nix new file mode 100644 index 0000000..185f5f9 --- /dev/null +++ b/modules/nixos/home/default.nix @@ -0,0 +1,62 @@ +{ + config, + lib, + options, + namespace, + inputs, + ... +}: +{ + + options.${namespace}.home = with lib.types; { + configFile = lib.mkOption { + type = attrs; + default = { }; + description = "A set of files to be managed by home-manager's ."; + }; + extraOptions = lib.mkOption { + type = attrs; + default = { }; + description = "Options to pass directly to home-manager."; + }; + file = lib.mkOption { + type = attrs; + default = { }; + description = "A set of files to be managed by home-manager's ."; + }; + }; + + config = { + # ${namespace}.home.extraOptions = { + # home.file = lib.mkAliasDefinitions options.${namespace}.home.file; + # home.stateVersion = lib.mkOptionDefault config.system.stateVersion; + # xdg.configFile = lib.mkAliasDefinitions options.${namespace}.home.configFile; + # xdg.enable = lib.mkOptionDefault true; + # }; + + home-manager = { + # enables backing up existing files instead of erroring if conflicts exist + backupFileExtension = "backup"; + + useGlobalPkgs = true; + useUserPackages = true; + + # Pass inputs so external modules can access them + extraSpecialArgs = { + inherit inputs; + }; + + # Make ALL external HM modules available globally + sharedModules = with inputs; [ + sops-nix.homeManagerModules.sops + steam-rom-manager.homeManagerModules.default + # Add any other external HM modules here + ]; + + # users.${config.${namespace}.user.name} = lib.types.mkAliasDefinitions options.${namespace}.home.extraOptions; + users.admin = lib.mkAliasDefinitions options.${namespace}.home.extraOptions; + + verbose = true; + }; + }; +} \ No newline at end of file diff --git a/systems/aarch64-linux/pi4/configuration.nix b/systems/aarch64-linux/pi4/default.nix similarity index 100% rename from systems/aarch64-linux/pi4/configuration.nix rename to systems/aarch64-linux/pi4/default.nix diff --git a/systems/aarch64-linux/pi4/disko.nix b/systems/aarch64-linux/pi4/disko.nix new file mode 100644 index 0000000..cb4bd15 --- /dev/null +++ b/systems/aarch64-linux/pi4/disko.nix @@ -0,0 +1,102 @@ +{ config, lib, ... }: +let + rootDisk = "/dev/sda1"; +in +{ + disko.devices = { + nodev."/" = { + fsType = "tmpfs"; + mountOptions = [ + "mode=755" + "defaults" + "size=2G" + ]; + }; + # root disk setup + disk.main = { + type = "disk"; + device = rootDisk; + imageSize = "15G"; + content = { + type = "gpt"; + # specify partitions + partitions = { + # /boot/firmware + FIRMWARE = { + priority = 1; + name = "FIRMWARE"; + start = "1M"; + end = "1G"; + type = "0700"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot/firmware"; + mountOptions = [ "umask=0077" ]; + }; + }; + # /boot + ESP = { + priority = 2; + name = "ESP"; + # start = "1G"; + # end = "2G"; + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + + root = { + name = "btrfs-root"; + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; # Override existing partition + # Subvolumes must set a mountpoint in order to be mounted, + # unless their parent is mounted + subvolumes = { + "home" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/home"; + }; + "root" = { + mountOptions = [ + "compress=zstd" + "noatime" + ]; + mountpoint = "/root"; + }; + "nix" = { + mountOptions = [ + "compress=zstd" + "noatime" + ]; + mountpoint = "/nix"; + }; + "etc" = { + mountOptions = [ + "compress=zstd" + "noatime" + ]; + mountpoint = "/etc"; + }; + "log" = { + mountOptions = [ + "compress=zstd" + "noatime" + ]; + mountpoint = "/var/log"; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/systems/aarch64-linux/pi4/sops.nix b/systems/aarch64-linux/pi4/sops.nix index 0db24f8..a43e72e 100755 --- a/systems/aarch64-linux/pi4/sops.nix +++ b/systems/aarch64-linux/pi4/sops.nix @@ -4,7 +4,7 @@ let in { sops = { - defaultSopsFile = ../../secrets/pi4-secrets.yaml; + defaultSopsFile = ../../../secrets/pi4-secrets.yaml; # age = { # generateKey = true; # sshKeyPaths = [ "/etc/ssd/ssh_host_ed25519_key" ]; @@ -16,7 +16,7 @@ in # ------------------------------ secrets = { "wifi" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; }; "pi4/matt-password" = { neededForUsers = true; @@ -30,21 +30,21 @@ in # ------------------------------ "ssh-keys-public/pi4" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; mode = "0644"; owner = config.users.users."${user}".name; group = config.users.users."${user}".group; restartUnits = [ "sshd.service" ]; }; "ssh-keys-private/pi4" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; mode = "0600"; owner = config.users.users."${user}".name; group = config.users.users."${user}".group; restartUnits = [ "sshd.service" ]; }; "ssh-keys-public/pi5" = { - sopsFile = ../../secrets/secrets.yaml; + sopsFile = ../../../secrets/secrets.yaml; neededForUsers = true; mode = "0600"; owner = config.users.users.root.name; diff --git a/systems/x86_64-linux/nas/apps/nextcloud/default.nix b/systems/x86_64-linux/nas/apps/nextcloud/default.nix index 06b6fdc..b27c783 100755 --- a/systems/x86_64-linux/nas/apps/nextcloud/default.nix +++ b/systems/x86_64-linux/nas/apps/nextcloud/default.nix @@ -6,12 +6,23 @@ let jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path; nextcloudUserId = config.users.users.nix-apps.uid; nextcloudGroupId = config.users.groups.jallen-nas.gid; - nextcloudPackage = pkgs.nextcloud31; + nextcloudPackage = pkgs.stable.nextcloud31; hostAddress = settings.hostAddress; localAddress = "10.0.2.18"; nextcloudPortExtHttp = 9988; nextcloudPortExtHttps = 9943; onlyofficePortExt = 9943; + + systemPackages = with pkgs.stable; [ + cudaPackages.cudnn + cudatoolkit + ffmpeg + # libtensorflow-bin + nextcloud31 + nodejs + onlyoffice-documentserver + sqlite + ]; in { containers.nextcloud = { @@ -137,16 +148,7 @@ in }; # System packages - environment.systemPackages = with pkgs; [ - cudaPackages.cudnn - cudatoolkit - ffmpeg - # libtensorflow-bin - nextcloud31 - nodejs - onlyoffice-documentserver - sqlite - ]; + environment.systemPackages = systemPackages; # Create required users and groups users.users.nextcloud = { diff --git a/systems/x86_64-linux/nas/default.nix b/systems/x86_64-linux/nas/default.nix index 450ef38..3e15fd3 100755 --- a/systems/x86_64-linux/nas/default.nix +++ b/systems/x86_64-linux/nas/default.nix @@ -27,6 +27,10 @@ ./sops.nix ]; + snowfallorg.users.admin.home.config = { + mjallen.sops.enable = true; + }; + powerManagement.cpuFreqGovernor = "powersave"; ${namespace} = { diff --git a/treefmt.nix b/treefmt.nix new file mode 100644 index 0000000..3a5e9c4 --- /dev/null +++ b/treefmt.nix @@ -0,0 +1,82 @@ +{ + projectRootFile = "flake.nix"; + + programs = { + actionlint.enable = true; + biome = { + enable = true; + settings.formatter.formatWithErrors = true; + }; + clang-format.enable = true; + deadnix = { + enable = true; + }; + deno = { + enable = true; + # Using biome for these + excludes = [ + "*.ts" + "*.js" + "*.json" + "*.jsonc" + ]; + }; + fantomas.enable = true; + fish_indent.enable = true; + gofmt.enable = true; + isort.enable = true; + nixfmt.enable = true; + nufmt.enable = true; + ruff-check.enable = true; + ruff-format.enable = true; + rustfmt.enable = true; + shfmt = { + enable = true; + indent_size = 4; + }; + statix.enable = true; + stylua.enable = true; + taplo.enable = true; + yamlfmt.enable = true; + }; + + settings = { + global.excludes = [ + "*.editorconfig" + "*.envrc" + "*.gitconfig" + "*.git-blame-ignore-revs" + "*.gitignore" + "*.gitattributes" + "*.luacheckrc" + "*CODEOWNERS" + "*LICENSE" + "*flake.lock" + "*.conf" + "*.gif" + "*.ico" + "*.ini" + "*.micro" + "*.png" + "*.svg" + "*.tmux" + "*/config" + # TODO: formatters? + "*.ac" + "*.css" # Exclude CSS files from formatting since we use Nix template variables + "*.csproj" + "*.fsproj" + "*.in" + "*.kdl" + "*.kvconfig" + "*.rasi" + "*.sln" + "*.xml" + "*.zsh" + "*Makefile" + "*makefile" + ]; + + formatter.ruff-format.options = [ "--isolated" ]; + }; +} \ No newline at end of file