mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

basic pi stuff, ugly but functional

Browse Source
This commit is contained in:
mjallen18
2025-07-21 14:09:41 -05:00
parent 4abbd0ef33
commit ac9ee8e67b
14 changed files with 520 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
checks/pre-commit-hooks/default.nix
View File

@@ -10,5 +10,10 @@ git-hooks-nix.lib.${pkgs.system}.run {
src = ../..; src = ../..;
hooks = { hooks = {
pre-commit-hook-ensure-sops.enable = true; pre-commit-hook-ensure-sops.enable = true;
treefmt = {
enable = true;
settings.fail-on-change = false;
packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs ../../treefmt.nix;
};
}; };
} }

122
flake.lock generated
View File

@@ -86,11 +86,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1752511627, "lastModified": 1753035671,
"narHash": "sha256-b8vYxLdVqIFIVa8GaAI50WAGqs37rl76zRMIsjP8/fU=", "narHash": "sha256-F1EAebqC+De5rog6rK/jVTetEGrCKHR7q8wQHx3VqAM=",
"owner": "chaotic-cx", "owner": "chaotic-cx",
"repo": "nyx", "repo": "nyx",
"rev": "26106678ea5170e9db5907bfd2992bdfc26ecd7b", "rev": "57509273a21933c184eb1985efc06381879c09f1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -504,11 +504,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1752402455, "lastModified": 1752783339,
"narHash": "sha256-mCHfZhQKdTj2JhCFcqfOfa3uKZbwUkPQbd0/zPnhOE8=", "narHash": "sha256-RXxejsGIWtJ5rJKLAm8Kh159euZHPMi7CtbOoHLsm2c=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "bf893ad4cbf46610dd1b620c974f824e266cd1df", "rev": "7c78e592a895f2f1921f0024848fe193e2f8518e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -524,11 +524,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1752603129, "lastModified": 1753056897,
"narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=", "narHash": "sha256-AVVMBFcuOXqIgmShvRv9TED3fkiZhQ0ZvlhsPoFfkNE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b", "rev": "13a83d1b6545b7f0e8f7689bad62e7a3b1d63771",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -540,11 +540,11 @@
"homebrew-cask": { "homebrew-cask": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1752694079, "lastModified": 1753115487,
"narHash": "sha256-BR9ESr26ncVQgLOtYmdqD3QeJJGbMEUu6QGZ0D9pJDY=", "narHash": "sha256-3uZaS9DHqZxfE57aAPDAsepLRU140RV6FYDUREXK47c=",
"owner": "homebrew", "owner": "homebrew",
"repo": "homebrew-cask", "repo": "homebrew-cask",
"rev": "c9441728d76b4a789e607a04a6a8713fddb4e9ab", "rev": "3b67ce4096f29acf817bf666b5a4dfc98733ed6b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -556,11 +556,11 @@
"homebrew-core": { "homebrew-core": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1752689765, "lastModified": 1753113580,
"narHash": "sha256-cLVorIY5xViq+wU3HtYo63ykxYIFNLK/A2ZeI8Ooyis=", "narHash": "sha256-lKbdUt+//YX4bC5OpLTY6dGKb4Z84Gbr2sMB6V6TuRk=",
"owner": "homebrew", "owner": "homebrew",
"repo": "homebrew-core", "repo": "homebrew-core",
"rev": "990381d37dd3c257451a9ca948caa8dfe1e5b45d", "rev": "551941d43131806a6c9332ac1a1d85d28ecc52c9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -593,11 +593,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1752340638, "lastModified": 1752755091,
"narHash": "sha256-9+vBdRt/jg8fAll1VD3NXBibkRq9F8Wq/mW45I5jlvc=", "narHash": "sha256-H/k35QJLyQxkFnXR5ckMv/Z+ElNa5f22qNKdyGBMAn4=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "1129c951dcc2a269a12cb74d64bd64e44e724ecb", "rev": "0d09755fe1df1886e5f07dbb16f7ed373080f86a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -612,11 +612,11 @@
"nixpkgs": "nixpkgs_6" "nixpkgs": "nixpkgs_6"
}, },
"locked": { "locked": {
"lastModified": 1752662387, "lastModified": 1752755091,
"narHash": "sha256-bfZ8F86kLGqwB0h477GZggG0Dc0y/oqvq8zi3d12HJE=", "narHash": "sha256-H/k35QJLyQxkFnXR5ckMv/Z+ElNa5f22qNKdyGBMAn4=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "f008426af6f0276b847305fefd40b6aa9c52dd19", "rev": "0d09755fe1df1886e5f07dbb16f7ed373080f86a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -738,17 +738,37 @@
"type": "github" "type": "github"
} }
}, },
"nix-index-database": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1752985182,
"narHash": "sha256-sX8Neff8lp3TCHai6QmgLr5AD8MdsQQX3b52C1DVXR8=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "fafdcb505ba605157ff7a7eeea452bc6d6cbc23c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-index-database",
"type": "github"
}
},
"nix-vscode-extensions": { "nix-vscode-extensions": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_8" "nixpkgs": "nixpkgs_8"
}, },
"locked": { "locked": {
"lastModified": 1752631969, "lastModified": 1753064291,
"narHash": "sha256-G32IrtEm/WJnEvhOfSu+fyysZmnhQyun5d9xdB9FZjk=", "narHash": "sha256-SthlGBO9W1NXCAHBxV5DrWOt3daYXlSR8lAtOaKWCPw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "575022736bf7c2eadea38de48b9b20cd93bbfce8", "rev": "9648256bb966f178586cb96cc397985c82e514b8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -782,11 +802,11 @@
"nixpkgs": "nixpkgs_10" "nixpkgs": "nixpkgs_10"
}, },
"locked": { "locked": {
"lastModified": 1751622568, "lastModified": 1753029310,
"narHash": "sha256-EE3NBsej517VRa1x+ylAghrvngftxf1KgfHlE9OYyXE=", "narHash": "sha256-GqH4hhdpWnaKR2Zl1rYXXdX2acw6pGQH65VCWF3D6Uc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-apple-silicon", "repo": "nixos-apple-silicon",
"rev": "eba4b40c816e5aff8951ae231ac237e8aab8ec1d", "rev": "fe61e1be8f134efe47b290c26e8496a3a03ae8ec",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -922,11 +942,11 @@
}, },
"nixpkgs-stable_3": { "nixpkgs-stable_3": {
"locked": { "locked": {
"lastModified": 1752620740, "lastModified": 1752866191,
"narHash": "sha256-f3pO+9lg66mV7IMmmIqG4PL3223TYMlnlw+pnpelbss=", "narHash": "sha256-NV4S2Lf2hYmZQ3Qf4t/YyyBaJNuxLPyjzvDma0zPp/M=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "32a4e87942101f1c9f9865e04dc3ddb175f5f32e", "rev": "f01fe91b0108a7aff99c99f2e9abbc45db0adc2a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -970,11 +990,11 @@
}, },
"nixpkgs_12": { "nixpkgs_12": {
"locked": { "locked": {
"lastModified": 1752480373, "lastModified": 1752950548,
"narHash": "sha256-JHQbm+OcGp32wAsXTE/FLYGNpb+4GLi5oTvCxwSoBOA=", "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "62e0f05ede1da0d54515d4ea8ce9c733f12d9f08", "rev": "c87b95e25065c028d31a94f06a62927d18763fdf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1018,11 +1038,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1751984180, "lastModified": 1752950548,
"narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", "rev": "c87b95e25065c028d31a94f06a62927d18763fdf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1255,6 +1275,7 @@
"jovian": "jovian_2", "jovian": "jovian_2",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nix-homebrew": "nix-homebrew", "nix-homebrew": "nix-homebrew",
"nix-index-database": "nix-index-database",
"nix-vscode-extensions": "nix-vscode-extensions", "nix-vscode-extensions": "nix-vscode-extensions",
"nixai": "nixai", "nixai": "nixai",
"nixos-apple-silicon": "nixos-apple-silicon", "nixos-apple-silicon": "nixos-apple-silicon",
@@ -1265,7 +1286,8 @@
"pre-commit-hooks-nix": "pre-commit-hooks-nix_2", "pre-commit-hooks-nix": "pre-commit-hooks-nix_2",
"snowfall-lib": "snowfall-lib", "snowfall-lib": "snowfall-lib",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"steam-rom-manager": "steam-rom-manager" "steam-rom-manager": "steam-rom-manager",
"treefmt-nix": "treefmt-nix"
} }
}, },
"rust-overlay": { "rust-overlay": {
@@ -1276,11 +1298,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1752374969, "lastModified": 1752720268,
"narHash": "sha256-Ky3ynEkJXih7mvWyt9DWoiSiZGqPeHLU1tlBU4b0mcc=", "narHash": "sha256-XCiJdtXIN09Iv0i1gs5ajJ9CVHk537Gy1iG/4nIdpVI=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "75fb000638e6d0f57cb1e8b7a4550cbdd8c76f1d", "rev": "dc221f842e9ddc8c0416beae8d77f2ea356b91ae",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1469,6 +1491,26 @@
"type": "github" "type": "github"
} }
}, },
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1753006367,
"narHash": "sha256-tzbhc4XttkyEhswByk5R38l+ztN9UDbnj0cTcP6Hp9A=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "421b56313c65a0815a52b424777f55acf0b56ddf",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"uv2nix": { "uv2nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [

81
flake.nix
View File

@@ -69,12 +69,24 @@
nixos-apple-silicon.url = "github:nix-community/nixos-apple-silicon"; nixos-apple-silicon.url = "github:nix-community/nixos-apple-silicon";
pre-commit-hooks-nix.url = "github:cachix/pre-commit-hooks.nix"; pre-commit-hooks-nix.url = "github:cachix/pre-commit-hooks.nix";
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
}; };
# We will handle this in the next section. # We will handle this in the next section.
outputs = inputs: outputs = inputs:
let
inputs.snowfall-lib.mkFlake { snowfall = inputs.snowfall-lib.mkFlake {
# You must provide our flake inputs to Snowfall Lib. # You must provide our flake inputs to Snowfall Lib.
inherit inputs; inherit inputs;
@@ -92,6 +104,7 @@
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
]; ];
# common darwin modules # common darwin modules
@@ -129,6 +142,7 @@
nixos-hardware.nixosModules.common-cpu-amd-pstate nixos-hardware.nixosModules.common-cpu-amd-pstate
nixos-hardware.nixosModules.common-cpu-amd-zenpower nixos-hardware.nixosModules.common-cpu-amd-zenpower
nixos-hardware.nixosModules.common-hidpi nixos-hardware.nixosModules.common-hidpi
home-manager.nixosModules.home-manager
]; ];
# overlays = with inputs; [ crowdsec.overlays.default ]; # overlays = with inputs; [ crowdsec.overlays.default ];
}; };
@@ -169,6 +183,7 @@
homes = { homes = {
modules = with inputs; [ modules = with inputs; [
nix-index-database.homeModules.nix-index
sops-nix.homeManagerModules.sops sops-nix.homeManagerModules.sops
]; ];
@@ -177,11 +192,11 @@
]; ];
users = { users = {
"matt@desktop" = { # "matt@desktop" = {
modules = with inputs; [ # modules = with inputs; [
sops-nix.homeManagerModules.sops # sops-nix.homeManagerModules.sops
]; # ];
}; # };
"deck@deck" = { "deck@deck" = {
modules = with inputs; [ modules = with inputs; [
steam-rom-manager.homeManagerModules.default steam-rom-manager.homeManagerModules.default
@@ -206,5 +221,57 @@
title = "mjallen Flake"; title = "mjallen Flake";
}; };
}; };
outputs-builder = channels: {
formatter = inputs.treefmt-nix.lib.mkWrapper channels.nixpkgs ./treefmt.nix;
};
};
piSystems = {
pi4 = inputs.nixos-raspberrypi.lib.nixosSystem {
specialArgs = inputs // {
# Add any special args you need
};
system = "aarch64-linux";
modules = [
# Import your Snowfall modules manually
./systems/aarch64-linux/pi4
inputs.disko.nixosModules.disko
./systems/aarch64-linux/pi4/disko.nix
inputs.nixos-hardware.nixosModules.raspberry-pi-4
{
imports = with inputs.nixos-raspberrypi.nixosModules; [
raspberry-pi-4.base
raspberry-pi-4.display-vc4
raspberry-pi-4.bluetooth
raspberry-pi-4.case-argonone
];
}
inputs.impermanence.nixosModules.impermanence
inputs.sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "backup";
home-manager.extraSpecialArgs = { inherit inputs; };
home-manager.sharedModules = [
inputs.sops-nix.homeManagerModules.sops
];
home-manager.users.matt = import (./homes/aarch64-linux + "/matt@pi4/default.nix");
home-manager.users.root = { ... }: {
imports = [
# Your root user config
inputs.sops-nix.homeManagerModules.sops
];
home.stateVersion = "23.11";
};
}
];
};
};
in
snowfall // {
nixosConfigurations = snowfall.nixosConfigurations // piSystems;
}; };
} }

6
homes/aarch64-linux/matt@pi4/default.nix
View File

@@ -12,9 +12,9 @@ let
in in
{ {
imports = [ imports = [
../../share/home/defaults.nix ../../../modules/home/home
../../share/home/git.nix ../../../modules/home/programs/git
../../share/home/shell.nix ../../../modules/home/programs/zsh
]; ];
home.username = "matt"; home.username = "matt";

64
homes/x86_64-linux/admin@nas/default.nix
View File

@@ -9,40 +9,42 @@ in
{ {
home.username = "admin"; home.username = "admin";
sops = { # mjallen.home.enable = true;
age.keyFile = "/home/admin/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/jallen-nas" = {
path = "/home/admin/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/jallen-nas" = {
path = "/home/admin/.ssh/id_ed25519";
mode = "0600";
};
"ssh-keys-public/desktop-nixos" = {
path = "/home/admin/.ssh/authorized_keys";
mode = "0600";
};
"ssh-keys-public/desktop-nixos-root" = { # sops = {
path = "/home/admin/.ssh/authorized_keys2"; # age.keyFile = "/home/admin/.config/sops/age/keys.txt";
mode = "0600"; # defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
}; # validateSopsFiles = false;
# secrets = {
# "ssh-keys-public/jallen-nas" = {
# path = "/home/admin/.ssh/id_ed25519.pub";
# mode = "0644";
# };
# "ssh-keys-private/jallen-nas" = {
# path = "/home/admin/.ssh/id_ed25519";
# mode = "0600";
# };
# "ssh-keys-public/desktop-nixos" = {
# path = "/home/admin/.ssh/authorized_keys";
# mode = "0600";
# };
"ssh-keys-public/desktop-windows" = { # "ssh-keys-public/desktop-nixos-root" = {
path = "/home/admin/.ssh/authorized_keys3"; # path = "/home/admin/.ssh/authorized_keys2";
mode = "0600"; # mode = "0600";
}; # };
"ssh-keys-public/macbook-macos" = { # "ssh-keys-public/desktop-windows" = {
path = "/home/admin/.ssh/authorized_keys4"; # path = "/home/admin/.ssh/authorized_keys3";
mode = "0600"; # mode = "0600";
}; # };
};
}; # "ssh-keys-public/macbook-macos" = {
# path = "/home/admin/.ssh/authorized_keys4";
# mode = "0600";
# };
# };
# };
programs = { programs = {
neovim = { neovim = {

58
modules/home/sops/default.nix
View File

@@ -1,18 +1,44 @@
{ config, ... }: { config, lib, ... }:
let
cfg = config.mjallen.sops;
in
{ {
# sops = { imports = [ ./options.nix ];
# age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
# defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; config = lib.mkIf cfg.enable {
# validateSopsFiles = false; sops = {
# secrets = { age.keyFile = "/home/admin/.config/sops/age/keys.txt";
# "ssh-keys-public/desktop-nixos" = { defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
# path = "/home/matt/.ssh/id_ed25519.pub"; validateSopsFiles = false;
# mode = "0644"; secrets = {
# }; "ssh-keys-public/jallen-nas" = {
# "ssh-keys-private/desktop-nixos" = { path = "/home/admin/.ssh/id_ed25519.pub";
# path = "/home/matt/.ssh/id_ed25519"; mode = "0644";
# mode = "0600"; };
# }; "ssh-keys-private/jallen-nas" = {
# }; path = "/home/admin/.ssh/id_ed25519";
# }; mode = "0600";
};
"ssh-keys-public/desktop-nixos" = {
path = "/home/admin/.ssh/authorized_keys";
mode = "0600";
};
"ssh-keys-public/desktop-nixos-root" = {
path = "/home/admin/.ssh/authorized_keys2";
mode = "0600";
};
"ssh-keys-public/desktop-windows" = {
path = "/home/admin/.ssh/authorized_keys3";
mode = "0600";
};
"ssh-keys-public/macbook-macos" = {
path = "/home/admin/.ssh/authorized_keys4";
mode = "0600";
};
};
};
};
} }

12
modules/home/sops/options.nix Normal file
View File

@@ -0,0 +1,12 @@
{ lib, ... }:
with lib;
{
options.mjallen.sops = {
enable = mkEnableOption "enable sops";
defaultSopsFile = mkOption {
type = types.str;
default = null;
};
};
}

62
modules/nixos/home/default.nix Normal file
View File

@@ -0,0 +1,62 @@
{
config,
lib,
options,
namespace,
inputs,
...
}:
{
options.${namespace}.home = with lib.types; {
configFile = lib.mkOption {
type = attrs;
default = { };
description = "A set of files to be managed by home-manager's <option>xdg.configFile</option>.";
};
extraOptions = lib.mkOption {
type = attrs;
default = { };
description = "Options to pass directly to home-manager.";
};
file = lib.mkOption {
type = attrs;
default = { };
description = "A set of files to be managed by home-manager's <option>home.file</option>.";
};
};
config = {
# ${namespace}.home.extraOptions = {
# home.file = lib.mkAliasDefinitions options.${namespace}.home.file;
# home.stateVersion = lib.mkOptionDefault config.system.stateVersion;
# xdg.configFile = lib.mkAliasDefinitions options.${namespace}.home.configFile;
# xdg.enable = lib.mkOptionDefault true;
# };
home-manager = {
# enables backing up existing files instead of erroring if conflicts exist
backupFileExtension = "backup";
useGlobalPkgs = true;
useUserPackages = true;
# Pass inputs so external modules can access them
extraSpecialArgs = {
inherit inputs;
};
# Make ALL external HM modules available globally
sharedModules = with inputs; [
sops-nix.homeManagerModules.sops
steam-rom-manager.homeManagerModules.default
# Add any other external HM modules here
];
# users.${config.${namespace}.user.name} = lib.types.mkAliasDefinitions options.${namespace}.home.extraOptions;
users.admin = lib.mkAliasDefinitions options.${namespace}.home.extraOptions;
verbose = true;
};
};
}

0
systems/aarch64-linux/pi4/configuration.nix → systems/aarch64-linux/pi4/default.nix
View File

102
systems/aarch64-linux/pi4/disko.nix Normal file
View File

@@ -0,0 +1,102 @@
{ config, lib, ... }:
let
rootDisk = "/dev/sda1";
in
{
disko.devices = {
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"mode=755"
"defaults"
"size=2G"
];
};
# root disk setup
disk.main = {
type = "disk";
device = rootDisk;
imageSize = "15G";
content = {
type = "gpt";
# specify partitions
partitions = {
# /boot/firmware
FIRMWARE = {
priority = 1;
name = "FIRMWARE";
start = "1M";
end = "1G";
type = "0700";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/firmware";
mountOptions = [ "umask=0077" ];
};
};
# /boot
ESP = {
priority = 2;
name = "ESP";
# start = "1G";
# end = "2G";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
name = "btrfs-root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
"home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"root" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/root";
};
"nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"etc" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/etc";
};
"log" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/var/log";
};
};
};
};
};
};
};
};
}

10
systems/aarch64-linux/pi4/sops.nix
View File

@@ -4,7 +4,7 @@ let
in in
{ {
sops = { sops = {
defaultSopsFile = ../../secrets/pi4-secrets.yaml; defaultSopsFile = ../../../secrets/pi4-secrets.yaml;
# age = { # age = {
# generateKey = true; # generateKey = true;
# sshKeyPaths = [ "/etc/ssd/ssh_host_ed25519_key" ]; # sshKeyPaths = [ "/etc/ssd/ssh_host_ed25519_key" ];
@@ -16,7 +16,7 @@ in
# ------------------------------ # ------------------------------
secrets = { secrets = {
"wifi" = { "wifi" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
}; };
"pi4/matt-password" = { "pi4/matt-password" = {
neededForUsers = true; neededForUsers = true;
@@ -30,21 +30,21 @@ in
# ------------------------------ # ------------------------------
"ssh-keys-public/pi4" = { "ssh-keys-public/pi4" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
mode = "0644"; mode = "0644";
owner = config.users.users."${user}".name; owner = config.users.users."${user}".name;
group = config.users.users."${user}".group; group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ]; restartUnits = [ "sshd.service" ];
}; };
"ssh-keys-private/pi4" = { "ssh-keys-private/pi4" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
mode = "0600"; mode = "0600";
owner = config.users.users."${user}".name; owner = config.users.users."${user}".name;
group = config.users.users."${user}".group; group = config.users.users."${user}".group;
restartUnits = [ "sshd.service" ]; restartUnits = [ "sshd.service" ];
}; };
"ssh-keys-public/pi5" = { "ssh-keys-public/pi5" = {
sopsFile = ../../secrets/secrets.yaml; sopsFile = ../../../secrets/secrets.yaml;
neededForUsers = true; neededForUsers = true;
mode = "0600"; mode = "0600";
owner = config.users.users.root.name; owner = config.users.users.root.name;

24
systems/x86_64-linux/nas/apps/nextcloud/default.nix
View File

@@ -6,12 +6,23 @@ let
jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path; jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
nextcloudUserId = config.users.users.nix-apps.uid; nextcloudUserId = config.users.users.nix-apps.uid;
nextcloudGroupId = config.users.groups.jallen-nas.gid; nextcloudGroupId = config.users.groups.jallen-nas.gid;
nextcloudPackage = pkgs.nextcloud31; nextcloudPackage = pkgs.stable.nextcloud31;
hostAddress = settings.hostAddress; hostAddress = settings.hostAddress;
localAddress = "10.0.2.18"; localAddress = "10.0.2.18";
nextcloudPortExtHttp = 9988; nextcloudPortExtHttp = 9988;
nextcloudPortExtHttps = 9943; nextcloudPortExtHttps = 9943;
onlyofficePortExt = 9943; onlyofficePortExt = 9943;
systemPackages = with pkgs.stable; [
cudaPackages.cudnn
cudatoolkit
ffmpeg
# libtensorflow-bin
nextcloud31
nodejs
onlyoffice-documentserver
sqlite
];
in in
{ {
containers.nextcloud = { containers.nextcloud = {
@@ -137,16 +148,7 @@ in
}; };
# System packages # System packages
environment.systemPackages = with pkgs; [ environment.systemPackages = systemPackages;
cudaPackages.cudnn
cudatoolkit
ffmpeg
# libtensorflow-bin
nextcloud31
nodejs
onlyoffice-documentserver
sqlite
];
# Create required users and groups # Create required users and groups
users.users.nextcloud = { users.users.nextcloud = {

4
systems/x86_64-linux/nas/default.nix
View File

@@ -27,6 +27,10 @@
./sops.nix ./sops.nix
]; ];
snowfallorg.users.admin.home.config = {
mjallen.sops.enable = true;
};
powerManagement.cpuFreqGovernor = "powersave"; powerManagement.cpuFreqGovernor = "powersave";
${namespace} = { ${namespace} = {

82
treefmt.nix Normal file
View File

@@ -0,0 +1,82 @@
{
projectRootFile = "flake.nix";
programs = {
actionlint.enable = true;
biome = {
enable = true;
settings.formatter.formatWithErrors = true;
};
clang-format.enable = true;
deadnix = {
enable = true;
};
deno = {
enable = true;
# Using biome for these
excludes = [
"*.ts"
"*.js"
"*.json"
"*.jsonc"
];
};
fantomas.enable = true;
fish_indent.enable = true;
gofmt.enable = true;
isort.enable = true;
nixfmt.enable = true;
nufmt.enable = true;
ruff-check.enable = true;
ruff-format.enable = true;
rustfmt.enable = true;
shfmt = {
enable = true;
indent_size = 4;
};
statix.enable = true;
stylua.enable = true;
taplo.enable = true;
yamlfmt.enable = true;
};
settings = {
global.excludes = [
"*.editorconfig"
"*.envrc"
"*.gitconfig"
"*.git-blame-ignore-revs"
"*.gitignore"
"*.gitattributes"
"*.luacheckrc"
"*CODEOWNERS"
"*LICENSE"
"*flake.lock"
"*.conf"
"*.gif"
"*.ico"
"*.ini"
"*.micro"
"*.png"
"*.svg"
"*.tmux"
"*/config"
# TODO: formatters?
"*.ac"
"*.css" # Exclude CSS files from formatting since we use Nix template variables
"*.csproj"
"*.fsproj"
"*.in"
"*.kdl"
"*.kvconfig"
"*.rasi"
"*.sln"
"*.xml"
"*.zsh"
"*Makefile"
"*makefile"
];
formatter.ruff-format.options = [ "--isolated" ];
};
}