mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix nix flake check

Browse Source
This commit is contained in:
mjallen18
2026-03-25 16:42:34 -05:00
parent 642cee5dc5
commit ccd413d273
28 changed files with 228 additions and 224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
modules/darwin/programs/ssh/default.nix
View File

@@ -1,5 +1,4 @@
{ ... }:
{
_: {
config = {
programs.ssh.knownHosts = {
desktop = {

3
modules/home/gpg/default.nix
View File

@@ -1,5 +1,4 @@
{ ... }:
{
_: {
programs = {
gpg = {
enable = true;

2
modules/home/home/default.nix
View File

@@ -4,12 +4,10 @@
pkgs,
namespace,
hasDestopEnvironment ? true,
system,
...
}:
let
inherit (lib.${namespace}) enabled;
isArm = ("aarch64-linux" == system) || ("aarch64-darwin" == system);
# Non-login / system accounts (root, nixos installer, etc.) should not get
# desktop packages, tmux, nh, kdeconnect, nextcloud-client, etc.
# Detect them by username so individual host home files are not needed.

1
modules/home/programs/code/default.nix
View File

@@ -2,7 +2,6 @@
config,
pkgs,
system,
namespace,
hasDestopEnvironment ? true,
...
}:

1
modules/home/programs/update-checker/default.nix
View File

@@ -1,6 +1,5 @@
{
config,
namespace,
pkgs,
...
}:

40
modules/nixos/hardware/raspberry-pi/audio.nix
View File

@@ -16,27 +16,25 @@ in
config = lib.mkIf cfg.enable {
hardware.deviceTree = {
overlays =
[ ]
++ (
with pkgs.${namespace};
(
if (variant == "5") then
[
{
name = "pisound-pi5-overlay";
dtsFile = "${raspberrypi-overlays}/dtbs/raspberrypi-overlays/pisound-pi5-overlay.dts";
}
]
else
[
{
name = "pisound-overlay";
dtsFile = "${raspberrypi-overlays}/dtbs/raspberrypi-overlays/pisound-overlay.dts";
}
]
)
);
overlays = (
with pkgs.${namespace};
(
if (variant == "5") then
[
{
name = "pisound-pi5-overlay";
dtsFile = "${raspberrypi-overlays}/dtbs/raspberrypi-overlays/pisound-pi5-overlay.dts";
}
]
else
[
{
name = "pisound-overlay";
dtsFile = "${raspberrypi-overlays}/dtbs/raspberrypi-overlays/pisound-overlay.dts";
}
]
)
);
};
};
}

42
modules/nixos/hardware/raspberry-pi/bluetooth.nix
View File

@@ -16,28 +16,26 @@ in
config = lib.mkIf cfg.enable {
hardware.deviceTree = {
overlays =
[ ]
++ (
if (variant == "5") then
[
{
name = "disable-bt-pi5-overlay";
dtsFile = "${
pkgs.${namespace}.raspberrypi-overlays
}/dtbs/raspberrypi-overlays/disable-bt-pi5-overlay.dts";
}
]
else
[
{
name = "disable-bt-overlay";
dtsFile = "${
pkgs.${namespace}.raspberrypi-overlays
}/dtbs/raspberrypi-overlays/disable-bt-overlay.dts";
}
]
);
overlays = (
if (variant == "5") then
[
{
name = "disable-bt-pi5-overlay";
dtsFile = "${
pkgs.${namespace}.raspberrypi-overlays
}/dtbs/raspberrypi-overlays/disable-bt-pi5-overlay.dts";
}
]
else
[
{
name = "disable-bt-overlay";
dtsFile = "${
pkgs.${namespace}.raspberrypi-overlays
}/dtbs/raspberrypi-overlays/disable-bt-overlay.dts";
}
]
);
};
};
}

2
modules/nixos/hardware/raspberry-pi/config.nix
View File

@@ -19,7 +19,7 @@ let
render-kvs =
kvs:
let
render-kv = k: v: if isNull v.value then k else "${k}=${toString v.value}";
render-kv = k: v: if v.value == null then k else "${k}=${toString v.value}";
in
lib.attrsets.mapAttrsToList render-kv (lib.filterAttrs (_k: v: v.enable) kvs);

5
modules/nixos/hardware/raspberry-pi/default.nix
View File

@@ -451,8 +451,7 @@ in
};
nixpkgs.overlays =
[ ]
++ (
(
if cfg.variant == "5" then
[
(_final: prev: {
@@ -465,7 +464,7 @@ in
let
pageSizeFlag = "--with-lg-page";
in
(prev.lib.filter (flag: prev.lib.hasPrefix pageSizeFlag flag == false) old.configureFlags)
(prev.lib.filter (flag: !(prev.lib.hasPrefix pageSizeFlag flag)) old.configureFlags)
++ [ "${pageSizeFlag}=14" ];
});
})

42
modules/nixos/hardware/raspberry-pi/modesetting.nix
View File

@@ -16,28 +16,26 @@ in
config = lib.mkIf cfg.enable {
hardware.deviceTree = {
overlays =
[ ]
++ (
if (variant == "5") then
[
{
name = "vc4-kms-v3d-pi5-overlay";
dtsFile = "${
pkgs.${namespace}.raspberrypi-overlays
}/dtbs/raspberrypi-overlays/vc4-kms-v3d-pi5-overlay.dts";
}
]
else
[
{
name = "vc4-fkms-v3d-pi4-overlay";
dtsFile = "${
pkgs.${namespace}.raspberrypi-overlays
}/dtbs/raspberrypi-overlays/vc4-fkms-v3d-pi4-overlay.dts";
}
]
);
overlays = (
if (variant == "5") then
[
{
name = "vc4-kms-v3d-pi5-overlay";
dtsFile = "${
pkgs.${namespace}.raspberrypi-overlays
}/dtbs/raspberrypi-overlays/vc4-kms-v3d-pi5-overlay.dts";
}
]
else
[
{
name = "vc4-fkms-v3d-pi4-overlay";
dtsFile = "${
pkgs.${namespace}.raspberrypi-overlays
}/dtbs/raspberrypi-overlays/vc4-fkms-v3d-pi4-overlay.dts";
}
]
);
};
};
}

50
modules/nixos/hardware/raspberry-pi/wifi.nix
View File

@@ -16,32 +16,30 @@ in
config = lib.mkIf cfg.enable {
hardware.deviceTree = {
overlays =
[ ]
++ (
if (variant == "5") then
[
{
name = "disable-wifi-pi5-overlay";
dtsFile = "${
pkgs.${namespace}.raspberrypi-overlays
}/dtbs/raspberrypi-overlays/disable-wifi-pi5-overlay.dts";
}
]
else
[
{
name = "disable-wifi-overlay";
dtsFile = "${
pkgs.${namespace}.raspberrypi-overlays
}/dtbs/raspberrypi-overlays/disable-wifi-overlay.dts";
}
{
name = "wifimac-overlay";
dtsFile = "${pkgs.${namespace}.raspberrypi-overlays}/dtbs/raspberrypi-overlays/wifimac-overlay.dts";
}
]
);
overlays = (
if (variant == "5") then
[
{
name = "disable-wifi-pi5-overlay";
dtsFile = "${
pkgs.${namespace}.raspberrypi-overlays
}/dtbs/raspberrypi-overlays/disable-wifi-pi5-overlay.dts";
}
]
else
[
{
name = "disable-wifi-overlay";
dtsFile = "${
pkgs.${namespace}.raspberrypi-overlays
}/dtbs/raspberrypi-overlays/disable-wifi-overlay.dts";
}
{
name = "wifimac-overlay";
dtsFile = "${pkgs.${namespace}.raspberrypi-overlays}/dtbs/raspberrypi-overlays/wifimac-overlay.dts";
}
]
);
};
};
}

14
modules/nixos/homeassistant/dashboards/default.nix
View File

@@ -11,15 +11,9 @@ in
imports = [ ./options.nix ];
config = lib.mkIf (cfg.enable && cfg.dashboards != [ ]) {
${namespace}.home.file = lib.genAttrs cfg.dashboards (
dashboard:
let
dashboardFile = "homeassistant/lovelace/${dashboard.title}.yaml";
in
{
text = lib.generators.toYAML { } dashboard;
force = true;
}
);
${namespace}.home.file = lib.genAttrs cfg.dashboards (dashboard: {
text = lib.generators.toYAML { } dashboard;
force = true;
});
};
}

103
modules/nixos/services/crowdsec/default.nix
View File

@@ -10,9 +10,6 @@ let
name = "crowdsec";
cfg = config.${namespace}.services.${name};
ntfyServer = "https://ntfy.mjallen.dev";
ntfyTopic = "crowdsec";
# Build the notification-http plugin binary from the crowdsec source.
# The nixpkgs crowdsec package omits all notification plugin binaries;
# we build just the http one we need.
@@ -223,30 +220,61 @@ let
# a nix store path via -c and never creates that file. Expose the full
# NixOS-generated config (which includes plugin_config via
# settings.general.plugin_config) at the well-known path.
environment.etc."crowdsec/config.yaml" =
let
execStart = builtins.elemAt config.systemd.services.crowdsec.serviceConfig.ExecStart 1;
configPath = builtins.head (builtins.match ".* -c ([^ ]+) .*" execStart);
in
{
source = configPath;
mode = "0440";
environment.etc = {
"crowdsec/config.yaml" =
let
execStart = builtins.elemAt config.systemd.services.crowdsec.serviceConfig.ExecStart 1;
configPath = builtins.head (builtins.match ".* -c ([^ ]+) .*" execStart);
in
{
source = configPath;
mode = "0440";
user = "crowdsec";
group = "crowdsec";
};
# ---------------------------------------------------------------------------
# ntfy notifications via the CrowdSec HTTP notification plugin
# ---------------------------------------------------------------------------
# Place the notification-http binary at the path the NixOS crowdsec module
# hardcodes for plugin_dir (/etc/crowdsec/plugins/). CrowdSec matches
# plugins by their filename — it expects "notification-http" for type=http.
"crowdsec/plugins/notification-http" = lib.mkIf cfg.ntfy.enable {
source = "${crowdsecHttpPlugin}/bin/notification-http";
mode = "0550";
user = "crowdsec";
group = "crowdsec";
};
# ---------------------------------------------------------------------------
# ntfy notifications via the CrowdSec HTTP notification plugin
# ---------------------------------------------------------------------------
# Place the notification-http binary at the path the NixOS crowdsec module
# hardcodes for plugin_dir (/etc/crowdsec/plugins/). CrowdSec matches
# plugins by their filename — it expects "notification-http" for type=http.
environment.etc."crowdsec/plugins/notification-http" = lib.mkIf cfg.ntfy.enable {
source = "${crowdsecHttpPlugin}/bin/notification-http";
mode = "0550";
user = "crowdsec";
group = "crowdsec";
# CrowdSec profiles.yaml: route every alert to the ntfy plugin.
# This replaces the default "do nothing" profile.
"crowdsec/profiles.yaml" = lib.mkIf cfg.ntfy.enable {
text = ''
name: default_ip_remediation
filters:
- Alert.Remediation == true && Alert.GetScope() == "Ip"
decisions:
- type: ban
duration: 4h
notifications:
- ntfy_plugin
on_success: break
---
name: default_range_remediation
filters:
- Alert.Remediation == true && Alert.GetScope() == "Range"
decisions:
- type: ban
duration: 4h
notifications:
- ntfy_plugin
on_success: break
'';
mode = "0440";
user = "crowdsec";
group = "crowdsec";
};
};
# The ntfy plugin config YAML (with credentials baked in) is managed as a
@@ -260,35 +288,6 @@ let
}"
];
# CrowdSec profiles.yaml: route every alert to the ntfy plugin.
# This replaces the default "do nothing" profile.
environment.etc."crowdsec/profiles.yaml" = lib.mkIf cfg.ntfy.enable {
text = ''
name: default_ip_remediation
filters:
- Alert.Remediation == true && Alert.GetScope() == "Ip"
decisions:
- type: ban
duration: 4h
notifications:
- ntfy_plugin
on_success: break
---
name: default_range_remediation
filters:
- Alert.Remediation == true && Alert.GetScope() == "Range"
decisions:
- type: ban
duration: 4h
notifications:
- ntfy_plugin
on_success: break
'';
mode = "0440";
user = "crowdsec";
group = "crowdsec";
};
};
};
in

6
modules/nixos/services/matrix/default.nix
View File

@@ -17,12 +17,12 @@ let
sops = {
secrets = {
"jallen-nas/matrix/client-id" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
owner = "matrix-synapse";
group = "matrix-synapse";
};
"jallen-nas/matrix/client-secret" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nas-secrets.yaml");
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
owner = "matrix-synapse";
group = "matrix-synapse";
};
@@ -72,7 +72,7 @@ let
listeners = [
{
port = cfg.port;
inherit (cfg) port;
tls = false;
x_forwarded = true;
bind_addresses = [

1
modules/nixos/services/sparky-fitness/default.nix
View File

@@ -9,7 +9,6 @@ let
serverName = "sparky-fitness-server";
frontendName = "sparky-fitness";
dbName = "sparky-fitness-db";
serverCfg = config.${namespace}.services.${serverName};
frontendCfg = config.${namespace}.services.${frontendName};