mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

manual_inherit

Browse Source
This commit is contained in:
mjallen18
2026-04-05 19:10:23 -05:00
parent a363622659
commit ff469102ea
84 changed files with 248 additions and 329 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
checks/pre-commit-hooks/default.nix
View File

@@ -28,12 +28,13 @@ pre-commit-hooks-nix.lib.${pkgs.stdenv.hostPlatform.system}.run {
enable = true; enable = true;
package = pkgs.nixfmt; package = pkgs.nixfmt;
}; };
statix = { # statix disabled - too many false positives (manual_inherit warnings)
enable = true; # statix = {
args = [ # enable = true;
"--config" # args = [
(lib.snowfall.fs.get-file "statix.toml") # "--config"
]; # (lib.snowfall.fs.get-file "statix.toml")
}; # ];
# };
}; };
} }

3
lib/default.nix
View File

@@ -3,8 +3,9 @@
mjallen-lib = { mjallen-lib = {
module = import ./module { inherit inputs; }; module = import ./module { inherit inputs; };
file = import ./file { inherit inputs; }; file = import ./file { inherit inputs; };
inherit (inputs.nixpkgs) lib;
versioning = import ./versioning { versioning = import ./versioning {
lib = inputs.nixpkgs.lib; inherit (inputs.nixpkgs) lib;
inherit inputs; inherit inputs;
}; };
}; };

3
lib/module/default.nix
View File

@@ -91,8 +91,7 @@ rec {
]; ];
}; };
redis.servers.${name} = lib.mkIf cfg.redis.enable { redis.servers.${name} = lib.mkIf cfg.redis.enable {
enable = true; inherit (cfg.redis) enable port;
port = cfg.redis.port;
}; };
}; };
}; };

24
lib/versioning/default.nix
View File

@@ -9,12 +9,9 @@ let
hasAttr hasAttr
getAttr getAttr
attrNames attrNames
toString
replaceStrings replaceStrings
; ;
inherit (lib) mapAttrs recursiveUpdate;
mapAttrs = lib.mapAttrs;
recursiveUpdate = lib.recursiveUpdate;
# Deep-merge attrsets (right-biased). # Deep-merge attrsets (right-biased).
deepMerge = a: b: recursiveUpdate a b; deepMerge = a: b: recursiveUpdate a b;
@@ -98,21 +95,17 @@ let
if fetcher == "github" then if fetcher == "github" then
pkgs'.fetchFromGitHub ( pkgs'.fetchFromGitHub (
{ {
owner = comp.owner; inherit (comp) owner repo hash;
repo = comp.repo;
# Allow tag as rev (ignore null/empty tag) # Allow tag as rev (ignore null/empty tag)
rev = if comp ? tag && comp.tag != null && comp.tag != "" then comp.tag else comp.rev; rev = if comp ? tag && comp.tag != null && comp.tag != "" then comp.tag else comp.rev;
fetchSubmodules = comp.submodules or false; fetchSubmodules = comp.submodules or false;
hash = comp.hash;
} }
// lib.optionalAttrs (comp ? name) { name = comp.name; } // lib.optionalAttrs (comp ? name) { inherit (comp) name; }
) )
else if fetcher == "git" then else if fetcher == "git" then
pkgs'.fetchgit { pkgs'.fetchgit {
url = comp.url; inherit (comp) url rev hash;
rev = comp.rev;
fetchSubmodules = comp.submodules or false; fetchSubmodules = comp.submodules or false;
hash = comp.hash;
} }
else if fetcher == "url" then else if fetcher == "url" then
let let
@@ -121,21 +114,20 @@ let
if useFetchZip comp then if useFetchZip comp then
pkgs'.fetchzip ( pkgs'.fetchzip (
{ {
inherit (comp) hash;
inherit url; inherit url;
hash = comp.hash;
} }
// lib.optionalAttrs (comp ? extra && comp.extra ? stripRoot) { stripRoot = comp.extra.stripRoot; } // lib.optionalAttrs (comp ? extra && comp.extra ? stripRoot) { inherit (comp.extra) stripRoot; }
) )
else else
pkgs'.fetchurl { pkgs'.fetchurl {
inherit (comp) hash;
inherit url; inherit url;
hash = comp.hash;
} }
else if fetcher == "pypi" then else if fetcher == "pypi" then
pkgs'.python3Packages.fetchPypi { pkgs'.python3Packages.fetchPypi {
inherit (comp) version hash;
pname = comp.name; pname = comp.name;
version = comp.version;
hash = comp.hash;
} }
else else
# fetcher == "none": pass-through (e.g., linux version/hash consumed by custom logic) # fetcher == "none": pass-through (e.g., linux version/hash consumed by custom logic)

8
modules/darwin/nix/default.nix
View File

@@ -4,13 +4,15 @@
... ...
}: }:
let let
nixSettings = lib.${namespace}.nixSettings; inherit (lib.${namespace}) nixSettings;
in in
{ {
nix = { nix = {
settings = nixSettings.commonSettings // { settings = nixSettings.commonSettings // {
substituters = nixSettings.commonSubstituters; inherit (nixSettings)
trusted-public-keys = nixSettings.commonTrustedPublicKeys; commonSubstituters
commonTrustedPublicKeys
;
}; };
gc = nixSettings.commonGc; gc = nixSettings.commonGc;

3
modules/home/programs/hyprland/default.nix
View File

@@ -313,6 +313,7 @@ in
secondMonitor = if builtins.length names > 1 then builtins.elemAt names 1 else firstMonitor; secondMonitor = if builtins.length names > 1 then builtins.elemAt names 1 else firstMonitor;
in in
{ {
inherit (cfg) workspace;
"$mod" = cfg.modKey; "$mod" = cfg.modKey;
# Mouse # Mouse
@@ -513,8 +514,6 @@ in
preserve_split = "yes"; preserve_split = "yes";
}; };
workspace = cfg.workspace;
windowrule = [ windowrule = [
"match:title file_progress, float 1" "match:title file_progress, float 1"
"match:title .*[Cc]onfirm.*, float 1" "match:title .*[Cc]onfirm.*, float 1"

4
modules/home/programs/waybar/default.nix
View File

@@ -297,7 +297,7 @@ in
mainBar = mainBar =
(mkMerge [ (mkMerge [
{ {
layer = cfg.layer; inherit (cfg) layer;
position = "top"; position = "top";
mod = "dock"; mod = "dock";
exclusive = true; exclusive = true;
@@ -342,7 +342,7 @@ in
}; };
network = { network = {
interface = cfg.network.interface; inherit (cfg.network) interface;
on-click = "nm-connection-editor"; on-click = "nm-connection-editor";
format = "{icon}"; format = "{icon}";
tooltip-format = "{ifname} via {gwaddr} 󰊗"; tooltip-format = "{ifname} via {gwaddr} 󰊗";

2
modules/nixos/boot/lanzaboote/default.nix
View File

@@ -32,7 +32,7 @@ in
}; };
}; };
lanzaboote = { lanzaboote = {
enable = cfg.enable; enable = true;
pkiBundle = "/etc/secureboot"; pkiBundle = "/etc/secureboot";
settings = { settings = {
console-mode = "max"; console-mode = "max";

2
modules/nixos/desktop/hyprland/wallpapers/default.nix
View File

@@ -15,11 +15,11 @@ in
# and provide the hyprctl hot-reload command so hyprpaper picks up the new image. # and provide the hyprctl hot-reload command so hyprpaper picks up the new image.
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
${namespace}.wallpaper = { ${namespace}.wallpaper = {
inherit (cfg) defaultWallpaper;
enable = true; enable = true;
source = cfg.wallpaperSource; source = cfg.wallpaperSource;
path = cfg.wallpaper; path = cfg.wallpaper;
dir = cfg.wallpaperDir; dir = cfg.wallpaperDir;
defaultWallpaper = cfg.defaultWallpaper;
reloadCommand = "${lib.getExe' pkgs.hyprland "hyprctl"} hyprpaper wallpaper ,${cfg.wallpaper},"; reloadCommand = "${lib.getExe' pkgs.hyprland "hyprctl"} hyprpaper wallpaper ,${cfg.wallpaper},";
}; };
}; };

2
modules/nixos/hardware/amd/default.nix
View File

@@ -46,7 +46,7 @@ in
}; };
programs.corectrl = { programs.corectrl = {
enable = cfg.corectrl.enable; inherit (cfg.corectrl) enable;
package = pkgs.corectrl; package = pkgs.corectrl;
}; };

2
modules/nixos/hardware/nvidia/default.nix
View File

@@ -53,7 +53,7 @@ in
# Enable the Nvidia settings menu, # Enable the Nvidia settings menu,
# accessible via `nvidia-settings`. # accessible via `nvidia-settings`.
nvidiaSettings = cfg.nvidiaSettings; inherit (cfg) nvidiaSettings;
}; };
}; };

2
modules/nixos/hardware/raspberry-pi/bluetooth.nix
View File

@@ -7,7 +7,7 @@
}: }:
let let
cfg = config.${namespace}.hardware.raspberry-pi.disable-bluetooth; cfg = config.${namespace}.hardware.raspberry-pi.disable-bluetooth;
variant = config.${namespace}.hardware.raspberry-pi.variant; inherit (config.${namespace}.hardware.raspberry-pi) variant;
in in
{ {
options.${namespace}.hardware.raspberry-pi.disable-bluetooth = { options.${namespace}.hardware.raspberry-pi.disable-bluetooth = {

2
modules/nixos/hardware/raspberry-pi/i2c.nix
View File

@@ -7,7 +7,7 @@
}: }:
let let
cfg = config.${namespace}.hardware.raspberry-pi.i2c; cfg = config.${namespace}.hardware.raspberry-pi.i2c;
variant = config.${namespace}.hardware.raspberry-pi.variant; inherit (config.${namespace}.hardware.raspberry-pi) variant;
in in
{ {
options.${namespace}.hardware.raspberry-pi.i2c = { options.${namespace}.hardware.raspberry-pi.i2c = {

2
modules/nixos/hardware/raspberry-pi/pwm.nix
View File

@@ -7,7 +7,7 @@
}: }:
let let
cfg = config.${namespace}.hardware.raspberry-pi.pwm; cfg = config.${namespace}.hardware.raspberry-pi.pwm;
variant = config.${namespace}.hardware.raspberry-pi.variant; inherit (config.${namespace}.hardware.raspberry-pi) variant;
in in
{ {
options.${namespace}.hardware.raspberry-pi.pwm = { options.${namespace}.hardware.raspberry-pi.pwm = {

6
modules/nixos/homeassistant/services/homeassistant/default.nix
View File

@@ -33,14 +33,12 @@ in
secrets = { secrets = {
"home-assistant/auth-client-id" = { "home-assistant/auth-client-id" = {
sopsFile = lib.snowfall.fs.get-file "secrets/nuc-secrets.yaml"; sopsFile = lib.snowfall.fs.get-file "secrets/nuc-secrets.yaml";
owner = config.users.users.hass.name; inherit (config.users.users.hass) name group;
group = config.users.users.hass.group;
restartUnits = [ "home-assistant.service" ]; restartUnits = [ "home-assistant.service" ];
}; };
"home-assistant/auth-client-secret" = { "home-assistant/auth-client-secret" = {
sopsFile = lib.snowfall.fs.get-file "secrets/nuc-secrets.yaml"; sopsFile = lib.snowfall.fs.get-file "secrets/nuc-secrets.yaml";
owner = config.users.users.hass.name; inherit (config.users.users.hass) name group;
group = config.users.users.hass.group;
restartUnits = [ "home-assistant.service" ]; restartUnits = [ "home-assistant.service" ];
}; };
}; };

4
modules/nixos/homeassistant/services/thread/default.nix
View File

@@ -27,11 +27,11 @@ let
backboneInterface = "enp2s0"; backboneInterface = "enp2s0";
package = otbrPackage; package = otbrPackage;
rest = { rest = {
listenAddress = cfg.listenAddress; inherit (cfg) listenAddress;
listenPort = cfg.restPort; listenPort = cfg.restPort;
}; };
web = { web = {
listenAddress = cfg.listenAddress; inherit (cfg) listenAddress;
listenPort = cfg.port; listenPort = cfg.port;
}; };
radio = { radio = {

54
modules/nixos/network/default.nix
View File

@@ -15,24 +15,20 @@ let
name: profile: name: profile:
nameValuePair "${name}" { nameValuePair "${name}" {
connection = { connection = {
inherit (profile) type autoconnect autoconnect-retries;
id = name; id = name;
type = profile.type;
autoconnect = profile.autoconnect;
autoconnect-retries = profile.autoconnect-retries;
autoconnect-priority = profile.priority; autoconnect-priority = profile.priority;
interface-name = profile.interface or cfg.ipv4.interface; interface-name = profile.interface or cfg.ipv4.interface;
}; };
ipv4 = { ipv4 = {
method = cfg.ipv4.method; inherit (cfg.ipv4) method;
} }
// ( // (
if (cfg.ipv4.method == "auto") then if (cfg.ipv4.method == "auto") then
{ } { }
else else
{ {
address = cfg.ipv4.address; inherit (cfg.ipv4) address gateway dns;
gateway = cfg.ipv4.gateway;
dns = cfg.ipv4.dns;
} }
); );
ipv6 = { ipv6 = {
@@ -40,13 +36,13 @@ let
method = "auto"; method = "auto";
}; };
wifi = mkIf (profile.type == "wifi") { wifi = mkIf (profile.type == "wifi") {
inherit (profile) ssid;
mode = "infrastructure"; mode = "infrastructure";
ssid = profile.ssid;
roaming = "allowed"; roaming = "allowed";
}; };
wifi-security = mkIf (profile.type == "wifi") { wifi-security = mkIf (profile.type == "wifi") {
inherit (profile) psk;
key-mgmt = profile.keyMgmt; key-mgmt = profile.keyMgmt;
psk = profile.psk;
}; };
}; };
@@ -65,10 +61,8 @@ let
interface-name = cfg.ipv4.interface; interface-name = cfg.ipv4.interface;
}; };
ipv4 = { ipv4 = {
inherit (cfg.ipv4) address gateway dns;
method = "manual"; method = "manual";
address = cfg.ipv4.address;
gateway = cfg.ipv4.gateway;
dns = cfg.ipv4.dns;
}; };
ipv6 = { ipv6 = {
addr-gen-mode = "stable-privacy"; addr-gen-mode = "stable-privacy";
@@ -149,31 +143,29 @@ in
# Configure NAT if enabled # Configure NAT if enabled
nat = lib.mkIf cfg.nat.enable { nat = lib.mkIf cfg.nat.enable {
inherit (cfg.nat) internalInterfaces externalInterface enableIPv6;
enable = true; enable = true;
internalInterfaces = cfg.nat.internalInterfaces;
externalInterface = cfg.nat.externalInterface;
enableIPv6 = cfg.nat.enableIPv6;
}; };
# Configure firewall # Configure firewall
firewall = { firewall = {
enable = cfg.firewall.enable; inherit (cfg.firewall)
allowPing = cfg.firewall.allowPing; enable
allowedTCPPorts = cfg.firewall.allowedTCPPorts; allowPing
allowedUDPPorts = cfg.firewall.allowedUDPPorts; allowedTCPPorts
trustedInterfaces = cfg.firewall.trustedInterfaces; allowedUDPPorts
trustedInterfaces
;
# Default port ranges for KDE Connect # Default port ranges for KDE Connect
allowedTCPPortRanges = lib.mkIf cfg.firewall.kdeConnect.enable [ allowedTCPPortRanges = lib.mkIf cfg.firewall.kdeConnect.enable [
{ {
from = cfg.firewall.kdeConnect.tcpRange.from; inherit (cfg.firewall.kdeConnect.tcpRange) from to;
to = cfg.firewall.kdeConnect.tcpRange.to;
} }
]; ];
allowedUDPPortRanges = lib.mkIf cfg.firewall.kdeConnect.enable [ allowedUDPPortRanges = lib.mkIf cfg.firewall.kdeConnect.enable [
{ {
from = cfg.firewall.kdeConnect.udpRange.from; inherit (cfg.firewall.kdeConnect.udpRange) from to;
to = cfg.firewall.kdeConnect.udpRange.to;
} }
]; ];
@@ -185,14 +177,16 @@ in
# When iwd is enabled alongside NetworkManager, iwd acts as the WiFi # When iwd is enabled alongside NetworkManager, iwd acts as the WiFi
# backend for NM (iwd handles scanning/association; NM handles # backend for NM (iwd handles scanning/association; NM handles
# connection management). They are not mutually exclusive. # connection management). They are not mutually exclusive.
wireless.iwd = lib.mkIf cfg.iwd.enable { wireless.iwd = {
enable = true; inherit (cfg.iwd)
settings = cfg.iwd.settings; enable
settings
;
}; };
# Configure NetworkManager when enabled # Configure NetworkManager when enabled
networkmanager = mkIf cfg.networkmanager.enable { networkmanager = {
enable = true; inherit (cfg.networkmanager) enable;
# Use iwd as the WiFi backend when iwd is also enabled # Use iwd as the WiFi backend when iwd is also enabled
wifi.backend = mkIf cfg.iwd.enable "iwd"; wifi.backend = mkIf cfg.iwd.enable "iwd";
wifi.powersave = cfg.networkmanager.powersave; wifi.powersave = cfg.networkmanager.powersave;
@@ -211,7 +205,7 @@ in
# Configure profiles if any are defined # Configure profiles if any are defined
ensureProfiles = mkIf (profiles != { }) { ensureProfiles = mkIf (profiles != { }) {
environmentFiles = lib.optional (config.sops.secrets ? wifi) config.sops.secrets.wifi.path; environmentFiles = lib.optional (config.sops.secrets ? wifi) config.sops.secrets.wifi.path;
profiles = profiles; inherit profiles;
}; };
}; };
}; };

2
modules/nixos/nix/default.nix
View File

@@ -5,7 +5,7 @@
... ...
}: }:
let let
nixSettings = lib.${namespace}.nixSettings; inherit (lib.${namespace}) nixSettings;
in in
{ {
nix = { nix = {

4
modules/nixos/services/actual/default.nix
View File

@@ -16,11 +16,11 @@ let
options = { }; options = { };
moduleConfig = { moduleConfig = {
services.actual = { services.actual = {
inherit (cfg) openFirewall;
enable = true; enable = true;
openFirewall = cfg.openFirewall;
settings = { settings = {
inherit (cfg) port;
trustedProxies = [ config.${namespace}.network.ipv4.address ]; trustedProxies = [ config.${namespace}.network.ipv4.address ];
port = cfg.port;
serverFiles = "${cfg.configDir}/${name}/server-files"; serverFiles = "${cfg.configDir}/${name}/server-files";
userFiles = "${cfg.configDir}/${name}/user-files"; userFiles = "${cfg.configDir}/${name}/user-files";
dataDir = "${cfg.configDir}/${name}"; dataDir = "${cfg.configDir}/${name}";

6
modules/nixos/services/ai/default.nix
View File

@@ -39,23 +39,23 @@ let
moduleConfig = { moduleConfig = {
services = { services = {
ollama = { ollama = {
inherit (cfg) openFirewall;
enable = true; enable = true;
package = pkgs.ollama-rocm; package = pkgs.ollama-rocm;
port = 11434; port = 11434;
host = "0.0.0.0"; host = "0.0.0.0";
user = "nix-apps"; user = "nix-apps";
group = "jallen-nas"; group = "jallen-nas";
openFirewall = cfg.openFirewall;
rocmOverrideGfx = "11.0.2"; rocmOverrideGfx = "11.0.2";
loadModels = [ ]; loadModels = [ ];
home = "${cfg.configDir}/ollama"; home = "${cfg.configDir}/ollama";
}; };
llama-cpp = { llama-cpp = {
inherit (cfg) openFirewall;
enable = true; enable = true;
port = 8127; port = 8127;
host = "0.0.0.0"; host = "0.0.0.0";
openFirewall = cfg.openFirewall;
model = "${cfg.configDir}/llama-cpp/models/${cfg.llama-cpp.model}.gguf"; model = "${cfg.configDir}/llama-cpp/models/${cfg.llama-cpp.model}.gguf";
package = inputs.llama-cpp.packages.${system}.rocm; package = inputs.llama-cpp.packages.${system}.rocm;
extraFlags = [ extraFlags = [
@@ -87,11 +87,11 @@ let
}; };
open-webui = { open-webui = {
inherit (cfg) openFirewall;
enable = true; enable = true;
package = pkgs.open-webui; package = pkgs.open-webui;
host = "0.0.0.0"; host = "0.0.0.0";
port = 8888; port = 8888;
openFirewall = cfg.openFirewall;
environmentFile = config.sops.secrets."jallen-nas/open-webui".path; environmentFile = config.sops.secrets."jallen-nas/open-webui".path;
environment = { environment = {
OPENID_PROVIDER_URL = "https://authentik.mjallen.dev/application/o/chat/.well-known/openid-configuration"; OPENID_PROVIDER_URL = "https://authentik.mjallen.dev/application/o/chat/.well-known/openid-configuration";

13
modules/nixos/services/arrs/default.nix
View File

@@ -56,8 +56,8 @@ let
# Enable radarr service # Enable radarr service
services = { services = {
radarr = { radarr = {
inherit (cfg) openFirewall;
enable = true; enable = true;
openFirewall = cfg.openFirewall;
user = "nix-apps"; user = "nix-apps";
group = "jallen-nas"; group = "jallen-nas";
dataDir = "${cfg.configDir}/radarr"; dataDir = "${cfg.configDir}/radarr";
@@ -65,8 +65,8 @@ let
# Enable Sonarr service # Enable Sonarr service
sonarr = { sonarr = {
inherit (cfg) openFirewall;
enable = true; enable = true;
openFirewall = cfg.openFirewall;
user = "nix-apps"; user = "nix-apps";
group = "jallen-nas"; group = "jallen-nas";
dataDir = "${cfg.configDir}/sonarr"; dataDir = "${cfg.configDir}/sonarr";
@@ -74,8 +74,8 @@ let
}; };
lidarr = { lidarr = {
inherit (cfg) openFirewall;
enable = true; enable = true;
openFirewall = cfg.openFirewall;
user = "nix-apps"; user = "nix-apps";
group = "jallen-nas"; group = "jallen-nas";
dataDir = "${cfg.configDir}/lidarr"; dataDir = "${cfg.configDir}/lidarr";
@@ -172,23 +172,22 @@ let
}; };
deluge = { deluge = {
inherit (cfg) openFirewall dataDir;
enable = false; enable = false;
user = "nix-apps"; user = "nix-apps";
group = "jallen-nas"; group = "jallen-nas";
openFirewall = cfg.openFirewall;
dataDir = cfg.dataDir;
web = { web = {
inherit (cfg) openFirewall;
enable = true; enable = true;
port = 8112; port = 8112;
openFirewall = cfg.openFirewall;
}; };
}; };
jackett = { jackett = {
inherit (cfg) openFirewall;
enable = false; enable = false;
user = "nix-apps"; user = "nix-apps";
group = "jallen-nas"; group = "jallen-nas";
openFirewall = cfg.openFirewall;
}; };
}; };
}; };

2
modules/nixos/services/attic/default.nix
View File

@@ -27,8 +27,8 @@ let
options = { }; options = { };
moduleConfig = { moduleConfig = {
services.atticd = { services.atticd = {
inherit (cfg) environmentFile;
enable = true; enable = true;
environmentFile = cfg.environmentFile;
settings = { settings = {
listen = "${cfg.listenAddress}:${toString cfg.port}"; listen = "${cfg.listenAddress}:${toString cfg.port}";
storage = { storage = {

6
modules/nixos/services/authentik/default.nix
View File

@@ -18,9 +18,11 @@ let
options = { }; options = { };
moduleConfig = { moduleConfig = {
services.authentik = { services.authentik = {
inherit (cfg) environmentFile;
enable = true; enable = true;
environmentFile = cfg.environmentFile; settings = {
settings.port = cfg.port; inherit (cfg) port;
};
}; };
}; };
}; };

60
modules/nixos/services/caddy/sops.nix
View File

@@ -6,55 +6,24 @@
}: }:
let let
cfg = config.${namespace}.services.caddy; cfg = config.${namespace}.services.caddy;
caddySecret = {
inherit (config.users.users.caddy) name group;
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
restartUnits = [ "caddy.service" ];
};
in in
{ {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
sops = { sops = {
secrets = { secrets = {
"jallen-nas/traefik/crowdsec/lapi-key" = { "jallen-nas/traefik/crowdsec/lapi-key" = caddySecret;
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"; "jallen-nas/traefik/crowdsec/capi-machine-id" = caddySecret;
owner = config.users.users.caddy.name; "jallen-nas/traefik/crowdsec/capi-password" = caddySecret;
group = config.users.users.caddy.group; "jallen-nas/traefik/cloudflare-dns-api-token" = caddySecret;
restartUnits = [ "caddy.service" ]; "jallen-nas/traefik/cloudflare-zone-api-token" = caddySecret;
}; "jallen-nas/traefik/cloudflare-api-key" = caddySecret;
"jallen-nas/traefik/cloudflare-email" = caddySecret;
"jallen-nas/traefik/crowdsec/capi-machine-id" = {
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/crowdsec/capi-password" = {
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/cloudflare-dns-api-token" = {
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/cloudflare-zone-api-token" = {
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/cloudflare-api-key" = {
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
"jallen-nas/traefik/cloudflare-email" = {
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
owner = config.users.users.caddy.name;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ];
};
}; };
templates = { templates = {
"caddy.env" = { "caddy.env" = {
@@ -64,8 +33,7 @@ in
CLOUDFLARE_API_KEY=${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"} CLOUDFLARE_API_KEY=${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"}
CLOUDFLARE_EMAIL=${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"} CLOUDFLARE_EMAIL=${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"}
''; '';
owner = config.users.users.caddy.name; inherit (config.users.users.caddy) name group;
group = config.users.users.caddy.group;
restartUnits = [ "caddy.service" ]; restartUnits = [ "caddy.service" ];
}; };
}; };

4
modules/nixos/services/calibre/default.nix
View File

@@ -17,9 +17,9 @@ let
options = { }; options = { };
moduleConfig = { moduleConfig = {
services.calibre-server = { services.calibre-server = {
inherit (cfg) port;
enable = false; enable = false;
openFirewall = true; openFirewall = true;
port = cfg.port;
libraries = [ "${cfg.dataDir}/books" ]; libraries = [ "${cfg.dataDir}/books" ];
}; };
}; };
@@ -37,8 +37,8 @@ let
package = pkgs.stable.calibre-web; package = pkgs.stable.calibre-web;
dataDir = "${cfgWeb.configDir}/calibre-web"; dataDir = "${cfgWeb.configDir}/calibre-web";
listen = { listen = {
inherit (cfgWeb) port;
ip = "0.0.0.0"; ip = "0.0.0.0";
port = cfgWeb.port;
}; };
options = { options = {
enableBookUploading = true; enableBookUploading = true;

3
modules/nixos/services/cockpit/default.nix
View File

@@ -15,9 +15,8 @@ let
description = "Cockpit web-based server management UI"; description = "Cockpit web-based server management UI";
moduleConfig = { moduleConfig = {
services.cockpit = { services.cockpit = {
inherit (cfg) port openFirewall;
enable = true; enable = true;
port = cfg.port;
openFirewall = cfg.openFirewall;
allowed-origins = [ allowed-origins = [
"https://${net.hosts.nas.lan}:${toString cfg.port}" "https://${net.hosts.nas.lan}:${toString cfg.port}"
"https://${net.hosts.nas.hostname}:${toString cfg.port}" "https://${net.hosts.nas.hostname}:${toString cfg.port}"

5
modules/nixos/services/code-server/default.nix
View File

@@ -16,22 +16,21 @@ let
moduleConfig = { moduleConfig = {
# Configure the standard NixOS code-server service # Configure the standard NixOS code-server service
services.code-server = { services.code-server = {
inherit (cfg) port extraEnvironment;
enable = true; enable = true;
port = cfg.port;
user = "admin"; user = "admin";
group = "jallen-nas"; group = "jallen-nas";
host = cfg.listenAddress; host = cfg.listenAddress;
auth = "none"; # "password" auth = "none"; # "password"
disableTelemetry = true; disableTelemetry = true;
disableUpdateCheck = true; disableUpdateCheck = true;
extraEnvironment = cfg.extraEnvironment;
extraGroups = [ extraGroups = [
"admin" "admin"
"wheel" "wheel"
]; ];
} }
// optionalAttrs (cfg.hashedPassword != null) { // optionalAttrs (cfg.hashedPassword != null) {
hashedPassword = cfg.hashedPassword; inherit (cfg) hashedPassword;
}; };
}; };
}; };

2
modules/nixos/services/collabora/default.nix
View File

@@ -17,7 +17,7 @@ let
moduleConfig = { moduleConfig = {
services.collabora-online = { services.collabora-online = {
enable = true; enable = true;
port = cfg.port; inherit (cfg) port;
settings = { settings = {
# Rely on reverse proxy for SSL # Rely on reverse proxy for SSL
ssl = { ssl = {

2
modules/nixos/services/crowdsec/default.nix
View File

@@ -39,7 +39,7 @@ let
services = { services = {
crowdsec = { crowdsec = {
enable = true; enable = true;
openFirewall = cfg.openFirewall; inherit (cfg) openFirewall;
hub = { hub = {
appSecConfigs = [ appSecConfigs = [
"crowdsecurity/appsec-default" "crowdsecurity/appsec-default"

4
modules/nixos/services/gitea/default.nix
View File

@@ -22,8 +22,8 @@ let
stateDir = "${cfg.configDir}/gitea"; stateDir = "${cfg.configDir}/gitea";
user = "nix-apps"; user = "nix-apps";
group = "jallen-nas"; group = "jallen-nas";
mailerPasswordFile = mailerPasswordFile; inherit mailerPasswordFile;
metricsTokenFile = metricsTokenFile; inherit metricsTokenFile;
settings = { settings = {
server = { server = {
DOMAIN = "jallen-nas"; DOMAIN = "jallen-nas";

38
modules/nixos/services/glance/default.nix
View File

@@ -12,9 +12,9 @@ let
hostedServiceSites = hostedServiceSites =
let let
servicesCfg = config.${namespace}.services; servicesCfg = config.${namespace}.services;
serviceNames = builtins.attrNames servicesCfg; serviceNames = attrNames servicesCfg;
in in
builtins.concatMap ( concatMap (
serviceName: serviceName:
let let
serviceCfg = servicesCfg.${serviceName}; serviceCfg = servicesCfg.${serviceName};
@@ -24,9 +24,7 @@ let
[ [
( (
{ {
title = hosted.title; inherit (hosted) title url icon;
url = hosted.url;
icon = hosted.icon;
} }
// optionalAttrs hosted.basicAuth { // optionalAttrs hosted.basicAuth {
basic-auth = { basic-auth = {
@@ -40,9 +38,9 @@ let
[ ] [ ]
) serviceNames; ) serviceNames;
hostedServicesByGroup = builtins.groupBy (svc: svc.hostedService.group) ( hostedServicesByGroup = groupBy (svc: svc.hostedService.group) (
builtins.filter (svc: svc.hostedService != null && svc.hostedService.enable) ( filter (svc: svc.hostedService != null && svc.hostedService.enable) (
builtins.map ( map (
serviceName: serviceName:
let let
serviceCfg = config.${namespace}.services.${serviceName}; serviceCfg = config.${namespace}.services.${serviceName};
@@ -50,7 +48,7 @@ let
{ {
hostedService = serviceCfg.hostedService or null; hostedService = serviceCfg.hostedService or null;
} }
) (builtins.attrNames config.${namespace}.services) ) (attrNames config.${namespace}.services)
) )
); );
@@ -332,7 +330,7 @@ let
settings = { settings = {
server = { server = {
host = "0.0.0.0"; host = "0.0.0.0";
port = cfg.port; inherit (cfg) port;
}; };
pages = [ pages = [
{ {
@@ -371,31 +369,27 @@ let
} }
] ]
++ lib.optionals cfg.hostedServiceGroups ( ++ lib.optionals cfg.hostedServiceGroups (
builtins.map ( map (
groupName: groupName:
makeMonitorWidget groupName ( makeMonitorWidget groupName (
builtins.map (svc: { map (svc: {
title = svc.hostedService.title; inherit (svc.hostedService) title url icon;
url = svc.hostedService.url;
icon = svc.hostedService.icon;
}) (hostedServicesByGroup.${groupName} or [ ]) }) (hostedServicesByGroup.${groupName} or [ ])
) )
) (builtins.attrNames hostedServicesByGroup) ) (attrNames hostedServicesByGroup)
) )
++ lib.optionals (!cfg.hostedServiceGroups && cfg.enableHostedServices) [ ++ lib.optionals (!cfg.hostedServiceGroups && cfg.enableHostedServices) [
(makeMonitorWidget "Services" hostedServiceSites) (makeMonitorWidget "Services" hostedServiceSites)
] ]
++ lib.optionals (cfg.extraSites != [ ]) ( ++ lib.optionals (cfg.extraSites != [ ]) (
builtins.map (site: { map (site: {
type = "monitor"; type = "monitor";
cache = "1m"; cache = "1m";
title = site.title; inherit (site) title;
sites = [ sites = [
( (
{ {
title = site.title; inherit (site) title url icon;
url = site.url;
icon = site.icon;
} }
// optionalAttrs site.allow-insecure { allow-insecure = true; } // optionalAttrs site.allow-insecure { allow-insecure = true; }
) )
@@ -407,7 +401,7 @@ let
groups = cfg.bookmarks; groups = cfg.bookmarks;
} }
++ lib.optionals (cfg.reddit != [ ]) ( ++ lib.optionals (cfg.reddit != [ ]) (
builtins.map (subreddit: { map (subreddit: {
type = "reddit"; type = "reddit";
inherit subreddit; inherit subreddit;
}) cfg.reddit }) cfg.reddit

2
modules/nixos/services/headscale/default.nix
View File

@@ -17,7 +17,7 @@ let
services.headscale = { services.headscale = {
enable = true; enable = true;
address = cfg.listenAddress; address = cfg.listenAddress;
port = cfg.port; inherit (cfg) port;
settings = { settings = {
server_url = "https://headscale.mjallen.dev:443"; server_url = "https://headscale.mjallen.dev:443";
database.sqlite.path = "${cfg.configDir}/headscale/db.sqlite"; database.sqlite.path = "${cfg.configDir}/headscale/db.sqlite";

3
modules/nixos/services/immich/default.nix
View File

@@ -19,9 +19,8 @@ let
moduleConfig = { moduleConfig = {
# Enable immich service # Enable immich service
services.immich = { services.immich = {
inherit (cfg) port openFirewall;
enable = true; enable = true;
port = cfg.port;
openFirewall = true;
secretsFile = dbPassword; secretsFile = dbPassword;
mediaLocation = "${cfg.dataDir}/photos"; mediaLocation = "${cfg.dataDir}/photos";

2
modules/nixos/services/jellyfin/default.nix
View File

@@ -16,7 +16,7 @@ let
moduleConfig = { moduleConfig = {
services.jellyfin = { services.jellyfin = {
enable = true; enable = true;
openFirewall = cfg.openFirewall; inherit (cfg) openFirewall;
user = "nix-apps"; user = "nix-apps";
group = "jallen-nas"; group = "jallen-nas";
dataDir = "${cfg.configDir}/jellyfin"; dataDir = "${cfg.configDir}/jellyfin";

3
modules/nixos/services/jellyseerr/default.nix
View File

@@ -16,9 +16,8 @@ let
moduleConfig = { moduleConfig = {
# Enable seerr service # Enable seerr service
services.seerr = { services.seerr = {
inherit (cfg) port openFirewall;
enable = true; enable = true;
port = cfg.port;
openFirewall = cfg.openFirewall;
configDir = "${cfg.configDir}/jellyseerr"; configDir = "${cfg.configDir}/jellyseerr";
}; };

4
modules/nixos/services/kavita/default.nix
View File

@@ -18,7 +18,7 @@ let
"jallen-nas/kavita/token" = { "jallen-nas/kavita/token" = {
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"; sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
owner = config.users.users.kavita.name; owner = config.users.users.kavita.name;
group = config.users.users.kavita.group; inherit (config.users.users.kavita) group;
restartUnits = [ "kavita.service" ]; restartUnits = [ "kavita.service" ];
}; };
}; };
@@ -28,7 +28,7 @@ let
dataDir = "${cfg.configDir}/kavita"; dataDir = "${cfg.configDir}/kavita";
tokenKeyFile = config.sops.secrets."jallen-nas/kavita/token".path; tokenKeyFile = config.sops.secrets."jallen-nas/kavita/token".path;
settings = { settings = {
Port = cfg.port; inherit (cfg) port;
}; };
}; };
}; };

2
modules/nixos/services/minecraft/default.nix
View File

@@ -14,10 +14,10 @@ let
options = { }; options = { };
moduleConfig = { moduleConfig = {
services.minecraft-server = { services.minecraft-server = {
inherit (cfg) openFirewall;
enable = true; enable = true;
eula = true; eula = true;
declarative = true; declarative = true;
openFirewall = cfg.openFirewall;
dataDir = "${cfg.configDir}/minecraft"; # todo dataDir = "${cfg.configDir}/minecraft"; # todo
serverProperties = { serverProperties = {
enforce-whitelist = true; enforce-whitelist = true;

13
modules/nixos/services/nebula/default.nix
View File

@@ -115,20 +115,21 @@ let
''; '';
services.nebula.networks.${cfg.networkName} = { services.nebula.networks.${cfg.networkName} = {
inherit (cfg)
isLighthouse
isRelay
lighthouses
staticHostMap
;
enable = true; enable = true;
enableReload = true; enableReload = true;
isLighthouse = cfg.isLighthouse;
isRelay = cfg.isRelay;
inherit ca cert key; inherit ca cert key;
lighthouses = cfg.lighthouses;
staticHostMap = cfg.staticHostMap;
tun.device = if cfg.tunDevice != null then cfg.tunDevice else "nebula0"; tun.device = if cfg.tunDevice != null then cfg.tunDevice else "nebula0";
listen = { listen = {
host = cfg.listenAddress; host = cfg.listenAddress;
port = cfg.port; inherit (cfg) port;
}; };
settings.firewall = { settings.firewall = {

2
modules/nixos/services/nextcloud/default.nix
View File

@@ -115,8 +115,8 @@ let
virtualHosts.${config.services.nextcloud.hostName} = { virtualHosts.${config.services.nextcloud.hostName} = {
listen = [ listen = [
{ {
inherit (cfg) port;
addr = "0.0.0.0"; addr = "0.0.0.0";
port = cfg.port;
ssl = false; ssl = false;
} }
]; ];

2
modules/nixos/services/onlyoffice/default.nix
View File

@@ -17,7 +17,7 @@ let
moduleConfig = { moduleConfig = {
services.onlyoffice = { services.onlyoffice = {
enable = true; enable = true;
port = cfg.port; inherit (cfg) port;
wopi = true; wopi = true;
hostname = "office.mjallen.dev"; hostname = "office.mjallen.dev";
jwtSecretFile = jwtSecretFile; jwtSecretFile = jwtSecretFile;

2
modules/nixos/services/opencloud/default.nix
View File

@@ -21,7 +21,7 @@ let
enable = true; enable = true;
url = "https://cloud.mjallen.dev"; url = "https://cloud.mjallen.dev";
address = cfg.listenAddress; address = cfg.listenAddress;
port = cfg.port; inherit (cfg) port;
stateDir = "${cfg.configDir}/opencloud"; stateDir = "${cfg.configDir}/opencloud";
environment = { environment = {
PROXY_TLS = "false"; # disable https when behind reverse-proxy PROXY_TLS = "false"; # disable https when behind reverse-proxy

3
modules/nixos/services/owncloud/default.nix
View File

@@ -61,8 +61,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
virtualisation.oci-containers.containers."${cfg.name}" = { virtualisation.oci-containers.containers."${cfg.name}" = {
autoStart = cfg.autoStart; inherit (cfg) autoStart image;
image = cfg.image;
ports = [ "${cfg.httpPort}:9200" ]; ports = [ "${cfg.httpPort}:9200" ];
volumes = [ volumes = [
"${cfg.configPath}:/etc/ocis" "${cfg.configPath}:/etc/ocis"

2
modules/nixos/services/paperless/default.nix
View File

@@ -18,9 +18,9 @@ let
moduleConfig = { moduleConfig = {
# Enable paperless service # Enable paperless service
services.paperless = { services.paperless = {
inherit (cfg) port;
enable = true; enable = true;
package = pkgs.paperless-ngx; package = pkgs.paperless-ngx;
port = cfg.port;
# user = "nix-apps"; # user = "nix-apps";
address = cfg.listenAddress; address = cfg.listenAddress;
dataDir = "${cfg.configDir}/paperless"; dataDir = "${cfg.configDir}/paperless";

16
modules/nixos/services/restic/default.nix
View File

@@ -202,14 +202,16 @@ in
services.restic.backups = mapAttrs ( services.restic.backups = mapAttrs (
_name: jobCfg: _name: jobCfg:
{ {
initialize = jobCfg.initialize; inherit (jobCfg)
createWrapper = jobCfg.createWrapper; initialize
inhibitsSleep = jobCfg.inhibitsSleep; createWrapper
paths = jobCfg.paths; inhibitsSleep
paths
timerConfig
pruneOpts
extraBackupArgs
;
exclude = jobCfg.exclude ++ cfg.defaultExcludes; exclude = jobCfg.exclude ++ cfg.defaultExcludes;
timerConfig = jobCfg.timerConfig;
pruneOpts = jobCfg.pruneOpts;
extraBackupArgs = jobCfg.extraBackupArgs;
} }
// optionalAttrs (jobCfg.passwordFile != null) { inherit (jobCfg) passwordFile; } // optionalAttrs (jobCfg.passwordFile != null) { inherit (jobCfg) passwordFile; }
// optionalAttrs (jobCfg.repository != null) { inherit (jobCfg) repository; } // optionalAttrs (jobCfg.repository != null) { inherit (jobCfg) repository; }

2
modules/nixos/services/sunshine/default.nix
View File

@@ -17,7 +17,7 @@ let
moduleConfig = { moduleConfig = {
services.sunshine = { services.sunshine = {
enable = true; enable = true;
openFirewall = cfg.openFirewall; inherit (cfg) openFirewall;
autoStart = true; autoStart = true;
capSysAdmin = true; capSysAdmin = true;
applications.apps = with pkgs; [ applications.apps = with pkgs; [

4
modules/nixos/user/default.nix
View File

@@ -88,7 +88,7 @@ in
config = { config = {
users = { users = {
mutableUsers = cfg.mutableUsers; inherit (cfg) mutableUsers;
groups.${cfg.group}.gid = lib.mkForce (if cfg.group != "wheel" then cfg.gid else 1); groups.${cfg.group}.gid = lib.mkForce (if cfg.group != "wheel" then cfg.gid else 1);
users = { users = {
root = { root = {
@@ -99,6 +99,7 @@ in
${cfg.name} = { ${cfg.name} = {
inherit (cfg) inherit (cfg)
name name
group
uid uid
linger linger
packages packages
@@ -133,7 +134,6 @@ in
] ]
++ cfg.extraGroups; ++ cfg.extraGroups;
group = cfg.group;
home = "/home/${cfg.name}"; home = "/home/${cfg.name}";
isNormalUser = true; isNormalUser = true;
shell = lib.mkForce pkgs.zsh; shell = lib.mkForce pkgs.zsh;

2
overlays/stable/default.nix
View File

@@ -1,7 +1,7 @@
{ inputs, ... }: { inputs, ... }:
final: _prev: { final: _prev: {
stable = import inputs.nixpkgs-stable { stable = import inputs.nixpkgs-stable {
system = final.stdenv.hostPlatform.system; inherit (final.stdenv.hostPlatform) system;
config.allowUnfree = true; config.allowUnfree = true;
}; };
} }

2
packages/bcachefs/default.nix
View File

@@ -42,7 +42,7 @@ stdenv.mkDerivation (finalAttrs: {
cargoDeps = rustPlatform.fetchCargoVendor { cargoDeps = rustPlatform.fetchCargoVendor {
inherit (finalAttrs) src; inherit (finalAttrs) src;
hash = sources.cargoDeps.hash; inherit (sources.cargoDeps) hash;
}; };
postPatch = '' postPatch = ''

3
packages/cockpit-benchmark/default.nix
View File

@@ -102,10 +102,9 @@ let
in in
stdenv.mkDerivation (finalAttrs: { stdenv.mkDerivation (finalAttrs: {
pname = "cockpit-benchmark"; pname = "cockpit-benchmark";
inherit (sources) src;
inherit version; inherit version;
src = sources.src;
npmDeps = fetchNpmDeps { npmDeps = fetchNpmDeps {
src = "${finalAttrs.src}/benchmark"; src = "${finalAttrs.src}/benchmark";
packageLock = patchedPackageLock; packageLock = patchedPackageLock;

3
packages/cockpit-machines/default.nix
View File

@@ -16,10 +16,9 @@ let
in in
stdenv.mkDerivation { stdenv.mkDerivation {
pname = "cockpit-machines"; pname = "cockpit-machines";
inherit (sources) src;
inherit version; inherit version;
src = sources.src;
# Pre-vendored node_modules from cockpit-project/node-cache, pinned via the # Pre-vendored node_modules from cockpit-project/node-cache, pinned via the
# node_modules submodule reference in the source tree. # node_modules submodule reference in the source tree.
inherit (sources) nodeModules; inherit (sources) nodeModules;

7
packages/cockpit-podman/default.nix
View File

@@ -8,6 +8,7 @@
let let
inherit (lib.trivial) importJSON; inherit (lib.trivial) importJSON;
inherit (lib.${namespace}) mkAllSources selectVariant; inherit (lib.${namespace}) mkAllSources selectVariant;
inherit lib;
versionSpec = importJSON ./version.json; versionSpec = importJSON ./version.json;
selected = selectVariant versionSpec null null; selected = selectVariant versionSpec null null;
@@ -18,11 +19,7 @@ stdenv.mkDerivation {
pname = "cockpit-podman"; pname = "cockpit-podman";
inherit version; inherit version;
src = sources.src; inherit (sources) src nodeModules;
# Pre-vendored node_modules from cockpit-project/node-cache, pinned via the
# node_modules submodule reference in the source tree.
inherit (sources) nodeModules;
# pkg/lib checked out from the main cockpit repo at the commit pinned in # pkg/lib checked out from the main cockpit repo at the commit pinned in
# the Makefile (COCKPIT_REPO_COMMIT). # the Makefile (COCKPIT_REPO_COMMIT).

2
packages/fastflowlm/default.nix
View File

@@ -66,7 +66,7 @@ let
version = "0.9.36"; version = "0.9.36";
# XRT userspace runtime — built from packages/xrt in this flake. # XRT userspace runtime — built from packages/xrt in this flake.
xrt = pkgs.${namespace}.xrt; inherit (pkgs.${namespace}) xrt;
# ── tokenizers-cpp submodule ────────────────────────────────────────────── # ── tokenizers-cpp submodule ──────────────────────────────────────────────
# Pinned to the commit referenced in FastFlowLM v0.9.36 .gitmodules. # Pinned to the commit referenced in FastFlowLM v0.9.36 .gitmodules.

4
packages/homeassistant/ha-anycubic/default.nix
View File

@@ -16,9 +16,9 @@ let
version = src-meta.tag or src-meta.rev; version = src-meta.tag or src-meta.rev;
in in
buildHomeAssistantComponent { buildHomeAssistantComponent {
owner = src-meta.owner; inherit (src-meta) owner;
domain = "anycubic_wifi";
inherit version; inherit version;
domain = "anycubic_wifi";
src = sources.anycubic; src = sources.anycubic;

4
packages/homeassistant/ha-bambulab/default.nix
View File

@@ -17,9 +17,9 @@ let
version = src-meta.tag or src-meta.rev; version = src-meta.tag or src-meta.rev;
in in
buildHomeAssistantComponent { buildHomeAssistantComponent {
owner = src-meta.owner; inherit (src-meta) owner;
domain = "bambu_lab";
inherit version; inherit version;
domain = "bambu_lab";
src = sources.bambu_lab; src = sources.bambu_lab;

2
packages/homeassistant/ha-bedjet/default.nix
View File

@@ -17,7 +17,7 @@ let
version = src-meta.tag or src-meta.rev; version = src-meta.tag or src-meta.rev;
in in
buildHomeAssistantComponent { buildHomeAssistantComponent {
owner = src-meta.owner; inherit (src-meta) owner;
domain = "bedjet"; domain = "bedjet";
inherit version; inherit version;

2
packages/homeassistant/ha-gehome/default.nix
View File

@@ -17,7 +17,7 @@ let
version = src-meta.tag or src-meta.rev; version = src-meta.tag or src-meta.rev;
in in
buildHomeAssistantComponent { buildHomeAssistantComponent {
owner = src-meta.owner; inherit (src-meta) owner;
domain = "ge_home"; domain = "ge_home";
inherit version; inherit version;

4
packages/homeassistant/ha-govee/default.nix
View File

@@ -17,9 +17,9 @@ let
version = src-meta.tag or src-meta.rev; version = src-meta.tag or src-meta.rev;
in in
buildHomeAssistantComponent { buildHomeAssistantComponent {
owner = src-meta.owner; inherit (src-meta) owner;
domain = "govee";
inherit version; inherit version;
domain = "govee";
src = sources.govee; src = sources.govee;

2
packages/homeassistant/ha-icloud3/default.nix
View File

@@ -17,7 +17,7 @@ let
version = src-meta.tag or src-meta.rev; version = src-meta.tag or src-meta.rev;
in in
buildHomeAssistantComponent { buildHomeAssistantComponent {
owner = src-meta.owner; inherit (src-meta) owner;
domain = "icloud3"; domain = "icloud3";
inherit version; inherit version;

4
packages/homeassistant/ha-local-llm/default.nix
View File

@@ -17,9 +17,9 @@ let
version = src-meta.tag or src-meta.rev; version = src-meta.tag or src-meta.rev;
in in
buildHomeAssistantComponent { buildHomeAssistantComponent {
owner = src-meta.owner; inherit (src-meta) owner;
domain = "llama_conversation";
inherit version; inherit version;
domain = "llama_conversation";
src = sources.llama_conversation; src = sources.llama_conversation;

4
packages/homeassistant/ha-mail-and-packages/default.nix
View File

@@ -17,9 +17,9 @@ let
version = src-meta.tag or src-meta.rev; version = src-meta.tag or src-meta.rev;
in in
buildHomeAssistantComponent { buildHomeAssistantComponent {
owner = src-meta.owner; inherit (src-meta) owner;
domain = "mail_and_packages";
inherit version; inherit version;
domain = "mail_and_packages";
src = sources.mail_and_packages; src = sources.mail_and_packages;

2
packages/homeassistant/ha-nanokvm/default.nix
View File

@@ -78,7 +78,7 @@ let
}; };
in in
buildHomeAssistantComponent { buildHomeAssistantComponent {
owner = src-meta.owner; inherit (src-meta) owner;
domain = "nanokvm"; domain = "nanokvm";
inherit version; inherit version;

2
packages/homeassistant/ha-openhasp/default.nix
View File

@@ -17,7 +17,7 @@ let
version = src-meta.tag or src-meta.rev; version = src-meta.tag or src-meta.rev;
in in
buildHomeAssistantComponent { buildHomeAssistantComponent {
owner = src-meta.owner; inherit (src-meta) owner;
domain = "openhasp"; domain = "openhasp";
inherit version; inherit version;

4
packages/homeassistant/ha-overseerr/default.nix
View File

@@ -16,9 +16,9 @@ let
version = src-meta.tag or src-meta.rev; version = src-meta.tag or src-meta.rev;
in in
buildHomeAssistantComponent { buildHomeAssistantComponent {
owner = src-meta.owner; inherit (src-meta) owner;
domain = "overseerr";
inherit version; inherit version;
domain = "overseerr";
src = sources.overseerr; src = sources.overseerr;

4
packages/homeassistant/ha-petlibro/default.nix
View File

@@ -16,9 +16,9 @@ let
version = src-meta.tag or src-meta.rev; version = src-meta.tag or src-meta.rev;
in in
buildHomeAssistantComponent { buildHomeAssistantComponent {
owner = src-meta.owner; inherit (src-meta) owner;
domain = "petlibro";
inherit version; inherit version;
domain = "petlibro";
src = sources.petlibro; src = sources.petlibro;

2
packages/homeassistant/ha-wyzeapi/default.nix
View File

@@ -16,7 +16,7 @@ let
version = src-meta.tag or src-meta.rev; version = src-meta.tag or src-meta.rev;
in in
buildHomeAssistantComponent { buildHomeAssistantComponent {
owner = src-meta.owner; inherit (src-meta) owner;
domain = "wyzeapi"; domain = "wyzeapi";
inherit version; inherit version;

5
packages/librepods-beta/default.nix
View File

@@ -21,14 +21,13 @@
let let
inherit (lib.trivial) importJSON; inherit (lib.trivial) importJSON;
inherit (lib.${namespace}) selectVariant mkAllSources; inherit (lib.${namespace}) selectVariant mkAllSources;
inherit lib;
versionSpec = importJSON ./version.json; versionSpec = importJSON ./version.json;
selected = selectVariant versionSpec null null; selected = selectVariant versionSpec null null;
sources = mkAllSources pkgs selected; sources = mkAllSources pkgs selected;
# cargoHash is stored alongside the source in version.json so the TUI can update it inherit (stdenv.hostPlatform) system;
cargoHash = selected.sources.librepods.cargoHash; cargoHash = selected.sources.librepods.cargoHash;
system = stdenv.hostPlatform.system;
in in
rustPlatform.buildRustPackage rec { rustPlatform.buildRustPackage rec {
pname = "librepods"; pname = "librepods";

2
packages/moondeck-buddy/default.nix
View File

@@ -12,7 +12,7 @@ let
versionSpec = importJSON ./version.json; versionSpec = importJSON ./version.json;
selected = selectVariant versionSpec null null; selected = selectVariant versionSpec null null;
sources = mkAllSources pkgs selected; sources = mkAllSources pkgs selected;
moondeck-buddy = selected.sources.moondeck-buddy; inherit (selected.sources) moondeck-buddy;
in in
appimageTools.wrapType2 { appimageTools.wrapType2 {
pname = "moondeck-buddy"; pname = "moondeck-buddy";

13
packages/proton-cachyos/default.nix
View File

@@ -23,19 +23,16 @@ let
versionSpec = importJSON ./version.json; versionSpec = importJSON ./version.json;
selected = selectVariant versionSpec variant null; selected = selectVariant versionSpec variant null;
vars = selected.variables or { }; vars = selected.variables or { };
base = vars.base;
release = vars.release;
toolTitle = "proton-${variant}-latest"; toolTitle = "proton-${variant}-latest";
# Derived values for the current variant releaseVersion = "${releasePrefix}${vars.base}-${vars.release}${releaseSuffix}";
releaseVersion = "${releasePrefix}${base}-${release}${releaseSuffix}"; homepage = "https://${owner}/${repo}";
homepage = "https://github.com/${owner}/${repo}";
url = "${homepage}/releases/download/${releaseVersion}/${tarballPrefix}${releaseVersion}${tarballSuffix}"; url = "${homepage}/releases/download/${releaseVersion}/${tarballPrefix}${releaseVersion}${tarballSuffix}";
# Choose fetcher based on file type # Choose fetcher based on file type
intake = intake =
if lib.strings.hasSuffix ".zip" url then if lib.hasSuffix ".zip" url then
{ {
fetcher = fetchzip; fetcher = fetchzip;
input = "$src/*.tar.xz"; input = "$src/*.tar.xz";
@@ -48,7 +45,7 @@ let
in in
stdenvNoCC.mkDerivation { stdenvNoCC.mkDerivation {
name = repo; name = repo;
version = "${base}.${release}"; version = "${vars.base}.${vars.release}";
src = intake.fetcher { src = intake.fetcher {
inherit url; inherit url;
@@ -60,7 +57,7 @@ stdenvNoCC.mkDerivation {
tar -C $out/bin --strip=1 -x -f ${intake.input} tar -C $out/bin --strip=1 -x -f ${intake.input}
'' ''
# Allow to keep the same name between updates # Allow to keep the same name between updates
+ lib.strings.optionalString (toolTitle != null) '' + lib.optionalString (toolTitle != null) ''
sed -i -r 's|"${toolPattern}"|"${toolTitle}"|' $out/bin/compatibilitytool.vdf sed -i -r 's|"${toolPattern}"|"${toolTitle}"|' $out/bin/compatibilitytool.vdf
''; '';

2
packages/python/comfy-kitchen/default.nix
View File

@@ -12,7 +12,7 @@ let
versionSpec = importJSON ./version.json; versionSpec = importJSON ./version.json;
selected = selectVariant versionSpec null null; selected = selectVariant versionSpec null null;
sources = mkAllSources pkgs selected; sources = mkAllSources pkgs selected;
version = selected.variables.version; inherit (selected.variables) version;
in in
python3Packages.buildPythonPackage { python3Packages.buildPythonPackage {
pname = "comfy-kitchen"; pname = "comfy-kitchen";

2
packages/python/gehomesdk/default.nix
View File

@@ -12,7 +12,7 @@ let
versionSpec = importJSON ./version.json; versionSpec = importJSON ./version.json;
selected = selectVariant versionSpec null null; selected = selectVariant versionSpec null null;
sources = mkAllSources pkgs selected; sources = mkAllSources pkgs selected;
version = selected.variables.version; inherit (selected.variables) version;
in in
home-assistant.python.pkgs.buildPythonPackage { home-assistant.python.pkgs.buildPythonPackage {
pname = "gehomesdk"; pname = "gehomesdk";

2
packages/python/python-steam/default.nix
View File

@@ -12,7 +12,7 @@ let
versionSpec = importJSON ./version.json; versionSpec = importJSON ./version.json;
selected = selectVariant versionSpec null null; selected = selectVariant versionSpec null null;
sources = mkAllSources pkgs selected; sources = mkAllSources pkgs selected;
version = selected.variables.version; inherit (selected.variables) version;
in in
python3Packages.buildPythonPackage { python3Packages.buildPythonPackage {
pname = "steam"; pname = "steam";

6
packages/python/pyvesync/default.nix
View File

@@ -12,8 +12,8 @@ let
versionSpec = importJSON ./version.json; versionSpec = importJSON ./version.json;
selected = selectVariant versionSpec null null; selected = selectVariant versionSpec null null;
sources = mkAllSources pkgs selected; sources = mkAllSources pkgs selected;
src-meta = selected.sources.pyvesync; inherit (selected.sources) pyvesync;
version = selected.variables.version; inherit (selected.variables) version;
in in
python3Packages.buildPythonPackage { python3Packages.buildPythonPackage {
pname = "pyvesync"; pname = "pyvesync";
@@ -37,7 +37,7 @@ python3Packages.buildPythonPackage {
meta = with lib; { meta = with lib; {
description = "Python library to manage Etekcity Devices and Levoit Air Purifier"; description = "Python library to manage Etekcity Devices and Levoit Air Purifier";
homepage = "https://github.com/webdjoe/pyvesync"; homepage = "https://github.com/webdjoe/pyvesync";
changelog = "https://github.com/webdjoe/pyvesync/releases/tag/${src-meta.tag}"; changelog = "https://github.com/webdjoe/pyvesync/releases/tag/${pyvesync.tag}";
license = with licenses; [ mit ]; license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ]; maintainers = with maintainers; [ fab ];
}; };

2
packages/raspberrypi/ffmpeg-rpi/default.nix
View File

@@ -71,9 +71,9 @@ in
]; ];
})).override })).override
{ {
inherit (rpiFfmpegSrc) hash;
version = ffmpegVersion; version = ffmpegVersion;
source = rpiFfmpegSrc; source = rpiFfmpegSrc;
hash = rpiFfmpegSrc.hash;
# version = ffmpegVersion + "-rpi"; # version = ffmpegVersion + "-rpi";
# source = rpiFfmpegSrc; # source = rpiFfmpegSrc;

4
packages/raspberrypi/linux-rpi/default.nix
View File

@@ -19,8 +19,8 @@ let
selected = selectVariant versionSpec kernelVersion null; selected = selectVariant versionSpec kernelVersion null;
sources = mkAllSources pkgs selected; sources = mkAllSources pkgs selected;
modDirVersion = selected.variables.modDirVersion; inherit (selected.variables) modDirVersion;
tag = kernelVersion; # sources.tag; tag = kernelVersion;
# NOTE: raspberrypifw & raspberryPiWirelessFirmware should be updated with this # NOTE: raspberrypifw & raspberryPiWirelessFirmware should be updated with this
# all of these fail for various reasons # all of these fail for various reasons

2
packages/raspberrypi/raspberrypi-overlays/default.nix
View File

@@ -17,7 +17,7 @@ in
stdenvNoCC.mkDerivation { stdenvNoCC.mkDerivation {
# NOTE: this should be updated with linux_rpi # NOTE: this should be updated with linux_rpi
pname = "raspberrypi-dtoverlays"; pname = "raspberrypi-dtoverlays";
version = vars.version; inherit (vars) version;
src = sources.linux; src = sources.linux;

2
packages/raspberrypi/raspberrypifw/default.nix
View File

@@ -16,7 +16,7 @@ in
stdenvNoCC.mkDerivation { stdenvNoCC.mkDerivation {
# NOTE: this should be updated with linux_rpi # NOTE: this should be updated with linux_rpi
pname = "raspberrypi-firmware"; pname = "raspberrypi-firmware";
version = vars.version; inherit (vars) version;
src = sources.firmware-next; src = sources.firmware-next;

2
packages/raspberrypi/uefi-rpi4/default.nix
View File

@@ -14,8 +14,8 @@ let
sources = mkAllSources pkgs selected; sources = mkAllSources pkgs selected;
in in
stdenvNoCC.mkDerivation rec { stdenvNoCC.mkDerivation rec {
inherit (vars) version;
pname = "uefi-rpi4"; pname = "uefi-rpi4";
version = vars.version;
src = sources.firmware; src = sources.firmware;

2
packages/raspberrypi/uefi-rpi5/default.nix
View File

@@ -50,7 +50,7 @@ let
in in
stdenvNoCC.mkDerivation rec { stdenvNoCC.mkDerivation rec {
pname = "uefi-rpi5"; pname = "uefi-rpi5";
version = vars.version; inherit (vars) version;
src = sources.firmware; src = sources.firmware;

5
statix.toml
View File

@@ -1,11 +1,8 @@
# Disable lint rules that generate excessive false-positives or noise. # Disable lint rules that generate excessive false-positives or noise.
# #
# manual_inherit / manual_inherit_from: very high volume of style suggestions.
# empty_pattern: { ... }: is a valid and readable no-arg pattern. # empty_pattern: { ... }: is a valid and readable no-arg pattern.
disabled = [ disabled = [
"manual_inherit", "empty_pattern",
"manual_inherit_from",
"empty_pattern", # needed for some overlays
] ]
# Exclude files where statix's parser fails on complex shell-in-Nix content. # Exclude files where statix's parser fails on complex shell-in-Nix content.

2
systems/aarch64-linux/pi5/default.nix
View File

@@ -124,9 +124,9 @@ in
network = { network = {
hostName = net.hosts.pi5.hostname; hostName = net.hosts.pi5.hostname;
ipv4 = { ipv4 = {
inherit (net.hosts.pi5) gateway;
method = "manual"; method = "manual";
address = net.hosts.pi5.lan4; address = net.hosts.pi5.lan4;
gateway = net.hosts.pi5.gateway;
dns = "1.1.1.1"; dns = "1.1.1.1";
interface = "end0"; interface = "end0";
}; };

2
systems/x86_64-linux/allyx/default.nix
View File

@@ -55,8 +55,8 @@
enable = true; enable = true;
extraDirectories = [ extraDirectories = [
{ {
inherit (config.jovian.decky-loader) user;
directory = config.jovian.decky-loader.stateDir; directory = config.jovian.decky-loader.stateDir;
user = config.jovian.decky-loader.user;
group = config.jovian.decky-loader.user; group = config.jovian.decky-loader.user;
mode = "u=rwx,g=rwx,o=rx"; mode = "u=rwx,g=rwx,o=rx";
} }

2
systems/x86_64-linux/jallen-nas/default.nix
View File

@@ -127,7 +127,7 @@ in
ipv4 = { ipv4 = {
address = net.hosts.nas.lan; address = net.hosts.nas.lan;
method = "manual"; method = "manual";
gateway = net.hosts.nas.gateway; inherit (net.hosts.nas) gateway;
dns = "1.1.1.1"; dns = "1.1.1.1";
interface = "enp197s0"; interface = "enp197s0";
}; };

108
systems/x86_64-linux/jallen-nas/sops.nix
View File

@@ -1,7 +1,13 @@
{ config, lib, ... }: { config, lib, ... }:
let let
user = "nix-apps"; owner = config.users.users."nix-apps".name;
defaultSops = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"; inherit (config.users.users."${owner}") group;
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
sopsSettings = {
inherit owner group sopsFile;
mode = "0600";
};
in in
{ {
# Permission modes are in octal representation (same as chmod), # Permission modes are in octal representation (same as chmod),
@@ -25,27 +31,18 @@ in
# Secrets # Secrets
# ------------------------------ # ------------------------------
secrets = { secrets = {
"jallen-nas/admin_password" = { "jallen-nas/admin_password" = sopsSettings // {
sopsFile = defaultSops;
neededForUsers = true; neededForUsers = true;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
}; };
"jallen-nas/nas_pool" = { "jallen-nas/nas_pool" = sopsSettings;
sopsFile = defaultSops;
mode = "0600";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
};
# ------------------------------ # ------------------------------
# ups # ups
# ------------------------------ # ------------------------------
"jallen-nas/ups_password" = { "jallen-nas/ups_password" = {
sopsFile = defaultSops; inherit sopsFile;
mode = "0777"; mode = "0777";
restartUnits = [ restartUnits = [
"upsdrv.service" "upsdrv.service"
@@ -73,7 +70,7 @@ in
# ------------------------------ # ------------------------------
"jallen-nas/authentik-env" = { "jallen-nas/authentik-env" = {
sopsFile = defaultSops; inherit sopsFile;
restartUnits = [ "authentik.service" ]; restartUnits = [ "authentik.service" ];
}; };
@@ -81,7 +78,7 @@ in
# attic # attic
# ------------------------------ # ------------------------------
"jallen-nas/attic-key" = { "jallen-nas/attic-key" = {
sopsFile = defaultSops; inherit sopsFile;
restartUnits = [ "atticd.service" ]; restartUnits = [ "atticd.service" ];
}; };
@@ -90,7 +87,7 @@ in
# ------------------------------ # ------------------------------
"jallen-nas/collabora" = { "jallen-nas/collabora" = {
sopsFile = defaultSops; inherit sopsFile;
restartUnits = [ "coolwsd.service" ]; restartUnits = [ "coolwsd.service" ];
}; };
@@ -103,7 +100,7 @@ in
# }; # };
# "jallen-nas/crowdsec-capi" = { # "jallen-nas/crowdsec-capi" = {
# sopsFile = defaultSops; # inherit sopsFile;
# owner = "crowdsec"; # owner = "crowdsec";
# group = "crowdsec"; # group = "crowdsec";
# restartUnits = [ "crowdsec.service" ]; # restartUnits = [ "crowdsec.service" ];
@@ -114,11 +111,11 @@ in
# ------------------------------ # ------------------------------
"jallen-nas/mariadb/db_pass" = { "jallen-nas/mariadb/db_pass" = {
sopsFile = defaultSops; inherit sopsFile;
restartUnits = [ "mysql.service" ]; restartUnits = [ "mysql.service" ];
}; };
"jallen-nas/mariadb/root_pass" = { "jallen-nas/mariadb/root_pass" = {
sopsFile = defaultSops; inherit sopsFile;
restartUnits = [ "mysql.service" ]; restartUnits = [ "mysql.service" ];
}; };
@@ -126,28 +123,20 @@ in
# nextcloud # nextcloud
# ------------------------------ # ------------------------------
"jallen-nas/nextcloud/dbpassword" = { "jallen-nas/nextcloud/dbpassword" = sopsSettings // {
sopsFile = defaultSops;
mode = "0650"; mode = "0650";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "nextcloud.service" ]; restartUnits = [ "nextcloud.service" ];
}; };
"jallen-nas/nextcloud/adminpassword" = { "jallen-nas/nextcloud/adminpassword" = sopsSettings // {
sopsFile = defaultSops;
mode = "0440"; mode = "0440";
owner = config.users.users."${user}".name;
group = "keys"; group = "keys";
restartUnits = [ restartUnits = [
"nextcloud.service" "nextcloud.service"
"prometheus-nextcloud-exporter.service" # actual systemd unit name "prometheus-nextcloud-exporter.service" # actual systemd unit name
]; ];
}; };
"jallen-nas/nextcloud/smtp_settings" = { "jallen-nas/nextcloud/smtp_settings" = sopsSettings // {
sopsFile = defaultSops;
mode = "0650"; mode = "0650";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "nextcloud.service" ]; restartUnits = [ "nextcloud.service" ];
}; };
@@ -155,11 +144,8 @@ in
# onlyoffice # onlyoffice
# ------------------------------ # ------------------------------
"jallen-nas/onlyoffice-key" = { "jallen-nas/onlyoffice-key" = sopsSettings // {
sopsFile = defaultSops;
mode = "0655"; mode = "0655";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "nextcloud.service" ]; restartUnits = [ "nextcloud.service" ];
}; };
@@ -168,7 +154,7 @@ in
# ------------------------------ # ------------------------------
"jallen-nas/manyfold/secretkeybase" = { "jallen-nas/manyfold/secretkeybase" = {
sopsFile = defaultSops; inherit sopsFile;
restartUnits = [ "podman-manyfold.service" ]; restartUnits = [ "podman-manyfold.service" ];
}; };
@@ -177,7 +163,7 @@ in
# ------------------------------ # ------------------------------
"jallen-nas/immich/db-password" = { "jallen-nas/immich/db-password" = {
sopsFile = defaultSops; inherit sopsFile;
mode = "0440"; mode = "0440";
group = "keys"; group = "keys";
restartUnits = [ "immich.service" ]; restartUnits = [ "immich.service" ];
@@ -188,7 +174,7 @@ in
# ------------------------------ # ------------------------------
"jallen-nas/open-webui" = { "jallen-nas/open-webui" = {
sopsFile = defaultSops; inherit sopsFile;
restartUnits = [ "open-webui.service" ]; restartUnits = [ "open-webui.service" ];
}; };
@@ -197,15 +183,15 @@ in
# ------------------------------ # ------------------------------
"jallen-nas/paperless/secret" = { "jallen-nas/paperless/secret" = {
sopsFile = defaultSops; inherit sopsFile;
restartUnits = [ "paperless.service" ]; restartUnits = [ "paperless.service" ];
}; };
"jallen-nas/paperless/authentik-client-id" = { "jallen-nas/paperless/authentik-client-id" = {
sopsFile = defaultSops; inherit sopsFile;
restartUnits = [ "paperless.service" ]; restartUnits = [ "paperless.service" ];
}; };
"jallen-nas/paperless/authentik-client-secret" = { "jallen-nas/paperless/authentik-client-secret" = {
sopsFile = defaultSops; inherit sopsFile;
restartUnits = [ "paperless.service" ]; restartUnits = [ "paperless.service" ];
}; };
@@ -214,14 +200,14 @@ in
# ------------------------------ # ------------------------------
"jallen-nas/gitea/mail-key" = { "jallen-nas/gitea/mail-key" = {
sopsFile = defaultSops; inherit sopsFile;
owner = "root"; owner = "root";
group = "keys"; group = "keys";
mode = "0440"; mode = "0440";
restartUnits = [ "gitea.service" ]; restartUnits = [ "gitea.service" ];
}; };
"jallen-nas/gitea/metrics-key" = { "jallen-nas/gitea/metrics-key" = {
sopsFile = defaultSops; inherit sopsFile;
owner = "root"; owner = "root";
group = "keys"; group = "keys";
mode = "0440"; mode = "0440";
@@ -232,36 +218,36 @@ in
# free-games-claimer # free-games-claimer
# ------------------------------ # ------------------------------
"jallen-nas/free-games/eg-email" = { "jallen-nas/free-games/eg-email" = {
sopsFile = defaultSops; inherit sopsFile;
}; };
"jallen-nas/free-games/eg-pass" = { "jallen-nas/free-games/eg-pass" = {
sopsFile = defaultSops; inherit sopsFile;
}; };
"jallen-nas/free-games/eg-otp" = { "jallen-nas/free-games/eg-otp" = {
sopsFile = defaultSops; inherit sopsFile;
}; };
"jallen-nas/free-games/pg-email" = { "jallen-nas/free-games/pg-email" = {
sopsFile = defaultSops; inherit sopsFile;
}; };
"jallen-nas/free-games/pg-pass" = { "jallen-nas/free-games/pg-pass" = {
sopsFile = defaultSops; inherit sopsFile;
}; };
"jallen-nas/free-games/gog-email" = { "jallen-nas/free-games/gog-email" = {
sopsFile = defaultSops; inherit sopsFile;
}; };
"jallen-nas/free-games/gog-pass" = { "jallen-nas/free-games/gog-pass" = {
sopsFile = defaultSops; inherit sopsFile;
}; };
# ------------------------------ # ------------------------------
# ntfy # ntfy
# ------------------------------ # ------------------------------
"jallen-nas/ntfy/auth-users" = { "jallen-nas/ntfy/auth-users" = {
sopsFile = defaultSops; inherit sopsFile;
}; };
"jallen-nas/ntfy/user" = { "jallen-nas/ntfy/user" = {
sopsFile = defaultSops; inherit sopsFile;
mode = "0440"; mode = "0440";
group = "keys"; group = "keys";
restartUnits = [ restartUnits = [
@@ -271,7 +257,7 @@ in
]; ];
}; };
"jallen-nas/ntfy/password" = { "jallen-nas/ntfy/password" = {
sopsFile = defaultSops; inherit sopsFile;
mode = "0440"; mode = "0440";
group = "keys"; group = "keys";
restartUnits = [ restartUnits = [
@@ -285,15 +271,15 @@ in
# sparky-fitness # sparky-fitness
# ------------------------------ # ------------------------------
"jallen-nas/sparky-fitness/db-password" = { "jallen-nas/sparky-fitness/db-password" = {
sopsFile = defaultSops; inherit sopsFile;
restartUnits = [ "podman-sparky-fitness-server.service" ]; restartUnits = [ "podman-sparky-fitness-server.service" ];
}; };
"jallen-nas/sparky-fitness/api-encryption-key" = { "jallen-nas/sparky-fitness/api-encryption-key" = {
sopsFile = defaultSops; inherit sopsFile;
restartUnits = [ "podman-sparky-fitness-server.service" ]; restartUnits = [ "podman-sparky-fitness-server.service" ];
}; };
"jallen-nas/sparky-fitness/auth-secret" = { "jallen-nas/sparky-fitness/auth-secret" = {
sopsFile = defaultSops; inherit sopsFile;
restartUnits = [ "podman-sparky-fitness-server.service" ]; restartUnits = [ "podman-sparky-fitness-server.service" ];
}; };
@@ -303,7 +289,7 @@ in
# jallen-nas/authentik-rac/token: <authentik RAC outpost token> # jallen-nas/authentik-rac/token: <authentik RAC outpost token>
# ------------------------------ # ------------------------------
"jallen-nas/authentik-rac/token" = { "jallen-nas/authentik-rac/token" = {
sopsFile = defaultSops; inherit sopsFile;
restartUnits = [ "podman-authenticRac.service" ]; restartUnits = [ "podman-authenticRac.service" ];
}; };
@@ -315,7 +301,7 @@ in
# embedding it in the world-readable Nix store. # embedding it in the world-readable Nix store.
# To rotate: use https://github.com/erooke/grafana-secretkey-rotation-tool # To rotate: use https://github.com/erooke/grafana-secretkey-rotation-tool
"jallen-nas/grafana/secret-key" = { "jallen-nas/grafana/secret-key" = {
sopsFile = defaultSops; inherit sopsFile;
owner = "grafana"; owner = "grafana";
group = "grafana"; group = "grafana";
mode = "0400"; mode = "0400";
@@ -328,6 +314,7 @@ in
# ------------------------------ # ------------------------------
templates = { templates = {
"fgc.env" = { "fgc.env" = {
inherit owner group;
content = '' content = ''
EG_EMAIL = ${config.sops.placeholder."jallen-nas/free-games/eg-email"} EG_EMAIL = ${config.sops.placeholder."jallen-nas/free-games/eg-email"}
EG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/eg-pass"} EG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/eg-pass"}
@@ -338,8 +325,6 @@ in
GOG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/gog-pass"} GOG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/gog-pass"}
''; '';
mode = "0650"; mode = "0650";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "podman-free-games-claimer.service" ]; restartUnits = [ "podman-free-games-claimer.service" ];
}; };
@@ -407,6 +392,7 @@ in
}; };
"paperless.env" = { "paperless.env" = {
inherit owner group;
content = '' content = ''
PAPERLESS_ADMIN_USER = "mjallen" PAPERLESS_ADMIN_USER = "mjallen"
PAPERLESS_ADMIN_PASSWORD = ${config.sops.placeholder."matt_password"} PAPERLESS_ADMIN_PASSWORD = ${config.sops.placeholder."matt_password"}
@@ -421,8 +407,6 @@ in
}","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}} }","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}}
''; '';
mode = "0650"; mode = "0650";
owner = config.users.users."${user}".name;
group = config.users.users."${user}".group;
restartUnits = [ "paperless-web.service" ]; restartUnits = [ "paperless-web.service" ];
}; };
}; };

2
systems/x86_64-linux/nuc-nixos/default.nix
View File

@@ -36,9 +36,9 @@ in
network = { network = {
hostName = net.hosts.nuc.hostname; hostName = net.hosts.nuc.hostname;
ipv4 = { ipv4 = {
inherit (net.hosts.nuc) gateway;
method = "manual"; method = "manual";
address = net.hosts.nuc.lan4; address = net.hosts.nuc.lan4;
gateway = net.hosts.nuc.gateway;
dns = net.hosts.router.lan; dns = net.hosts.router.lan;
interface = "enp2s0"; interface = "enp2s0";
}; };