mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mjallen:macbook-hyprland
Branches Tags
mjallen:main mjallen:stylix mjallen:bcfs mjallen:snowfall mjallen:macbook-hyprland
...
compare: mjallen:bcfs
Branches Tags
mjallen:main mjallen:stylix mjallen:bcfs mjallen:snowfall mjallen:macbook-hyprland

99 Commits
macbook-hy ... bcfs

Author SHA1 Message Date
mjallen18
33385d5275 testing done 2025-08-21 20:54:43 -05:00
mjallen18
19bf815be8 end test 2025-08-21 20:52:13 -05:00
mjallen18
0152438472 more cleanup 2025-08-21 20:05:58 -05:00
mjallen18
f9b07deb19 cleanup 2025-08-21 19:45:03 -05:00
mjallen18
6e55d375d2 user updates 2025-08-21 19:40:32 -05:00
mjallen18
0e066cb4d7 move some apps to namespace 2025-08-21 19:06:51 -05:00
mjallen18
bd64283f04 idk 2025-08-21 16:17:17 -05:00
mjallen18
6025b6c4f1 bcfs root? 2025-08-21 16:10:04 -05:00
mjallen18
92b04773b2 move python-steam 2025-08-21 14:26:50 -05:00
mjallen18
783a7a3390 README 2025-08-21 14:17:33 -05:00
mjallen18
0ef4354c1a aarch 2025-08-21 13:24:04 -05:00
mjallen18
192a978d46 fix proxies 2025-08-21 11:45:06 -05:00
mjallen18
a4519904b6 fix pi4 hostname 2025-08-21 11:45:06 -05:00
mjallen18
83a6e45bf4 test 2025-08-20 22:02:24 -05:00
mjallen18
2ba6f3466f clev 2025-08-20 21:30:18 -05:00
mjallen18
b3f5b4b406 more pi stuff 2025-08-20 21:30:18 -05:00
mjallen18
2e680f2519 fix lol 2025-08-20 21:30:18 -05:00
mjallen18
445183f826 pi stuff 2025-08-20 21:30:18 -05:00
mjallen18
aec980e6fe sops but idk 2025-08-20 21:30:18 -05:00
mjallen18
68f732ec4b cleanup 2025-08-20 21:30:18 -05:00
mjallen18
dc382dcfcc cache 2025-08-20 21:30:18 -05:00
mjallen18
b1a06034f1 disable gnome 2025-08-20 21:30:18 -05:00
mjallen18
aa3e8cc263 finally update traefik 2025-08-20 21:30:18 -05:00
mjallen18
b680255bc5 macos 2025-08-20 21:30:18 -05:00
mjallen18
a3f7af4e39 sops 2025-08-20 21:30:18 -05:00
mjallen18
cd5c8a0034 no splash 2025-08-20 21:30:18 -05:00
mjallen18
1f14f020ed ssh 2025-08-20 21:30:18 -05:00
mjallen18
05affb6b1f test 2025-08-18 20:54:03 -05:00
mjallen18
2623efc997 update hass addons 2025-08-18 19:52:09 -05:00
mjallen18
c053da2e30 bcachefs 2025-08-17 21:01:59 -05:00
mjallen18
533d6a4170 pi5 upd 2025-08-17 20:58:54 -05:00
mjallen18
5b3e01820b desktop omnissa 2025-08-12 21:25:07 -05:00
mjallen
5cef58ade0 fix 2025-08-12 17:04:25 +00:00
mjallen18
981b41f4c2 upd 2025-08-12 08:18:19 -05:00
mjallen18
ae8039dba0 weather 2025-08-07 22:30:20 -05:00
mjallen18
54f56c3f83 upd 2025-08-07 22:30:01 -05:00
mjallen18
ce142bb64a fix this package 2025-07-30 21:44:57 -05:00
mjallen18
fd3f61a0ac lsfg 2025-07-29 20:02:37 -05:00
mjallen18
d0ac22c211 bcachefs 2025-07-29 19:34:10 -05:00
mjallen18
caa326d496 test 2025-07-29 18:26:50 -05:00
mjallen18
04ef2a4b8c temp 2025-07-29 16:43:51 -05:00
mjallen18
7e35a27b2e lsfg-vk 2025-07-28 15:16:56 -05:00
mjallen18
48108e693a gnome home manager on steamdeck 2025-07-28 14:49:03 -05:00
mjallen18
8e3d3e4281 openhasp 2025-07-28 14:18:54 -05:00
mjallen18
c7c99b339b fix package 2025-07-28 11:27:06 -05:00
mjallen18
c8f5547727 openhasp 2025-07-28 11:27:00 -05:00
mjallen18
6f5e592d8c cleanup 2025-07-28 11:06:32 -05:00
mjallen18
5ae3f1a9ef desktop home sops 2025-07-28 09:33:54 -05:00
mjallen18
1a3b091588 desktop stuff 2025-07-28 09:32:31 -05:00
mjallen18
5b34456571 yamlfmt 2025-07-24 11:25:18 -05:00
mjallen18
5918611469 yamlfmt 2025-07-24 11:22:29 -05:00
mjallen18
f3aafffcaa deadnix 2025-07-24 11:19:19 -05:00
mjallen18
3d213c8769 nixfmt 2025-07-24 11:06:08 -05:00
mjallen18
f05972d6ae move commented file: 2025-07-24 10:38:13 -05:00
mjallen18
b77dda0e6f fix some stuff 2025-07-24 10:31:50 -05:00
mjallen18
3c1a956c81 cleanup 2025-07-24 10:19:32 -05:00
mjallen18
5dc1a96f6d cleanup 2025-07-23 19:36:06 -05:00
mjallen18
1ed989e713 pull rest of mac stuff 2025-07-23 12:02:31 -05:00
mjallen18
fa2d95e12f fix some hyprland stuff 2025-07-23 11:57:44 -05:00
mjallen18
1bc7856d93 teml 2025-07-23 09:50:11 -05:00
mjallen18
f8e80bd44c network 2025-07-22 18:03:18 -05:00
mjallen18
1d1f145b37 move nas apps sorta 2025-07-22 16:23:58 -05:00
mjallen18
c8ed7d74f8 fix nas home sops 2025-07-22 12:38:37 -05:00
mjallen18
f11a40370b nas builds 2025-07-22 12:35:00 -05:00
mjallen18
1e5f1db195 basic building for deck 2025-07-21 19:12:46 -05:00
mjallen18
e3bfbae131 pis 2025-07-21 18:59:53 -05:00
mjallen18
b43816579f move stuff 2025-07-21 14:25:34 -05:00
mjallen18
ac9ee8e67b basic pi stuff, ugly but functional 2025-07-21 14:09:41 -05:00
mjallen18
4abbd0ef33 darwin 2025-07-21 09:18:37 -05:00
mjallen18
608a6ce9b8 desktop building? 2025-07-20 18:35:14 -05:00
mjallen18
91be65bc39 functional home assistant 2025-07-18 14:50:13 -05:00
mjallen18
407f8ede87 temp 2025-07-18 13:21:50 -05:00
mjallen18
996e34d075 move all hacs modules to packages 2025-07-18 10:07:22 -05:00
mjallen18
442c24997d desktop is building I guess, idk, need to start commiting stuff eventually lmao 2025-07-17 20:57:18 -05:00
mjallen18
6c7c76887b temp commit 2025-07-16 19:57:33 -05:00
mjallen18
1a254d12c7 patch mail 2025-07-16 12:58:54 -05:00
mjallen18
cdcd102d8c config upd 2025-07-16 12:46:52 -05:00
mjallen18
6c3de9beb4 nuc 2025-07-15 21:18:21 -05:00
mjallen18
17d4e87056 t 2025-07-15 17:08:36 -05:00
mjallen18
0fcb6e07f7 update hass components 2025-07-15 15:28:05 -05:00
mjallen18
9587efe719 weather stuff 2025-07-14 21:43:03 -05:00
mjallen18
58ba094456 finally set up some of nix-darwin 2025-07-14 08:42:31 -05:00
mjallen18
059e72584f make mac kbs make more sense 2025-07-09 16:29:31 -05:00
mjallen18
f42c9ceef8 blovk 2025-07-09 16:05:19 -05:00
mjallen18
769084239f mesa stable cause gamescope broken 2025-07-09 09:11:11 -05:00
mjallen18
c0020a6726 update deck 2025-07-09 09:03:25 -05:00
mjallen18
0bcf196587 upgrade battery icons to swap when charging/discharging 2025-07-08 10:16:14 -05:00
mjallen18
f98c31671d fix mac scaling 2025-07-08 09:49:19 -05:00
mjallen18
a2cdab41b2 asd 2025-07-07 21:45:43 -05:00
mjallen18
5b3e561ad4 disk 2025-07-07 21:42:53 -05:00
mjallen18
f770342649 hypland theme fixes 2025-07-07 21:22:25 -05:00
mjallen18
bc183bc8dd more laptop->desktop hyprland coexistence 2025-07-07 18:23:21 -05:00
mjallen18
1ae1cc6f45 secrets 2025-07-07 11:32:51 -05:00
mjallen18
ebf848a465 update mac 2025-07-07 11:32:01 -05:00
mjallen18
6b28f57207 add nas settings file 2025-07-07 11:27:09 -05:00
mjallen18
803f229a4a Desktop Updates Mon Jun 30 11:58:01 PM CDT 2025 2025-07-07 11:21:08 -05:00
mjallen18
a062a78d13 Steamdeck Updates Mon Jun 30 02:24:43 PM CDT 2025 2025-07-07 11:21:08 -05:00
mjallen18
46adb33771 Merge branch 'macbook-hyprland' 2025-07-07 11:19:38 -05:00
mjallen18
42db510b8f add idle inhibitor to waybar 2025-07-01 08:28:54 -05:00
346 changed files with 11922 additions and 19908 deletions
Expand all files Collapse all files

7
.gitignore vendored
View File

@@ -2,4 +2,9 @@ hosts/nas/*.conf
hosts/nas/*.users hosts/nas/*.users
result result
*.raw *.raw
.codegpt .codegpt
.direnv
shell.nix
.vscode
**/*/*.py
.envrc

115
.sops.yaml
View File

@@ -10,66 +10,81 @@ keys:
- &pi5 age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje - &pi5 age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje
- &deck age1c8qw59ffcq9l77gfmtyc3djtvt3md0u6dwhrjcgsm98ntyf72ufqugj7cg - &deck age1c8qw59ffcq9l77gfmtyc3djtvt3md0u6dwhrjcgsm98ntyf72ufqugj7cg
- &steamdeck age1er5qucsc2mugrzrr7n3xhzv7kemkrqrw4m84r544fkk7nkg5g5eswxkqj0 - &steamdeck age1er5qucsc2mugrzrr7n3xhzv7kemkrqrw4m84r544fkk7nkg5g5eswxkqj0
- &matt_macbook-pro age1xg6mvj3x6s3t8058c6rsk3q4kskvm6nsffwckxkkjzhyn7r6tczqgkj23p - &matt_macbook-pro age19daqsncuzeh3j6cwk8uxp6yfj8h0qtz02jxlwwy4v8j0mfgznsvq30440g
- &macbook-pro age1rdn39ywgzmc8wlsl5lrfe77e652wzjmjx58gx4k2ydghd35kdqvqscrf3h - &macbook-pro age19w4zafpwnq9yhzuf8r5te2yhq7xlqj76rcgzcz935hllyrz4yvws4jn6ca
- &nuc age1wurzgc20e6ye79wsg85vvqk4aj3mmc0llxshcy9532ex8f4c6dqql76c78
- &admin_nuc age1luyejgmqjj0esydlr2jxqkg48vexmx57gdz7cy5gq7rz8kf5cups2rnfa9
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- age: - age:
- *matt - *matt
- *matt_pi4 - *matt_pi4
- *matt_pi5 - *matt_pi5
- *desktop - *desktop
- *admin - *admin
- *jallen-nas - *jallen-nas
- *pi4 - *pi4
- *pi5 - *pi5
- *deck - *deck
- *steamdeck - *steamdeck
- *matt_macbook-pro - *matt_macbook-pro
- *macbook-pro - *macbook-pro
- *admin_nuc
- *nuc
- path_regex: nas-secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: nas-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- age: - age:
- *matt - *matt
- *desktop - *desktop
- *admin - *admin
- *jallen-nas - *jallen-nas
- path_regex: desktop-secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: desktop-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- age: - age:
- *matt - *matt
- *desktop - *desktop
- *admin - *admin
- *jallen-nas - *jallen-nas
- path_regex: steamdeck-secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: steamdeck-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- age: - age:
- *matt - *matt
- *desktop - *desktop
- *deck - *deck
- *steamdeck - *steamdeck
- *admin - *admin
- *jallen-nas - *jallen-nas
- path_regex: pi4-secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: pi4-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- age: - age:
- *matt - *matt
- *matt_pi4 - *matt_pi4
- *matt_pi5 - *matt_pi5
- *desktop - *desktop
- *pi4 - *pi4
- *pi5 - *pi5
- *admin - *admin
- *jallen-nas - *jallen-nas
- path_regex: pi5-secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: pi5-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups: key_groups:
- age: - age:
- *matt - *matt
- *matt_pi4 - *matt_pi4
- *matt_pi5 - *matt_pi5
- *desktop - *desktop
- *pi4 - *pi4
- *pi5 - *pi5
- *admin - *admin
- *jallen-nas - *jallen-nas
- path_regex: mac-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *matt
- *matt_pi5
- *desktop
- *pi5
- *admin
- *jallen-nas
- *matt_macbook-pro
- *macbook-pro

156
README.md
View File

@@ -1,50 +1,118 @@
# nixOS Config # NixOS Configuration Repository
### Common Files This repository contains my personal NixOS configurations for multiple systems, managed using [Snowfall Lib](https://github.com/snowfallorg/lib) and the Nix Flakes system.
* [flake.nix](./flake.nix)
* [impermenance.nix](./share/impermanence/default.nix) ## Overview
* [share](./share)
* [overlays](./overlays) This repository provides a centralized, declarative configuration for all my systems, including:
- Desktop PC (AMD)
- NAS server
- Steam Deck
- Intel NUC
- Raspberry Pi 4
- Raspberry Pi 5
- MacBook Pro (NixOS on Apple Silicon)
- MacBook Pro (Darwin/macOS)
## Repository Structure
```
.
├── checks/ # Pre-commit hooks and other checks
├── flake.nix # Main flake configuration
├── homes/ # Home-manager configurations for users
│ ├── aarch64-darwin/ # macOS home configurations
│ ├── aarch64-linux/ # ARM Linux home configurations
│ └── x86_64-linux/ # x86 Linux home configurations
├── modules/ # Reusable configuration modules
│ ├── home/ # Home-manager modules
│ └── nixos/ # NixOS system modules
├── overlays/ # Nixpkgs overlays
├── packages/ # Custom package definitions
├── secrets/ # Encrypted secrets (managed with sops-nix)
└── systems/ # System-specific configurations
├── aarch64-darwin/ # macOS system configurations
├── aarch64-linux/ # ARM Linux system configurations
└── x86_64-linux/ # x86 Linux system configurations
```
## Key Features
- **Modular Design**: Reusable modules for various system components
- **Multi-System Support**: Configurations for different hardware platforms
- **Home Manager Integration**: User environment management
- **Secret Management**: Encrypted secrets with sops-nix
- **Disk Management**: Declarative disk partitioning with disko
- **State Management**: Persistent state management with impermanence
- **Desktop Environments**: Support for GNOME, Hyprland, and COSMIC
- **Hardware-Specific Optimizations**: Tailored configurations for different hardware
## Key Technologies
- [Nix](https://nixos.org/) and [NixOS](https://nixos.org/)
- [Nix Flakes](https://nixos.wiki/wiki/Flakes)
- [Snowfall Lib](https://github.com/snowfallorg/lib)
- [Home Manager](https://github.com/nix-community/home-manager)
- [sops-nix](https://github.com/Mic92/sops-nix)
- [disko](https://github.com/nix-community/disko)
- [impermanence](https://github.com/nix-community/impermanence)
- [lanzaboote](https://github.com/nix-community/lanzaboote) (Secure Boot)
## Notable System Configurations
### Desktop ### Desktop
* [boot.nix](./hosts/desktop/boot.nix)
* [configuration.nix](./hosts/desktop/configuration.nix) A powerful AMD-based desktop with gaming capabilities, featuring:
* [hardware-configuration.nix](./hosts/desktop/hardware-configuration.nix) - AMD CPU and GPU optimizations
* [filesystems.nix](./hosts/desktop/filesystems.nix) - Multiple desktop environment options (GNOME, Hyprland, COSMIC)
* [home.nix](./hosts/desktop/home.nix) - Gaming setup with Steam and related tools
* [sops.nix](./hosts/desktop/sops.nix)
* [specialisations.hyprland](./hosts/desktop/hyprland)
* [specialisations.gnome](./hosts/desktop/gnome)
* [specialisations.cosmic](./hosts/desktop/cosmic)
### NAS ### NAS
* [boot.nix](./hosts/nas/boot.nix)
* [configuration.nix](./hosts/nas/configuration.nix)
* [hardware-configuration.nix](./hosts/nas/hardware-configuration.nix)
* [impermenance.nix](./hosts/nas/impermenance.nix)
* [apps.nix](./hosts/desktop/apps.nix)
* [home.nix](./hosts/desktop/home.nix)
* [networking.nix](./hosts/desktop/networking.nix)
* [services.nix](./hosts/desktop/services.nix)
* [sops.nix](./hosts/desktop/sops.nix)
* [ups.nix](./hosts/desktop/ups.nix)
* [samba](./modules/samba)
* nas-apps
* [arrs](./hosts/nas/apps/arrs/default.nix)
* [free-games-claimer](./modules/apps/free-games-claimer)
* [jackett](./modules/apps/jackett)
* [jellyfin](./hosts/nas/apps/jellyfin/default.nix)
* [jellyseerr](./hosts/nas/apps/jellyseerr/default.nix)
* [jackett](./modules/apps/manyfold)
* [mariadb](./modules/apps/mariadb)
* [mealie](./modules/apps/mealie)
* [nextcloud+onlyoffice](./hosts/nas/apps/nextcloud/default.nix)
* [ollama](./hosts/nas/apps/ollama/default.nix)
* [paperless](./hosts/nas/apps/paperless/default.nix)
* [tdarr](./modules/apps/tdarr)
* [traefik](./hosts/nas/apps/traefik/default.nix)
* [wireguard](./modules/apps/your-spotify)
### Raspberry Pi 4 A home server with various self-hosted services:
* [configuration.nix](./hosts/pi4/configuration.nix) - Media management (Jellyfin, Jellyseerr)
* [hardware-configuration.nix](./hosts/pi4/hardware-configuration.nix) - Download automation (Sonarr, Radarr, etc.)
- Document management (Paperless)
- File sharing (Samba, Nextcloud)
- AI services (Ollama)
### Raspberry Pi
Configurations for both Pi 4 and Pi 5:
- Hardware-specific optimizations
- Disk partitioning suitable for ARM devices
- Bluetooth and wireless support
### Steam Deck
Custom NixOS configuration for the Steam Deck:
- Integration with Jovian for Steam Deck compatibility
- Gaming optimizations
- Steam ROM Manager
### MacBook Pro
Configurations for both:
- NixOS on Apple Silicon
- nix-darwin for macOS
## Usage
### Building a System Configuration
```bash
# Build and activate a system configuration
sudo nixos-rebuild switch --flake .#hostname
```
### Building a Home Configuration
```bash
# Build and activate a home configuration
home-manager switch --flake .#username@hostname
```
## License
This project is licensed under the MIT License - see the LICENSE file for details.

22
checks/pre-commit-hooks/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{
inputs,
pkgs,
lib,
...
}:
let
inherit (inputs) pre-commit-hooks-nix;
in
pre-commit-hooks-nix.lib.${pkgs.system}.run {
src = ../..;
hooks = {
pre-commit-hook-ensure-sops.enable = true;
treefmt = {
enable = lib.mkForce true;
settings.fail-on-change = lib.mkForce false;
packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs (
lib.snowfall.fs.get-file "treefmt.nix"
);
};
};
}

2161
flake.lock generated Executable file → Normal file
View File

File diff suppressed because it is too large Load Diff

1011
flake.nix Executable file → Normal file
View File

File diff suppressed because it is too large Load Diff

58
homes/aarch64-darwin/mattjallen@macbook-pro/default.nix Executable file
View File

@@ -0,0 +1,58 @@
{
lib,
pkgs,
home,
...
}:
let
shellAliases = {
update-switch = "darwin-rebuild switch --flake ~/nix-config";
update-flake = "nix flake update ~/nix-config";
ducks = "du -cksh * | sort -hr | head -n 15";
};
packages = with pkgs; [
age
cpufetch
deadnix
direnv
nixfmt-rfc-style
sops
tree
wget
];
in
{
# Home Manager needs a bit of information about you and the
# paths it should manage.
home = {
username = "mattjallen";
homeDirectory = "/Users/mattjallen";
packages = lib.mkForce packages;
sessionVariables = {
NH_DARWIN_FLAKE = "${home.homeDirectory}/nix-config#mac";
};
};
programs = {
zsh = {
shellAliases = shellAliases;
};
};
# Manage bug in compilations - who uses manpages in 2024 anyways? :P
manual.manpages.enable = false;
# Override defaults that arent supported
programs = {
mangohud.enable = lib.mkForce false;
nh = {
flake = "${home.homeDirectory}/nix-config";
};
};
services = {
pass-secret-service.enable = lib.mkForce false;
nextcloud-client.enable = lib.mkForce false;
};
}

134
homes/aarch64-linux/matt@macbook-pro-nixos/default.nix Executable file
View File

@@ -0,0 +1,134 @@
{ pkgs, lib, ... }:
let
theme = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
update-flake = "nix flake update mac-nixpkgs mac-nixos-apple-silicon mac-home-manager mac-impermanence mac-sops-nix --flake /etc/nixos";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
};
fontName = "JetBrainsMono NFM";
fontPackage = pkgs.nerd-fonts.jetbrains-mono;
# Displays
display = {
input = "eDP-1";
resolution = "3456x2234";
refreshRate = "60.00000";
};
in
{
home.username = "matt";
home.homeDirectory = "/home/matt";
home.stateVersion = "23.11";
mjallen = {
desktop.hyprland = {
enable = true;
primaryDisplay = "eDP-1";
wallpaper = [
"${display.input}, /run/wallpaper.jpg"
];
monitor = [
"${display.input},${display.resolution}@${display.refreshRate},0x0,1.25,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
];
workspace = [
"name:firefox, monitor:${display.input}, default:false, special, class:(.*firefox.*)"
"name:discord, monitor:${display.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
"name:steam, monitor:${display.input}, default:false, special, class:(.*[Ss]team.*)"
];
windowRule = [
"size 2160 3356, tag:horizonrdp"
];
defaultApps = {
browser = pkgs.firefox;
};
};
programs = {
btop.enable = true;
kitty = {
enable = true;
font = {
name = fontName;
package = fontPackage;
};
};
mako = {
enable = true;
fontName = fontName;
};
nwg-dock.enable = true;
nwg-drawer.enable = true;
nwg-panel = {
enable = true;
defaultApps = {
browser = pkgs.firefox;
};
};
waybar = {
enable = true;
layer = "bottom";
modules-right = [
"temperature"
"temperature#gpu"
"keyboard-state#capslock"
"keyboard-state#numlock"
"wireplumber#sink"
"bluetooth"
"network"
"idle_inhibitor"
"clock"
"battery"
"custom/weather"
];
extraModules = {
"custom/lights" = {
tooltip = false;
exec = "waybar-hass --get_light light.living_room_lights";
interval = "once";
format = "{text}"; # "󱉓";
on-click = "waybar-hass --toggle_light light.living_room_lights";
return-type = "json";
};
};
extraModulesStyle = ''
#custom-lights {
color: ${theme.frost.nord8};
background-color: ${theme.polarNight.nord0};
${theme.defaultOpacity}
${theme.borderLeft}
}
#custom-lights:hover {
background: ${theme.polarNight.nord3};
}
'';
windowOffset = 75;
};
wlogout.enable = true;
wofi.enable = true;
};
};
home.packages = with pkgs; [
iw
iwd
orca-slicer
vscodium
];
programs = {
password-store.enable = true;
zsh.shellAliases = shellAliases;
};
}

66
homes/aarch64-linux/matt@pi4/default.nix Executable file
View File

@@ -0,0 +1,66 @@
{ lib, ... }:
{
home.username = "matt";
mjallen = {
shell-aliases = {
enable = true;
flakeInputs = [
"pi4-nixpkgs"
"pi4-home-manager"
"pi4-impermanence"
"pi4-sops-nix"
"pi4-nixos-hardware"
"pi4-nixos-raspberrypi"
"pi4-disko"
];
};
};
sops = {
age.keyFile = "/home/matt/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/pi4" = {
path = "/home/matt/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/pi4" = {
path = "/home/matt/.ssh/id_ed25519";
mode = "0600";
};
# "ssh-keys-public/desktop-nixos" = {
# path = "/home/matt/.ssh/authorized_keys";
# mode = "0600";
# };
# "ssh-keys-public/desktop-nixos-root" = {
# path = "/home/matt/.ssh/authorized_keys2";
# mode = "0600";
# };
# "ssh-keys-public/desktop-windows" = {
# path = "/home/matt/.ssh/authorized_keys3";
# mode = "0600";
# };
# "ssh-keys-public/macbook-macos" = {
# path = "/home/matt/.ssh/authorized_keys4";
# mode = "0600";
# };
};
};
programs = {
mangohud.enable = lib.mkForce true;
};
services = {
nextcloud-client.enable = lib.mkForce false;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

21
hosts/pi5/home.nix → homes/aarch64-linux/matt@pi5/default.nix
View File

@@ -1,4 +1,7 @@
{ pkgs, lib, config, ... }: {
config,
...
}:
let let
shellAliases = { shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3"; update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
@@ -9,14 +12,6 @@ let
}; };
in in
{ {
imports = [
../../share/home/defaults.nix
../../share/home/git.nix
../../share/home/gnome.nix
../../share/home/librewolf.nix
../../share/home/shell.nix
../../share/home/vscode.nix
];
home.username = "matt"; home.username = "matt";
@@ -62,4 +57,12 @@ in
programs = { programs = {
zsh.shellAliases = shellAliases; zsh.shellAliases = shellAliases;
}; };
services = {
nextcloud-client.enable = false;
kdeconnect = {
enable = false;
indicator = false;
};
};
} }

26
homes/aarch64-linux/root@pi4/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{ config, lib, ... }:
let
shellAliases = {
update-boot = "nixos-rebuild boot --max-jobs 10";
update-switch = "nixos-rebuild switch --max-jobs 10";
};
in
{
home = {
username = "root";
homeDirectory = lib.mkForce "/${config.home.username}";
enableNixpkgsReleaseCheck = false;
};
programs = {
zsh.shellAliases = shellAliases;
};
services = {
nextcloud-client.enable = lib.mkForce false;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

31
hosts/nas/home.nix → homes/x86_64-linux/admin@nas/default.nix
View File

@@ -1,14 +1,27 @@
{ pkgs,... }: { pkgs, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10";
update-switch = "sudo nixos-rebuild switch --max-jobs 10";
update-flake = "nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix --flake /etc/nixos";
};
in
{ {
home.username = "admin"; home.username = "admin";
# mjallen.home.enable = true;
mjallen = {
shell-aliases = {
enable = true;
buildHost = ""; # NAS builds locally
flakeInputs = [
"nas-nixpkgs"
"nas-authentik-nix"
"nas-cosmic"
"nas-crowdsec"
"nas-home-manager"
"nas-impermanence"
"nas-lanzaboote"
"nas-nixos-hardware"
"nas-sops-nix"
];
};
};
sops = { sops = {
age.keyFile = "/home/admin/.config/sops/age/keys.txt"; age.keyFile = "/home/admin/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
@@ -58,8 +71,6 @@ in
} }
]; ];
}; };
zsh.shellAliases = shellAliases;
}; };
# services.nixai = { # services.nixai = {

15
homes/x86_64-linux/admin@nuc/default.nix Executable file
View File

@@ -0,0 +1,15 @@
{ ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10";
update-switch = "sudo nixos-rebuild switch --max-jobs 10";
update-flake = "nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix --flake /etc/nixos";
};
in
{
home.username = "admin";
programs = {
zsh.shellAliases = shellAliases;
};
}

22
hosts/deck/home.nix → homes/x86_64-linux/deck@steamdeck/default.nix
View File

@@ -10,6 +10,8 @@ in
{ {
home.username = "deck"; home.username = "deck";
mjallen.desktop.gnome.enable = true;
sops = { sops = {
age.keyFile = "/home/deck/.config/sops/age/keys.txt"; age.keyFile = "/home/deck/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
@@ -30,13 +32,13 @@ in
steam-rom-manager = { steam-rom-manager = {
enable = true; enable = true;
steamUsername = "mjallen18"; steamUsername = "mjallen18";
# Optional: override default paths if needed # Optional: override default paths if needed
environmentVariables = { environmentVariables = {
romsDirectory = "/home/deck/Emulation/roms"; romsDirectory = "/home/deck/Emulation/roms";
steamDirectory = "/home/deck/.local/share/Steam"; steamDirectory = "/home/deck/.local/share/Steam";
}; };
emulators = { emulators = {
ryujinx.enable = true; ryujinx.enable = true;
@@ -44,13 +46,21 @@ in
enable = true; enable = true;
package = pkgs.dolphin-emu; package = pkgs.dolphin-emu;
romFolder = "gc"; romFolder = "gc";
fileTypes = [ ".iso" ".ISO" ".gcm" ".GCM" ".ciso" ".CISO" "rvz" ]; fileTypes = [
".iso"
".ISO"
".gcm"
".GCM"
".ciso"
".CISO"
"rvz"
];
extraArgs = "-b -e \"\${filePath}\""; extraArgs = "-b -e \"\${filePath}\"";
}; };
pcsx2.enable = true; pcsx2.enable = true;
mgba.enable = true; mgba.enable = true;
"Non-SRM Shortcuts" = { "Non-SRM Shortcuts" = {
enable = true; enable = true;
parserType = "Non-SRM Shortcuts"; parserType = "Non-SRM Shortcuts";
@@ -68,6 +78,6 @@ in
mgba mgba
prismlauncher prismlauncher
ryujinx-greemdev ryujinx-greemdev
vmware-horizon-client omnissa-horizon-client
]; ];
} }

60
homes/x86_64-linux/matt@desktop/default.nix Executable file
View File

@@ -0,0 +1,60 @@
{ pkgs, ... }:
{
home.username = "matt";
mjallen = {
sops = {
enable = true;
};
shell-aliases = {
enable = true;
flakeInputs = [
"desktop-nixpkgs"
"desktop-chaotic"
"desktop-home-manager"
"desktop-impermanence"
"desktop-lanzaboote"
"desktop-nixos-hardware"
"desktop-sops-nix"
"desktop-steam-rom-manager"
];
};
};
services = {
remmina = {
enable = true;
addRdpMimeTypeAssoc = true;
};
};
programs = {
password-store.enable = true;
};
home.packages = with pkgs; [
bottles
compose2nix
discord
distrobox
heroic
omnissa-horizon-client
jq
lutris
lzip
morph
orca-slicer
piper
prismlauncher
protontricks
protonvpn-gui
python3
runelite
smile
unigine-heaven
via
virt-manager
vorta
waydroid-helper
];
}

15
modules/root-user/default.nix → homes/x86_64-linux/root@nuc/default.nix
View File

@@ -1,4 +1,4 @@
{ ... }: { config, lib, ... }:
let let
shellAliases = { shellAliases = {
update-boot = "nixos-rebuild boot --max-jobs 10"; update-boot = "nixos-rebuild boot --max-jobs 10";
@@ -6,15 +6,12 @@ let
}; };
in in
{ {
imports = [ home = {
../home/defaults.nix username = "root";
../home/git.nix homeDirectory = lib.mkForce "/${config.home.username}";
../home/shell.nix };
];
home.username = "root";
programs = { programs = {
zsh.shellAliases = shellAliases; zsh.shellAliases = shellAliases;
}; };
} }

8
hosts/base/base-gui/default.nix
View File

@@ -1,8 +0,0 @@
{ ... }:
{
imports = [
./hardware.nix
./programs.nix
./services.nix
];
}

11
hosts/base/base-gui/hardware.nix
View File

@@ -1,11 +0,0 @@
{ lib, ... }:
{
# Hardware configs
hardware = {
# Enable graphics
graphics = {
enable = lib.mkDefault true;
enable32Bit = lib.mkDefault true;
};
};
}

31
hosts/base/base-gui/programs.nix
View File

@@ -1,31 +0,0 @@
{ lib, pkgs, ... }:
{
programs = {
nix-ld = {
enable = lib.mkDefault true;
libraries = with pkgs; [
alsa-lib
bash
expat
fontconfig
freetype
icu
glib
gtk3
libgcc
libgdiplus
libGL
libpulseaudio
SDL2
vulkan-loader
xorg.libX11
xorg.libICE
xorg.libSM
xorg.libXcursor
xorg.libXrandr
xorg.libXi
zlib
];
};
seahorse.enable = lib.mkDefault true;
};}

17
hosts/base/base-gui/services.nix
View File

@@ -1,17 +0,0 @@
{ lib, ... }:
{
services = {
kmscon.enable = lib.mkForce false;
# configure pipewire
pipewire = {
enable = lib.mkDefault true;
alsa.enable = lib.mkDefault true;
alsa.support32Bit = lib.mkDefault true;
pulse.enable = lib.mkDefault true;
};
# Enable CUPS to print documents.
printing.enable = lib.mkDefault true;
};
}

36
hosts/base/base-nogui/default.nix
View File

@@ -1,36 +0,0 @@
{ lib, pkgs, ... }:
let
timezone = "America/Chicago";
in
{
imports = [
./boot.nix
./environment.nix
./hardware.nix
./nix-settings.nix
./programs.nix
./security.nix
./services.nix
];
# Time config
time = {
# Set your time zone.
timeZone = timezone;
};
fonts.packages = with pkgs; [
font-awesome
noto-fonts
noto-fonts-color-emoji
meslo-lgs-nf
] ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
fonts.fontconfig.defaultFonts = {
emoji = [
"Noto Color Emoji"
];
};
system.stateVersion = "23.11";
}

13
hosts/base/base-nogui/environment.nix
View File

@@ -1,13 +0,0 @@
{ pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
attic-client
uutils-coreutils
uutils-diffutils
uutils-findutils
coreutils
nixd
];
};
}

12
hosts/base/base-nogui/hardware.nix
View File

@@ -1,12 +0,0 @@
{ lib, ... }:
{
hardware = {
# Bluetooth
bluetooth.enable = lib.mkDefault true;
i2c.enable = lib.mkDefault true;
# Enable all firmware
enableAllFirmware = lib.mkForce true;
};
}

27
hosts/base/default.nix
View File

@@ -1,27 +0,0 @@
# { lib, config, ... }:
# let
# cfg = config.base;
# cosmicPath =
# if cfg.desktopEnvironments.cosmic.enableSpecialisation then
# ../../modules/desktop-environments/cosmic/specialisation.nix
# else
# ../../modules/desktop-environments/cosmic/default.nix;
# hyprlandPath =
# if cfg.desktopEnvironments.hyprland.enableSpecialisation then
# ../../modules/desktop-environments/hyprland/specialisation.nix
# else
# ../../modules/desktop-environments/hyprland/default.nix;
# extraImports = lib.optionals cfg.enable (
# [ ./base-nogui ]
# ++ lib.optional cfg.baseGui.enable ./base-gui
# ++ lib.optional cfg.desktopEnvironments.cosmic.enable cosmicPath
# ++ lib.optional cfg.desktopEnvironments.hyprland.enable hyprlandPath
# );
# in
# {
# imports = [ ./options.nix ] ++ extraImports;
# }

35
hosts/base/options.nix
View File

@@ -1,35 +0,0 @@
{ lib, ... }:
with lib;
{
options.base = {
enable = mkEnableOption "base config";
baseGui.enable = mkOption {
type = types.bool;
default = false;
};
desktopEnvironments = {
cosmic = {
enable = mkOption {
type = types.bool;
default = false;
};
enableSpecialisation = mkOption {
type = types.bool;
default = false;
};
};
hyprland = {
enable = mkOption {
type = types.bool;
default = false;
};
enableSpecialisation = mkOption {
type = types.bool;
default = false;
};
};
};
};
}

66
hosts/desktop/home.nix
View File

@@ -1,66 +0,0 @@
{ pkgs, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
update-flake = "nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager --flake /etc/nixos";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
};
in
{
home.username = "matt";
sops = {
age.keyFile = "/home/matt/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/desktop-nixos" = {
path = "/home/matt/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/desktop-nixos" = {
path = "/home/matt/.ssh/id_ed25519";
mode = "0600";
};
};
};
services = {
remmina = {
enable = true;
addRdpMimeTypeAssoc = true;
};
};
programs = {
password-store.enable = true;
zsh.shellAliases = shellAliases;
};
home.packages = with pkgs; [
bottles
unstable.compose2nix
discord
heroic
stable.vmware-horizon-client
jq
lutris
lzip
morph
orca-slicer
piper
prismlauncher
protontricks
protonvpn-gui
python3
qmk
smile
unigine-heaven
via
virt-manager
vorta
waydroid-helper
];
}

108
hosts/desktop/services.nix
View File

@@ -1,108 +0,0 @@
{ config, lib, pkgs, ... }:
let
pkgsVersion = pkgs; #.unstable;
in
{
services = {
# Enable Flatpak
flatpak.enable = lib.mkDefault false;
# enable auto discovery of printers
avahi = {
enable = lib.mkDefault true;
nssmdns4 = lib.mkDefault true;
openFirewall = lib.mkDefault true;
};
restic.backups = {
jallen-nas = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
environmentFile = config.sops.templates."restic.env".path;
passwordFile = config.sops.secrets."desktop/restic/password".path;
repositoryFile = config.sops.secrets."desktop/restic/repo".path;
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Steam"
"/home/matt/Heroic"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
proton-drive = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
passwordFile = config.sops.secrets."desktop/restic/password".path;
rcloneConfigFile = "/home/matt/.config/rclone/rclone.conf";
repository = "rclone:proton-drive:backup-nix";
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Steam"
"/home/matt/Heroic"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
};
btrfs = {
autoScrub.enable = lib.mkDefault true;
autoScrub.fileSystems = lib.mkDefault [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
];
};
ratbagd.enable = lib.mkDefault true;
};
systemd = {
user.services = {
rclone-home-proton = {
enable = lib.mkDefault false;
path = with pkgsVersion; [
bash
pkgs.rclone
];
script = ''
rclone sync /home/matt proton-drive:backup-nix --exclude '/home/matt/Games/**' --exclude '/home/matt/1TB/**' --exclude '/home/matt/Downloads/**'
'';
};
rsync-home = {
enable = lib.mkDefault false;
path = with pkgsVersion; [
bash
rsync
openssh
];
script = ''
rsync -rtpogvPlHzs --ignore-existing --exclude={'/home/matt/Games', '/home/matt/1TB', '/home/matt/Downloads/*', '/home/matt/.cache'} -e ssh /home/matt admin@10.0.1.3:/media/nas/main/backup/desktop-nix/home
'';
};
};
};
}

26
hosts/desktop/users.nix
View File

@@ -1,26 +0,0 @@
{ config, lib, pkgs, ... }:
let
user = "matt";
passwordFile = config.sops.secrets."desktop/matt_password".path;
pkgsVersion = pkgs; #.unstable;
in
{
users.users."${user}" = {
isNormalUser = lib.mkDefault true;
extraGroups = [
"wheel"
"keys"
"networkmanager"
"ratbagd"
"input"
"scanner"
"lp"
"video"
"i2c"
]; # Enable sudo for the user.
hashedPasswordFile = passwordFile;
shell = pkgsVersion.zsh;
};
users.users.root.shell = pkgsVersion.zsh;
}

236
hosts/homeassistant/automations.yaml
View File

@@ -1,236 +0,0 @@
- id: '1740678838632'
alias: Bedroom Light Switch
description: ''
triggers:
- domain: mqtt
device_id: 8b3a5a5b6faaba744c70ee940446a8af
type: action
subtype: on-press
trigger: device
id: on press
- domain: mqtt
device_id: 8b3a5a5b6faaba744c70ee940446a8af
type: action
subtype: off-press
trigger: device
id: off press
- domain: mqtt
device_id: 8b3a5a5b6faaba744c70ee940446a8af
type: action
subtype: up-press
trigger: device
id: up press
- domain: mqtt
device_id: 8b3a5a5b6faaba744c70ee940446a8af
type: action
subtype: down-press
trigger: device
id: down press
conditions: []
actions:
- choose:
- conditions:
- condition: trigger
id:
- on press
sequence:
- action: light.turn_on
metadata: {}
data:
transition: 2
brightness_pct: 100
kelvin: 6004
target:
entity_id: light.bedroom_lights
- conditions:
- condition: trigger
id:
- off press
sequence:
- action: light.turn_off
metadata: {}
data:
transition: 2
target:
entity_id: light.bedroom_lights
- conditions:
- condition: trigger
id:
- up press
sequence:
- action: light.turn_on
metadata: {}
data:
brightness_step_pct: 10
target:
entity_id: light.bedroom_lights
- conditions:
- condition: trigger
id:
- down press
sequence:
- action: light.turn_on
metadata: {}
data:
brightness_step_pct: -10
target:
entity_id: light.bedroom_lights
mode: single
- id: '1740697291423'
alias: Living Rooom Lights
description: ''
triggers:
- domain: mqtt
device_id: b4fb325dfe68d4f80391417998f35843
type: action
subtype: on-press
trigger: device
id: on press
- domain: mqtt
device_id: b4fb325dfe68d4f80391417998f35843
type: action
subtype: off-press
trigger: device
id: off press
- domain: mqtt
device_id: b4fb325dfe68d4f80391417998f35843
type: action
subtype: up-press
trigger: device
id: up press
- domain: mqtt
device_id: b4fb325dfe68d4f80391417998f35843
type: action
subtype: down-press
trigger: device
id: down press
- domain: mqtt
device_id: b4fb325dfe68d4f80391417998f35843
type: action
subtype: on-hold
trigger: device
id: on-hold
conditions: []
actions:
- choose:
- conditions:
- condition: trigger
id:
- on press
sequence:
- action: light.turn_on
metadata: {}
data:
transition: 2
brightness_pct: 100
kelvin: 6004
target:
entity_id:
- light.living_room_lights
- conditions:
- condition: trigger
id:
- off press
sequence:
- action: light.turn_off
metadata: {}
data:
transition: 2
target:
entity_id:
- light.living_room_lights
- conditions:
- condition: trigger
id:
- up press
sequence:
- action: light.turn_on
metadata: {}
data:
brightness_step_pct: 10
target:
entity_id: light.living_room_lights
- conditions:
- condition: trigger
id:
- down press
sequence:
- action: light.turn_on
metadata: {}
data:
brightness_step_pct: -10
target:
entity_id: light.living_room_light_1
- conditions:
- condition: trigger
id:
- on-hold
sequence:
- action: light.turn_on
metadata: {}
data:
transition: 0
brightness_pct: 100
rgb_color:
- 224
- 27
- 36
target:
entity_id: light.living_room_lights
mode: single
- id: '1741048414771'
alias: Front Closet
description: ''
triggers:
- type: present
device_id: c6519ea1e715f397dbbf7b73452f9e49
entity_id: c3a7b8892b8b372d2c40556e770ddc68
domain: binary_sensor
trigger: device
for:
hours: 0
minutes: 0
seconds: 0
id: present
- type: not_present
device_id: c6519ea1e715f397dbbf7b73452f9e49
entity_id: c3a7b8892b8b372d2c40556e770ddc68
domain: binary_sensor
trigger: device
for:
hours: 0
minutes: 0
seconds: 5
id: not
conditions: []
actions:
- choose:
- conditions:
- condition: trigger
id:
- present
sequence:
- action: light.turn_on
metadata: {}
data:
transition: 2
brightness_pct: 100
kelvin: 6010
target:
entity_id:
- light.front_closet_light_1
- light.front_closet_light_2
- conditions:
- condition: trigger
id:
- not
sequence:
- action: light.turn_off
metadata: {}
data:
transition: 2
target:
entity_id:
- light.front_closet_light_1
- light.front_closet_light_2
mode: single

576
hosts/homeassistant/automations.yaml.ori
View File

@@ -1,576 +0,0 @@
- id: '1692388103102'
alias: Weekly Backup
description: Create a full backup every Sunday at 3 am and store it on the NAS
trigger:
- platform: time
at: 03:00:00
condition:
- condition: time
weekday:
- sun
action:
- service: hassio.backup_full
data:
compressed: true
mode: single
- id: '1692389901297'
alias: Livingroom Lights
description: ''
trigger:
- platform: device
domain: mqtt
device_id: 37d42431de65199af00220b43dae04c1
type: action
subtype: on_press
id: 'on'
- platform: device
domain: mqtt
device_id: 37d42431de65199af00220b43dae04c1
type: action
subtype: off_press
id: 'off'
- platform: device
domain: mqtt
device_id: 37d42431de65199af00220b43dae04c1
type: action
subtype: up_press
id: up
- platform: device
domain: mqtt
device_id: 37d42431de65199af00220b43dae04c1
type: action
subtype: down_press
id: down
- platform: device
domain: mqtt
device_id: 37d42431de65199af00220b43dae04c1
type: action
subtype: on_hold
id: hold
condition: []
action:
- choose:
- conditions:
- condition: trigger
id:
- 'on'
sequence:
- data:
brightness_pct: 100
color_temp_kelvin: 5000
transition: 1
target:
entity_id: light.livingroom_lights
action: light.turn_on
- conditions:
- condition: trigger
id:
- 'off'
sequence:
- data:
transition: 1
target:
entity_id: light.livingroom_lights
action: light.turn_off
- conditions:
- condition: trigger
id:
- hold
sequence:
- data:
brightness_pct: 100
rgb_color:
- 255
- 38
- 0
transition: 1
target:
entity_id: light.livingroom_lights
action: light.turn_on
- conditions:
- condition: trigger
id:
- dim up
sequence:
- data:
brightness_step_pct: 20
target:
entity_id: light.livingroom_lights
action: light.turn_on
- conditions:
- condition: trigger
id:
- dim down
sequence:
- data:
brightness_step_pct: -20
target:
entity_id: light.livingroom_lights
action: light.turn_on
mode: single
- id: '1692390365798'
alias: Bedroom Lights
description: ''
triggers:
- domain: mqtt
device_id: a492c0abb8f14e0888df08101f77f484
type: action
subtype: off_press
id: 'off'
trigger: device
- domain: mqtt
device_id: a492c0abb8f14e0888df08101f77f484
type: action
subtype: on_press
id: 'on'
trigger: device
- domain: mqtt
device_id: a492c0abb8f14e0888df08101f77f484
type: action
subtype: up_press
id: up
trigger: device
- domain: mqtt
device_id: a492c0abb8f14e0888df08101f77f484
type: action
subtype: down_press
id: down
trigger: device
- domain: mqtt
device_id: a492c0abb8f14e0888df08101f77f484
type: action
subtype: on_hold
id: hold on
trigger: device
conditions: []
actions:
- choose:
- conditions:
- condition: trigger
id:
- 'on'
sequence:
- data:
brightness_pct: 100
color_temp_kelvin: 5000
transition: 1
target:
entity_id: light.bedroom_lights
action: light.turn_on
- conditions:
- condition: trigger
id:
- 'off'
sequence:
- data:
transition: 1
target:
entity_id:
- light.bedroom_lights
action: light.turn_off
- conditions:
- condition: trigger
id:
- up
sequence:
- device_id: 171fa001578683249ff26f2d85817fef
domain: light
entity_id: 55d41329665f60a55a732c5bbececd22
type: brightness_increase
- device_id: c92fea3d569ca668e6617a189f917a28
domain: light
entity_id: 0c8630c2b37ae9615f9cf815aaebf40f
type: brightness_increase
- conditions:
- condition: trigger
id:
- down
sequence:
- device_id: 171fa001578683249ff26f2d85817fef
domain: light
entity_id: 55d41329665f60a55a732c5bbececd22
type: brightness_decrease
- device_id: c92fea3d569ca668e6617a189f917a28
domain: light
entity_id: 0c8630c2b37ae9615f9cf815aaebf40f
type: brightness_decrease
- conditions:
- condition: trigger
id:
- hold on
sequence:
- metadata: {}
data:
rgb_color:
- 255
- 0
- 0
brightness_pct: 100
target:
entity_id: light.bedroom_lights
action: light.turn_on
mode: single
- id: '1694441037420'
alias: Air Purifier Schedule
description: ''
trigger:
- platform: time
at: 07:00:00
id: fan off
- platform: time
at: '23:00:00'
id: fan on
condition: []
action:
- choose:
- conditions:
- condition: trigger
id:
- fan on
sequence:
- service: fan.set_percentage
data:
percentage: 100
target:
entity_id: fan.bedroom_air_purifier
- conditions:
- condition: trigger
id:
- fan off
sequence:
- service: fan.set_preset_mode
data:
preset_mode: auto
target:
entity_id: fan.bedroom_air_purifier
mode: single
- id: '1705949582146'
alias: Ice Maker Power Schedule
description: ''
trigger:
- platform: time_pattern
hours: '*'
minutes: '0'
seconds: '0'
condition: []
action:
- type: toggle
device_id: 41c66532e23aadc4c6ac95e520e5d345
entity_id: bd17ac75a91e62ed7e6b148cfe33d43d
domain: switch
- alias: Set Ice Maker Light to Dim
device_id: 41c66532e23aadc4c6ac95e520e5d345
domain: select
entity_id: 8f4f90c62b00df9008d14f7ce8967199
type: select_option
option: 'On'
mode: single
- id: '1708978401738'
alias: Soundbar
description: ''
trigger: []
condition: []
action:
- service: media_player.turn_on
metadata: {}
data: {}
target:
entity_id: media_player.soundbar
- service: media_player.select_source
metadata: {}
data:
source: wifi
target:
entity_id: media_player.soundbar
- service: media_player.play_media
metadata: {}
data:
media_content_id: media-source://radio_browser/2eff3a1f-b821-4267-9f37-f8d7e72061e4
media_content_type: audio/mpeg
target:
entity_id: media_player.soundbar
mode: single
- id: '1711147285926'
alias: Grow Light Schedule
description: ''
trigger:
- platform: time
at: 07:00:00
id: day
- platform: time
at: '20:00:00'
id: night
condition: []
action:
- choose:
- conditions:
- condition: trigger
id:
- day
sequence:
- service: switch.turn_on
metadata: {}
data: {}
target:
entity_id: switch.grow_lights
- conditions:
- condition: trigger
id:
- night
sequence:
- service: switch.turn_off
metadata: {}
data: {}
target:
entity_id: switch.grow_lights
mode: single
- id: '1723142554607'
alias: Restart Luci's Box
description: for some reason this box sucks and needs to get reboot periodically
trigger:
- platform: time_pattern
hours: '*'
condition: []
action:
- type: turn_off
device_id: e7f8974c31567dddbbffb036fe8381bc
entity_id: e1e71e4acdfcbb6c4afdc174807ad8be
domain: switch
- delay:
hours: 0
minutes: 0
seconds: 1
milliseconds: 0
- type: turn_on
device_id: e7f8974c31567dddbbffb036fe8381bc
entity_id: e1e71e4acdfcbb6c4afdc174807ad8be
domain: switch
- type: turn_on
device_id: d5eb3c182a1ef2a231b94b09c26aed45
entity_id: 7106df7ebde274ac4bc2b197d5c45bea
domain: fan
- device_id: d5eb3c182a1ef2a231b94b09c26aed45
domain: number
entity_id: 59a7cd3cb2883bf6002f789c2ff4824c
type: set_value
value: 3
mode: single
- id: '1724707092916'
alias: HASS Updates
description: ''
use_blueprint:
path: edwardtfn/auto_update_scheduled.yaml
input:
schedule_entity: schedule.updates
restart_bool: true
- id: '1724707291994'
alias: IOT Battery Checker
description: ''
use_blueprint:
path: sbyx/low-battery-level-detection-notification-for-all-battery-sensors.yaml
input:
exclude:
entity_id: []
device_id:
- 66e9cee67a740e8925dae5fc9ce940f0
- df76e3a3e48b49e13bd3006350826740
actions:
- action: notify.persistent_notification
metadata: {}
data:
message: Device Battery Low
- id: '1729708621620'
alias: Closet Lights
description: ''
triggers:
- type: present
device_id: 0924cbdcd24416e768caa52301db59f7
entity_id: e9f0acef50550033cd96155bd501b7c3
domain: binary_sensor
trigger: device
for:
hours: 0
minutes: 0
seconds: 0
id: Present
- type: not_present
device_id: 0924cbdcd24416e768caa52301db59f7
entity_id: e9f0acef50550033cd96155bd501b7c3
domain: binary_sensor
trigger: device
for:
hours: 0
minutes: 0
seconds: 0
id: empty
conditions: []
actions:
- choose:
- conditions:
- condition: trigger
id:
- Present
sequence:
- action: light.turn_on
metadata: {}
data:
transition: 3
brightness_pct: 100
kelvin: 5008
target:
device_id:
- e25128ac8fcf62af66a039cde3104760
- ddcfd5ea4fc5f5a88e18325b01c615db
- conditions:
- condition: trigger
id:
- empty
sequence:
- action: light.turn_off
metadata: {}
data:
transition: 3
target:
device_id:
- e25128ac8fcf62af66a039cde3104760
- ddcfd5ea4fc5f5a88e18325b01c615db
mode: single
- id: '1729881464325'
alias: Bedroom Closet
description: ''
triggers:
- type: present
device_id: 28e7f211c72409fe244183219abf6ffa
entity_id: aa474f323868586cef62070654f36936
domain: binary_sensor
trigger: device
id: Present
- type: not_present
device_id: 28e7f211c72409fe244183219abf6ffa
entity_id: aa474f323868586cef62070654f36936
domain: binary_sensor
trigger: device
id: empty
conditions: []
actions:
- choose:
- conditions:
- condition: trigger
id:
- Present
sequence:
- type: turn_on
device_id: f5936d6143b7927433e9c0430c79acab
entity_id: f6ec42c9db2c191866a335a346b1ec44
domain: switch
- conditions:
- condition: trigger
id:
- empty
sequence:
- type: turn_off
device_id: f5936d6143b7927433e9c0430c79acab
entity_id: f6ec42c9db2c191866a335a346b1ec44
domain: switch
mode: single
- id: '1740179328446'
alias: Living Room Lights
description: ''
triggers:
- domain: mqtt
device_id: f7482a462dc7cc05b4ceaa0d882dc469
type: action
subtype: off_press
trigger: device
id: 'off'
- domain: mqtt
device_id: f7482a462dc7cc05b4ceaa0d882dc469
type: action
subtype: on_press
trigger: device
id: 'on'
- domain: mqtt
device_id: f7482a462dc7cc05b4ceaa0d882dc469
type: action
subtype: up_press
trigger: device
id: up
- domain: mqtt
device_id: f7482a462dc7cc05b4ceaa0d882dc469
type: action
subtype: down_press
trigger: device
id: down
- domain: mqtt
device_id: f7482a462dc7cc05b4ceaa0d882dc469
type: action
subtype: on_hold
trigger: device
id: hold on
conditions: []
actions:
- choose:
- conditions:
- condition: trigger
id:
- 'on'
sequence:
- data:
brightness_pct: 100
color_temp_kelvin: 5000
transition: 1
action: light.turn_on
target:
entity_id: light.livingroom_lights
- conditions:
- condition: trigger
id:
- 'off'
sequence:
- data:
transition: 1
action: light.turn_off
target:
entity_id: light.livingroom_lights
- conditions:
- condition: trigger
id:
- up
sequence:
- device_id: 8bc2033b03d5a474ca3204c5ca53e308
domain: light
entity_id: 4a3cc9043ff985e9271683e1916bd9e1
type: brightness_increase
- device_id: 8f4f51aed9b3b4284f520af25358efd9
domain: light
entity_id: f45e74498c4b6bae65aaf5adf67e29d6
type: brightness_increase
- conditions:
- condition: trigger
id:
- down
sequence:
- device_id: 8bc2033b03d5a474ca3204c5ca53e308
domain: light
entity_id: 4a3cc9043ff985e9271683e1916bd9e1
type: brightness_decrease
- device_id: 8bc2033b03d5a474ca3204c5ca53e308
domain: light
entity_id: 4a3cc9043ff985e9271683e1916bd9e1
type: brightness_decrease
- conditions:
- condition: trigger
id:
- hold on
sequence:
- metadata: {}
data:
rgb_color:
- 255
- 0
- 0
brightness_pct: 100
action: light.turn_on
target:
entity_id: light.livingroom_lights
mode: single

40
hosts/homeassistant/boot.nix
View File

@@ -1,40 +0,0 @@
{ lib, pkgs, ... }:
let
kernel = pkgs.linuxPackages_latest;
in
{
# Configure bootloader with lanzaboot and secureboot
boot = {
kernelModules = [ "nct6775" ];
loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
initrd = {
verbose = false;
systemd.enable = true;
};
plymouth = {
enable = true;
};
kernelPackages = kernel;
kernelParams = [
"quiet"
"splash"
];
consoleLogLevel = 3;
bootspec.enable = true;
};
environment.systemPackages = with pkgs; [
edk2-uefi-shell
];
}

141
hosts/homeassistant/configuration.nix
View File

@@ -1,141 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
let
user = "hass-admin";
password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
SSID = "Joey's Jungle 5G";
SSIDpassword = "kR8v&3Qd"; # config.sops.templates."wifi-password".content;
interface = "wlp0s20f3";
timezone = "America/Chicago";
hostname = "jallen-hass";
in
{
imports = [
# Include the results of the hardware scan.
./boot.nix
./hardware-configuration.nix
./impermanence.nix
./homeassistant.nix
../default.nix
];
# Enable nix flakes and nix-command tools
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.trusted-users = [ "@wheel" ];
# Set your time zone.
time.timeZone = timezone;
networking = {
networkmanager = {
enable = true;
# Configure the static connection for eno1
# ensureProfiles = {
# profiles = {
# joeys-jungle = {
# connection = {
# id = "joeys-jungle";
# permissions = "";
# type = "wifi";
# };
# ipv4 = {
# dns-search = "";
# method = "auto";
# };
# ipv6 = {
# addr-gen-mode = "stable-privacy";
# dns-search = "";
# method = "auto";
# };
# wifi = {
# mac-address-blacklist = "";
# mode = "infrastructure";
## ssid = SSID;
# };
# wifi-security = {
# auth-alg = "open";
# key-mgmt = "wpa-psk";
# psk = SSIDpassword;
# };
# };
# "static-eno1" = {
# connection = {
# id = "static-eno1";
# type = "ethernet";
# interface-name = "eno1";
# };
# ipv4 = {
# method = "manual";
# addresses = "10.0.1.19/24";
# gateway = "10.0.1.1";
# dns = "10.0.1.1";
# };
# };
# };
# };
};
hostName = hostname;
wireless = {
enable = false;
networks."${SSID}".psk = SSIDpassword;
interfaces = [ interface ];
};
};
environment.systemPackages = with pkgs; [
vim
htop
git
protonmail-bridge
pass
gnome-keyring
openssl
];
services.xserver.desktopManager.surf-display = {
enable = true;
defaultWwwUri = "http://jallen-hass:8123"; # todo: external maybe for reasons???
};
services.openssh.enable = true;
services.protonmail-bridge = {
enable = true;
path = with pkgs; [ pass gnome-keyring ];
};
# Enable Avahi for .local hostname resolution
services.avahi = {
enable = true;
nssmdns4 = true; # For modern systems, use nssmdns4 instead of nssmdns
publish = {
enable = true;
addresses = true;
domain = true;
workstation = true;
};
};
users = {
mutableUsers = false;
users."${user}" = {
isNormalUser = lib.mkForce true;
initialHashedPassword = password;
extraGroups = [
"wheel"
"docker"
"network-manager"
"hass"
];
shell = pkgs.zsh;
};
};
}

70
hosts/homeassistant/hardware-configuration.nix
View File

@@ -1,70 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/AB0D-A6A2";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
fsType = "btrfs";
options = [ "subvol=etc" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
fsType = "btrfs";
options = [ "subvol=log" ];
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
fsType = "btrfs";
options = [ "subvol=root" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
fsType = "btrfs";
options = [ "subvol=home" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/d631d42b-b70a-4579-bfb4-57412ae7c682"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

64
hosts/homeassistant/home.nix
View File

@@ -1,64 +0,0 @@
{ lib, pkgs, ... }:
let
shellAliases = {
ll = "ls -alh";
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
update-flake = "sudo nix flake update ~/nix-config";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
nas-ssh = "kitten ssh admin@10.0.1.3";
ducks = "du -cksh * | sort -hr | head -n 15";
};
gitAliases = {
co = "checkout";
ci = "commit";
cia = "commit --amend";
s = "status";
st = "status";
b = "branch";
p = "pull --rebase";
pu = "push";
};
in
{
home.username = "hass-admin";
home.homeDirectory = "/home/hass-admin";
home.stateVersion = "23.11";
programs.home-manager.enable = true;
programs = {
fish.enable = false;
mangohud.enable = true;
java.enable = true;
zsh = {
enable = true;
enableCompletion = true;
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
shellAliases = shellAliases;
oh-my-zsh = {
enable = true;
plugins = [ "git" ];
theme = "fishy";
};
};
};
programs.git = {
enable = true;
userName = "mjallen18";
userEmail = "matt.l.jallen@gmail.com";
aliases = gitAliases;
};
home.packages = with pkgs; [
age
fastfetch
firefox
];
}

453
hosts/homeassistant/homeassistant.nix
View File

@@ -1,453 +0,0 @@
{ config, pkgs, ... }:
let
mosquittoPort = 1883;
zigbee2mqttPort = 8080;
# "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
ha-bambulab = pkgs.stdenv.mkDerivation {
pname = "ha-bambulab";
version = "v2.1.5"; # Update with correct version
src = pkgs.fetchFromGitHub {
owner = "greghesp"; # Update with correct owner
repo = "ha-bambulab"; # Update with correct repo name
rev = "v2.1.5"; # Or specific tag/commit
sha256 = "sha256-iVcNFdkzdMVjbQuzrTLib8fhirnc+OJdPzM60EnyVe0="; # Replace with actual hash
};
installPhase = ''
mkdir -p $out/custom_components
cp -r custom_components/bambu_lab $out/custom_components/
'';
};
ha-gehome = pkgs.stdenv.mkDerivation {
pname = "ha-gehome";
version = "v2025.2.1"; # Update with correct version
src = pkgs.fetchFromGitHub {
owner = "simbaja"; # Update with correct owner
repo = "ha_gehome"; # Update with correct repo name
rev = "v2025.2.1"; # Or specific tag/commit
sha256 = "sha256-nb+KrJoWqvhqH6E7A22xXwQzTYp7yn+hl9WRDXn95Cc="; # Replace with actual hash
};
installPhase = ''
mkdir -p $out/custom_components
cp -r custom_components/ge_home $out/custom_components/
'';
};
ha-mail-and-packages = pkgs.stdenv.mkDerivation {
pname = "Home-Assistant-Mail-And-Packages";
version = "0.4.2"; # Update with correct version
src = pkgs.fetchFromGitHub {
owner = "moralmunky"; # Update with correct owner
repo = "Home-Assistant-Mail-And-Packages"; # Update with correct repo name
rev = "0.4.2"; # Or specific tag/commit
sha256 = "sha256-5LBTlRlkSUx8DOY+F7UvUs4dzjZKdBdgnDUdK6DBdew="; # Replace with actual hash
};
installPhase = ''
mkdir -p $out/custom_components
cp -r custom_components/mail_and_packages $out/custom_components/
'';
};
ha-overseerr = pkgs.stdenv.mkDerivation {
pname = "ha-overseerr";
version = "0.1.42"; # Update with correct version
src = pkgs.fetchFromGitHub {
owner = "vaparr"; # Update with correct owner
repo = "ha-overseerr"; # Update with correct repo name
rev = "0.1.42"; # Or specific tag/commit
sha256 = "sha256-UvUowCgfay9aRV+iC/AQ9vvJzhGZbH+/1kVjxPFBKcI="; # Replace with actual hash
};
installPhase = ''
mkdir -p $out/custom_components
cp -r custom_components/overseerr $out/custom_components/
'';
};
ha-petlibro = pkgs.stdenv.mkDerivation {
pname = "ha-petlibro";
version = "v1.0.21.1"; # Update with correct version
src = pkgs.fetchzip {
url = "https://github.com/jjjonesjr33/petlibro/archive/refs/tags/v1.0.21.1.zip";
sha256 = "sha256-3EckyAgWxlZeqy9g13yP2nKCcjnyVIp8EdiE/A1pNu4="; # Replace with actual hash
};
installPhase = ''
mkdir -p $out/custom_components
cp -r custom_components/petlibro $out/custom_components/
'';
};
ha-wyzeapi = pkgs.stdenv.mkDerivation {
pname = "ha-wyzeapi";
version = "0.1.32"; # Update with correct version
src = pkgs.fetchzip {
url = "https://github.com/SecKatie/ha-wyzeapi/archive/refs/tags/0.1.32.zip";
sha256 = "sha256-3xUynZBEHuO2hKLYCb2sBpJAe0JF/8uKqR304Y7JQmE="; # Replace with actual hash
};
installPhase = ''
mkdir -p $out/custom_components
cp -r custom_components/wyzeapi $out/custom_components/
'';
};
# In configuration.nix or a separate file
pythonSteam = pkgs.python3.withPackages (ps: [
(ps.buildPythonPackage rec {
pname = "steam";
version = "1.4.4"; # Check for the latest version
src = pkgs.fetchPypi {
inherit pname version;
sha256 = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; # Get the correct hash
};
doCheck = false;
propagatedBuildInputs = [ ps.requests ps.protobuf ];
})
]);
in
{
services.home-assistant = {
enable = true;
openFirewall = true;
configWritable = true; # todo
extraComponents = [
# Components required to complete the onboarding
"analytics"
"google_translate"
"met"
"radio_browser"
"shopping_list"
# Recommended for fast zlib compression
# https://www.home-assistant.io/integrations/isal
"isal"
"subaru"
"vesync"
"mqtt" # Enables MQTT integration in HA
"ffmpeg" # Enables camera streams
"zha" # Enables Zigbee integration
"homekit"
"music_assistant"
];
customComponents = with pkgs.home-assistant-custom-components; [
auth-header
];
customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
atomic-calendar-revive
bubble-card
button-card
hourly-weather
mini-graph-card
mini-media-player
multiple-entity-row
mushroom
vacuum-card
weather-chart-card
zigbee2mqtt-networkmap
];
# use postgresql instead of sqlite
extraPackages = ps: with ps; [
# Core functionality
aiohttp
aiodns
paho-mqtt
pillow
pytz
pyyaml
sqlalchemy
# Discovery & networking
zeroconf
netdisco
ifaddr
ssdp
# Device protocols
pyserial # Serial communications
bluepy # Bluetooth LE
# Smart home ecosystems
mutagen # Media file metadata
pysonos # Sonos
pywemo # Belkin WeMo
python-miio # Xiaomi devices
python-kasa # TP-Link
# Sensors & monitoring
meteocalc # Weather calculations
speedtest-cli # Internet speed
# Visualization & UI
matplotlib # Graphing
# Security
bcrypt
cryptography
pyjwt
# Media
ha-ffmpeg # Camera streams
# Specialized integrations
python-matter-server # Matter protocol
# System integrations
psutil # System monitoring
psycopg2
numpy
hassil
pyturbojpeg
paho-mqtt
pychromecast
pyatv
python-otbr-api
brother
pyipp
govee-ble
adguardhome
nextcord
aiogithubapi
jellyfin-apiclient-python
pylitterbot
dateparser
aionut
nextcloudmonitor
ollama
pynecil
aiopyarr
pysabnzbd
getmac
zigpy
bellows # For Zigbee EmberZNet-based adapters
zigpy-xbee # For XBee adapters
zigpy-deconz # For ConBee/RaspBee adapters
pyicloud # iCloud
pyatv # Apple TV
opencv-python
face-recognition
ibeacon-ble
gehomesdk
onedrive-personal-sdk
python-roborock
pythonSteam
apple-weatherkit
];
config = {
# Includes dependencies for a basic setup
# https://www.home-assistant.io/integrations/default_config/
default_config = {};
cloud = false;
frontend = {
themes = "!include_dir_merge_named themes";
};
"automation ui" = "!include /etc/nixos/hosts/homeassistant/automations.yaml";
"scene ui" = "!include /etc/nixos/hosts/homeassistant/scenes.yaml";
"script ui" = "!include /etc/nixos/hosts/homeassistant/scripts.yaml";
http = {
use_x_forwarded_for = true;
trusted_proxies = [
"172.30.33.0/24"
"10.0.1.3"
"10.0.1.0/24"
];
};
recorder = {
db_url = "postgresql://@/hass";
purge_keep_days = 180;
};
auth_header = {
debug = false;
username_header = "X-authentik-username";
};
# https://www.home-assistant.io/integrations/ota_updater/
zha.zigpy_config.ota.z2m_remote_index = "https://raw.githubusercontent.com/Koenkk/zigbee-OTA/master/index.json";
};
};
# https://www.home-assistant.io/integrations/automation/
# systemd.tmpfiles.rules = [
# "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass"
# ];
# This bypasses the component validation and places it directly in HA's data directory
system.activationScripts.installCustomComponents = ''
mkdir -p ${config.services.home-assistant.configDir}/custom_components
cp -r ${ha-bambulab}/custom_components/bambu_lab ${config.services.home-assistant.configDir}/custom_components/
cp -r ${ha-gehome}/custom_components/ge_home ${config.services.home-assistant.configDir}/custom_components/
cp -r ${ha-mail-and-packages}/custom_components/mail_and_packages ${config.services.home-assistant.configDir}/custom_components/
cp -r ${ha-overseerr}/custom_components/overseerr ${config.services.home-assistant.configDir}/custom_components/
cp -r ${ha-petlibro}/custom_components/petlibro ${config.services.home-assistant.configDir}/custom_components/
cp -r ${ha-wyzeapi}/custom_components/wyzeapi ${config.services.home-assistant.configDir}/custom_components/
ln -sf /etc/nixos/hosts/homeassistant/automations.yaml ${config.services.home-assistant.configDir}/automations.yaml
ln -sf /etc/nixos/hosts/homeassistant/scenes.yaml ${config.services.home-assistant.configDir}/scenes.yaml
ln -sf /etc/nixos/hosts/homeassistant/scripts.yaml ${config.services.home-assistant.configDir}/scripts.yaml
chown -R hass:hass ${config.services.home-assistant.configDir}
chmod -R 750 ${config.services.home-assistant.configDir}
'';
services = {
postgresql = {
enable = true;
ensureDatabases = [ "hass" ];
ensureUsers = [{
name = "hass";
ensureDBOwnership = true;
}];
};
# Enable and configure Mosquitto MQTT broker
mosquitto = {
enable = true;
listeners = [
{
acl = [ "pattern readwrite #" ];
omitPasswordAuth = true;
settings.allow_anonymous = true;
}
];
};
zigbee2mqtt = {
enable = true;
settings = {
homeassistant = {
enabled = config.services.home-assistant.enable;
# Optional: Home Assistant discovery topic (default: shown below)
# Note: should be different from [MQTT base topic](../mqtt.md) to prevent errors in HA software
discovery_topic = "homeassistant";
# Optional: Home Assistant status topic (default: shown below)
status_topic = "homeassistant/status";
# Optional: Experimental support for Home Assistant event entities, may break in the future (default: shown below) when enabled:
# - An `event` entity will be discovered for each 'action'.
# - The `event_type` attribute will contain the action itself, additional attributes like `button` will have further information.
experimental_event_entities = false;
# Optional: Home Assistant legacy action sensor (default: `false`), when enabled:
# - Zigbee2MQTT will send an empty 'action' after one has been send
# - A 'sensor_action' will be discovered
legacy_action_sensor = false;
};
permit_join = true;
# Web interface
frontend = {
port = zigbee2mqttPort; # Choose an available port
};
# MQTT configuration
mqtt = {
base_topic = "zigbee2mqtt";
server = "mqtt://localhost:1883";
# If using authentication:
# user = "mqttuser";
# password = "your-password";
};
serial = {
port = "/dev/ttyUSB0";
};
};
};
music-assistant = {
enable = true;
providers = [
# "airplay" # music-assistant: airplay support is missing libraop, a library we will not package because it depends on OpenSSL 1.1.
"apple_music"
"bluesound"
"builtin"
"chromecast"
"deezer"
"dlna"
"fanarttv"
"filesystem_local"
"filesystem_smb"
"fully_kiosk"
"hass"
"hass_players"
"jellyfin"
"musicbrainz"
"opensubsonic"
"player_group"
"plex"
"qobuz"
"radiobrowser"
"siriusxm"
"snapcast"
"sonos"
"sonos_s1"
"soundcloud"
"spotify"
"template_player_provider"
"test"
"theaudiodb"
"tidal"
"tunein"
"ytmusic"
];
};
# Enable AirPlay
pipewire = {
# opens UDP ports 6001-6002
raopOpenFirewall = true;
extraConfig.pipewire = {
"10-airplay" = {
"context.modules" = [
{
name = "libpipewire-module-raop-discover";
# increase the buffer size if you get dropouts/glitches
# args = {
# "raop.latency.ms" = 500;
# };
}
];
};
};
};
};
# Enable required hardware support for the Zigbee adapter
hardware.bluetooth.enable = true; # Some adapters use Bluetooth
# Ensure proper permissions for Zigbee USB devices
# services.udev.extraRules = ''
# # For CC2531, CC2530, CC1352P-2, CC2538 and similar adapters
# SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="zigbee", MODE="0666"
# SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="zigbee", MODE="0666"
# # For ConBee/RaspBee by Dresden Elektronik
# SUBSYSTEM=="tty", ATTRS{idVendor}=="1cf1", ATTRS{idProduct}=="0030", SYMLINK+="zigbee", MODE="0666"
# # For Electrolama zig-a-zig-ah (zzh!)
# SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="zigbee", MODE="0666"
# '';
environment.systemPackages = with pkgs; [
mosquitto # MQTT command-line tools
usbutils # For lsusb to help identify your adapter
];
networking.firewall.allowedTCPPorts = [
mosquittoPort
zigbee2mqttPort
8095
8097
];
}

57
hosts/homeassistant/impermanence.nix
View File

@@ -1,57 +0,0 @@
{ ... }:
{
# Set up impernance configuration for things like bluetooth
# In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
environment.persistence."/nix/persist/system" = {
hideMounts = true;
directories = [
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/tailscale"
"/var/lib/systemd/coredump"
"/var/lib/zigbee2mqtt"
"/var/lib/postgresql"
# "/var/lib/music-assistant"
"/etc/NetworkManager/system-connections"
"/etc/secureboot"
{
directory = "/var/lib/private/authentik/media";
user = "authentik";
group = "authentik";
mode = "u=rwx,g=,o=";
}
{
directory = "/var/lib/hass";
user = "hass";
group = "hass";
mode = "u=rwx,g=,o=";
}
{
directory = "/var/lib/private";
mode = "u=rwx,g=rx,o=";
}
{
directory = "/var/lib/colord";
user = "colord";
group = "colord";
mode = "u=rwx,g=rx,o=";
}
{
directory = "/etc/nix";
user = "root";
group = "wheel";
mode = "u=rwx,g=rx,o=rx";
}
];
files = [
"/var/cache-priv-key.pem"
"/etc/machine-id"
];
};
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
}

0
hosts/homeassistant/scenes.yaml
View File

0
hosts/homeassistant/scripts.yaml
View File

7
hosts/mac-nixos/apple-silicon-support/default.nix
View File

@@ -1,7 +0,0 @@
{ ... }:
{
imports = [
./modules/default.nix
];
}

55
hosts/mac-nixos/apple-silicon-support/modules/boot-m1n1/default.nix
View File

@@ -1,55 +0,0 @@
{ config, pkgs, lib, ... }:
let
pkgs' = config.hardware.asahi.pkgs;
bootM1n1 = pkgs'.m1n1.override {
isRelease = true;
withTools = false;
customLogo = config.boot.m1n1CustomLogo;
};
bootUBoot = pkgs'.uboot-asahi.override {
m1n1 = bootM1n1;
};
bootFiles = {
"m1n1/boot.bin" = pkgs.runCommand "boot.bin" {} ''
cat ${bootM1n1}/build/m1n1.bin > $out
cat ${config.boot.kernelPackages.kernel}/dtbs/apple/*.dtb >> $out
cat ${bootUBoot}/u-boot-nodtb.bin.gz >> $out
if [ -n "${config.boot.m1n1ExtraOptions}" ]; then
echo '${config.boot.m1n1ExtraOptions}' >> $out
fi
'';
};
in {
config = lib.mkIf config.hardware.asahi.enable {
# install m1n1 with the boot loader
boot.loader.grub.extraFiles = bootFiles;
boot.loader.systemd-boot.extraFiles = bootFiles;
# ensure the installer has m1n1 in the image
system.extraDependencies = lib.mkForce [ bootM1n1 bootUBoot ];
system.build.m1n1 = bootFiles."m1n1/boot.bin";
};
options.boot = {
m1n1ExtraOptions = lib.mkOption {
type = lib.types.str;
default = "";
description = ''
Append extra options to the m1n1 boot binary. Might be useful for fixing
display problems on Mac minis.
https://github.com/AsahiLinux/m1n1/issues/159
'';
};
m1n1CustomLogo = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
Custom logo to build into m1n1. The path must point to a 256x256 PNG.
'';
};
};
}

92
hosts/mac-nixos/apple-silicon-support/modules/default.nix
View File

@@ -1,92 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports = [
./kernel
./mesa
./peripheral-firmware
./boot-m1n1
./sound
];
config = let
cfg = config.hardware.asahi;
in lib.mkIf cfg.enable {
nixpkgs.overlays = lib.mkBefore [ cfg.overlay ];
# patch systemd-boot to boot in Apple Silicon UEFI environment.
# This regression only appeared in systemd 256.7.
# see https://github.com/NixOS/nixpkgs/pull/355290
# and https://github.com/systemd/systemd/issues/35026
systemd.package = let
systemdBroken = (pkgs.systemd.version == "256.7");
systemdPatched = pkgs.systemd.overrideAttrs (old: {
patches = let
oldPatches = (old.patches or []);
# not sure why there are non-paths in there but oh well
patchNames = (builtins.map (p: if ((builtins.typeOf p) == "path") then builtins.baseNameOf p else "") oldPatches);
fixName = "0019-Revert-boot-Make-initrd_prepare-semantically-equival.patch";
alreadyPatched = builtins.elem fixName patchNames;
in oldPatches ++ lib.optionals (!alreadyPatched) [
(pkgs.fetchpatch {
url = "https://raw.githubusercontent.com/NixOS/nixpkgs/125e99477b0ac0a54b7cddc6c5a704821a3074c7/pkgs/os-specific/linux/systemd/${fixName}";
hash = "sha256-UW3DZiaykQUUNcGA5UFxN+/wgNSW3ufxDDCZ7emD16o=";
})
];
});
in if systemdBroken then systemdPatched else pkgs.systemd;
hardware.asahi.pkgs =
if cfg.pkgsSystem != "aarch64-linux"
then
import (pkgs.path) {
crossSystem.system = "aarch64-linux";
localSystem.system = cfg.pkgsSystem;
overlays = [ cfg.overlay ];
}
else pkgs;
};
options.hardware.asahi = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Enable the basic Asahi Linux components, such as kernel and boot setup.
'';
};
pkgsSystem = lib.mkOption {
type = lib.types.str;
default = "aarch64-linux";
description = ''
System architecture that should be used to build the major Asahi
packages, if not the default aarch64-linux. This allows installing from
a cross-built ISO without rebuilding them during installation.
'';
};
pkgs = lib.mkOption {
type = lib.types.raw;
description = ''
Package set used to build the major Asahi packages. Defaults to the
ambient set if not cross-built, otherwise re-imports the ambient set
with the system defined by `hardware.asahi.pkgsSystem`.
'';
};
overlay = lib.mkOption {
type = lib.mkOptionType {
name = "nixpkgs-overlay";
description = "nixpkgs overlay";
check = lib.isFunction;
merge = lib.mergeOneOption;
};
default = import ../packages/overlay.nix;
defaultText = "overlay provided with the module";
description = ''
The nixpkgs overlay for asahi packages.
'';
};
};
}

106
hosts/mac-nixos/apple-silicon-support/modules/kernel/default.nix
View File

@@ -1,106 +0,0 @@
# the Asahi Linux kernel and options that must go along with it
{ config, pkgs, lib, ... }:
{
config = lib.mkIf config.hardware.asahi.enable {
boot.kernelPackages = let
pkgs' = config.hardware.asahi.pkgs;
in
pkgs'.linux-asahi.override {
_kernelPatches = config.boot.kernelPatches;
withRust = config.hardware.asahi.withRust;
};
# we definitely want to use CONFIG_ENERGY_MODEL, and
# schedutil is a prerequisite for using it
# source: https://www.kernel.org/doc/html/latest/scheduler/sched-energy.html
powerManagement.cpuFreqGovernor = lib.mkOverride 800 "schedutil";
boot.initrd.includeDefaultModules = false;
boot.initrd.availableKernelModules = [
# list of initrd modules stolen from
# https://github.com/AsahiLinux/asahi-scripts/blob/f461f080a1d2575ae4b82879b5624360db3cff8c/initcpio/install/asahi
"apple-mailbox"
"nvme_apple"
"pinctrl-apple-gpio"
"macsmc"
"macsmc-rtkit"
"i2c-pasemi-platform"
"tps6598x"
"apple-dart"
"dwc3"
"dwc3-of-simple"
"xhci-pci"
"pcie-apple"
"gpio_macsmc"
"phy-apple-atc"
"nvmem_apple_efuses"
"spi-apple"
"spi-hid-apple"
"spi-hid-apple-of"
"rtc-macsmc"
"simple-mfd-spmi"
"spmi-apple-controller"
"nvmem_spmi_mfd"
"apple-dockchannel"
"dockchannel-hid"
"apple-rtkit-helper"
# additional stuff necessary to boot off USB for the installer
# and if the initrd (i.e. stage 1) goes wrong
"usb-storage"
"xhci-plat-hcd"
"usbhid"
"hid_generic"
];
boot.kernelParams = [
"earlycon"
"console=tty0"
"boot.shell_on_fail"
# Apple's SSDs are slow (~dozens of ms) at processing flush requests which
# slows down programs that make a lot of fsync calls. This parameter sets
# a delay in ms before actually flushing so that such requests can be
# coalesced. Be warned that increasing this parameter above zero (default
# is 1000) has the potential, though admittedly unlikely, risk of
# UNBOUNDED data corruption in case of power loss!!!! Don't even think
# about it on desktops!!
"nvme_apple.flush_interval=0"
];
# U-Boot does not support EFI variables
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
# U-Boot does not support switching console mode
boot.loader.systemd-boot.consoleMode = "0";
# GRUB has to be installed as removable if the user chooses to use it
boot.loader.grub = lib.mkDefault {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
# autosuspend was enabled as safe for the PCI SD card reader
# "Genesys Logic, Inc GL9755 SD Host Controller [17a0:9755] (rev 01)"
# by recent systemd versions, but this has a "negative interaction"
# with our kernel/SoC and causes random boot hangs. disable it!
services.udev.extraHwdb = ''
pci:v000017A0d00009755*
ID_AUTOSUSPEND=0
'';
};
imports = [
(lib.mkRemovedOptionModule [ "hardware" "asahi" "addEdgeKernelConfig" ]
"All edge kernel config options are now the default.")
];
options.hardware.asahi.withRust = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Build the Asahi Linux kernel with Rust support.
'';
};
}

53
hosts/mac-nixos/apple-silicon-support/modules/mesa/default.nix
View File

@@ -1,53 +0,0 @@
{ options, config, pkgs, lib, ... }:
{
config = let
isMode = mode: (config.hardware.asahi.useExperimentalGPUDriver
&& config.hardware.asahi.experimentalGPUInstallMode == mode);
in lib.mkIf config.hardware.asahi.enable (lib.mkMerge [
{
# required for proper DRM setup even without GPU driver
services.xserver.config = ''
Section "OutputClass"
Identifier "appledrm"
MatchDriver "apple"
Driver "modesetting"
Option "PrimaryGPU" "true"
EndSection
'';
}
(lib.mkIf config.hardware.asahi.useExperimentalGPUDriver {
# install the Asahi Mesa version
hardware.graphics.package = config.hardware.asahi.pkgs.mesa-asahi-edge;
# required for in-kernel GPU driver
hardware.asahi.withRust = true;
})
]);
options.hardware.asahi.useExperimentalGPUDriver = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Use the experimental Asahi Mesa GPU driver.
Do not report issues using this driver under NixOS to the Asahi project.
'';
};
# hopefully no longer used, should be deprecated eventually
options.hardware.asahi.experimentalGPUInstallMode = lib.mkOption {
type = lib.types.enum [ "driver" "replace" "overlay" ];
default = "replace";
description = ''
Mode to use to install the experimental GPU driver into the system.
driver: install only as a driver, do not replace system Mesa.
Causes issues with certain programs like Plasma Wayland.
replace (default): use replaceRuntimeDependencies to replace system Mesa with Asahi Mesa.
Does not work in pure evaluation context (i.e. in flakes by default).
overlay: overlay system Mesa with Asahi Mesa
Requires rebuilding the world.
'';
};
}

69
hosts/mac-nixos/apple-silicon-support/modules/peripheral-firmware/default.nix
View File

@@ -1,69 +0,0 @@
{ config, pkgs, lib, ... }:
{
config = lib.mkIf config.hardware.asahi.enable {
assertions = lib.mkIf config.hardware.asahi.extractPeripheralFirmware [
{ assertion = config.hardware.asahi.peripheralFirmwareDirectory != null;
message = ''
Asahi peripheral firmware extraction is enabled but the firmware
location appears incorrect.
'';
}
];
hardware.firmware = let
pkgs' = config.hardware.asahi.pkgs;
in
lib.mkIf ((config.hardware.asahi.peripheralFirmwareDirectory != null)
&& config.hardware.asahi.extractPeripheralFirmware) [
(pkgs.stdenv.mkDerivation {
name = "asahi-peripheral-firmware";
nativeBuildInputs = [ pkgs'.asahi-fwextract pkgs.cpio ];
buildCommand = ''
mkdir extracted
asahi-fwextract ${config.hardware.asahi.peripheralFirmwareDirectory} extracted
mkdir -p $out/lib/firmware
cat extracted/firmware.cpio | cpio -id --quiet --no-absolute-filenames
mv vendorfw/* $out/lib/firmware
'';
})
];
};
options.hardware.asahi = {
extractPeripheralFirmware = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Automatically extract the non-free non-redistributable peripheral
firmware necessary for features like Wi-Fi.
'';
};
peripheralFirmwareDirectory = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = lib.findFirst (path: builtins.pathExists (path + "/all_firmware.tar.gz")) null
[
# path when the system is operating normally
/boot/asahi
# path when the system is mounted in the installer
/mnt/boot/asahi
];
description = ''
Path to the directory containing the non-free non-redistributable
peripheral firmware necessary for features like Wi-Fi. Ordinarily, this
will automatically point to the appropriate location on the ESP. Flake
users and those interested in maximum purity will want to copy those
files elsewhere and specify this manually.
Currently, this consists of the files `all-firmware.tar.gz` and
`kernelcache*`. The official Asahi Linux installer places these files
in the `asahi` directory of the EFI system partition when creating it.
'';
};
};
}

49
hosts/mac-nixos/apple-silicon-support/modules/sound/default.nix
View File

@@ -1,49 +0,0 @@
{ config, options, pkgs, lib, ... }:
{
options.hardware.asahi = {
setupAsahiSound = lib.mkOption {
type = lib.types.bool;
default = config.hardware.asahi.enable;
description = ''
Set up the Asahi DSP components so that the speakers and headphone jack
work properly and safely.
'';
};
};
config = let
cfg = config.hardware.asahi;
in lib.mkIf (cfg.setupAsahiSound && cfg.enable) (lib.mkMerge [
{
# can't be used by Asahi sound infrastructure
services.pulseaudio.enable = false;
# enable pipewire to run real-time and avoid audible glitches
security.rtkit.enable = true;
# set up pipewire with the supported capabilities (instead of pulseaudio)
# and asahi-audio configs and plugins
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
configPackages = [ pkgs.asahi-audio ];
wireplumber = {
enable = true;
configPackages = [ pkgs.asahi-audio ];
};
};
# set up enivronment so that UCM configs are used as well
environment.variables.ALSA_CONFIG_UCM2 = "${pkgs.alsa-ucm-conf-asahi}/share/alsa/ucm2";
systemd.user.services.pipewire.environment.ALSA_CONFIG_UCM2 = config.environment.variables.ALSA_CONFIG_UCM2;
systemd.user.services.wireplumber.environment.ALSA_CONFIG_UCM2 = config.environment.variables.ALSA_CONFIG_UCM2;
# enable speakersafetyd to protect speakers
systemd.packages = [ pkgs.speakersafetyd ];
services.udev.packages = [ pkgs.speakersafetyd ];
}
]);
}

22
hosts/mac-nixos/apple-silicon-support/packages/alsa-ucm-conf-asahi/default.nix
View File

@@ -1,22 +0,0 @@
{ lib
, fetchFromGitHub
, alsa-ucm-conf
}:
(alsa-ucm-conf.overrideAttrs (oldAttrs: let
versionAsahi = "8";
srcAsahi = fetchFromGitHub {
# tracking: https://src.fedoraproject.org/rpms/alsa-ucm-asahi
owner = "AsahiLinux";
repo = "alsa-ucm-conf-asahi";
rev = "v${versionAsahi}";
hash = "sha256-FPrAzscc1ICSCQSqULaGLqG4UCq8GZU9XLV7TUSBBRM=";
};
in {
name = "${oldAttrs.pname}-${oldAttrs.version}-asahi-${versionAsahi}";
postInstall = oldAttrs.postInstall or "" + ''
cp -r ${srcAsahi}/ucm2 $out/share/alsa
'';
}))

46
hosts/mac-nixos/apple-silicon-support/packages/asahi-audio/default.nix
View File

@@ -1,46 +0,0 @@
{ stdenv
, lib
, fetchFromGitHub
, lsp-plugins
, bankstown-lv2
, triforce-lv2
}:
stdenv.mkDerivation rec {
pname = "asahi-audio";
# tracking: https://src.fedoraproject.org/rpms/asahi-audio
version = "3.3";
src = fetchFromGitHub {
owner = "AsahiLinux";
repo = "asahi-audio";
rev = "v${version}";
hash = "sha256-p0M1pPxov+wSLT2F4G6y5NZpCXzbjZkzle+75zQ4xxU=";
};
preBuild = ''
export PREFIX=$out
readarray -t configs < <(\
find . \
-name '*.conf' -or \
-name '*.json' -or \
-name '*.lua'
)
substituteInPlace "''${configs[@]}" --replace \
"/usr/share/asahi-audio" \
"$out/asahi-audio"
'';
postInstall = ''
# no need to link the asahi-audio dir globally
mv $out/share/asahi-audio $out
'';
passthru.requiredLv2Packages = [
lsp-plugins
bankstown-lv2
triforce-lv2
];
}

32
hosts/mac-nixos/apple-silicon-support/packages/asahi-fwextract/default.nix
View File

@@ -1,32 +0,0 @@
{ lib
, python3
, fetchFromGitHub
, gzip
, gnutar
, lzfse
}:
python3.pkgs.buildPythonApplication rec {
pname = "asahi-fwextract";
version = "0.7.8";
# tracking version: https://packages.fedoraproject.org/pkgs/asahi-installer/python3-asahi_firmware/
src = fetchFromGitHub {
owner = "AsahiLinux";
repo = "asahi-installer";
rev = "v${version}";
hash = "sha256-UmgHWKIRbcg9PK44YPPM4tyuEDC0+ANKO3Mzc4N9RHo=";
};
postPatch = ''
substituteInPlace asahi_firmware/img4.py \
--replace 'liblzfse.so' '${lzfse}/lib/liblzfse.so'
substituteInPlace asahi_firmware/update.py \
--replace '"tar"' '"${gnutar}/bin/tar"' \
--replace '"xf"' '"-x", "-I", "${gzip}/bin/gzip", "-f"'
'';
nativeBuildInputs = [ python3.pkgs.setuptools ];
doCheck = false;
}

7855
hosts/mac-nixos/apple-silicon-support/packages/linux-asahi/config
View File

File diff suppressed because it is too large Load Diff

104
hosts/mac-nixos/apple-silicon-support/packages/linux-asahi/default.nix
View File

@@ -1,104 +0,0 @@
{ lib
, callPackage
, writeText
, linuxPackagesFor
, withRust ? true
, _kernelPatches ? [ ]
}:
let
i = builtins.elemAt;
# parse <OPT> [ymn]|foo style configuration as found in a patch's extraConfig
# into a list of k, v tuples
parseExtraConfig = config:
let
lines =
builtins.filter (s: s != "") (lib.strings.splitString "\n" config);
parseLine = line: let
t = lib.strings.splitString " " line;
join = l: builtins.foldl' (a: b: "${a} ${b}")
(builtins.head l) (builtins.tail l);
v = if (builtins.length t) > 2 then join (builtins.tail t) else (i t 1);
in [ "CONFIG_${i t 0}" v ];
in map parseLine lines;
# parse <OPT>=lib.kernel.(yes|module|no)|lib.kernel.freeform "foo"
# style configuration as found in a patch's extraStructuredConfig into
# a list of k, v tuples
parseExtraStructuredConfig = config: lib.attrsets.mapAttrsToList
(k: v: [ "CONFIG_${k}" (v.tristate or v.freeform) ] ) config;
parsePatchConfig = { extraConfig ? "", extraStructuredConfig ? {}, ... }:
(parseExtraConfig extraConfig) ++
(parseExtraStructuredConfig extraStructuredConfig);
# parse CONFIG_<OPT>=[ymn]|"foo" style configuration as found in a config file
# into a list of k, v tuples
parseConfig = config:
let
parseLine = builtins.match ''(CONFIG_[[:upper:][:digit:]_]+)=(([ymn])|"([^"]*)")'';
# get either the [ymn] option or the "foo" option; whichever matched
t = l: let v = (i l 2); in [ (i l 0) (if v != null then v else (i l 3)) ];
lines = lib.strings.splitString "\n" config;
in map t (builtins.filter (l: l != null) (map parseLine lines));
origConfigfile = ./config;
linux-asahi-pkg = { stdenv, lib, fetchFromGitHub, fetchpatch, linuxKernel,
rustc, rust-bindgen, ... } @ args:
let
origConfigText = builtins.readFile origConfigfile;
# extraConfig from all patches in order
extraConfig =
lib.fold (patch: ex: ex ++ (parsePatchConfig patch)) [] _kernelPatches
++ (lib.optional withRust [ "CONFIG_RUST" "y" ]);
# config file text for above
extraConfigText = let
text = k: v: if (v == "y") || (v == "m") || (v == "n")
then "${k}=${v}" else ''${k}="${v}"'';
in (map (t: text (i t 0) (i t 1)) extraConfig);
# final config as a text file path
configfile = if extraConfig == [] then origConfigfile else
writeText "config" ''
${origConfigText}
# Patches
${lib.strings.concatStringsSep "\n" extraConfigText}
'';
# final config as an attrset
configAttrs = let
makePair = t: lib.nameValuePair (i t 0) (i t 1);
configList = (parseConfig origConfigText) ++ extraConfig;
in builtins.listToAttrs (map makePair (lib.lists.reverseList configList));
# used to fix issues when nixpkgs gets ahead of the kernel
rustAtLeast = version: withRust && (lib.versionAtLeast rustc.version version);
bindgenAtLeast = version: withRust && (lib.versionAtLeast rust-bindgen.unwrapped.version version);
in
linuxKernel.manualConfig rec {
inherit stdenv lib;
version = "6.14.8-asahi";
modDirVersion = version;
extraMeta.branch = "6.14";
src = fetchFromGitHub {
# tracking: https://github.com/AsahiLinux/linux/tree/asahi-wip (w/ fedora verification)
owner = "AsahiLinux";
repo = "linux";
rev = "asahi-6.14.8-1";
hash = "sha256-JrWVw1FiF9LYMiOPm0QI0bg/CrZAMSSVcs4AWNDIH3Q=";
};
kernelPatches = [
] ++ _kernelPatches;
inherit configfile;
config = configAttrs;
};
linux-asahi = (callPackage linux-asahi-pkg { });
in lib.recurseIntoAttrs (linuxPackagesFor linux-asahi)

110
hosts/mac-nixos/apple-silicon-support/packages/m1n1/default.nix
View File

@@ -1,110 +0,0 @@
{ stdenv
, buildPackages
, lib
, fetchFromGitHub
, python3
, dtc
, imagemagick
, isRelease ? false
, withTools ? true
, withChainloading ? false
, customLogo ? null
}:
let
pyenv = python3.withPackages (p: with p; [
construct
pyserial
]);
stdenvOpts = {
targetPlatform.system = "aarch64-none-elf";
targetPlatform.rust.rustcTarget = "${stdenv.hostPlatform.parsed.cpu.name}-unknown-none-softfloat";
targetPlatform.rust.rustcTargetSpec = "${stdenv.hostPlatform.parsed.cpu.name}-unknown-none-softfloat";
};
rust = buildPackages.rust.override {
stdenv = lib.recursiveUpdate buildPackages.stdenv stdenvOpts;
};
rustPackages = rust.packages.stable.overrideScope (f: p: {
rustc-unwrapped = p.rustc-unwrapped.override {
stdenv = lib.recursiveUpdate p.rustc-unwrapped.stdenv stdenvOpts;
};
});
rustPlatform = buildPackages.makeRustPlatform rustPackages;
in stdenv.mkDerivation rec {
pname = "m1n1";
version = "1.4.21";
src = fetchFromGitHub {
# tracking: https://src.fedoraproject.org/rpms/m1n1
owner = "AsahiLinux";
repo = "m1n1";
rev = "v${version}";
hash = "sha256-PEjTaSwcsV8PzM9a3rDWMYXGX9FlrM0oeElrP5HYRPg=";
fetchSubmodules = true;
};
cargoVendorDir = ".";
makeFlags = [ "ARCH=${stdenv.cc.targetPrefix}" ]
++ lib.optional isRelease "RELEASE=1"
++ lib.optional withChainloading "CHAINLOADING=1";
nativeBuildInputs = [
dtc
] ++ lib.optionals withChainloading [rustPackages.rustc rustPackages.cargo rustPlatform.cargoSetupHook]
++ lib.optional (customLogo != null) imagemagick;
postPatch = ''
substituteInPlace proxyclient/m1n1/asm.py \
--replace 'aarch64-linux-gnu-' 'aarch64-unknown-linux-gnu-' \
--replace 'TOOLCHAIN = ""' 'TOOLCHAIN = "'$out'/toolchain-bin/"'
'';
preConfigure = lib.optionalString (customLogo != null) ''
pushd data &>/dev/null
ln -fs ${customLogo} bootlogo_256.png
if [[ "$(magick identify bootlogo_256.png)" != 'bootlogo_256.png PNG 256x256'* ]]; then
echo "Custom logo is not a 256x256 PNG"
exit 1
fi
rm bootlogo_128.png
convert bootlogo_256.png -resize 128x128 bootlogo_128.png
patchShebangs --build ./makelogo.sh
./makelogo.sh
popd &>/dev/null
'';
installPhase = ''
runHook preInstall
mkdir -p $out/build
cp build/m1n1.bin $out/build
'' + (lib.optionalString withTools ''
mkdir -p $out/{bin,script,toolchain-bin}
cp -r proxyclient $out/script
cp -r tools $out/script
for toolpath in $out/script/proxyclient/tools/*.py; do
tool=$(basename $toolpath .py)
script=$out/bin/m1n1-$tool
cat > $script <<EOF
#!/bin/sh
${pyenv}/bin/python $toolpath "\$@"
EOF
chmod +x $script
done
GCC=${buildPackages.gcc}
BINUTILS=${buildPackages.binutils-unwrapped}
ln -s $GCC/bin/${stdenv.cc.targetPrefix}gcc $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}ld $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objcopy $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objdump $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}nm $out/toolchain-bin/
'') + ''
runHook postInstall
'';
}

48
hosts/mac-nixos/apple-silicon-support/packages/mesa-asahi-edge/default.nix
View File

@@ -1,48 +0,0 @@
{ lib
, fetchFromGitLab
, mesa
}:
(mesa.override {
galliumDrivers = [ "softpipe" "llvmpipe" "asahi" ];
vulkanDrivers = [ "swrast" "asahi" ];
}).overrideAttrs (oldAttrs: {
version = "25.1.0-asahi";
src = fetchFromGitLab {
# tracking: https://pagure.io/fedora-asahi/mesa/commits/asahi
domain = "gitlab.freedesktop.org";
owner = "asahi";
repo = "mesa";
tag = "asahi-20250425";
hash = "sha256-3c3uewzKv5wL9BRwaVL4E3FnyA04veQwAPxfHiL7wII=";
};
mesonFlags =
let
badFlags = [
"-Dinstall-mesa-clc"
"-Dgallium-nine"
"-Dtools"
];
isBadFlagList = f: builtins.map (b: lib.hasPrefix b f) badFlags;
isGoodFlag = f: !(builtins.foldl' (x: y: x || y) false (isBadFlagList f));
in
(builtins.filter isGoodFlag oldAttrs.mesonFlags) ++ [
# we do not build any graphics drivers these features can be enabled for
"-Dgallium-va=disabled"
"-Dgallium-vdpau=disabled"
"-Dgallium-xa=disabled"
"-Dtools=asahi"
];
# replace patches with ones tweaked slightly to apply to this version
patches = [
./opencl.patch
];
postInstall = (oldAttrs.postInstall or "") + ''
# we don't build anything to go in this output but it needs to exist
touch $spirv2dxil
touch $cross_tools
'';
})

54
hosts/mac-nixos/apple-silicon-support/packages/mesa-asahi-edge/opencl.patch
View File

@@ -1,54 +0,0 @@
diff --git a/meson.build b/meson.build
index 07991a6..4c875b9 100644
--- a/meson.build
+++ b/meson.build
@@ -1900,7 +1900,7 @@ endif
dep_clang = null_dep
if with_clc or with_gallium_clover
- llvm_libdir = dep_llvm.get_variable(cmake : 'LLVM_LIBRARY_DIR', configtool: 'libdir')
+ llvm_libdir = get_option('clang-libdir')
dep_clang = cpp.find_library('clang-cpp', dirs : llvm_libdir, required : false)
diff --git a/meson.options b/meson.options
index 84e0f20..38ea92c 100644
--- a/meson.options
+++ b/meson.options
@@ -795,3 +795,10 @@ option(
value : false,
description : 'Install the drivers internal shader compilers (if needed for cross builds).'
)
+
+option(
+ 'clang-libdir',
+ type : 'string',
+ value : '',
+ description : 'Locations to search for clang libraries.'
+)
diff --git a/src/gallium/targets/opencl/meson.build b/src/gallium/targets/opencl/meson.build
index ab2c835..a59e88e 100644
--- a/src/gallium/targets/opencl/meson.build
+++ b/src/gallium/targets/opencl/meson.build
@@ -56,7 +56,7 @@ if with_opencl_icd
configuration : _config,
input : 'mesa.icd.in',
output : 'mesa.icd',
- install : true,
+ install : false,
install_tag : 'runtime',
install_dir : join_paths(get_option('sysconfdir'), 'OpenCL', 'vendors'),
)
diff --git a/src/gallium/targets/rusticl/meson.build b/src/gallium/targets/rusticl/meson.build
index 2b214ad..7f91939 100644
--- a/src/gallium/targets/rusticl/meson.build
+++ b/src/gallium/targets/rusticl/meson.build
@@ -64,7 +64,7 @@ configure_file(
configuration : _config,
input : 'rusticl.icd.in',
output : 'rusticl.icd',
- install : true,
+ install : false,
install_tag : 'runtime',
install_dir : join_paths(get_option('sysconfdir'), 'OpenCL', 'vendors'),
)

9
hosts/mac-nixos/apple-silicon-support/packages/overlay.nix
View File

@@ -1,9 +0,0 @@
final: prev: {
linux-asahi = final.callPackage ./linux-asahi { };
m1n1 = final.callPackage ./m1n1 { };
uboot-asahi = final.callPackage ./uboot-asahi { };
asahi-fwextract = final.callPackage ./asahi-fwextract { };
mesa-asahi-edge = final.callPackage ./mesa-asahi-edge { };
alsa-ucm-conf-asahi = final.callPackage ./alsa-ucm-conf-asahi { inherit (prev) alsa-ucm-conf; };
asahi-audio = final.callPackage ./asahi-audio { };
}

44
hosts/mac-nixos/apple-silicon-support/packages/uboot-asahi/default.nix
View File

@@ -1,44 +0,0 @@
{ lib
, fetchFromGitHub
, buildUBoot
, m1n1
}:
(buildUBoot rec {
src = fetchFromGitHub {
# tracking: https://pagure.io/fedora-asahi/uboot-tools/commits/main
owner = "AsahiLinux";
repo = "u-boot";
rev = "asahi-v2025.04-1";
hash = "sha256-/z37qj26AqsyEBsFT6UEN3GjG6KVsoJOoUB4s9BRDbE=";
};
version = "2025.04-1-asahi";
defconfig = "apple_m1_defconfig";
extraMeta.platforms = [ "aarch64-linux" ];
filesToInstall = [
"u-boot-nodtb.bin.gz"
"m1n1-u-boot.bin"
];
extraConfig = ''
CONFIG_IDENT_STRING=" ${version}"
CONFIG_VIDEO_FONT_4X6=n
CONFIG_VIDEO_FONT_8X16=n
CONFIG_VIDEO_FONT_SUN12X22=n
CONFIG_VIDEO_FONT_16X32=y
CONFIG_CMD_BOOTMENU=y
'';
}).overrideAttrs (o: {
# nixos's downstream patches are not applicable
patches = [
];
# DTC= flag somehow breaks DTC compilation so we remove it
makeFlags = builtins.filter (s: (!(lib.strings.hasPrefix "DTC=" s))) o.makeFlags;
preInstall = ''
# compress so that m1n1 knows U-Boot's size and can find things after it
gzip -n u-boot-nodtb.bin
cat ${m1n1}/build/m1n1.bin arch/arm/dts/t[68]*.dtb u-boot-nodtb.bin.gz > m1n1-u-boot.bin
'';
})

34
hosts/mac-nixos/boot.nix
View File

@@ -1,34 +0,0 @@
{ pkgs, lib, ... }:
{
# Use the systemd-boot EFI boot loader.
boot = {
loader = {
systemd-boot = {
enable = true;
configurationLimit = 15;
consoleMode = lib.mkDefault "max";
};
efi.canTouchEfiVariables = lib.mkForce false;
};
kernelParams = [
"apple_dcp.show_notch=1"
];
extraModprobeConfig = ''
options hid_apple iso_layout=0
'';
binfmt.registrations. "x86_64-linux" = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
openBinary = true;
interpreter = "${pkgs.box64}/bin/box64";
preserveArgvZero = true;
matchCredentials = true;
fixBinary = false;
};
};
zramSwap.enable = true;
}

70
hosts/mac-nixos/configuration.nix
View File

@@ -1,70 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ pkgs, lib, ... }:
let
plasma = false;
in
{
imports = [
./boot.nix
./hardware-configuration.nix
./networking.nix
./services.nix
];
hardware.asahi = {
enable = true;
useExperimentalGPUDriver = true;
peripheralFirmwareDirectory = ./firmware;
setupAsahiSound = true;
};
hardware.graphics.enable32Bit = lib.mkForce false;
nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnsupportedSystem = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.matt = {
isNormalUser = true;
extraGroups = [
"wheel"
"keys"
"networkmanager"
"ratbagd"
"input"
"scanner"
"lp"
"video"
"i2c"
]; # Enable sudo for the user.
shell = pkgs.zsh;
packages = with pkgs; [
firefox
tree
git
box64
prismlauncher
distrobox
];
};
virtualisation = {
containers.enable = true;
podman.enable = true;
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
micro
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
];
environment.sessionVariables = {
DBX_CONTAINER_MANAGER = "podman";
};
}

78
hosts/mac-nixos/hardware-configuration.nix
View File

@@ -1,78 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "uas" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=root" ];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=etc" ];
};
fileSystems."/tmp" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=tmp" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=nix" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=log" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "subvol=home" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/23FA-AD3E";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [
{
device = "/tmp/swapfile";
randomEncryption.enable = true;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

14
hosts/mac-nixos/home.nix
View File

@@ -1,14 +0,0 @@
{ pkgs, ... }:
{
home.username = "matt";
home.homeDirectory = "/home/matt";
home.stateVersion = "23.11";
home.packages = with pkgs; [
iw
iwd
orca-slicer
vscodium
];
}

44
hosts/mac-nixos/hyprland-settings.nix
View File

@@ -1,44 +0,0 @@
{
monitor = [
"eDP-1,3456x2234@60.00000,0x0,1.0,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
];
workspace = [
"name:firefox, monitor:eDP-1, default:false, special, class:(.*firefox.*)"
"name:discord, monitor:eDP-1, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
"name:steam, monitor:eDP-1, default:false, special, class:(.*[Ss]team.*)"
];
windowRule = [
# "tag +fakefull, fullscreen: 0"
# "float, tag:fakefull"
# "size 3356 2160, tag:fakefull"
# "move 100 74, tag:fakefull"
# "noanim, tag:fakefull"
# "noblur, tag:fakefull"
# "norounding, tag:fakefull"
# "noshadow, tag:fakefull"
# "immediate, tag:fakefull"
# "noborder, tag:fakefull"
# "nodim, tag:fakefull"
# "idleinhibit, tag:fakefull"
"size 2160 3356, tag:horizonrdp"
];
waybar = {
modules-right = [
"tray"
"temperature"
"temperature#gpu"
"keyboard-state#capslock"
"keyboard-state#numlock"
"wireplumber#sink"
# "wireplumber#source"
"bluetooth"
"network"
"clock"
"battery"
"custom/weather"
];
};
}

123
hosts/mac-nixos/omnissa.nix
View File

@@ -1,123 +0,0 @@
{ stdenv
, lib
, buildFHSEnv
, fetchurl
, makeWrapper
, gsettings-desktop-schemas
, opensc
, writeTextDir
, configText ? ""
}:
let
version = "2503-8.15.0";
sysArch = "armhf";
mainProgram = "horizon-client";
wrapBinCommands = path: name: ''
makeWrapper "$out/${path}/${name}" "$out/bin/${name}_wrapper" \
--set GTK_THEME Adwaita \
--suffix XDG_DATA_DIRS : "${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}" \
--suffix LD_LIBRARY_PATH : "$out/lib/omnissa/horizon:$out/lib/omnissa/horizon/vdpService:$out/lib/omnissa"
'';
omnissaHorizonClientFiles = stdenv.mkDerivation {
pname = "omnissa-horizon-armhf-files";
inherit version;
src = fetchurl {
url = "https://download3.omnissa.com/software/CART26FQ1_LIN_2503_TARBALL/Omnissa-Horizon-Client-Linux-2503-8.15.0-14256322247.tar.gz";
sha256 = "sha256-x98ITXF9xwzlPq375anQ2qBpMbZAcCqDVXBfvZPha7Q=";
};
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir ext
tar -xzf $src
cd Omnissa-Horizon-Client-Linux-*/${sysArch}
mkdir -p ext
for archive in *.tar.gz; do
tar -C ext --strip-components=1 -xf "$archive"
done
chmod -R u+w ext/usr/lib
mkdir -p $out
mv ext/usr $out
mv ext/${sysArch}/lib $out/
mv ext/${sysArch}/include $out/
mkdir -p $out/lib/omnissa/horizon/pkcs11
ln -s ${opensc}/lib/pkcs11/opensc-pkcs11.so $out/lib/omnissa/horizon/pkcs11/libopenscpkcs11.so
chmod +x "$out/usr/bin/horizon-client"
${wrapBinCommands "usr/bin" "horizon-client"}
'';
};
omnissaFHSUserEnv =
pname:
buildFHSEnv {
inherit pname version;
runScript = "${omnissaHorizonClientFiles}/bin/${pname}_wrapper";
targetPkgs = pkgs: with pkgs; [
atk
cairo
dbus
file
fontconfig
freetype
gdk-pixbuf
glib
gtk3
libjpeg
libpng
libpulseaudio
libtiff
libuuid
libv4l
libxml2
pango
pcsclite
pixman
udev
omnissaHorizonClientFiles
xorg.libX11
xorg.libXau
xorg.libXcursor
xorg.libXext
xorg.libXi
xorg.libXrandr
xorg.libXrender
xorg.libXtst
zlib
(writeTextDir "etc/omnissa/config" configText)
];
};
in
stdenv.mkDerivation {
pname = "omnissa-horizon-client";
inherit version;
dontUnpack = true;
installPhase = ''
mkdir -p $out/bin
ln -s ${omnissaFHSUserEnv "horizon-client"}/bin/horizon-client $out/bin/
ln -s ${omnissaFHSUserEnv "horizon-eucusbarbitrator"}/bin/horizon-eucusbarbitrator $out/bin/
'';
passthru.unwrapped = omnissaHorizonClientFiles;
meta = {
description = "Omnissa Horizon Client for ARM";
homepage = "https://www.omnissa.com/products/horizon-8/";
license = lib.licenses.unfree;
platforms = [ "aarch64-linux" "armv7l-linux" ];
};
}

78
hosts/mac/configuration.nix
View File

@@ -1,78 +0,0 @@
{ pkgs, ... }:
{
#nix run nix-darwin -- switch --flake ~/nix-config
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs; [
asitop
mas
python3
python3Packages.beautifulsoup4
python3Packages.requests
python3Packages.selenium
vim
];
# Homebrew
homebrew.enable = true;
homebrew.casks = [
"spotify"
"protonvpn"
"omnissa-horizon-client"
"tg-pro"
"steam"
"orcaslicer"
"vscodium"
"epic-games"
"wine-stable"
"scroll-reverser"
];
homebrew.masApps = {
Tailscale = 1475387142;
Infuse = 1136220934;
Amphetamine = 937984704;
};
# homebrew.global.autoUpdate = true;
security.pam.services.sudo_local.touchIdAuth = true;
# Auto upgrade nix package and the daemon service.
# services.nix-daemon.enable = true;
# nix.package = pkgs.nix;
# Necessary for using flakes on this system.
nix.settings.experimental-features = "nix-command flakes";
# Allow unfree
nixpkgs.config.allowUnfree = true;
# Create /etc/zshrc that loads the nix-darwin environment.
programs.zsh.enable = true; # default shell on catalina
system = {
defaults = {
trackpad.Clicking = true;
dock.autohide = false;
NSGlobalDomain = {
AppleInterfaceStyle = "Dark";
"com.apple.mouse.tapBehavior" = 1;
"com.apple.keyboard.fnState" = false;
};
};
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
stateVersion = 5;
};
# The platform the configuration will be used on.
nixpkgs.hostPlatform = "aarch64-darwin";
users.users.mattjallen = {
name = "mattjallen";
home = "/Users/mattjallen";
};
}

111
hosts/mac/home.nix
View File

@@ -1,111 +0,0 @@
{ ... }:
let
shellAliases = {
update-switch = "darwin-rebuild switch --flake ~/nix-config";
update-flake = "nix flake update ~/nix-config";
ducks = "du -cksh * | sort -hr | head -n 15";
};
gitAliases = {
co = "checkout";
ci = "commit";
cia = "commit --amend";
s = "status";
st = "status";
b = "branch";
p = "pull --rebase";
pu = "push";
};
in
{
imports = [ ./trampoline-apps ];
# Home Manager needs a bit of information about you and the
# paths it should manage.
home.username = "mattjallen";
home.homeDirectory = "/Users/mattjallen";
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards
# incompatible changes.
#
# You can update Home Manager without changing this value. See
# the Home Manager release notes for a list of state version
# changes in each release.
home.stateVersion = "23.11";
programs = {
# Let Home Manager install and manage itself.
home-manager = {
enable = true;
};
vscode = {
enable = true;
};
btop.enable = true;
zsh = {
enable = true;
enableCompletion = true;
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
shellAliases = shellAliases;
oh-my-zsh = {
enable = true;
plugins = [ "git" ];
theme = "fishy";
};
};
librewolf = {
enable = true;
settings = {
"identity.fxaccounts.enabled" = true; # Enable Firefox Accounts
"privacy.clearOnShutdown.history" = false; # Disable clearing history on shutdown
"privacy.clearOnShutdown.downloads" = false; # Disable clearing downloads on shutdown
"privacy.clearOnShutdown.cache" = false; # Disable clearing cache on shutdown
"privacy.clearOnShutdown.cookiesAndStorage" = false; # Disable clearing cookies and storage on shutdown
"privacy.clearOnShutdown.cookies" = false; # Disable clearing cookies on shutdown
"privacy.clearOnShutdown_v2.cache" = false; # Disable clearing cache on shutdown
"privacy.clearOnShutdown_v2.cookiesAndStorage" = false; # Disable clearing cookies and storage on shutdown
"privacy.clearOnShutdown.formdata" = false; # Disable clearing form data on shutdown
"privacy.clearOnShutdown.offlineApps" = false; # Disable clearing offline apps on shutdown
"privacy.clearHistory.cache" = false; # Disable clearing cache on history clear
"privacy.clearHistory.cookiesAndStorage" = false; # Disable clearing cookies on history clear
"privacy.clearHistory.historyFormDataAndDownloads" = false; # Disable clearing history, form data, and downloads on history clear
"privacy.clearHistory.browsingHistoryAndDownloads" = false; # Disable clearing browsing history and downloads on history clear
"privacy.clearSiteData.cache" = false; # Disable clearing cache on site data clear
"privacy.clearSiteData.cookiesAndStorage" = false; # Disable clearing cookies on site data clear
"services.sync.prefs.sync.privacy.clearOnShutdown.cache" = true; # Enable syncing cache clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown.cookies" = true; # Enable syncing cookies clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown.downloads" = true; # Enable syncing downloads clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown.formdata" = true; # Enable syncing form data clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown.history" = true; # Enable syncing history clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps" = true; # Enable syncing offline apps clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown.sessions" = true; # Enable syncing sessions clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings" = true; # Enable syncing site settings clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown_v2.cache" = true; # Enable syncing cache clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown_v2.cookiesAndStorage" = true; # Enable syncing cookies clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown_v2.downloads" = true; # Enable syncing downloads clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; # Enable syncing form data clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown_v2.siteSettings" = true; # Enable syncing site settings clear on shutdown
"browser.newtabpage.activity-stream.feeds.topsites" = true; # Enable top sites on new tab page
"browser.newtabpage.activity-stream.topSitesRows" = 3; # Set number of rows for top sites on new tab page
};
};
};
programs.git = {
enable = true;
userName = "mjallen18";
userEmail = "matt.l.jallen@gmail.com";
aliases = gitAliases;
};
# Manage bug in compilations - who uses manpages in 2024 anyways? :P
manual.manpages.enable = false;
}

105
hosts/nas/apps.nix
View File

@@ -1,105 +0,0 @@
{ pkgs, lib, ... }:
let
settings = import ./settings.nix;
in
{
imports = [
./apps/actual
./apps/arrs
./apps/crowdsec
./apps/excalidraw
./apps/gitea
./apps/immich
./apps/jellyfin
./apps/jellyseerr
./apps/lubelogger
./apps/nextcloud
./apps/ollama
./apps/orca
./apps/paperless
./apps/traefik
./apps/wyoming
../../modules
];
nas-apps = {
actual = {
enable = true;
port = 3333;
localAddress = "10.0.3.18";
dataDir = "/media/nas/ssd/nix-app-data/actual";
reverseProxy = {
enable = true;
host = "actual.mjallen.dev";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
};
};
arrs = {
enable = true;
localAddress = "10.0.1.51";
downloadsDir = "/media/nas/ssd/ssd_app_data/downloads";
incompleteDownloadsDir = "/media/nas/ssd/ssd_app_data/downloads-incomplete";
moviesDir = "/media/nas/main/movies";
tvDir = "/media/nas/main/tv";
isosDir = "/media/nas/main/isos";
radarr = {
enable = true;
port = 7878;
dataDir = "/media/nas/ssd/nix-app-data/radarr";
};
sonarr = {
enable = true;
port = 8989;
dataDir = "/media/nas/ssd/nix-app-data/sonarr";
};
sabnzbd = {
enable = true;
port = 8280;
dataDir = "/media/nas/ssd/nix-app-data/sabnzbd";
};
deluge = {
enable = true;
port = 8112;
};
jackett = {
enable = true;
port = 9117;
dataDir = "/media/nas/ssd/nix-app-data/jackett";
};
};
crowdsec = {
enable = true;
port = 9898;
apiAddress = settings.hostAddress;
apiKey = "1daH89qmJ41r2Lpd9hvDw4sxtOAtBzaj3aKFOFqE";
dataDir = "/media/nas/ssd/nix-app-data/crowdsec";
};
gitea = {
enable = true;
httpPort = 3000;
sshPort = 2222;
localAddress = "10.0.4.18";
dataDir = "/media/nas/ssd/nix-app-data/gitea";
reverseProxy = {
enable = true;
host = "gitea.mjallen.dev";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
};
};
free-games-claimer.enable = true;
manyfold.enable = true;
orca-slicer = {
enable = true;
httpPort = "3100";
httpsPort = "3101";
};
tdarr.enable = true;
};
}

58
hosts/nas/apps/crowdsec/default.nix
View File

@@ -1,58 +0,0 @@
{ outputs, config, lib, pkgs, ... }:
with lib;
let
cfg = config.nas-apps.crowdsec;
in
{
imports = [ ./options.nix ];
config = lib.mkIf cfg.enable {
services = {
crowdsec = let
yaml = (pkgs.formats.yaml {}).generate;
acquisitions_file = yaml "acquisitions.yaml" {
source = "journalctl";
journalctl_filter = ["_SYSTEMD_UNIT=sshd.service"];
labels.type = "syslog";
};
in {
enable = true;
enrollKeyFile = "${cfg.dataDir}/enroll.key";
settings = {
crowdsec_service.acquisition_path = acquisitions_file;
api.server = {
listen_uri = "0.0.0.0:${toString cfg.port}";
};
};
};
crowdsec-firewall-bouncer = {
enable = true;
settings = {
api_key = cfg.apiKey;
api_url = "http://${cfg.apiAddress}:${toString cfg.port}";
};
};
};
systemd.services.crowdsec.serviceConfig = {
ExecStartPre = let
script = pkgs.writeScriptBin "register-bouncer" ''
#!${pkgs.runtimeShell}
set -eu
set -o pipefail
if ! cscli bouncers list | grep -q "nas-bouncer"; then
cscli bouncers add "nas-bouncer" --key "${cfg.apiKey}"
fi
'';
in ["${script}/bin/register-bouncer"];
};
networking = {
firewall = {
allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ];
};
};
};
}

13
hosts/nas/apps/excalidraw/default.nix
View File

@@ -1,13 +0,0 @@
{ config, ... }:
{
virtualisation.oci-containers.containers.excalidraw = {
autoStart = true;
image = "excalidraw/excalidraw";
ports = [ "8765:80" ];
environment = {
PUID = toString config.users.users.nix-apps.uid;
PGID = toString config.users.groups.jallen-nas.gid;
TZ = "America/Chicago";
};
};
}

27
hosts/nas/apps/immich/default.nix
View File

@@ -1,27 +0,0 @@
{ config, lib, ... }:
let
settings = import ../settings.nix;
immichPort = 2283;
dataDir = "/media/nas/main/photos";
dbPassword = config.sops.secrets."jallen-nas/immich/db-password".path;
in
{
# Enable immich service
services.immich = {
enable = true;
port = immichPort;
openFirewall = true;
secretsFile = dbPassword;
mediaLocation = dataDir;
environment = {
IMMICH_HOST = lib.mkForce "0.0.0.0";
IMMICH_TRUSTED_PROXIES = settings.hostAddress;
TZ = "America/Chicago";
};
machine-learning = {
enable = true;
};
};
}

11
hosts/nas/apps/jellyfin/default.nix
View File

@@ -1,11 +0,0 @@
{ ... }:
{
services.jellyfin = {
enable = true;
openFirewall = true;
user = "nix-apps";
group = "jallen-nas";
dataDir = "/media/nas/ssd/nix-app-data/jellyfin";
# cacheDir = "/cache";
};
}

73
hosts/nas/apps/jellyseerr/default.nix
View File

@@ -1,73 +0,0 @@
{ ... }:
let
jellyseerrPort = 5055;
dataDir = "/var/lib/private/jellyseerr";
settings = import ../settings.nix;
in
{
containers.jellyseerr = {
autoStart = true;
privateNetwork = true;
hostAddress = settings.hostAddress;
localAddress = "10.0.1.52";
hostAddress6 = "fc00::1";
localAddress6 = "fc00::4";
bindMounts = {
${dataDir} = {
hostPath = "/media/nas/ssd/nix-app-data/jellyseerr";
isReadOnly = false;
};
};
config =
{
lib,
...
}:
{
# Enable jellyseerr service
services.jellyseerr = {
enable = true;
port = jellyseerrPort;
# package = package;
openFirewall = true;
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ jellyseerrPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
# Create and set permissions for required directories
system.activationScripts.jellyseerr-dirs = ''
mkdir -p /var/lib/private/jellyseerr
chown -R jellyseerr:jellyseerr /var/lib/private/jellyseerr
chmod -R 775 /var/lib/private/jellyseerr
ln -sf /var/lib/private/jellyseerr /var/lib/jellyfin
'';
services.resolved.enable = true;
system.stateVersion = "23.11";
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.1.52:5055";
sourcePort = jellyseerrPort;
}
];
};
}

20
hosts/nas/apps/lubelogger/default.nix
View File

@@ -1,20 +0,0 @@
{ config, ... }:
{
virtualisation.oci-containers.containers.lubelogger = {
autoStart = true;
image = "ghcr.io/hargata/lubelogger";
ports = [ "6754:8080" ];
volumes = [
"/media/nas/ssd/nix-app-data/lubelogger:/App/data"
"/media/nas/ssd/nix-app-data/lubelogger/keys:/root/.aspnet/DataProtection-Keys"
];
environmentFiles = [
"/media/nas/ssd/nix-app-data/lubelogger/lubelogger.env"
];
environment = {
PUID = toString config.users.users.nix-apps.uid;
PGID = toString config.users.groups.jallen-nas.gid;
TZ = "America/Chicago";
};
};
}

241
hosts/nas/apps/nextcloud/default.nix
View File

@@ -1,241 +0,0 @@
{ config, pkgs, ... }:
let
settings = import ../settings.nix;
adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path;
jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
nextcloudUserId = config.users.users.nix-apps.uid;
nextcloudGroupId = config.users.groups.jallen-nas.gid;
nextcloudPackage = pkgs.unstable.nextcloud31;
hostAddress = settings.hostAddress;
localAddress = "10.0.2.18";
nextcloudPortExtHttp = 9988;
nextcloudPortExtHttps = 9943;
onlyofficePortExt = 9943;
in
{
containers.nextcloud = {
autoStart = true;
privateNetwork = true;
hostAddress = hostAddress;
localAddress = localAddress;
bindMounts = {
secrets = {
hostPath = "/run/secrets/jallen-nas/nextcloud";
isReadOnly = true;
mountPoint = "/run/secrets/jallen-nas/nextcloud";
};
secrets2 = {
hostPath = "/run/secrets/jallen-nas/onlyoffice-key";
isReadOnly = true;
mountPoint = "/run/secrets/jallen-nas/onlyoffice-key";
};
data = {
hostPath = "/media/nas/main/nextcloud";
isReadOnly = false;
mountPoint = "/data";
};
"/var/lib/nextcloud" = {
hostPath = "/media/nas/ssd/nix-app-data/nextcloud";
isReadOnly = false;
mountPoint = "/var/lib/nextcloud";
};
"/var/lib/onlyoffice" = {
hostPath = "/media/nas/ssd/nix-app-data/onlyoffice";
isReadOnly = false;
mountPoint = "/var/lib/onlyoffice";
};
};
config =
{ pkgs, lib, ... }:
{
imports = [ ../../../../share/nvidia ];
nixpkgs.config.allowUnfree = true;
networking.extraHosts = ''
${hostAddress} host.containers protonmail-bridge
'';
services = {
nextcloud = {
enable = true;
package = nextcloudPackage;
# datadir = "/data";
database.createLocally = true;
hostName = "cloud.mjallen.dev";
appstoreEnable = true;
caching.redis = true;
configureRedis = true;
enableImagemagick = true;
https = true;
secretFile = secretsFile;
config = {
adminuser = "mjallen";
adminpassFile = adminpass;
dbhost = "localhost";
dbtype = "sqlite";
dbname = "nextcloud";
dbuser = "nextcloud";
};
settings = {
loglevel = 3;
allow_local_remote_servers = true;
upgrade.disable-web = false;
datadirectory = "/data";
trusted_domains = [
"${hostAddress}:${toString nextcloudPortExtHttp}"
"${hostAddress}:${toString nextcloudPortExtHttps}"
"${localAddress}:80"
"${localAddress}:443"
"cloud.mjallen.dev"
];
opcache.interned_strings_buffer = 16;
trusted_proxies = [ hostAddress ];
maintenance_window_start = 6;
default_phone_region = "US";
enable_previews = true;
enabledPreviewProviders = [
"OC\\Preview\\PNG"
"OC\\Preview\\JPEG"
"OC\\Preview\\GIF"
"OC\\Preview\\BMP"
"OC\\Preview\\XBitmap"
"OC\\Preview\\MP3"
"OC\\Preview\\TXT"
"OC\\Preview\\MarkDown"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\Krita"
"OC\\Preview\\HEIC"
"OC\\Preview\\Movie"
"OC\\Preview\\MSOffice2003"
"OC\\Preview\\MSOffice2007"
"OC\\Preview\\MSOfficeDoc"
];
installed = true;
user_oidc = {
auto_provision = false;
soft_auto_provision = false;
allow_multiple_user_backends = false; # auto redirect to authentik for login
};
};
};
};
services.onlyoffice = {
enable = true;
port = onlyofficePortExt;
hostname = "office.mjallen.dev";
jwtSecretFile = jwtSecretFile;
};
# System packages
environment.systemPackages = with pkgs; [
cudaPackages.cudnn
cudatoolkit
ffmpeg
# libtensorflow-bin
nextcloud31
nodejs
onlyoffice-documentserver
sqlite
];
# Create required users and groups
users.users.nextcloud = {
isSystemUser = true;
uid = lib.mkForce nextcloudUserId;
group = "nextcloud";
};
users.users.onlyoffice = {
group = lib.mkForce "nextcloud";
};
users.groups = {
nextcloud = {
gid = lib.mkForce nextcloudGroupId;
};
downloads = { };
};
# Create and set permissions for required directories
system.activationScripts.nextcloud-dirs = ''
mkdir -p /data
chown -R nextcloud:nextcloud /data
chown -R nextcloud:nextcloud /run/secrets/jallen-nas/nextcloud
chmod -R 775 /data
chmod -R 750 /run/secrets/jallen-nas/nextcloud
'';
hardware = {
graphics = {
enable = true;
# setLdLibraryPath = true;
};
};
programs = {
nix-ld.enable = true;
};
share.hardware.nvidia = {
enable = true;
enableBeta = true;
enableOpen = true;
nvidiaSettings = true;
enableNvidiaDocker = true;
};
system.stateVersion = "23.11";
networking = {
firewall = {
enable = true;
allowedTCPPorts = [
80
443
onlyofficePortExt
];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
};
};
networking = {
nat = {
forwardPorts = [
{
destination = "${localAddress}:443";
sourcePort = nextcloudPortExtHttps;
}
{
destination = "${localAddress}:80";
sourcePort = nextcloudPortExtHttp;
}
{
destination = "${localAddress}:8000";
sourcePort = 8000;
}
{
destination = "${localAddress}:${toString onlyofficePortExt}";
sourcePort = onlyofficePortExt;
}
];
};
};
}

70
hosts/nas/apps/ollama/default.nix
View File

@@ -1,70 +0,0 @@
{ config, pkgs, ... }:
let
llamaPackage = pkgs.llama-cpp.overrideAttrs (old: {
src = pkgs.fetchFromGitHub {
owner = "ggml-org";
repo = "llama.cpp";
rev = "b4920";
sha256 = "sha256-SnQIeY74JpAPRMxWcpklDH5D4CQvAgi0GYx5+ECk2J4=";
};
# Optionally override other attributes if you need to
# version = "my-fork-version";
# pname = "llama-cpp-custom";
});
in
{
services.ollama = {
enable = true;
port = 11434;
host = "0.0.0.0";
user = "nix-apps";
group = "jallen-nas";
openFirewall = true;
acceleration = "cuda";
home = "/media/nas/ssd/nix-app-data/ollama";
};
environment.systemPackages = [ llamaPackage ];
services.llama-cpp = {
enable = true;
port = 8127;
host = "0.0.0.0";
openFirewall = true;
model = "/media/nas/ssd/nix-app-data/llama-cpp/models/functionary-small-v3.2-GGUF/functionary-small-v3.2.Q4_0.gguf";
package = llamaPackage; # pkgs.unstable.llama-cpp;
extraFlags = [
"--n_gpu-layers"
"500"
"-c"
"0"
"--numa"
"numactl"
"--jinja"
];
};
services.open-webui = {
enable = false;
host = "0.0.0.0";
port = 8888;
openFirewall = true;
# stateDir = "/media/nas/ssd/nix-app-data/open-webui";
environmentFile = config.sops.secrets."jallen-nas/open-webui".path;
environment = {
OPENID_PROVIDER_URL = "https://authentik.mjallen.dev/application/o/chat/.well-known/openid-configuration";
OAUTH_PROVIDER_NAME = "authentik";
OPENID_REDIRECT_URI = "https://chat.mjallen.dev/oauth/oidc/callback";
ENABLE_OAUTH_SIGNUP = "False";
OAUTH_MERGE_ACCOUNTS_BY_EMAIL = "True";
ENABLE_SIGNUP = "False";
ENABLE_LOGIN_FORM = "False";
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
OLLAMA_API_BASE_URL = "http://127.0.0.1:11434";
LOCAL_FILES_ONLY = "False";
WEBUI_AUTH = "False";
};
};
}

46
hosts/nas/apps/options.nix
View File

@@ -1,46 +0,0 @@
{ lib, ... }:
let
inherit (lib) types mkOption;
in
{
options.nas-apps = mkOption {
type = types.attrsOf (types.submodule ({ config, name, ... }: {
options = {
enable = mkOption {
type = types.bool;
default = false;
};
port = mkOption {
type = types.int;
default = 80;
};
localAddress = mkOption {
type = types.str;
default = "127.0.0.1";
};
dataDir = mkOption {
type = types.str;
default = "";
};
reverseProxy = {
enable = mkOption {
type = types.bool;
default = false;
};
host = mkOption {
type = types.str;
default = "";
};
middlewares = mkOption {
type = with types; listOf str;
default = [ ];
};
};
};
}));
};
}

104
hosts/nas/apps/paperless/default.nix
View File

@@ -1,104 +0,0 @@
{
config,
pkgs,
...
}:
let
settings = import ../settings.nix;
paperlessPort = 28981;
paperlessUserId = config.users.users.nix-apps.uid;
paperlessGroupId = config.users.groups.jallen-nas.gid;
paperlessEnv = config.sops.templates."paperless.env".path;
paperlessPkg = pkgs.paperless-ngx;
in
{
containers.paperless = {
autoStart = true;
privateNetwork = true;
hostAddress = settings.hostAddress;
localAddress = "10.0.1.20";
hostAddress6 = "fc00::1";
localAddress6 = "fc00::20";
config =
{
lib,
...
}:
{
# Enable paperless service
services.paperless = {
enable = false;
package = paperlessPkg;
port = paperlessPort;
user = "paperless";
address = "0.0.0.0";
passwordFile = "/var/lib/paperless/paperless-password";
# environmentFile = paperlessEnv; # unstable is too unstable, but this doesnt exist in stable.... disabling altogether....
};
# Create required users and groups
users.groups = {
documents = {
gid = lib.mkForce paperlessGroupId;
};
};
users.users.paperless = {
isSystemUser = true;
uid = lib.mkForce paperlessUserId;
group = lib.mkForce "documents";
};
# Create and set permissions for required directories
system.activationScripts.paperless-dirs = ''
mkdir -p /var/lib/paperless
chown -R paperless:documents /var/lib/paperless
chmod -R 775 /var/lib/paperless
'';
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ paperlessPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
# Bind mount directories from host
bindMounts = {
"/var/lib/paperless" = {
hostPath = "/media/nas/ssd/nix-app-data/paperless";
isReadOnly = false;
};
secrets = {
hostPath = "/run/secrets/jallen-nas/paperless";
isReadOnly = true;
mountPoint = "/run/secrets/jallen-nas/paperless";
};
secret-env = {
hostPath = "/run/secrets/rendered/paperless.env";
isReadOnly = true;
mountPoint = "/run/secrets/rendered/paperless.env";
};
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.1.20:28981";
sourcePort = paperlessPort;
}
];
};
}

391
hosts/nas/apps/traefik/default.nix
View File

@@ -1,391 +0,0 @@
{ config, ... }:
let
settings = import ../settings.nix;
domain = "mjallen.dev";
serverIp = settings.hostAddress;
# Forward services
authUrl = "http://${serverIp}:9000/outpost.goauthentik.io";
actualUrl = "http://${config.containers.actual.localAddress}:${toString config.containers.actual.config.services.actual.settings.port}";
authentikUrl = "http://${serverIp}:9000";
cacheUrl = "http://${serverIp}:9012";
cloudUrl = "http://${config.containers.nextcloud.localAddress}:80";
giteaUrl = "http://${config.containers.gitea.localAddress}:${toString config.containers.gitea.config.services.gitea.settings.server.HTTP_PORT}";
hassUrl = "http://homeassistant.local:8123";
immichUrl = "http://${serverIp}:${toString config.services.immich.port}";
jellyfinUrl = "http://${serverIp}:8096";
jellyseerrUrl = "http://${config.containers.jellyseerr.localAddress}:${toString config.containers.jellyseerr.config.services.jellyseerr.port}";
lubeloggerUrl = "http://${serverIp}:6754";
onlyofficeUrl = "http://${config.containers.nextcloud.localAddress}:${toString config.containers.nextcloud.config.services.onlyoffice.port}";
openWebUIUrl = "http://${serverIp}:8888";
paperlessUrl = "http://${config.containers.paperless.localAddress}:${toString config.containers.paperless.config.services.paperless.port}";
# Plugins
traefikPlugins = {
bouncer = {
moduleName = "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin";
version = "v1.4.2";
};
geoblock = {
moduleName = "github.com/PascalMinder/geoblock";
version = "v0.2.5";
};
};
crowdsecAppsecHost = "${serverIp}:7422";
crowdsecLapiKeyFile = config.sops.secrets."jallen-nas/traefik/crowdsec-lapi-key".path;
# Ports
httpPort = 80;
httpsPort = 443;
traefikPort = 8080;
metricsPort = 8082;
forwardPorts = [
httpPort
httpsPort
traefikPort
metricsPort
];
# misc
letsEncryptEmail = "jalle008@proton.me";
dataDir = "/media/nas/ssd/nix-app-data/traefik";
authentikAddress = "http://${serverIp}:9000/outpost.goauthentik.io/auth/traefik";
in
{
sops = {
secrets = {
"jallen-nas/traefik/crowdsec-lapi-key" = {
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
"jallen-nas/traefik/cloudflare-dns-api-token" = { };
"jallen-nas/traefik/cloudflare-zone-api-token" = { };
"jallen-nas/traefik/cloudflare-api-key" = { };
"jallen-nas/traefik/cloudflare-email" = { };
};
templates = {
"traefik.env" = {
content = ''
CLOUDFLARE_DNS_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"}
CLOUDFLARE_ZONE_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"}
CLOUDFLARE_API_KEY = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"}
CLOUDFLARE_EMAIL = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"}
'';
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
};
};
networking.firewall = {
allowedTCPPorts = forwardPorts;
allowedUDPPorts = forwardPorts;
};
services.traefik = {
enable = true;
dataDir = dataDir;
group = "jallen-nas";#group;
environmentFiles = [ "${config.services.traefik.dataDir}/traefik.env" ]; # todo: sops
staticConfigOptions = {
entryPoints = {
web = {
address = ":${toString httpPort}";
asDefault = true;
http.redirections.entrypoint = {
to = "websecure";
scheme = "https";
};
};
websecure = {
address = ":${toString httpsPort}";
asDefault = true;
http.tls.certResolver = "letsencrypt";
};
metrics = {
address = ":${toString metricsPort}"; # Port for metrics
};
};
log = {
level = "INFO";
};
metrics = {
prometheus = {
entryPoint = "metrics";
addEntryPointsLabels = true;
addServicesLabels = true;
buckets = [0.1 0.3 1.2 5.0]; # Response time buckets
};
};
certificatesResolvers.letsencrypt.acme = {
email = letsEncryptEmail;
storage = "${config.services.traefik.dataDir}/acme.json";
dnsChallenge = {
provider = "cloudflare";
resolvers = [
"1.1.1.1:53"
"8.8.8.8:53"
];
};
};
api.dashboard = true;
# Access the Traefik dashboard on <Traefik IP>:8080 of your server
api.insecure = true;
experimental = {
plugins = traefikPlugins;
};
};
dynamicConfigOptions = {
http = {
middlewares = {
authentik = {
forwardAuth = {
tls.insecureSkipVerify = true;
address = authentikAddress;
trustForwardHeader = true;
authResponseHeaders = [
"X-authentik-username"
"X-authentik-groups"
"X-authentik-email"
"X-authentik-name"
"X-authentik-uid"
"X-authentik-jwt"
"X-authentik-meta-jwks"
"X-authentik-meta-outpost"
"X-authentik-meta-provider"
"X-authentik-meta-app"
"X-authentik-meta-version"
];
};
};
onlyoffice-websocket = {
headers.customrequestheaders = {
X-Forwarded-Proto = "https";
};
};
crowdsec = {
plugin = {
bouncer = {
crowdsecAppsecEnabled = true;
crowdsecAppsecHost = crowdsecAppsecHost;
crowdsecAppsecFailureBlock = true;
crowdsecAppsecUnreachableBlock = true;
crowdsecLapiKeyFile = crowdsecLapiKeyFile;
};
};
};
whitelist-geoblock = {
plugin = {
geoblock = {
silentStartUp = false;
allowLocalRequests = true;
logLocalRequests = false;
logAllowedRequests = false;
logApiRequests = false;
api = "https://get.geojs.io/v1/ip/country/{ip}";
apiTimeoutMs = 500;
cacheSize = 25;
forceMonthlyUpdate = true;
allowUnknownCountries = false;
unknownCountryApiResponse = "nil";
blackListMode = false;
countries = [
"CA"
"US"
];
};
};
};
internal-ipallowlist =
{
ipAllowList = {
sourceRange = [
"127.0.0.1/32"
"10.0.1.0/24"
];
};
};
};
services = {
auth.loadBalancer.servers = [
{
url = authUrl;
}
];
actual.loadBalancer.servers = [
{
url = actualUrl;
}
];
authentik.loadBalancer.servers = [
{
url = authentikUrl;
}
];
cache.loadBalancer.servers = [
{
url = cacheUrl;
}
];
chat.loadBalancer.servers = [
{
url = openWebUIUrl;
}
];
cloud.loadBalancer.servers = [
{
url = cloudUrl;
}
];
gitea.loadBalancer.servers = [
{
url = giteaUrl;
}
];
hass.loadBalancer.servers = [
{
url = hassUrl;
}
];
immich.loadBalancer.servers = [
{
url = immichUrl;
}
];
jellyfin.loadBalancer.servers = [
{
url = jellyfinUrl;
}
];
jellyseerr.loadBalancer.servers = [
{
url = jellyseerrUrl;
}
];
lubelogger.loadBalancer.servers = [
{
url = lubeloggerUrl;
}
];
onlyoffice.loadBalancer.servers = [
{
url = onlyofficeUrl;
}
];
paperless.loadBalancer.servers = [
{
url = paperlessUrl;
}
];
};
routers = {
auth = {
entryPoints = [ "websecure" ];
rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
priority = 15;
tls.certResolver = "letsencrypt";
};
actual = {
entryPoints = [ "websecure" ];
rule = "Host(`actual.${domain}`)";
service = "actual";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
authentik = {
entryPoints = [ "websecure" ];
rule = "Host(`authentik.${domain}`)";
service = "authentik";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
cache = {
entryPoints = [ "websecure" ];
rule = "Host(`cache.${domain}`)";
service = "cache";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
priority = 10;
tls.certResolver = "letsencrypt";
};
cloud = {
entryPoints = [ "websecure" ];
rule = "Host(`cloud.${domain}`)";
service = "cloud";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
gitea = {
entryPoints = [ "websecure" ];
rule = "Host(`gitea.${domain}`)";
service = "gitea";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
hass = {
entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)";
service = "hass";
middlewares = [ "crowdsec" "whitelist-geoblock" "authentik" ];
priority = 10;
tls.certResolver = "letsencrypt";
};
immich = {
entryPoints = [ "websecure" ];
rule = "Host(`immich.${domain}`)";
service = "immich";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
jellyfin = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.${domain}`)";
service = "jellyfin";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
jellyseerr = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyseerr.${domain}`)";
service = "jellyseerr";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
lubelogger = {
entryPoints = [ "websecure" ];
rule = "Host(`lubelogger.${domain}`)";
service = "lubelogger";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
onlyoffice = {
entryPoints = [ "websecure" ];
rule = "Host(`office.${domain}`)";
service = "onlyoffice";
middlewares = [ "crowdsec" "whitelist-geoblock" "onlyoffice-websocket" ];
tls.certResolver = "letsencrypt";
};
};
};
};
};
}

19
hosts/nas/apps/wyoming/default.nix
View File

@@ -1,19 +0,0 @@
{ pkgs, ... }:
{
services.wyoming = {
faster-whisper.servers.hass-whisper = {
enable = true;
useTransformers = false;
device = "cuda";
language = "en";
model = "distil-large-v3";
uri = "tcp://0.0.0.0:10300";
};
piper.servers.hass-piper = {
enable = true;
voice = "en-us-ryan-high";
uri = "tcp://0.0.0.0:10200";
};
};
}

135
hosts/nas/filesystems.nix
View File

@@ -1,135 +0,0 @@
{ ... }:
let
defaultOptions = [ "compress=zstd" ];
in
{
fileSystems."/media/nas/ssd/nix-app-data" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [ "subvol=nix-app-data" ] ++ defaultOptions;
};
fileSystems."/media/nas/ssd/ssd_app_data" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [ "subvol=ssd_app_data" ] ++ defaultOptions;
};
fileSystems."/media/nas/ssd/mariadb" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [ "subvol=mariadb" ] ++ defaultOptions;
};
fileSystems."/media/nas/ssd/mongodb" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [ "subvol=mongodb" ] ++ defaultOptions;
};
fileSystems."/media/nas/ssd/VMs" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [ "subvol=VMs" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/3d_printer" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=3d_printer" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/backup" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=backup" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/books" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=books" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/documents" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=documents" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/homeassistant" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=homeassistant" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/isos" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=isos" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/movies" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=movies" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/nextcloud" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=nextcloud" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/photos" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=photos" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/switch" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=switch" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/tv" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=tv" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/timemachine" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=timemachine" ] ++ defaultOptions;
};
fileSystems."/run/mount/ssd" = {
device = "/dev/mapper/ssd1";
fsType = "btrfs";
};
fileSystems."/run/mount/main" = {
device = "/dev/mapper/hdd1";
fsType = "btrfs";
};
# fileSystems."/media/nas/junk/nextcloud-backup" = {
# device = "/dev/disk/by-uuid/11948951106919390044";
# fsType = "btrfs";
# options = [
# "subvol=nextcloud-backup"
# ]
# ++ defaultOptions;
# };
# fileSystems."/media/nas/main/vms" = {
# device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
# fsType = "btrfs";
# options = [
# "subvol=vms"
# ]
# ++ defaultOptions;
# };
}

92
hosts/nas/networking.nix
View File

@@ -1,92 +0,0 @@
{ config, ... }:
let
settings = import ./settings.nix;
ports = [
8008 # restic
9000 # authentik
2342 # grafana
51820 # wireguard
1025
1143
10200
10300
8127
9980 # onlyoffice
4000 # netbootxyz
4080 # netbootxyz
3000 # gitea
2222 # gitea ssh
3300
9898
6754 # lubelogger
2283 # immich
4444 # code-server
9012
];
in
{
# Networking configs
networking = {
hostName = settings.hostname;
useNetworkd = true;
hostId = "4b501480";
# Disable Network Manager
networkmanager = {
enable = true;
ensureProfiles = {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = {
"Joey's Jungle 6G" = {
connection = {
id = "Joey's Jungle 6G";
type = "wifi";
};
ipv4 = {
address1 = "${settings.hostAddress}/24";
dns = "10.0.1.1";
gateway = "10.0.1.1";
method = "manual";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 6G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
};
};
};
nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = "wlp6s0";
# Lazy IPv6 connectivity for the container
enableIPv6 = true;
};
firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = ports;
allowedUDPPorts = ports;
# always allow traffic from your Tailscale network
trustedInterfaces = [ "tailscale0" ];
};
};
}

29
hosts/nas/nixpkgs.nix
View File

@@ -1,29 +0,0 @@
{ outputs, ... }:
{
# Configure nixpkgs
nixpkgs = {
overlays = [
outputs.overlays.nixpkgs-unstable
outputs.overlays.nixpkgs-stable
];
config = {
# Enable non free
allowUnfree = true;
# enable cuda support
cudaSupport = true;
allowUnfreePredicate = p:
builtins.all (
license:
license.free
|| builtins.elem license.shortName [
"CUDA EULA"
"cuDNN EULA"
"cuTENSOR EULA"
"NVidia OptiX EULA"
]
) (if builtins.isList p.meta.license then p.meta.license else [ p.meta.license ]);
};
};
}

36
hosts/nas/sensors.txt
View File

@@ -1,36 +0,0 @@
Common Settings:
INTERVAL=10
Settings of hwmon6/pwm5: -- chipset?
Depends on hwmon6/temp9_input
Controls hwmon6/fan5_input
MINTEMP=20
MAXTEMP=60
MINSTART=16
MINSTOP=14
MINPWM=14
Settings of hwmon6/pwm4: -- case?
Depends on hwmon2/temp1_input
Controls hwmon6/fan4_input
MINTEMP=20
MAXTEMP=90
MINSTART=60
MINSTOP=45
Settings of hwmon6/pwm3: -- cpu?
Depends on hwmon2/temp1_input
Controls hwmon6/fan3_input
MINTEMP=20
MAXTEMP=90
MINSTART=150
MINSTOP=0
MAXPWM=30
Settings of hwmon6/pwm2: -- cpu?
Depends on hwmon2/temp1_input
Controls hwmon6/fan2_input
MINTEMP=20
MAXTEMP=90
MINSTART=105
MINSTOP=0

69
hosts/pi4/argononed.nix
View File

@@ -1,69 +0,0 @@
# { ... }:
# {
# programs.argon.one = {
# enable = true;
# settings = {
# # Is 'celsius' by default, can also be set to 'fahrenheit'
# displayUnits = "celsius";
# # This is the same config as the original Argon40 config.
# # This is also the default config for this flake.
# fanspeed = [
# {
# # This the temperature threshold at which this fan speed will activate.
# # The temperature is in the above specified unit.
# temperature = 55;
# # This is speed percentage at which the fan will spin.
# speed = 30;
# }
# {
# temperature = 60;
# speed = 55;
# }
# {
# temperature = 65;
# speed = 100;
# }
# ];
# ir = {
# enable = true;
# gpio.enable = true;
# keymap = {
# "POWER" = "00ff39c6";
# "UP" = "00ff53ac";
# "DOWN" = "00ff4bb4";
# "LEFT" = "00ff9966";
# "RIGHT" = "00ff837c";
# "VOLUMEUP" = "00ff01fe";
# "VOLUMEDOWN" = "00ff817e";
# "OK" = "00ff738c";
# "HOME" = "00ffd32c";
# "MENU" = "00ffb946";
# "BACK" = "00ff09f6";
# };
# };
# };
# };
# }
# { lib, stdenv, pkgs, config, ...}:
# {
# imports = let
# argononed = fetchGit {
# url = "https://github.com/mjallen18/argononed.git";
# ref = "dev"; # Or any other branches deemed suitable
# };
# in
# [ "${argononed}/OS/nixos" ];
# services.argonone = {
# enable = true;
# logLevel = 4;
# settings = {
# fanTemp0 = 36; fanSpeed0 = 10;
# fanTemp1 = 41; fanSpeed1 = 50;
# fanTemp2 = 46; fanSpeed2 = 80;
# hysteresis = 4;
# };
# };
# }

113
hosts/pi4/configuration.nix
View File

@@ -1,113 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
let
user = "matt";
# password = config.sops.secrets."pi4/matt-password".path;
kernelBundle = pkgs.linuxAndFirmware.latest;
in
{
imports = [
./adguard.nix
./boot.nix
./impermanence.nix
./networking.nix
./sops.nix
];
nix = {
settings = {
substituters = [
"https://nixos-raspberrypi.cachix.org"
"https://cache.mjallen.dev"
];
trusted-public-keys = [
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
"cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
];
};
};
# Configure nixpkgs
nixpkgs = {
overlays = lib.mkAfter [
(self: super: {
# This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
# enableRedistributableFirmware is enabled
# I know no easier way to override this package
inherit (kernelBundle) raspberrypiWirelessFirmware;
# Some derivations want to use it as an input,
# e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
inherit (kernelBundle) raspberrypifw;
})
];
};
system.nixos.tags = let
cfg = config.boot.loader.raspberryPi;
in [
"raspberry-pi-${cfg.variant}"
cfg.bootloader
config.boot.kernelPackages.kernel.version
];
programs.zsh.enable = true;
hardware.i2c.enable = true;
services = {
openssh = {
enable = true;
authorizedKeysFiles = [
config.sops.secrets."ssh-keys-public/pi5".path
];
hostKeys = [ ];
};
};
systemd.services.btattach = {
before = [ "bluetooth.service" ];
after = [ "dev-ttyAMA0.device" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
};
};
environment = {
systemPackages = with pkgs; [
i2c-tools
libraspberrypi
raspberrypi-eeprom
raspberrypifw
raspberrypiWirelessFirmware
raspberrypi-armstubs
];
};
users = {
mutableUsers = false;
users."${user}" = {
isNormalUser = true;
# hashedPasswordFile = password;
password = "BogieDudie1";
extraGroups = [
"wheel"
"docker"
"video"
];
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
# macBook
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
# desktop windows
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
# desktop nixos
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
];
};
users.root.shell = pkgs.zsh;
};
}

66
hosts/pi4/home.nix
View File

@@ -1,66 +0,0 @@
{ lib, ... }:
let
shellAliases = {
ll = "ls -alh";
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
update-flake = "nix flake update pi4-nixpkgs pi4-home-manager pi4-impermanence pi4-sops-nix pi4-nixos-hardware pi4-nixos-raspberrypi pi4-disko --flake /etc/nixos";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
nas-ssh = "kitten ssh admin@10.0.1.3";
ducks = "du -cksh * | sort -hr | head -n 15";
};
in
{
imports = [
../../share/home/defaults.nix
../../share/home/git.nix
../../share/home/shell.nix
];
home.username = "matt";
sops = {
age.keyFile = "/home/matt/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/pi4" = {
path = "/home/matt/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/pi4" = {
path = "/home/matt/.ssh/id_ed25519";
mode = "0600";
};
# "ssh-keys-public/desktop-nixos" = {
# path = "/home/matt/.ssh/authorized_keys";
# mode = "0600";
# };
# "ssh-keys-public/desktop-nixos-root" = {
# path = "/home/matt/.ssh/authorized_keys2";
# mode = "0600";
# };
# "ssh-keys-public/desktop-windows" = {
# path = "/home/matt/.ssh/authorized_keys3";
# mode = "0600";
# };
# "ssh-keys-public/macbook-macos" = {
# path = "/home/matt/.ssh/authorized_keys4";
# mode = "0600";
# };
};
};
programs = {
java.enable = lib.mkForce true;
mangohud.enable = lib.mkForce true;
zsh.shellAliases = shellAliases;
};
services = {
nextcloud-client.enable = lib.mkForce true;
};
}

35
hosts/pi4/impermanence.nix
View File

@@ -1,35 +0,0 @@
{ ... }:
{
# Set up impernance configuration for things like bluetooth
# In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
environment.persistence."/nix/persist/system" = {
hideMounts = true;
directories = [
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/libvirt"
"/var/lib/systemd/coredump"
{
directory = "/var/lib/private";
mode = "u=rwx,g=,o=";
}
"/etc/NetworkManager/system-connections"
{
directory = "/etc/nix";
user = "root";
group = "root";
mode = "u=rwx,g=rx,o=rx";
}
];
files = [
"/etc/machine-id"
];
};
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
}

22
hosts/pi4/pi4-hw.nix
View File

@@ -1,22 +0,0 @@
{ ... }:
{
hardware = {
raspberry-pi."4" = {
apply-overlays-dtmerge.enable = true;
audio.enable = true;
backlight.enable = false;
bluetooth.enable = true;
dwc2.enable = true;
i2c0.enable = true;
i2c1.enable = true;
leds = {
eth.disable = false;
act.disable = false;
pwr.disable = false;
};
fkms-3d.enable = true;
xhci.enable = true;
};
deviceTree.filter = "bcm2711-rpi-4*.dtb";
};
}

23
hosts/pi4/pi4-uefi.nix
View File

@@ -1,23 +0,0 @@
{ stdenv, fetchzip }:
stdenv.mkDerivation rec {
pname = "uefi_rpi4";
version = "1.38";
src = fetchzip {
url = "https://github.com/pftf/RPi4/releases/download/v1.38/RPi4_UEFI_Firmware_v1.38.zip";
hash = "sha256-9tOr80jcmguFy2bSz+H3TfmG8BkKyBTFoUZkMy8x+0g=";
stripRoot = false;
};
installPhase = ''
mkdir -p $out/share/uefi_rpi4
cp -r * $out/share/uefi_rpi4
'';
meta = {
description = "UEFI Firmware for Raspberry Pi 4";
homepage = "https://github.com/pftf/RPi4";
platforms = [ "aarch64-linux" ];
};
}

58
hosts/pi4/pkg.nix
View File

@@ -1,58 +0,0 @@
{ lib, stdenv, fetchFromGitHub, nix-gitignore, dtc, installShellFiles, logLevel ? 5, ... }:
let
rawSrc = fetchFromGitHub {
owner = "mjallen18";
repo = "argononed";
rev = "master"; # replace with actual commit or tag
sha256 = "sha256-PpFR+6Aa4Pz9EmxOayMSsSTKFzUR6sYIAkGZ8+SUK18="; # fill this in with actual hash
};
ignores = ''
/*
!/version
!/makefile
!/configure
!/src
!/OS
/OS/*
!/OS/_common/
!/OS/nixos/
'';
cleanSrc = nix-gitignore.gitignoreSourcePure ignores rawSrc;
in
stdenv.mkDerivation {
pname = "argononed";
version = lib.strings.fileContents "${cleanSrc}/version";
src = cleanSrc;
nativeBuildInputs = [ dtc installShellFiles ];
preConfigure = ''
patchShebangs --build ./configure
export TARGET_DISTRO=nixos
'';
patches = [
"${cleanSrc}/OS/nixos/patches/nixos.patch"
"${cleanSrc}/OS/nixos/patches/shutdown.patch"
];
buildFlags = [ "LOGLEVEL=${toString logLevel}" ];
installFlags = [ "NIX_DRVOUT=$(out)" ];
postInstall = ''
installShellCompletion --bash --name argonone-cli OS/_common/argonone-cli-complete.bash
'';
meta = {
description = "A replacement daemon for the Argon One Raspberry Pi case";
homepage = "https://gitlab.com/DarkElvenAngel/argononed";
license = lib.licenses.mit;
platforms = [ "aarch64-linux" ];
};
}

110
hosts/pi5/configuration.nix
View File

@@ -1,110 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
let
user = "matt";
password = config.sops.secrets."pi5/matt-password".path;
kernelBundle = pkgs.linuxAndFirmware.latest;
in
{
imports = [
./boot.nix
./impermanence.nix
./networking.nix
./services.nix
./sops.nix
../../modules/desktop-environments/hyprland
# ./hass.nix
];
# Enable nix flakes and nix-command tools
nix = {
settings = {
substituters = [
"https://nixos-raspberrypi.cachix.org"
# "https://cache.mjallen.dev"
];
trusted-public-keys = [
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
# "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
];
};
};
# Configure nixpkgs
nixpkgs = {
overlays = lib.mkAfter [
(self: super: {
# This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
# enableRedistributableFirmware is enabled
# I know no easier way to override this package
inherit (kernelBundle) raspberrypiWirelessFirmware;
# Some derivations want to use it as an input,
# e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
inherit (kernelBundle) raspberrypifw;
})
];
};
system.nixos.tags = let
cfg = config.boot.loader.raspberryPi;
in [
"raspberry-pi-${cfg.variant}"
cfg.bootloader
config.boot.kernelPackages.kernel.version
];
systemd.services.btattach = {
before = [ "bluetooth.service" ];
after = [ "dev-ttyAMA0.device" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
};
};
environment = {
systemPackages = with pkgs; [
erofs-utils
fex
libraspberrypi
raspberrypi-eeprom
raspberrypifw
raspberrypiWirelessFirmware
raspberrypi-armstubs
squashfuse
squashfsTools
];
};
hardware.graphics.enable32Bit = lib.mkForce false;
users = {
mutableUsers = false;
users."${user}" = {
isNormalUser = true;
# hashedPasswordFile = password;
password = "BogieDudie1";
extraGroups = [
"wheel"
"docker"
];
openssh.authorizedKeys.keys = [
# macBook
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
# desktop windows
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
# desktop nixos
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTha0FbV1tkpnJr7xVH78S5MetJH+0o2YrEcuvhL692 root@jallen-nas"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIwoHWOLSTGVif9hAhaMLl0qDA4roIzCNuyR6kyIXDOj admin@jallen-nas"
];
shell = pkgs.zsh;
};
users.root.shell = pkgs.zsh;
};
zramSwap.enable = true;
}

109
hosts/pi5/disko.nix
View File

@@ -1,109 +0,0 @@
{ ... }:
let
rootDisk = "/dev/nvme0n1";
in
{
disko.devices.disk.main.imageSize = "15G";
disko.devices = {
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"mode=755"
"defaults"
"size=2G"
];
};
# root disk setup
disk.main = {
type = "disk";
device = rootDisk;
content = {
type = "gpt";
# specify partitions
partitions = {
# /boot/firmware
FIRMWARE = {
priority = 1;
name = "FIRMWARE";
start = "1M";
end = "1G";
type = "0700";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot/firmware";
mountOptions = [ "umask=0077" ];
};
};
# /boot
ESP = {
priority = 2;
name = "ESP";
# start = "1G";
# end = "2G";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
name = "btrfs-root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
"home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"root" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/root";
};
"nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"etc" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/etc";
};
"tmp" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/tmp";
};
"log" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/var/log";
};
};
};
};
};
};
};
};
}

74
hosts/pi5/hardware-configuration.nix
View File

@@ -1,74 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=etc" "compress=zstd" "noatime" ];
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" "noatime" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" "noatime" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/6f7adf66-5662-48cd-9c50-690469e2b615";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/7793-909B";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot/firmware" =
{ device = "/dev/disk/by-uuid/15B0-5CAA";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

51
hosts/pi5/hass.nix
View File

@@ -1,51 +0,0 @@
{ ... }:
let
hostAddress = "10.0.1.3";
localAddress = "10.0.5.18";
hassPort = 8192;
in
{
containers.homeassistant = {
autoStart = true;
privateNetwork = true;
hostAddress = hostAddress;
localAddress = localAddress;
config = { lib, ... }:
{
imports = [ ../homeassistant/homeassistant.nix ];
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ hassPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
# Create and set permissions for required directories
system.activationScripts.gitea-dirs = ''
mkdir -p /var/lib/gitea
chown -R gitea:gitea /var/lib/gitea
chmod -R 775 /var/lib/gitea
mkdir -p /run/secrets/jallen-nas
chown -R gitea:gitea /run/secrets/jallen-nas
chmod -R 775 /run/secrets/jallen-nas
'';
services.resolved.enable = true;
system.stateVersion = "23.11";
};
};
networking.nat = {
forwardPorts = [
{
destination = "${localAddress}:${toString hassPort}";
sourcePort = hassPort;
}
];
};
}

36
hosts/pi5/impermanence.nix
View File

@@ -1,36 +0,0 @@
{ ... }:
{
# Set up impernance configuration for things like bluetooth
# In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
environment.persistence."/nix/persist/system" = {
hideMounts = true;
directories = [
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/libvirt"
"/var/lib/systemd/coredump"
{
directory = "/var/lib/private";
mode = "u=rwx,g=,o=";
}
"/etc/NetworkManager/system-connections"
{
directory = "/etc/nix";
user = "root";
group = "root";
mode = "u=rwx,g=rx,o=rx";
}
];
# files = [
# "/etc/machine-id"
# { file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
# ];
};
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
}

11
modules/default.nix
View File

@@ -1,11 +0,0 @@
{ ... }:
{
imports = [
./samba
./apps/free-games-claimer
./apps/manyfold
./apps/mongodb
./apps/tdarr
./apps/your-spotify
];
}

7
modules/desktop-environments/cosmic/default.nix
View File

@@ -1,7 +0,0 @@
{ ... }:
{
services = {
desktopManager.cosmic.enable = true;
displayManager.cosmic-greeter.enable = true;
};
}

7
modules/desktop-environments/cosmic/specialisation.nix
View File

@@ -1,7 +0,0 @@
{ ... }:
{
specialisation.cosmic.configuration = {
imports = [ ./default.nix ];
environment.etc."specialisation".text = "cosmic";
};
}

23
modules/desktop-environments/gnome/default.nix
View File

@@ -1,23 +0,0 @@
{ lib, pkgs, ... }:
{
services = {
# Enable Desktop Environment.
desktopManager.gnome.enable = true;
# Enable Desktop Environment.
displayManager = {
gdm.enable = lib.mkDefault true;
gdm.wayland = lib.mkDefault true;
};
gnome.gnome-remote-desktop.enable = true;
};
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
programs = {
kdeconnect = {
enable = true;
package = pkgs.gnomeExtensions.gsconnect;
};
};
}

14
modules/desktop-environments/hyprland/config.nix
View File

@@ -1,14 +0,0 @@
let configDir = ./config;
in
{
imports = [
./config/nwg-dock
./config/nwg-drawer
./config/nwg-panel
];
home.file = {
".config/wallpapers".source = "${configDir}/wallpapers";
".config/wlogout".source = "${configDir}/wlogout";
".config/waybar/scripts".source = "${configDir}/waybar/scripts";
};
}

122
modules/desktop-environments/hyprland/config/btop/default.nix
View File

@@ -1,122 +0,0 @@
{ pkgs, hyprlandSettings, ... }:
let
settings = import ../../settings.nix { inherit pkgs; };
in
{
programs.btop = {
enable = true;
settings = {
color_theme = "nord";
theme_background = true;
truecolor = true;
force_tty = false;
presets = "cpu:1:default,proc:0:default cpu:0:default,mem:0:default,net:0:default cpu:0:block,net:0:tty";
vim_keys = true;
rounded_corners = true;
graph_symbol = "braille";
graph_symbol_cpu = "default";
graph_symbol_mem = "default";
graph_symbol_net = "default";
graph_symbol_proc = "default";
shown_boxes = "cpu mem net proc";
update_ms = 2000;
proc_sorting = "cpu lazy";
proc_reversed = false;
proc_tree = false;
proc_colors = true;
proc_gradient = true;
proc_per_core = false;
proc_mem_bytes = true;
proc_cpu_graphs = true;
proc_info_smaps = false;
proc_left = false;
proc_filter_kernel = false;
cpu_graph_upper = "total";
cpu_graph_lower = "total";
cpu_invert_lower = true;
cpu_single_graph = false;
cpu_bottom = false;
show_uptime = true;
check_temp = true;
cpu_sensor = "Auto";
show_coretemp = true;
cpu_core_map = "";
temp_scale = "celsius";
base_10_sizes = false;
show_cpu_freq = true;
clock_format = "%X";
background_update = true;
custom_cpu_name = "";
disks_filter = "";
mem_graphs = true;
mem_below_net = false;
zfs_arc_cached = true;
show_swap = true;
swap_disk = true;
show_disks = true;
only_physical = true;
use_fstab = true;
zfs_hide_datasets = false;
disk_free_priv = false;
show_io_stat = true;
io_mode = false;
io_graph_combined = false;
io_graph_speeds = "";
net_download = 100;
net_upload = 100;
net_auto = true;
net_sync = true;
net_iface = "";
show_battery = true;
selected_battery = "Auto";
log_level = "WARNING";
};
themes = {
nord = ''
theme[main_bg]="${settings.nord.polarNight.nord0}"
theme[main_fg]="${settings.nord.snowStorm.nord6}"
theme[title]="${settings.nord.snowStorm.nord6}"
theme[hi_fg]="${settings.nord.frost.nord7}"
theme[selected_bg]="${settings.nord.polarNight.nord1}"
theme[selected_fg]="${settings.nord.frost.nord7}"
theme[inactive_fg]="${settings.nord.polarNight.nord2}"
theme[graph_text]="${settings.nord.snowStorm.nord6}"
theme[meter_bg]="${settings.nord.polarNight.nord1}"
theme[proc_misc]="${settings.nord.snowStorm.nord6}"
theme[cpu_box]="${settings.nord.aurora.nord15}"
theme[mem_box]="${settings.nord.aurora.nord14}"
theme[net_box]="${settings.nord.aurora.nord12}"
theme[proc_box]="${settings.nord.aurora.nord11}"
theme[div_line]="${settings.nord.polarNight.nord1}"
theme[temp_start]="${settings.nord.aurora.nord14}"
theme[temp_mid]="${settings.nord.aurora.nord13}"
theme[temp_end]="${settings.nord.aurora.nord11}"
theme[cpu_start]="${settings.nord.aurora.nord15}"
theme[cpu_mid]="${settings.nord.aurora.nord12}"
theme[cpu_end]="${settings.nord.aurora.nord11}"
theme[free_start]="${settings.nord.aurora.nord14}"
theme[free_mid]="${settings.nord.aurora.nord13}"
theme[free_end]="${settings.nord.aurora.nord12}"
theme[cached_start]="${settings.nord.aurora.nord14}"
theme[cached_mid]="${settings.nord.aurora.nord13}"
theme[cached_end]="${settings.nord.aurora.nord12}"
theme[available_start]="${settings.nord.snowStorm.nord6}"
theme[available_mid]="${settings.nord.aurora.nord11}"
theme[available_end]="${settings.nord.aurora.nord11}"
theme[used_start]="${settings.nord.aurora.nord14}"
theme[used_mid]="${settings.nord.aurora.nord13}"
theme[used_end]="${settings.nord.aurora.nord11}"
theme[download_start]="${settings.nord.frost.nord8}"
theme[download_mid]="${settings.nord.frost.nord8}"
theme[download_end]="${settings.nord.aurora.nord12}"
theme[upload_start]="${settings.nord.frost.nord7}"
theme[upload_mid]="${settings.nord.frost.nord7}"
theme[upload_end]="${settings.nord.aurora.nord12}"
theme[process_start]="${settings.nord.aurora.nord15}"
theme[process_mid]="${settings.nord.aurora.nord12}"
theme[process_end]="${settings.nord.aurora.nord11}"
'';
};
};
}

302
modules/desktop-environments/hyprland/config/hypr/default.nix
View File

@@ -1,302 +0,0 @@
{ pkgs, hyprlandSettings, ... }:
let
settings = import ../../settings.nix { inherit pkgs; };
drawer = "nwg-drawer -fm nautilus -term kitty -mb 10 -mt 10 -ml 10 -mr 10 -pbuseicontheme -i ${settings.iconTheme}";
in
{
wayland.windowManager.hyprland = {
enable = true;
xwayland.enable = true;
systemd.enable = true;
settings = {
"$mod" = "SUPER";
# Mouse
# mouse_[up|down] - scroll wheel
# middle_mouse - 274
# thumb_up - 276
# thumb_down - 275
# l -> locked, will also work when an input inhibitor (e.g. a lockscreen) is active.
# r -> release, will trigger on release of a key.
# e -> repeat, will repeat when held.
# n -> non-consuming, key/mouse events will be passed to the active window in addition to triggering the dispatcher.
# m -> mouse, see below.
# t -> transparent, cannot be shadowed by other binds.
# i -> ignore mods, will ignore modifiers.
# s -> separate, will arbitrarily combine keys between each mod/key, see [Keysym combos](#keysym-combos) above.
# d -> has description, will allow you to write a description for your bind.
# p -> bypasses the app's requests to inhibit keybinds.
# https://wiki.hyprland.org/Configuring/Binds/
# https://wiki.hyprland.org/Configuring/Binds/#mouse-buttons
bind = [
"$mod, Return, exec, ${settings.defaultApps.terminal.pname}"
"$mod, SPACE, exec, wofi --show drun"
", xf86Search, exec, wofi --show drun"
"$mod, Q, killactive, "
"$mod, M, exec, wlogout --protocol layer-shell"
"$mod, E, exec, ${settings.defaultApps.fileExplorer.pname}"
"$mod, V, togglefloating, "
"$mod, D, exec, ${drawer}"
"$mod, P, pseudo, " # dwindle
"$mod, S, togglesplit, " # dwindle
"$mod SHIFT, Q, exec, hyprlock"
"$mod SHIFT, 4, exec, hyprshot -m region --clipboard-only"
"$mod, F, fullscreen, 1"
"$mod SHIFT, F, fullscreen, 0"
"$mod SHIFT, E, exec, smile"
"$mod, mouse:276, movecurrentworkspacetomonitor, ${settings.displayLeft.input}"
"$mod, mouse:275, movecurrentworkspacetomonitor, ${settings.displayRight.input}"
# alt-tab between workspaces on active monitor
"$mod, Tab, workspace, m+1"
"$mod SHIFT, Tab, workspace, m-1"
"$mod, h, movefocus, l"
"$mod, l, movefocus, r"
"$mod, k, movefocus, u"
"$mod, j, movefocus, d"
"$mod, 1, workspace, 1"
"$mod, 2, workspace, 2"
"$mod, 3, workspace, 3"
"$mod, 4, workspace, 4"
"$mod, 5, workspace, 5"
"$mod, 6, workspace, 6"
"$mod, 7, workspace, 7"
"$mod, 8, workspace, 8"
"$mod, 9, workspace, 9"
"$mod, 0, workspace, 10"
"$mod ALT, 1, movetoworkspace, 1"
"$mod ALT, 2, movetoworkspace, 2"
"$mod ALT, 3, movetoworkspace, 3"
"$mod ALT, 4, movetoworkspace, 4"
"$mod ALT, 5, movetoworkspace, 5"
"$mod ALT, 6, movetoworkspace, 6"
"$mod ALT, 7, movetoworkspace, 7"
"$mod ALT, 8, movetoworkspace, 8"
"$mod ALT, 9, movetoworkspace, 9"
"$mod ALT, 0, movetoworkspace, discord"
"$mod CTRL, l, resizeactive, 10 0"
"$mod CTRL, h, resizeactive, -10 0"
"$mod CTRL, k, resizeactive, 0 -10"
"$mod CTRL, j, resizeactive, 0 10"
"$mod SHIFT, l, movewindow, r"
"$mod SHIFT, h, movewindow, l"
"$mod SHIFT, k, movewindow, u"
"$mod SHIFT, j, movewindow, d"
"$mod, b, exec, ${settings.defaultApps.browser.pname}"
];
bindm = [
# Move/resize windows with mod + LMB/RMB and dragging
"$mod, mouse:272, movewindow"
"$mod, mouse:273, resizewindow"
# middle mouse will grab a window, mod + middle mouse will close it
"$mod SHIFT, mouse:274, movewindow"
];
bindel = [
", XF86AudioRaiseVolume, exec, wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%+"
", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
];
bindl = [
", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
", XF86AudioPlay, exec, playerctl play-pause"
", XF86AudioPrev, exec, playerctl previous"
", XF86AudioNext, exec, playerctl next"
", XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle"
", XF86MonBrightnessUp, exec, brightnessctl set +5%"
", XF86MonBrightnessDown, exec, brightnessctl set 5%-"
"$mod, XF86MonBrightnessUp, exec, brightnessctl -d kbd_backlight set +10%"
"$mod, XF86MonBrightnessDown, exec, brightnessctl -d kbd_backlight set 10%-"
];
# monitor = [
# "${settings.displayLeft.input},${settings.displayLeft.resolution}@${settings.displayLeft.refreshRate},0x0,1.0,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
# ];
monitor = hyprlandSettings.monitor;
render = {
cm_fs_passthrough = 1;
};
misc = {
vrr = 1;
};
general = {
gaps_in = 5;
gaps_out = 10;
border_size = 1;
"col.active_border" = "rgb(8aadf4) rgb(24273A) rgb(24273A) rgb(8aadf4) 45deg";
"col.inactive_border" = "rgb(24273A) rgb(24273A) rgb(24273A) rgb(24273A) 45deg";
layout = "dwindle";
allow_tearing = true;
};
decoration = {
rounding = 10;
blur = {
enabled = true;
size = 2;
passes = 2;
new_optimizations = true;
xray = false;
};
# drop_shadow = "yes";
# shadow_range = 4;
# shadow_render_power = "3";
# "col.shadow" = "rgba(1a1a1aee)";
};
animations = {
enabled = "yes";
bezier = [
"overshot, 0.05, 0.9, 0.1, 1.05"
"smoothOut, 0.36, 0, 0.66, -0.56"
"smoothIn, 0.25, 1, 0.5, 1"
];
animation = [
"windows, 1, 5, overshot, slide"
"windowsOut, 1, 4, smoothOut, slide"
"windowsMove, 1, 4, default"
"border, 1, 10, default"
"fade, 1, 10, smoothIn"
"fadeDim, 1, 10, smoothIn"
"workspaces, 1, 6, default"
];
};
dwindle = {
pseudotile = "yes";
preserve_split = "yes";
};
gestures = {
workspace_swipe = "off";
};
misc = {
force_default_wallpaper = 0;
};
workspace = hyprlandSettings.workspace;
windowrule = [
"float, title:(file_progress)"
"float, title:(.*[Cc]onfirm.*)"
"float, title:(.*[Dd]ialog.*)"
"float, title:(.*[Dd]ownload.*)"
"float, title:(.*[Nn]otification.*)"
"float, title:(.*[Ee]rror.*)"
"float, title:(.*[Ss]plash.*)"
"float, title:(.*[Cc]onfirmreset.*)"
"float, title:(.*[Ss]ign [Ii]n - .*)"
"float, title:(.*[Oo]pen [Ff]ile.*)"
"float, title:(.*branchdialog.*)"
"float, class:(.*pavucontrol.*)"
"move onscreen cursor 0% 0%, class:(.*pavucontrol.*)"
"float, class:(.*[Oo]verskride.*)"
"float, class:(.*FileRoller.*)"
"float, class:(.*wlogout.*)"
"idleinhibit stayfocused, title:(.*mpv.*)"
"float, title:(Media viewer)"
"float, class:(it.mijorus.smile),title:(Smile)"
"float, class:(.blueman-manager-wrapped)$,title:(Bluetooth Devices)"
# Picture in picture windows
"float, title:(.*Picture-in-Picture.*)"
"pin, title::(.*Picture-in-Picture.*)"
# discord/vesktop
"workspace: name:discord, class:(.*vesktop)"
"float, class:(.*vesktop),title:(.*Discord Popout.*)"
"pin, class:(.*vesktop),title:(.*Discord Popout.*)"
# Music
"workspace: name:discord, class:(Apple Music.*)"
# Steam
"float, class:(.*[Ss]team), title:(.*[Ss]team.*)$"
"workspace name:steam silent, class:(.*[Ss]team), title:(.*[Ss]team.*)$"
"tile, class:(.*[Ss]team), title:(.*[Ss]team.*)$"
"float, class:(.*steam),title:(.*Friends List.*)"
# Code
"pin, class:(.*codium.*),title:(Save As)"
"float, class:(.*codium.*),title:(Save As)"
"float, class:(xdg-desktop-portal-gtk),title:(Open Workspace from File)"
# Game Tearing??? https://wiki.hyprland.org/Configuring/Tearing/
"immediate, class:(.*gamescope)"
# vmware
# this tag will set the below options to the vdi window
# this will have it auto open as a 2160x7680 window
# and makes multi-monitor work
"tag +horizonrdp, class:(.*[Vv][Mm]ware-view),title:(USPS Next VDI)"
"noanim, tag:horizonrdp"
"noblur, tag:horizonrdp"
"norounding, tag:horizonrdp"
"noshadow, tag:horizonrdp"
"immediate, tag:horizonrdp"
"allowsinput, tag:horizonrdp"
"noborder, tag:horizonrdp"
"nodim, tag:horizonrdp"
"nomaxsize, tag:horizonrdp"
"renderunfocused, tag:horizonrdp"
"idleinhibit, tag:horizonrdp"
"float, tag:horizonrdp"
# float the vmware window cause its annoying to use in fullscreen
"float, class:(.*[Vv][Mm]ware-view),title:([Vv][Mm]ware [Hh]orizon [Cc]lient)"
] ++ hyprlandSettings.windowRule;
input = {
kb_layout = "us";
kb_variant = "";
kb_model = "";
kb_options = "";
kb_rules = "";
numlock_by_default = true;
follow_mouse = 1;
touchpad = {
clickfinger_behavior = 1;
natural_scroll = "yes";
};
sensitivity = 0; # -1.0 - 1.0, 0 means no modification.
};
experimental = {
xx_color_management_v4 = true;
};
};
extraConfig = ''
exec-once = dbus-update-activation-environment --systemd --all
exec-once = systemctl --user import-environment WAYLAND_DISPLAY XDG_CURRENT_DESKTOP
exec-once = /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1
exec-once = xhost +SI:localuser:root
exec-once = nwg-look -a
exec-once = nwg-dock-hyprland -d
'';
};
}

100
modules/desktop-environments/hyprland/config/kitty/default.nix
View File

@@ -1,100 +0,0 @@
{ pkgs, hyprlandSettings, ... }:
let
settings = import ../../settings.nix { inherit pkgs; };
in
{
programs.kitty = {
enable = true;
shellIntegration.enableZshIntegration = true;
font = {
name = settings.fontName;
package = settings.fontPackage;
size = settings.fontSize;
};
settings = {
bold_font = "auto";
italic_font = "auto";
bold_italic_font = "auto";
mouse_hide_wait = "2.0";
cursor_shape = "block";
url_style = "dotted";
confirm_os_window_close = "0";
background_opacity = "0.85";
# The basic colors
foreground = settings.nord.snowStorm.nord6;
background = settings.nord.polarNight.nord0;
selection_foreground = settings.nord.polarNight.nord0;
selection_background = settings.nord.aurora.nord15;
# Cursor colors
cursor = settings.nord.aurora.nord15;
cursor_text_color = settings.nord.polarNight.nord0;
# URL underline color when hovering with mouse
url_color = settings.nord.aurora.nord15;
# Kitty window border colors
active_border_color = settings.nord.frost.nord10;
inactive_border_color = settings.nord.polarNight.nord1;
bell_border_color = settings.nord.aurora.nord13;
# OS Window titlebar colors
wayland_titlebar_color = settings.nord.polarNight.nord0;
macos_titlebar_color = settings.nord.polarNight.nord0;
# Tab bar colors
active_tab_foreground = settings.nord.polarNight.nord3;
active_tab_background = settings.nord.aurora.nord15;
inactive_tab_foreground = settings.nord.snowStorm.nord6;
inactive_tab_background = settings.nord.polarNight.nord1;
tab_bar_background = settings.nord.polarNight.nord3;
# Colors for marks (marked text in the terminal)
mark1_foreground = settings.nord.polarNight.nord0;
mark1_background = settings.nord.frost.nord10;
mark2_foreground = settings.nord.polarNight.nord0;
mark2_background = settings.nord.aurora.nord15;
mark3_foreground = settings.nord.polarNight.nord0;
mark3_background = settings.nord.frost.nord8;
# The 16 terminal colors
# black
color0 = settings.nord.polarNight.nord0;
# Autosuggestion
color8 = settings.nord.frost.nord10;
# red
color1 = settings.nord.aurora.nord11;
color9 = settings.nord.aurora.nord11;
# green
color2 = settings.nord.aurora.nord14;
color10 = settings.nord.aurora.nord14;
# yellow
color3 = settings.nord.aurora.nord13;
color11 = settings.nord.aurora.nord13;
# blue
color4 = settings.nord.frost.nord10;
color12 = settings.nord.frost.nord10;
# magenta
color5 = settings.nord.aurora.nord15;
color13 = settings.nord.aurora.nord15;
# cyan
color6 = settings.nord.frost.nord8;
color14 = settings.nord.frost.nord8;
# white
color7 = settings.nord.snowStorm.nord5;
color15 = settings.nord.snowStorm.nord4;
};
};
}

Some files were not shown because too many files have changed in this diff Show More