mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mjallen:macbook-hyprland
Branches Tags
mjallen:main mjallen:stylix mjallen:bcfs mjallen:snowfall mjallen:macbook-hyprland
...
compare: mjallen:stylix
Branches Tags
mjallen:main mjallen:stylix mjallen:bcfs mjallen:snowfall mjallen:macbook-hyprland

317 Commits
macbook-hy ... stylix

Author SHA1 Message Date
mjallen18
f70a569755 lower refresh rate to fix artifacting 2025-12-04 19:15:34 -06:00
mjallen18
6a99106ca4 icons 2025-12-01 17:13:37 -06:00
mjallen18
2bf51abad5 icons 2025-12-01 17:01:07 -06:00
mjallen18
31e0a03dc2 cursor 2025-12-01 16:48:16 -06:00
mjallen18
3a84cfd7b8 fonts 2025-12-01 16:32:05 -06:00
mjallen18
f132da0433 more theme 2025-12-01 16:24:40 -06:00
mjallen18
a0870e42ca theme stuff 2025-12-01 16:21:12 -06:00
mjallen18
47e2b0caf8 temp 2025-12-01 14:50:23 -06:00
mjallen18
73581fd8f0 darwin 2025-12-01 11:22:24 -06:00
mjallen18
421c1e155b lib fixes, upd 2025-12-01 09:53:26 -06:00
mjallen18
be9be7a4c5 darwin 2025-12-01 09:50:06 -06:00
mjallen18
db988e9761 upd nixpkgs stable to 25.11 2025-11-30 21:55:18 -06:00
mjallen18
e1706274fd upd 2025-11-30 21:52:11 -06:00
mjallen18
96eda0dae7 fixes 2025-11-25 18:11:05 -06:00
mjallen18
33c00f0d7c protonmail bridge sucks 2025-11-25 15:35:42 -06:00
mjallen18
001f465153 whatev 2025-11-25 14:44:01 -06:00
mjallen18
61532d5149 maybe? 2025-11-25 14:43:38 -06:00
mjallen18
e1ccf848cf idk 2025-11-25 13:41:20 -06:00
mjallen18
091ecdc10f testng 2025-11-25 13:34:29 -06:00
mjallen18
e9084fe9ca fix 2025-11-25 13:32:31 -06:00
mjallen18
f1074d7b24 protonmail 2025-11-25 13:17:35 -06:00
mjallen18
16151dffdb scaling 2025-11-25 10:16:45 -06:00
mjallen18
34181aa0c9 testing 2025-11-25 10:16:30 -06:00
mjallen18
b62f49b362 darwin 2025-11-25 08:22:36 -06:00
mjallen18
e985d6e104 power menu 2025-11-24 18:45:35 -06:00
mjallen18
5aaae9ca99 fmt 2025-11-24 15:12:14 -06:00
mjallen18
875498d07b fix 2025-11-24 14:44:12 -06:00
mjallen18
02daab7686 full upd 2025-11-24 11:58:51 -06:00
mjallen18
821d594292 semicolon 2025-11-24 11:44:11 -06:00
mjallen18
b4c1cb2a9f oops 2025-11-24 11:43:56 -06:00
mjallen18
daa85b2ab3 move 2025-11-24 11:43:42 -06:00
mjallen18
c9d5d469c8 lanzaboote 2025-11-24 11:33:48 -06:00
mjallen18
bb788d1de3 upd 2025-11-24 11:19:38 -06:00
mjallen18
f085f17fe8 logs 2025-11-24 09:48:54 -06:00
mjallen18
37316dd1c8 add some parsers 2025-11-24 09:41:25 -06:00
mjallen18
297a49a8f6 testing 2025-11-24 09:22:12 -06:00
mjallen18
eb12e2271d light hass automations 2025-11-22 10:33:09 -06:00
mjallen18
bf0290df38 testing 2025-11-22 10:20:06 -06:00
mjallen18
4c839eb867 test 2025-11-22 10:18:44 -06:00
mjallen18
98aeb1646d ?? 2025-11-22 09:59:16 -06:00
mjallen18
c6357aa6a6 test 2025-11-21 19:07:44 -06:00
mjallen18
5de3cc2ba1 testing 2025-11-21 19:01:05 -06:00
mjallen18
2e54f153ed multiple light automation 2025-11-21 15:12:25 -06:00
mjallen18
9334a35d3b test 2025-11-21 15:11:22 -06:00
mjallen18
f91ce5ad84 maybe? 2025-11-21 14:44:26 -06:00
mjallen18
af57fdfb9f testing 2025-11-21 13:47:11 -06:00
mjallen18
81b8bd9ec5 test 2025-11-21 12:14:07 -06:00
mjallen18
8705f7336b test idk 2025-11-21 11:46:34 -06:00
mjallen18
71b8fc9d0f testing 2025-11-21 11:37:59 -06:00
mjallen18
66fefbe907 testing 2025-11-21 11:37:53 -06:00
mjallen18
9ff8fe8399 testing 2025-11-21 11:28:57 -06:00
mjallen18
d49a2744d2 format 2025-11-21 11:28:17 -06:00
mjallen18
9cadcf2eed ert 2025-11-21 08:28:10 -06:00
mjallen18
66ab57fce0 muas 2025-11-20 21:55:55 -06:00
mjallen18
84b2315aa5 fix fw 2025-11-20 21:23:21 -06:00
mjallen18
f5161b237a update packages 2025-11-20 21:22:53 -06:00
mjallen18
aee0a4b34b temp 2025-11-20 19:50:38 -06:00
mjallen18
75d97dd9ff audio output handling 2025-11-20 18:05:52 -06:00
mjallen18
2c4cc7c6b7 fix waybar hwmon 2025-11-20 17:42:54 -06:00
mjallen18
585689db43 update jovian 2025-11-20 16:47:12 -06:00
mjallen18
140b9b5e32 stuff 2025-11-20 16:32:06 -06:00
mjallen18
f3cac97463 add mac nix key 2025-11-20 16:28:37 -06:00
mjallen18
53a64aaf52 formatting 2025-11-20 16:18:28 -06:00
mjallen18
babe314199 old librepods 2025-11-20 16:17:41 -06:00
mjallen18
778a7c93b3 librepods rust beta 2025-11-20 16:02:35 -06:00
mjallen18
2e3d8e6e7d update librepods 2025-11-20 15:01:11 -06:00
mjallen18
0eed44ef6d battery charge limit 2025-11-20 14:58:21 -06:00
mjallen18
76f0e8f176 music assistant 2025-11-20 10:43:34 -06:00
mjallen18
3cad7ae079 music 2025-11-20 10:29:18 -06:00
mjallen18
c482cf1106 seting 2025-11-20 08:55:34 -06:00
mjallen18
ca69b2294f darwin plist 2025-11-19 22:00:42 -06:00
mjallen18
5e4d16297e darwin modules 2025-11-19 21:54:01 -06:00
mjallen18
c0dbceefb9 macos 2025-11-19 19:47:55 -06:00
mjallen18
c75f1e9131 maybe 2025-11-19 18:30:07 -06:00
mjallen18
b615cfe2e9 addr 2025-11-19 17:28:23 -06:00
mjallen18
e2433d7367 ip 2025-11-19 17:25:48 -06:00
mjallen18
ca448410f0 ports 2025-11-19 17:24:10 -06:00
mjallen18
f47678cd12 matrix 2025-11-19 17:09:50 -06:00
mjallen18
31aba7d0a5 test 2025-11-19 17:01:20 -06:00
mjallen18
3f3641bf3d formatting, warning fixes 2025-11-19 16:46:06 -06:00
mjallen18
2eb2e902b2 script stuff 2025-11-17 17:29:46 -06:00
mjallen18
c71c3b8ed2 stuff 2025-11-17 16:33:45 -06:00
mjallen18
108bb31e8e librepods 2025-11-17 16:31:05 -06:00
mjallen18
34b6399d24 pin rev 2025-11-16 20:18:13 -06:00
mjallen18
1c1dc71cd7 fix git aliases, librepods 2025-11-16 20:14:12 -06:00
mjallen18
6dc81d0cbf fix 2025-11-16 19:22:39 -06:00
mjallen18
2a77d233f9 upd 2025-11-16 19:10:06 -06:00
mjallen18
0e93ea159f idk 2025-11-14 10:47:49 -06:00
mjallen18
582561ae12 temp 2025-11-13 13:35:02 -06:00
mjallen18
c2766e82af fix 2025-11-12 20:01:54 -06:00
mjallen18
b42d9eff71 steamdeck 2025-11-12 17:42:38 -06:00
mjallen18
5ae2d51961 nuc 2025-11-12 15:30:41 -06:00
mjallen18
ed2ec3a875 hass 2025-11-11 17:42:31 -06:00
mjallen18
66281a5fd2 remove cmake overlay 2025-11-11 17:21:27 -06:00
mjallen18
6068832fe6 ? 2025-11-11 12:41:36 -06:00
mjallen18
c9588fbb95 darwin updates 2025-11-10 11:36:05 -06:00
mjallen18
627636ab9a upd 2025-11-10 10:39:21 -06:00
mjallen18
63173a6262 upd 2025-11-10 09:10:58 -06:00
mjallen18
65bdf1124d fix nas 2025-10-28 10:48:22 -05:00
mjallen18
b3f9b50be5 upd 2025-10-27 17:38:54 -05:00
mjallen18
97560f1bc9 hass remote db 2025-10-27 17:14:29 -05:00
mjallen18
840f3c9120 fmt 2025-10-24 10:26:55 -05:00
mjallen18
2b5614a07b nixfmt 2025-10-24 09:59:44 -05:00
mjallen18
9582ca5392 theme edits 2025-10-24 09:59:14 -05:00
mjallen18
1b125aecd0 home 2025-10-24 09:58:59 -05:00
mjallen18
35733e1044 hyprland 2025-10-24 09:58:59 -05:00
mjallen18
b748aa86a0 steamdeck cosmic? 2025-10-24 09:10:49 -05:00
mjallen18
57c5926dac darwin updates 2025-10-23 20:33:53 -05:00
mjallen18
b77f2a3c45 hypr 2025-10-23 16:06:01 -05:00
mjallen18
8177cfdfdd touchpad in hyprland 2025-10-23 15:15:58 -05:00
mjallen18
2a4b734b7f pi stuff 2025-10-23 09:14:35 -05:00
mjallen18
f90324ca49 temp pi 2025-10-23 09:13:33 -05:00
mjallen18
9f1c57ddf2 hass 2025-10-22 20:18:45 -05:00
mjallen18
ee486f52bb fixes 2025-10-22 19:10:44 -05:00
mjallen18
6b6cf3eee1 idk 2025-10-21 22:21:31 -05:00
mjallen18
52fc211dbf pgsql 2025-10-21 17:01:39 -05:00
mjallen18
d9e415870c sd 2025-10-21 13:32:51 -05:00
mjallen18
d61dfda3d5 upd 2025-10-21 11:31:20 -05:00
mjallen18
2cfbc6d854 upd 2025-10-16 20:28:28 -05:00
mjallen18
bf8b3d226a desktop enc 2025-10-15 10:12:46 -05:00
mjallen18
843304def7 desk 2025-10-15 09:54:34 -05:00
mjallen18
41105e3f5a nas stuff and upd 2025-10-14 18:42:33 -05:00
mjallen18
1fecd14b02 nas stuff and upd 2025-10-14 10:24:09 -05:00
mjallen18
76c0cd98d8 un container 2025-10-09 17:48:27 -05:00
mjallen18
ef22231dd7 crowdsec 2025-10-09 14:53:19 -05:00
mjallen18
8677ca747a idk hard broken 2025-10-08 15:45:53 -05:00
mjallen18
02b5dd32a2 containers 2025-10-05 22:16:44 -05:00
mjallen18
ee48ca08bd unmanic, calibre 2025-10-02 21:26:27 -05:00
mjallen18
e72d1b5d93 fmt 2025-09-30 20:54:58 -05:00
mjallen18
5d6e7e35d5 disko upd 2025-09-30 20:44:36 -05:00
mjallen18
751b4f9f69 test 2025-09-30 18:29:34 -05:00
mjallen18
ec23a7fe14 upd 2025-09-26 20:37:54 -05:00
mjallen18
117912045c pi4 2025-09-25 17:03:03 -05:00
mjallen18
5ebb66d7d4 ip 2025-09-25 15:30:38 -05:00
mjallen18
7a7b9cc01b fixes 2025-09-25 15:30:04 -05:00
mjallen18
4a00394402 temp 2025-09-23 19:06:19 -05:00
mjallen18
aa0d09d3c9 temp 2025-09-22 07:48:44 -05:00
mjallen18
0a40f7712a mac 2025-09-17 19:29:34 -05:00
mjallen18
02debc8387 fix bolt launcher and install to desktop 2025-09-17 16:17:27 -05:00
mjallen18
e6d386d362 bolt? 2025-09-17 14:18:30 -05:00
mjallen18
208aaf3f27 temp 2025-09-17 10:18:57 -05:00
mjallen18
6c9d4ccc86 bedjet 2025-09-16 10:47:51 -05:00
mjallen18
1f0def655c data 2025-09-16 08:08:20 -05:00
mjallen18
c5e8fff07d temp 2025-09-15 15:34:22 -05:00
mjallen18
7295254fe9 cleanup 2025-09-09 21:58:37 -05:00
mjallen18
efbbfde6f5 cleanup 2025-09-09 21:43:09 -05:00
mjallen18
fc4096d5d9 proxy testing 2025-09-09 21:03:08 -05:00
mjallen18
f58006cf8a reverse proxy stuff 2025-09-09 20:41:37 -05:00
mjallen18
6567bb1348 lol 2025-09-09 10:43:52 -05:00
mjallen18
b71ca02d25 test 2025-09-09 09:47:01 -05:00
mjallen
44b17502a0 temp 2025-09-09 01:06:46 +00:00
mjallen18
bf70c50b80 upd 2025-09-08 14:47:14 -05:00
mjallen18
d50fbb5f73 upd 2025-09-08 14:25:49 -05:00
mjallen18
30fb21e062 temp 2025-09-06 10:28:07 -05:00
mjallen18
6b44792e06 changes 2025-09-05 12:08:39 -05:00
mjallen18
c7ac858ec5 temp 2025-09-05 12:07:55 -05:00
mjallen18
73cb9010e2 pi stuff 2025-09-05 11:25:59 -05:00
mjallen18
3c1b5d5072 stuff 2025-09-05 11:19:35 -05:00
mjallen18
a8873d9435 port 2025-09-03 20:22:40 -05:00
mjallen18
d2c60d8157 tabby-web testing 2025-09-03 20:01:19 -05:00
mjallen18
bb96cf2406 fix nuc 2025-09-03 18:37:49 -05:00
mjallen18
c4911b9d5f fixes 2025-09-03 17:54:33 -05:00
mjallen18
67b840c40f update macos 2025-09-03 10:53:07 -05:00
mjallen18
e7276cadf6 cleaup 2025-09-03 09:43:56 -05:00
mjallen18
36ca3ed90e stuff 2025-09-03 09:43:56 -05:00
mjallen18
57a079a86f getexe 2025-09-02 21:22:10 -05:00
mjallen18
0691806032 more cleanup 2025-09-02 21:08:09 -05:00
mjallen18
a6167bf31c stuff 2025-09-02 19:23:08 -05:00
mjallen18
e79ae984a3 pi5 2025-09-01 20:15:56 -05:00
mjallen18
81471cc582 cleanup 2025-09-01 18:39:30 -05:00
mjallen18
6e1f6c23fe upd 2025-09-01 18:20:34 -05:00
mjallen18
93c698c2de fix traefik 2025-09-01 10:48:15 -05:00
mjallen18
92855d5d31 cleanup 2025-08-28 12:32:39 -05:00
mjallen18
6c6d6325c9 cleanup nas I think or something 2025-08-27 12:03:53 -05:00
mjallen18
83f8b3543c cleanup homes 2025-08-26 20:31:51 -05:00
mjallen18
d6ae29f16f cleanup names 2025-08-26 20:28:55 -05:00
mjallen18
02085e7ff1 cleanup hass some 2025-08-26 20:14:18 -05:00
mjallen18
68f6ced410 cleanup 2025-08-26 19:47:36 -05:00
mjallen18
3fda24b5ac cleanup 2025-08-26 19:12:28 -05:00
mjallen18
baa831d002 cleanup 2025-08-26 18:30:57 -05:00
mjallen18
9ebb187a85 cleanup 2025-08-26 17:54:01 -05:00
mjallen18
c50bcd4120 move 2025-08-26 17:22:05 -05:00
mjallen18
72d314b1e2 oops 2025-08-26 17:20:33 -05:00
mjallen18
d15762b199 move stuff 2025-08-26 17:20:27 -05:00
mjallen18
f66c0726b0 mid 2025-08-25 21:41:17 -05:00
mjallen18
b3090b49e2 nbxyz 2025-08-25 21:36:09 -05:00
mjallen18
3bbd0d4432 nb 2025-08-25 21:33:48 -05:00
mjallen18
281bb7cb55 atticd 2025-08-25 21:10:59 -05:00
mjallen18
46ea1e681a fix pi4 2025-08-25 19:57:01 -05:00
mjallen18
c759baed06 network 2025-08-25 19:57:01 -05:00
mjallen18
d19191bb14 pi5 fix 2025-08-25 19:55:15 -05:00
mjallen18
81e78a6809 nas sops 2025-08-25 19:33:01 -05:00
mjallen18
5749de77a9 sops 2025-08-25 19:20:17 -05:00
mjallen18
921f186665 fix conflict 2025-08-25 18:16:52 -05:00
mjallen18
b098c2ad36 music assistant 2025-08-25 10:38:17 -05:00
mjallen18
2ea82a643d cleanup 2025-08-24 18:56:51 -05:00
mjallen18
cfaf900db6 keys 2025-08-23 21:21:50 -05:00
mjallen18
7b44863814 fix wallpaper 2025-08-23 20:50:31 -05:00
mjallen18
d3274d8a59 fix 2025-08-23 20:28:58 -05:00
mjallen18
b367df3f4e sops 2025-08-23 20:24:18 -05:00
mjallen18
ac84ea8a7a rev 2025-08-23 20:19:06 -05:00
mjallen18
e0ee270075 clean 2025-08-23 20:16:47 -05:00
mjallen18
76134f4533 upd build 2025-08-23 20:14:41 -05:00
mjallen18
36010a4230 lib 2025-08-23 19:54:05 -05:00
mjallen18
c90bd0cd07 vscode 2025-08-23 18:49:04 -05:00
mjallen18
6c9a010c3c test stuff 2025-08-23 18:00:05 -05:00
mjallen18
c680392513 temp testing 2025-08-23 14:34:45 -05:00
mjallen18
a233606e8d gpg 2025-08-23 14:12:49 -05:00
mjallen18
bc18b0775b merge 2025-08-23 10:26:12 -05:00
mjallen18
a96b8ddf86 delete 2025-08-22 21:13:05 -05:00
mjallen18
d6e7be7db1 cleanup 2025-08-22 21:13:05 -05:00
mjallen18
999fbbf022 imp fix 2025-08-22 12:11:26 -05:00
mjallen18
f8adf906e3 fix darwin 2025-08-22 09:44:21 -05:00
mjallen18
c2bbac4020 merge 2025-08-22 09:36:02 -05:00
mjallen18
5ad754f5e9 testing done 2025-08-21 21:04:11 -05:00
mjallen18
814451041a end test 2025-08-21 21:04:11 -05:00
mjallen18
1f9af9618f more cleanup 2025-08-21 21:04:11 -05:00
mjallen18
2601629e47 cleanup 2025-08-21 21:04:11 -05:00
mjallen18
09b3fcb825 user updates 2025-08-21 21:04:11 -05:00
mjallen18
34746e865b move some apps to namespace 2025-08-21 21:04:11 -05:00
mjallen18
7e82df3df7 idk 2025-08-21 21:04:11 -05:00
mjallen18
1faa099900 bcfs root? 2025-08-21 21:04:11 -05:00
mjallen18
f1295e17d6 move python-steam 2025-08-21 21:04:11 -05:00
mjallen18
fd34e5719d README 2025-08-21 21:04:11 -05:00
mjallen18
87f0941d61 aarch 2025-08-21 21:04:11 -05:00
mjallen18
7ebe9a9c8d test 2025-08-21 21:04:11 -05:00
mjallen18
c2d0993d9d cleanup 2025-08-21 21:03:47 -05:00
mjallen18
8b6c35ff3c macos 2025-08-21 21:02:58 -05:00
mjallen18
b0c812ac7a no splash 2025-08-21 21:02:00 -05:00
mjallen18
83116ee596 ssh 2025-08-21 21:01:14 -05:00
mjallen18
929786cb12 test 2025-08-21 21:00:39 -05:00
mjallen18
0364333921 fix proxies 2025-08-21 09:28:31 -05:00
mjallen18
9d93ba8e07 fix pi4 hostname 2025-08-21 09:24:14 -05:00
mjallen18
aacb72b78d clev 2025-08-20 21:27:45 -05:00
mjallen18
83f7f3261c more pi stuff 2025-08-20 20:01:35 -05:00
mjallen18
022f67554b fix lol 2025-08-20 19:58:40 -05:00
mjallen18
2c339a22f4 pi stuff 2025-08-20 19:57:13 -05:00
mjallen18
e4c6f9d7fe sops but idk 2025-08-20 18:37:44 -05:00
mjallen18
24c1580452 cleanup 2025-08-20 18:19:20 -05:00
mjallen18
b937a85dcc cache 2025-08-19 22:51:06 -05:00
mjallen18
db43ca4b10 disable gnome 2025-08-19 22:46:18 -05:00
mjallen18
8e3e1ef6cc finally update traefik 2025-08-19 22:15:45 -05:00
mjallen18
26ecfe79eb macos 2025-08-19 20:49:06 -05:00
mjallen18
5dd2876fb5 sops 2025-08-19 20:33:33 -05:00
mjallen18
807e964f34 no splash 2025-08-18 22:21:17 -05:00
mjallen18
8a1714eeb6 ssh 2025-08-18 20:54:35 -05:00
mjallen18
2623efc997 update hass addons 2025-08-18 19:52:09 -05:00
mjallen18
c053da2e30 bcachefs 2025-08-17 21:01:59 -05:00
mjallen18
533d6a4170 pi5 upd 2025-08-17 20:58:54 -05:00
mjallen18
5b3e01820b desktop omnissa 2025-08-12 21:25:07 -05:00
mjallen
5cef58ade0 fix 2025-08-12 17:04:25 +00:00
mjallen18
981b41f4c2 upd 2025-08-12 08:18:19 -05:00
mjallen18
ae8039dba0 weather 2025-08-07 22:30:20 -05:00
mjallen18
54f56c3f83 upd 2025-08-07 22:30:01 -05:00
mjallen18
ce142bb64a fix this package 2025-07-30 21:44:57 -05:00
mjallen18
fd3f61a0ac lsfg 2025-07-29 20:02:37 -05:00
mjallen18
d0ac22c211 bcachefs 2025-07-29 19:34:10 -05:00
mjallen18
caa326d496 test 2025-07-29 18:26:50 -05:00
mjallen18
04ef2a4b8c temp 2025-07-29 16:43:51 -05:00
mjallen18
7e35a27b2e lsfg-vk 2025-07-28 15:16:56 -05:00
mjallen18
48108e693a gnome home manager on steamdeck 2025-07-28 14:49:03 -05:00
mjallen18
8e3d3e4281 openhasp 2025-07-28 14:18:54 -05:00
mjallen18
c7c99b339b fix package 2025-07-28 11:27:06 -05:00
mjallen18
c8f5547727 openhasp 2025-07-28 11:27:00 -05:00
mjallen18
6f5e592d8c cleanup 2025-07-28 11:06:32 -05:00
mjallen18
5ae3f1a9ef desktop home sops 2025-07-28 09:33:54 -05:00
mjallen18
1a3b091588 desktop stuff 2025-07-28 09:32:31 -05:00
mjallen18
5b34456571 yamlfmt 2025-07-24 11:25:18 -05:00
mjallen18
5918611469 yamlfmt 2025-07-24 11:22:29 -05:00
mjallen18
f3aafffcaa deadnix 2025-07-24 11:19:19 -05:00
mjallen18
3d213c8769 nixfmt 2025-07-24 11:06:08 -05:00
mjallen18
f05972d6ae move commented file: 2025-07-24 10:38:13 -05:00
mjallen18
b77dda0e6f fix some stuff 2025-07-24 10:31:50 -05:00
mjallen18
3c1a956c81 cleanup 2025-07-24 10:19:32 -05:00
mjallen18
5dc1a96f6d cleanup 2025-07-23 19:36:06 -05:00
mjallen18
1ed989e713 pull rest of mac stuff 2025-07-23 12:02:31 -05:00
mjallen18
fa2d95e12f fix some hyprland stuff 2025-07-23 11:57:44 -05:00
mjallen18
1bc7856d93 teml 2025-07-23 09:50:11 -05:00
mjallen18
f8e80bd44c network 2025-07-22 18:03:18 -05:00
mjallen18
1d1f145b37 move nas apps sorta 2025-07-22 16:23:58 -05:00
mjallen18
c8ed7d74f8 fix nas home sops 2025-07-22 12:38:37 -05:00
mjallen18
f11a40370b nas builds 2025-07-22 12:35:00 -05:00
mjallen18
1e5f1db195 basic building for deck 2025-07-21 19:12:46 -05:00
mjallen18
e3bfbae131 pis 2025-07-21 18:59:53 -05:00
mjallen18
b43816579f move stuff 2025-07-21 14:25:34 -05:00
mjallen18
ac9ee8e67b basic pi stuff, ugly but functional 2025-07-21 14:09:41 -05:00
mjallen18
4abbd0ef33 darwin 2025-07-21 09:18:37 -05:00
mjallen18
608a6ce9b8 desktop building? 2025-07-20 18:35:14 -05:00
mjallen18
91be65bc39 functional home assistant 2025-07-18 14:50:13 -05:00
mjallen18
407f8ede87 temp 2025-07-18 13:21:50 -05:00
mjallen18
996e34d075 move all hacs modules to packages 2025-07-18 10:07:22 -05:00
mjallen18
442c24997d desktop is building I guess, idk, need to start commiting stuff eventually lmao 2025-07-17 20:57:18 -05:00
mjallen18
6c7c76887b temp commit 2025-07-16 19:57:33 -05:00
mjallen18
1a254d12c7 patch mail 2025-07-16 12:58:54 -05:00
mjallen18
cdcd102d8c config upd 2025-07-16 12:46:52 -05:00
mjallen18
6c3de9beb4 nuc 2025-07-15 21:18:21 -05:00
mjallen18
17d4e87056 t 2025-07-15 17:08:36 -05:00
mjallen18
0fcb6e07f7 update hass components 2025-07-15 15:28:05 -05:00
mjallen18
9587efe719 weather stuff 2025-07-14 21:43:03 -05:00
mjallen18
58ba094456 finally set up some of nix-darwin 2025-07-14 08:42:31 -05:00
mjallen18
059e72584f make mac kbs make more sense 2025-07-09 16:29:31 -05:00
mjallen18
f42c9ceef8 blovk 2025-07-09 16:05:19 -05:00
mjallen18
769084239f mesa stable cause gamescope broken 2025-07-09 09:11:11 -05:00
mjallen18
c0020a6726 update deck 2025-07-09 09:03:25 -05:00
mjallen18
0bcf196587 upgrade battery icons to swap when charging/discharging 2025-07-08 10:16:14 -05:00
mjallen18
f98c31671d fix mac scaling 2025-07-08 09:49:19 -05:00
mjallen18
a2cdab41b2 asd 2025-07-07 21:45:43 -05:00
mjallen18
5b3e561ad4 disk 2025-07-07 21:42:53 -05:00
mjallen18
f770342649 hypland theme fixes 2025-07-07 21:22:25 -05:00
mjallen18
bc183bc8dd more laptop->desktop hyprland coexistence 2025-07-07 18:23:21 -05:00
mjallen18
1ae1cc6f45 secrets 2025-07-07 11:32:51 -05:00
mjallen18
ebf848a465 update mac 2025-07-07 11:32:01 -05:00
mjallen18
6b28f57207 add nas settings file 2025-07-07 11:27:09 -05:00
mjallen18
803f229a4a Desktop Updates Mon Jun 30 11:58:01 PM CDT 2025 2025-07-07 11:21:08 -05:00
mjallen18
a062a78d13 Steamdeck Updates Mon Jun 30 02:24:43 PM CDT 2025 2025-07-07 11:21:08 -05:00
mjallen18
46adb33771 Merge branch 'macbook-hyprland' 2025-07-07 11:19:38 -05:00
mjallen18
42db510b8f add idle inhibitor to waybar 2025-07-01 08:28:54 -05:00
426 changed files with 20068 additions and 22646 deletions
Expand all files Collapse all files

12
.gitignore vendored
View File

@@ -1,5 +1,13 @@
hosts/nas/*.conf
hosts/nas/*.users
result
result*
*.raw
.codegpt
.codegpt
.direnv
shell.nix
.vscode
**/*/*.py
.envrc
.DS_Store
*.qcow2
keys

130
.sops.yaml
View File

@@ -1,5 +1,6 @@
# See https://github.com/Mic92/dotfiles/blob/d6114726d859df36ccaa32891c4963ae5717ef7f/nixos/.sops.yaml
keys:
- &matt-pgp CBCB9B18A6B8930B0B6ABFD1CCB8CBEB30633684
- &matt age157jemphjzg6zmk373vpccuguyw6e75qnkqmz8pcnn2yue85p939swqqhy0
- &matt_pi4 age13g9a4d4jrvckfddpgn8sm4kjtzajr67le56pfdg78ktr5pd09phq32j89u
- &matt_pi5 age1wpvfpv5n32lruk7c0da4uaeapsmhjxdvg8z4ljehn06l6g2y0e0sum404l
@@ -10,66 +11,95 @@ keys:
- &pi5 age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje
- &deck age1c8qw59ffcq9l77gfmtyc3djtvt3md0u6dwhrjcgsm98ntyf72ufqugj7cg
- &steamdeck age1er5qucsc2mugrzrr7n3xhzv7kemkrqrw4m84r544fkk7nkg5g5eswxkqj0
- &matt_macbook-pro age1xg6mvj3x6s3t8058c6rsk3q4kskvm6nsffwckxkkjzhyn7r6tczqgkj23p
- &macbook-pro age1rdn39ywgzmc8wlsl5lrfe77e652wzjmjx58gx4k2ydghd35kdqvqscrf3h
- &matt_macbook-pro age19daqsncuzeh3j6cwk8uxp6yfj8h0qtz02jxlwwy4v8j0mfgznsvq30440g
- &macbook-pro age19w4zafpwnq9yhzuf8r5te2yhq7xlqj76rcgzcz935hllyrz4yvws4jn6ca
- &nuc age102el4snus37dj807rwvsmlvwu2sg2d8rw3vfmtntgczfkz04l9nshetcq0
- &admin_nuc age102el4snus37dj807rwvsmlvwu2sg2d8rw3vfmtntgczfkz04l9nshetcq0
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *matt
- *matt_pi4
- *matt_pi5
- *desktop
- *admin
- *jallen-nas
- *pi4
- *pi5
- *deck
- *steamdeck
- *matt_macbook-pro
- *macbook-pro
- pgp:
- *matt-pgp
age:
- *matt
- *matt_pi4
- *matt_pi5
- *desktop
- *admin
- *jallen-nas
- *pi4
- *pi5
- *deck
- *steamdeck
- *matt_macbook-pro
- *macbook-pro
- *admin_nuc
- *nuc
- path_regex: nas-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *matt
- *desktop
- *admin
- *jallen-nas
- pgp:
- *matt-pgp
age:
- *matt
- *desktop
- *admin
- *jallen-nas
- path_regex: desktop-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *matt
- *desktop
- *admin
- *jallen-nas
- pgp:
- *matt-pgp
age:
- *matt
- *desktop
- *admin
- *jallen-nas
- path_regex: steamdeck-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *matt
- *desktop
- *deck
- *steamdeck
- *admin
- *jallen-nas
- pgp:
- *matt-pgp
age:
- *matt
- *desktop
- *deck
- *steamdeck
- *admin
- *jallen-nas
- path_regex: pi4-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *matt
- *matt_pi4
- *matt_pi5
- *desktop
- *pi4
- *pi5
- *admin
- *jallen-nas
- pgp:
- *matt-pgp
age:
- *matt
- *matt_pi4
- *matt_pi5
- *desktop
- *pi4
- *pi5
- *admin
- *jallen-nas
- path_regex: pi5-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *matt
- *matt_pi4
- *matt_pi5
- *desktop
- *pi4
- *pi5
- *admin
- *jallen-nas
- pgp:
- *matt-pgp
age:
- *matt
- *matt_pi4
- *matt_pi5
- *desktop
- *pi4
- *pi5
- *admin
- *jallen-nas
- path_regex: mac-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *matt-pgp
age:
- *matt
- *matt_pi5
- *desktop
- *pi5
- *admin
- *jallen-nas
- *matt_macbook-pro
- *macbook-pro

156
README.md
View File

@@ -1,50 +1,118 @@
# nixOS Config
# NixOS Configuration Repository
### Common Files
* [flake.nix](./flake.nix)
* [impermenance.nix](./share/impermanence/default.nix)
* [share](./share)
* [overlays](./overlays)
This repository contains my personal NixOS configurations for multiple systems, managed using [Snowfall Lib](https://github.com/snowfallorg/lib) and the Nix Flakes system.
## Overview
This repository provides a centralized, declarative configuration for all my systems, including:
- Desktop PC (AMD)
- NAS server
- Steam Deck
- Intel NUC
- Raspberry Pi 4
- Raspberry Pi 5
- MacBook Pro (NixOS on Apple Silicon)
- MacBook Pro (Darwin/macOS)
## Repository Structure
```
.
├── checks/ # Pre-commit hooks and other checks
├── flake.nix # Main flake configuration
├── homes/ # Home-manager configurations for users
│ ├── aarch64-darwin/ # macOS home configurations
│ ├── aarch64-linux/ # ARM Linux home configurations
│ └── x86_64-linux/ # x86 Linux home configurations
├── modules/ # Reusable configuration modules
│ ├── home/ # Home-manager modules
│ └── nixos/ # NixOS system modules
├── overlays/ # Nixpkgs overlays
├── packages/ # Custom package definitions
├── secrets/ # Encrypted secrets (managed with sops-nix)
└── systems/ # System-specific configurations
├── aarch64-darwin/ # macOS system configurations
├── aarch64-linux/ # ARM Linux system configurations
└── x86_64-linux/ # x86 Linux system configurations
```
## Key Features
- **Modular Design**: Reusable modules for various system components
- **Multi-System Support**: Configurations for different hardware platforms
- **Home Manager Integration**: User environment management
- **Secret Management**: Encrypted secrets with sops-nix
- **Disk Management**: Declarative disk partitioning with disko
- **State Management**: Persistent state management with impermanence
- **Desktop Environments**: Support for GNOME, Hyprland, and COSMIC
- **Hardware-Specific Optimizations**: Tailored configurations for different hardware
## Key Technologies
- [Nix](https://nixos.org/) and [NixOS](https://nixos.org/)
- [Nix Flakes](https://nixos.wiki/wiki/Flakes)
- [Snowfall Lib](https://github.com/snowfallorg/lib)
- [Home Manager](https://github.com/nix-community/home-manager)
- [sops-nix](https://github.com/Mic92/sops-nix)
- [disko](https://github.com/nix-community/disko)
- [impermanence](https://github.com/nix-community/impermanence)
- [lanzaboote](https://github.com/nix-community/lanzaboote) (Secure Boot)
## Notable System Configurations
### Desktop
* [boot.nix](./hosts/desktop/boot.nix)
* [configuration.nix](./hosts/desktop/configuration.nix)
* [hardware-configuration.nix](./hosts/desktop/hardware-configuration.nix)
* [filesystems.nix](./hosts/desktop/filesystems.nix)
* [home.nix](./hosts/desktop/home.nix)
* [sops.nix](./hosts/desktop/sops.nix)
* [specialisations.hyprland](./hosts/desktop/hyprland)
* [specialisations.gnome](./hosts/desktop/gnome)
* [specialisations.cosmic](./hosts/desktop/cosmic)
A powerful AMD-based desktop with gaming capabilities, featuring:
- AMD CPU and GPU optimizations
- Multiple desktop environment options (GNOME, Hyprland, COSMIC)
- Gaming setup with Steam and related tools
### NAS
* [boot.nix](./hosts/nas/boot.nix)
* [configuration.nix](./hosts/nas/configuration.nix)
* [hardware-configuration.nix](./hosts/nas/hardware-configuration.nix)
* [impermenance.nix](./hosts/nas/impermenance.nix)
* [apps.nix](./hosts/desktop/apps.nix)
* [home.nix](./hosts/desktop/home.nix)
* [networking.nix](./hosts/desktop/networking.nix)
* [services.nix](./hosts/desktop/services.nix)
* [sops.nix](./hosts/desktop/sops.nix)
* [ups.nix](./hosts/desktop/ups.nix)
* [samba](./modules/samba)
* nas-apps
* [arrs](./hosts/nas/apps/arrs/default.nix)
* [free-games-claimer](./modules/apps/free-games-claimer)
* [jackett](./modules/apps/jackett)
* [jellyfin](./hosts/nas/apps/jellyfin/default.nix)
* [jellyseerr](./hosts/nas/apps/jellyseerr/default.nix)
* [jackett](./modules/apps/manyfold)
* [mariadb](./modules/apps/mariadb)
* [mealie](./modules/apps/mealie)
* [nextcloud+onlyoffice](./hosts/nas/apps/nextcloud/default.nix)
* [ollama](./hosts/nas/apps/ollama/default.nix)
* [paperless](./hosts/nas/apps/paperless/default.nix)
* [tdarr](./modules/apps/tdarr)
* [traefik](./hosts/nas/apps/traefik/default.nix)
* [wireguard](./modules/apps/your-spotify)
### Raspberry Pi 4
* [configuration.nix](./hosts/pi4/configuration.nix)
* [hardware-configuration.nix](./hosts/pi4/hardware-configuration.nix)
A home server with various self-hosted services:
- Media management (Jellyfin, Jellyseerr)
- Download automation (Sonarr, Radarr, etc.)
- Document management (Paperless)
- File sharing (Samba, Nextcloud)
- AI services (Ollama)
### Raspberry Pi
Configurations for both Pi 4 and Pi 5:
- Hardware-specific optimizations
- Disk partitioning suitable for ARM devices
- Bluetooth and wireless support
### Steam Deck
Custom NixOS configuration for the Steam Deck:
- Integration with Jovian for Steam Deck compatibility
- Gaming optimizations
- Steam ROM Manager
### MacBook Pro
Configurations for both:
- NixOS on Apple Silicon
- nix-darwin for macOS
## Usage
### Building a System Configuration
```bash
# Build and activate a system configuration
sudo nixos-rebuild switch --flake .#hostname
```
### Building a Home Configuration
```bash
# Build and activate a home configuration
home-manager switch --flake .#username@hostname
```
## License
This project is licensed under the MIT License - see the LICENSE file for details.

15
checks/disksnstuff.sh Normal file
View File

@@ -0,0 +1,15 @@
mount -t tmpfs -o mode=755 none /mnt
mkdir -p /mnt/{boot,home,root,etc,nix,var/log}
mount /dev/sdb1 /mnt/boot
mount /dev/sdb3 -o compress=zstd,subvol=home /mnt/home
mount /dev/sdb3 -o compress=zstd,noatime,subvol=root /mnt/root
mount /dev/sdb3 -o compress=zstd,noatime,subvol=etc /mnt/etc
mount /dev/sdb3 -o compress=zstd,noatime,subvol=nix /mnt/nix
mount /dev/sdb3 -o compress=zstd,noatime,subvol=log /mnt/var/log
wpa_passphrase "Joey's Jungle 5G" "kR8v&3Qd" > 5g.conf
wpa_supplicant -i wlp6s0 -c 5g.conf -B
dhcpcd
keyctl link @u @s
clevis decrypt < "/etc/clevis/nas_pool.jwe" | bcachefs unlock /dev/disk/by-label/nas_pool

22
checks/pre-commit-hooks/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{
inputs,
pkgs,
lib,
...
}:
let
inherit (inputs) pre-commit-hooks-nix;
in
pre-commit-hooks-nix.lib.${pkgs.stdenv.hostPlatform.system}.run {
src = ../..;
hooks = {
pre-commit-hook-ensure-sops.enable = true;
treefmt = {
enable = lib.mkForce true;
settings.fail-on-change = lib.mkForce false;
packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs (
lib.snowfall.fs.get-file "treefmt.nix"
);
};
};
}

1
echo Normal file
View File

@@ -0,0 +1 @@
{"text": "\ue312 49\u00b0F", "tooltip": " Overcast 49\u00b0\n<span foreground=\"#585858\" font-weight=\"bold\"> .--. </span>Feels like: 49\u00b0\n<span foreground=\"#585858\" font-weight=\"bold\"> .-( ). </span>Wind: 2mph \u2199\n<span foreground=\"#585858\" font-weight=\"bold\"> (___.__)__) </span>Humidity: 80%\n Moon phase: Waxing Crescent \ud83c\udf12\n\nToday, <b>Mon Nov 24 2025</b>\n\uf2c7 53\u00b0F \uf2ca 38\u00b0F\ue34c 07:23 AM \ue34d 04:36 PM\n03 PM \udb81\udd95 52\u00b0 Partly Cloudy , Overcast 33%, Sunshine 73%\n06 PM \ue313 44\u00b0 Mist, Overcast 83%, Sunshine 8%\n09 PM \ue313 43\u00b0 Fog, Overcast 93%, Sunshine 5%\nTomorrow, <b>Tue Nov 25 2025</b>\n\uf2c7 43\u00b0F \uf2ca 34\u00b0F\ue34c 07:24 AM \ue34d 04:36 PM\n12 AM \ue313 43\u00b0 Fog, Fog 6%, Overcast 81%, Sunshine 19%\n03 AM \ue313 42\u00b0 Fog, Overcast 89%, Sunshine 8%\n06 AM \ue313 41\u00b0 Fog, Fog 6%, Overcast 92%, Sunshine 11%\n09 AM \ue313 40\u00b0 Fog, Fog 6%, Overcast 88%, Sunshine 5%\n12 PM \ue317 39\u00b0 Moderate rain at times, Overcast 90%, Rain 100%\n03 PM \ue308 34\u00b0 Light rain, Overcast 93%, Rain 100%\n06 PM \ue318 31\u00b0 Moderate rain, Overcast 88%, Rain 100%\n09 PM \ue31a 24\u00b0 Moderate snow, Overcast 89%, Rain 100%, Snow 100%\n<b>Wed Nov 26 2025</b>\n\uf2c7 36\u00b0F \uf2ca 25\u00b0F\ue34c 07:26 AM \ue34d 04:35 PM\n12 AM \ue312 21\u00b0 Overcast , Overcast 87%, Sunshine 8%\n03 AM \ue312 14\u00b0 Overcast , Frost 25%, Overcast 94%, Sunshine 13%\n06 AM \ue312 11\u00b0 Overcast , Frost 80%, Overcast 89%, Sunshine 8%\n09 AM \ue312 13\u00b0 Overcast , Frost 79%, Overcast 80%, Sunshine 5%\n12 PM \ue33d 18\u00b0 Cloudy , Frost 77%, Overcast 89%, Sunshine 17%\n03 PM \ue30d 24\u00b0 Sunny, Frost 29%, Sunshine 90%\n06 PM \udb81\udd94 22\u00b0 Clear , Frost 78%, Sunshine 94%\n09 PM \udb83\udf31 15\u00b0 Partly Cloudy , Frost 85%, Overcast 39%, Sunshine 83%\n"}

2495
flake.lock generated Executable file → Normal file
View File

File diff suppressed because it is too large Load Diff

1025
flake.nix Executable file → Normal file
View File

File diff suppressed because it is too large Load Diff

278
homes/aarch64-darwin/mattjallen@macbook-pro/default.nix Executable file
View File

@@ -0,0 +1,278 @@
{
lib,
pkgs,
namespace,
...
}:
let
inherit (lib.${namespace}) enabled disabled;
shellAliases = {
update-switch = "darwin-rebuild switch --flake ~/nix-config";
update-flake = "nix flake update ~/nix-config";
ducks = "du -cksh * | sort -hr | head -n 15";
};
packages = with pkgs; [
age
cpufetch
deadnix
nixfmt-rfc-style
nodePackages.nodejs
uv
sops
tree
wget
];
in
{
# Home Manager needs a bit of information about you and the
# paths it should manage.
home = {
username = "mattjallen";
homeDirectory = "/Users/mattjallen";
packages = lib.mkForce packages;
sessionVariables = {
NH_DARWIN_FLAKE = lib.mkForce "/Users/mattjallen/nix-config";
};
};
programs = {
zsh = {
shellAliases = shellAliases;
};
};
programs.nix-plist-manager = {
enable = true;
options = {
applications = {
finder = {
settings = {
general = {
showTheseItemsOnTheDesktop = {
hardDisks = false;
externalDisks = true;
cdsDvdsAndiPods = false;
connectedServers = false;
};
openFoldersInTabsInsteadOfNewWindows = true;
};
sidebar = {
recentTags = true;
};
advanced = {
removeItemsFromTheTrashAfter30Days = true;
showAllFilenameExtensions = true;
showWarningBeforeChangingAnExtension = true;
showWarningBeforeRemovingFromiCloudDrive = true;
showWarningBeforeEmptyingTheTrash = true;
keepFoldersOnTop = {
inWindowsWhenSortingByName = true;
onDesktop = true;
};
whenPerformingASearch = "Search This Mac";
};
};
menuBar = {
view = {
showTabBar = true;
showSidebar = true;
showPathBar = true;
showStatusBar = true;
};
};
};
systemSettings = {
appearance = {
appearance = "Dark";
accentColor = "Multicolor";
# clickInTheScrollBarTo = "Jump to the next page";
sidebarIconSize = "Medium";
showScrollBars = "When scrolling";
};
controlCenter = {
wifi = true;
bluetooth = true;
airdrop = true;
stageManager = true;
focusModes = "active";
screenMirroring = "active";
display = "never";
sound = "always";
nowPlaying = "active";
accessibilityShortcuts = "unset";
musicRecognition = {
showInMenuBar = false;
showInControlCenter = true;
};
hearing = "unset";
fastUserSwitching = {
showInMenuBar = false;
showInControlCenter = true;
};
keyboardBrightness = {
showInMenuBar = false;
showInControlCenter = true;
};
battery = {
showInMenuBar = false;
showInControlCenter = false;
};
batteryShowPercentage = true;
# menuBarOnly = {
# spotlight = false;
# siri = true;
# };
# automaticallyHideAndShowTheMenuBar = "In Full Screen Only";
};
desktopAndDock = {
desktopAndStageManager = {
showItems = {
onDesktop = true;
inStageManager = true;
};
clickWallpaperToRevealDesktop = "Always";
stageManager = false;
showRecentAppsInStageManager = true;
showWindowsFromAnApplication = "All at Once";
};
dock = {
animateOpeningApplications = true;
automaticallyHideAndShowTheDock = enabled;
doubleClickAWindowsTitleBarTo = "Minimize";
magnification = disabled;
minimizeWindowsIntoApplicationIcon = true;
minimizeWindowsUsing = "Genie Effect";
positionOnScreen = "Bottom";
showIndicatorsForOpenApplications = true;
showSuggestedAndRecentAppsInDock = false;
size = 64; # 16 - 128
# persistentApps = [
# { app = "/Applications/Clock.app"; }
# { folder = "/Applications"; }
# { app = "/Applications/Safari.app"; }
# { app = "/Applications/Firefox.app"; }
# { app = "/Applications/Tabby.app"; }
# { app = "/Applications/Termius.app"; }
# { app = "/Applications/Muic.app"; }
# { app = "/Applications/Vesktop.app"; }
# { app = "/Applications/Messages.app"; }
# { app = "/Applications/Calendar.app"; }
# { app = "/Applications/Reminders.app"; }
# { app = "/Applications/Notes.app"; }
# { app = "/Applications/Weather.app"; }
# { app = "/Applications/Maps.app"; }
# { app = "/Applications/App Store.app"; }
# { app = "/Applications/System Settings.app"; }
# { app = "/Applications/ChatGPT.app"; }
# { app = "/Applications/Nextcloud.app"; }
# { app = "/Applications/VSCodium.app"; }
# { app = "/Applications/Omnissa Horizon Client.app"; }
# { app = "/Applications/Proton Pass.app"; }
# { app = "/Applications/OrcaSlicer.app"; }
# { app = "/Applications/AlDente.app"; }
# ];
# persistentOthers = [
# "~/Downloads"
# ];
};
hotCorners = {
# ["-" "Mission Control" "Application Windows" "Desktop" "Start Screen Saver" "Disable Screen Saver" "Dashboard" "Put Display to Sleep" "Launchpad" "Notification Center" "Lock Screen" "Quick Note"]
topLeft = "-";
topRight = "-";
bottomLeft = "-";
bottomRight = "-";
};
missionControl = {
automaticallyRearrangeSpacesBasedOnMostRecentUse = true;
displaysHaveSeparateSpaces = true;
dragWindowsToTopOfScreenToEnterMissionControl = true;
groupWindowsByApplication = true;
whenSwitchingToAnApplicationSwitchToAspaceWithOpenWindowsForTheApplication = true;
};
widgets = {
showWidgets = {
onDesktop = true;
inStageManager = true;
};
widgetStyle = "Automatic";
useIphoneWidgets = true;
};
windows = {
askToKeepChangesWhenClosingDocuments = true;
closeWindowsWhenQuittingAnApplication = true;
dragWindowsToScreenEdgesToTile = true;
dragWindowsToMenuBarToFillScreen = true;
holdOptionKeyWhileDraggingWindowsToTile = true;
preferTabsWhenOpeningDocuments = "In Full Screen";
tiledWindowsHaveMargin = false;
};
};
focus = {
shareAcrossDevices = true;
};
# general.dateAndTime."24HourTime" = false;
notifications = {
notificationCenter = {
showPreviews = "When Unlocked";
summarizeNotifications = true;
};
};
sound = {
soundEffects = {
alertSound = "Boop";
alertVolume = 0.7;
playFeedbackWhenVolumeIsChanged = true;
playUserInterfaceSoundEffects = true;
};
};
spotlight = {
helpAppleImproveSearch = false;
# searchResults = {
# applications = true;
# calculator = true;
# contacts = true;
# conversion = true;
# definition = true;
# developer = true;
# documents = true;
# eventsAndReminders = true;
# folders = true;
# fonts = false;
# images = true;
# mailAndMessages = true;
# movies = true;
# music = true;
# other = false;
# pdfDocuments = true;
# presentations = true;
# siriSuggestions = false;
# systemSettings = true;
# tips = false;
# websites = true;
};
};
};
};
};
# Manage bug in compilations - who uses manpages in 2024 anyways? :P
manual.manpages = enabled;
# Override defaults that arent supported
programs = {
mangohud = lib.mkForce disabled;
nh = {
flake = lib.mkForce "/Users/mattjallen/nix-config";
};
};
services = {
pass-secret-service = lib.mkForce disabled;
nextcloud-client = lib.mkForce disabled;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

148
homes/aarch64-linux/matt@macbook-pro-nixos/default.nix Executable file
View File

@@ -0,0 +1,148 @@
{
lib,
pkgs,
namespace,
...
}:
let
inherit (lib.${namespace}) enabled disabled;
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
update-flake = "nix flake update mac-nixpkgs mac-nixos-apple-silicon mac-home-manager mac-impermanence mac-sops-nix --flake /etc/nixos";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
};
# Displays
display = {
input = "eDP-1";
resolution = "3456x2234";
refreshRate = "60.00000";
};
in
{
home.username = "matt";
home.homeDirectory = "/home/matt";
home.stateVersion = "23.11";
${namespace} = {
programs.hyprland = {
enable = true;
primaryDisplay = "eDP-1";
debug.disableScaleChecks = true;
monitorv2 = [
{
name = display.input;
mode = "${display.resolution}@${display.refreshRate}";
position = "0x0";
scale = 1.25;
extra = [
"bitdepth"
"10"
"cm"
"hdr"
"sdrbrightness"
"1.2"
"sdrsaturation"
"0.98"
];
}
];
workspace = [
"name:firefox, monitor:${display.input}, default:false, special, class:(.*firefox.*)"
"name:discord, monitor:${display.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
"name:steam, monitor:${display.input}, default:false, special, class:(.*[Ss]team.*)"
];
windowRule = [
"size 2160 3356, tag:horizonrdp"
];
hyprpaper = {
wallpaperPath = "/run/wallpaper.jpg";
};
keybinds = {
bind = [
"$mod, A, exec, chromium --app=\"https://music.apple.com\""
];
};
defaultApps = {
browser = pkgs.firefox;
};
};
programs = {
btop = enabled;
kitty = {
enable = true;
};
mako = {
enable = true;
};
nwg-dock = enabled;
nwg-drawer = enabled;
nwg-panel = {
enable = true;
defaultApps = {
browser = pkgs.firefox;
};
};
waybar = {
enable = true;
layer = "bottom";
temperature = {
cpu = enabled;
gpu = enabled;
};
extraModules = {
"custom/lights" = {
tooltip = false;
exec = "waybar-hass --get_light light.living_room_lights";
interval = "once";
format = "{text}"; # "󱉓";
on-click = "waybar-hass --toggle_light light.living_room_lights";
return-type = "json";
};
};
extraModulesStyle = ''
#custom-lights {
color: @base0C;
opacity: 0.85;
background-color: @base00;
}
#custom-lights:hover {
background: @base03;
}
'';
windowOffset = 75;
};
wlogout = enabled;
wofi = enabled;
};
};
home.packages = with pkgs; [
pkgs.${namespace}.bolt-launcher
pkgs.${namespace}.librepods
iw
iwd
orca-slicer
vscodium
];
programs = {
password-store = enabled;
zsh.shellAliases = shellAliases;
};
}

69
homes/aarch64-linux/matt@pi4/default.nix Executable file
View File

@@ -0,0 +1,69 @@
{ lib, namespace, ... }:
let
inherit (lib.${namespace}) enabled disabled;
in
{
home.username = "matt";
${namespace} = {
shell-aliases = {
enable = true;
flakeInputs = [
"pi4-nixpkgs"
"pi4-home-manager"
"pi4-impermanence"
"pi4-sops-nix"
"pi4-nixos-hardware"
"pi4-nixos-raspberrypi"
"pi4-disko"
];
};
};
sops = {
age.keyFile = "/home/matt/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/pi4" = {
path = "/home/matt/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/pi4" = {
path = "/home/matt/.ssh/id_ed25519";
mode = "0600";
};
# "ssh-keys-public/desktop-nixos" = {
# path = "/home/matt/.ssh/authorized_keys";
# mode = "0600";
# };
# "ssh-keys-public/desktop-nixos-root" = {
# path = "/home/matt/.ssh/authorized_keys2";
# mode = "0600";
# };
# "ssh-keys-public/desktop-windows" = {
# path = "/home/matt/.ssh/authorized_keys3";
# mode = "0600";
# };
# "ssh-keys-public/macbook-macos" = {
# path = "/home/matt/.ssh/authorized_keys4";
# mode = "0600";
# };
};
};
programs = {
mangohud = lib.mkForce enabled;
};
services = {
nextcloud-client = lib.mkForce disabled;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

24
hosts/pi5/home.nix → homes/aarch64-linux/matt@pi5/default.nix
View File

@@ -1,5 +1,11 @@
{ pkgs, lib, config, ... }:
{
config,
lib,
namespace,
...
}:
let
inherit (lib.${namespace}) enabled disabled;
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
@@ -9,14 +15,6 @@ let
};
in
{
imports = [
../../share/home/defaults.nix
../../share/home/git.nix
../../share/home/gnome.nix
../../share/home/librewolf.nix
../../share/home/shell.nix
../../share/home/vscode.nix
];
home.username = "matt";
@@ -62,4 +60,12 @@ in
programs = {
zsh.shellAliases = shellAliases;
};
services = {
nextcloud-client = lib.mkForce disabled;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

18
homes/aarch64-linux/root@macbook-pro-nixos/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{
lib,
namespace,
...
}:
let
inherit (lib.${namespace}) enabled disabled;
in
{
home.username = "root";
services = {
nextcloud-client = lib.mkForce disabled;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

18
homes/aarch64-linux/root@pi4/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{
lib,
namespace,
...
}:
let
inherit (lib.${namespace}) enabled disabled;
in
{
home.username = "root";
services = {
nextcloud-client = lib.mkForce disabled;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

18
homes/aarch64-linux/root@pi5/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{
lib,
namespace,
...
}:
let
inherit (lib.${namespace}) enabled disabled;
in
{
home.username = "root";
services = {
nextcloud-client = lib.mkForce disabled;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

38
hosts/nas/home.nix → homes/x86_64-linux/admin@jallen-nas/default.nix
View File

@@ -1,14 +1,24 @@
{ pkgs,... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10";
update-switch = "sudo nixos-rebuild switch --max-jobs 10";
update-flake = "nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix --flake /etc/nixos";
};
in
{ pkgs, namespace, ... }:
{
home.username = "admin";
${namespace} = {
shell-aliases = {
enable = true;
buildHost = ""; # NAS builds locally
flakeInputs = [
"nas-nixpkgs"
"nas-authentik-nix"
"nas-cosmic"
"nas-home-manager"
"nas-impermanence"
"nas-lanzaboote"
"nas-nixos-hardware"
"nas-sops-nix"
];
};
};
sops = {
age.keyFile = "/home/admin/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
@@ -58,18 +68,6 @@ in
}
];
};
zsh.shellAliases = shellAliases;
};
# services.nixai = {
# enable = true;
# mcp = {
# enable = true;
# # Optional: custom socket path (uses `$HOME` expansion)
# socketPath = "$HOME/.local/share/nixai/mcp.sock";
# };
# # Optional: integrate with VS Code
# vscodeIntegration = true;
# };
}

32
homes/x86_64-linux/admin@nuc-nixos/default.nix Executable file
View File

@@ -0,0 +1,32 @@
{ pkgs, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10";
update-switch = "sudo nixos-rebuild switch --max-jobs 10";
update-flake = "nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix --flake /etc/nixos";
};
in
{
home.username = "admin";
programs = {
zsh.shellAliases = shellAliases;
};
# Configure systemd user service for protonmail-bridge
systemd.user.services.protonmail-bridge = {
Service = {
Environment = [
"GNUPGHOME=/home/admin/.gnupg"
"PASSWORD_STORE_DIR=/home/admin/.local/password-store"
];
};
};
services = {
protonmail-bridge = {
enable = true;
extraPackages = with pkgs; [ pass libsecret ];
};
};
}

33
hosts/deck/home.nix → homes/x86_64-linux/deck@steamdeck/default.nix
View File

@@ -1,5 +1,6 @@
{ pkgs, ... }:
{ lib, pkgs, namespace, ... }:
let
inherit (lib.${namespace}) enabled disabled;
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10";
@@ -10,6 +11,8 @@ in
{
home.username = "deck";
${namespace}.desktop.gnome = enabled;
sops = {
age.keyFile = "/home/deck/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
@@ -30,27 +33,35 @@ in
steam-rom-manager = {
enable = true;
steamUsername = "mjallen18";
# Optional: override default paths if needed
environmentVariables = {
romsDirectory = "/home/deck/Emulation/roms";
steamDirectory = "/home/deck/.local/share/Steam";
};
emulators = {
ryujinx.enable = true;
ryujinx = enabled;
dolphin-gamecube = {
enable = true;
package = pkgs.dolphin-emu;
romFolder = "gc";
fileTypes = [ ".iso" ".ISO" ".gcm" ".GCM" ".ciso" ".CISO" "rvz" ];
fileTypes = [
".iso"
".ISO"
".gcm"
".GCM"
".ciso"
".CISO"
"rvz"
];
extraArgs = "-b -e \"\${filePath}\"";
};
pcsx2.enable = true;
mgba.enable = true;
pcsx2 = enabled;
mgba = enabled;
"Non-SRM Shortcuts" = {
enable = true;
parserType = "Non-SRM Shortcuts";
@@ -67,7 +78,7 @@ in
heroic
mgba
prismlauncher
ryujinx-greemdev
vmware-horizon-client
ryubing
omnissa-horizon-client
];
}

214
homes/x86_64-linux/matt@matt-nixos/default.nix Executable file
View File

@@ -0,0 +1,214 @@
{
lib,
pkgs,
namespace,
config,
...
}:
let
inherit (lib.${namespace}) enabled disabled;
displayLeft = {
input = "DP-1";
resolution = "3840x2160";
refreshRate = "120.00000";
};
displayRight = {
input = "DP-2";
resolution = "3840x2160";
refreshRate = "240.00000";
};
theme = config.mjallen.theme.palette;
in
{
home.username = "matt";
${namespace} = {
sops = {
enable = true;
};
shell-aliases = {
enable = true;
};
programs = {
hyprland = {
enable = true;
primaryDisplay = "DP-1";
monitorv2 = [
{
name = displayLeft.input;
mode = "${displayLeft.resolution}@${displayLeft.refreshRate}";
position = "0x0";
scale = 1.0;
extra = [
"bitdepth"
"10"
"cm"
"hdr"
"sdrbrightness"
"1.2"
"sdrsaturation"
"0.98"
];
}
{
name = displayRight.input;
mode = "${displayRight.resolution}@${displayRight.refreshRate}";
position = "3840x0";
scale = 1.0;
extra = [
"bitdepth"
"10"
"cm"
"hdr"
"sdrbrightness"
"1.5"
"sdrsaturation"
"0.98"
];
}
];
workspace = [
"name:firefox, monitor:${displayRight.input}, default:false, special, class:(.*firefox.*)"
"name:discord, monitor:${displayRight.input}, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
"name:steam, monitor:${displayLeft.input}, default:false, special, class:(.*[Ss]team.*)"
];
windowRule = [
"size 2160 7680, tag:horizonrdp"
];
autostartCommands = [
"[silent] firefox"
"[silent] discord"
"[silent] chromium --app=\"https://music.apple.com\""
"[silent] steam"
];
hyprpaper = {
wallpaperPath = "/run/wallpaper.jpg";
};
keybinds = {
bind = [
"$mod, A, exec, chromium --app=\"https://music.apple.com\""
"$mod, C, exec, discord"
"$mod, G, exec, steam"
];
};
defaultApps = {
browser = pkgs.firefox;
};
};
btop = enabled;
kitty = enabled;
mako = enabled;
nwg-dock = enabled;
nwg-drawer = enabled;
nwg-panel = {
enable = true;
defaultApps = {
browser = pkgs.firefox;
};
};
waybar = {
enable = true;
layer = "bottom";
network.interface = "wlp9s0";
temperature = {
cpu = enabled;
gpu = enabled;
};
extraModules = {
"custom/lights" = {
tooltip = false;
exec = "waybar-hass --get_light light.living_room_lights";
interval = "once";
format = "{text}"; # "󱉓";
on-click = "waybar-hass --toggle_light light.living_room_lights";
return-type = "json";
};
};
extraModulesStyle = ''
#custom-lights {
color: @base0C;
background-color: @base00;
opacity: 0.85;
border-left: 5px solid @base0C;
}
#custom-lights:hover {
background: @base03;
}
'';
};
wlogout = enabled;
wofi = enabled;
};
};
services = {
remmina = {
enable = true;
addRdpMimeTypeAssoc = true;
};
};
programs = {
password-store = enabled;
};
home.packages = with pkgs; [
pkgs.${namespace}.bolt-launcher
pkgs.${namespace}.librepods
bottles
compose2nix
discord
distrobox
heroic
omnissa-horizon-client
jq
lutris
lzip
morph
orca-slicer
piper
prismlauncher
protontricks
protonvpn-gui
python3
runelite
smile
unigine-heaven
via
virt-manager
vorta
waydroid-helper
];
specialisation = {
"cosmic".configuration = {
${namespace} = {
programs = {
hyprland = lib.mkForce disabled;
kitty = lib.mkForce disabled;
mako = lib.mkForce disabled;
nwg-dock = lib.mkForce disabled;
nwg-drawer = lib.mkForce disabled;
nwg-panel = lib.mkForce disabled;
waybar = lib.mkForce disabled;
wlogout = lib.mkForce disabled;
wofi = lib.mkForce disabled;
};
};
};
};
}

18
homes/x86_64-linux/root@jallen-nas/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{
lib,
namespace,
...
}:
let
inherit (lib.${namespace}) enabled disabled;
in
{
home.username = "root";
services = {
nextcloud-client = lib.mkForce disabled;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

18
homes/x86_64-linux/root@matt-nixos/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{
lib,
namespace,
...
}:
let
inherit (lib.${namespace}) enabled disabled;
in
{
home.username = "root";
services = {
nextcloud-client = lib.mkForce disabled;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

18
homes/x86_64-linux/root@nuc-nixos/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{
lib,
namespace,
...
}:
let
inherit (lib.${namespace}) enabled disabled;
in
{
home.username = "root";
services = {
nextcloud-client = lib.mkForce disabled;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

18
homes/x86_64-linux/root@steamdeck/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{
lib,
namespace,
...
}:
let
inherit (lib.${namespace}) enabled disabled;
in
{
home.username = "root";
services = {
nextcloud-client = lib.mkForce disabled;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

8
hosts/base/base-gui/default.nix
View File

@@ -1,8 +0,0 @@
{ ... }:
{
imports = [
./hardware.nix
./programs.nix
./services.nix
];
}

11
hosts/base/base-gui/hardware.nix
View File

@@ -1,11 +0,0 @@
{ lib, ... }:
{
# Hardware configs
hardware = {
# Enable graphics
graphics = {
enable = lib.mkDefault true;
enable32Bit = lib.mkDefault true;
};
};
}

31
hosts/base/base-gui/programs.nix
View File

@@ -1,31 +0,0 @@
{ lib, pkgs, ... }:
{
programs = {
nix-ld = {
enable = lib.mkDefault true;
libraries = with pkgs; [
alsa-lib
bash
expat
fontconfig
freetype
icu
glib
gtk3
libgcc
libgdiplus
libGL
libpulseaudio
SDL2
vulkan-loader
xorg.libX11
xorg.libICE
xorg.libSM
xorg.libXcursor
xorg.libXrandr
xorg.libXi
zlib
];
};
seahorse.enable = lib.mkDefault true;
};}

17
hosts/base/base-gui/services.nix
View File

@@ -1,17 +0,0 @@
{ lib, ... }:
{
services = {
kmscon.enable = lib.mkForce false;
# configure pipewire
pipewire = {
enable = lib.mkDefault true;
alsa.enable = lib.mkDefault true;
alsa.support32Bit = lib.mkDefault true;
pulse.enable = lib.mkDefault true;
};
# Enable CUPS to print documents.
printing.enable = lib.mkDefault true;
};
}

36
hosts/base/base-nogui/default.nix
View File

@@ -1,36 +0,0 @@
{ lib, pkgs, ... }:
let
timezone = "America/Chicago";
in
{
imports = [
./boot.nix
./environment.nix
./hardware.nix
./nix-settings.nix
./programs.nix
./security.nix
./services.nix
];
# Time config
time = {
# Set your time zone.
timeZone = timezone;
};
fonts.packages = with pkgs; [
font-awesome
noto-fonts
noto-fonts-color-emoji
meslo-lgs-nf
] ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
fonts.fontconfig.defaultFonts = {
emoji = [
"Noto Color Emoji"
];
};
system.stateVersion = "23.11";
}

13
hosts/base/base-nogui/environment.nix
View File

@@ -1,13 +0,0 @@
{ pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
attic-client
uutils-coreutils
uutils-diffutils
uutils-findutils
coreutils
nixd
];
};
}

12
hosts/base/base-nogui/hardware.nix
View File

@@ -1,12 +0,0 @@
{ lib, ... }:
{
hardware = {
# Bluetooth
bluetooth.enable = lib.mkDefault true;
i2c.enable = lib.mkDefault true;
# Enable all firmware
enableAllFirmware = lib.mkForce true;
};
}

31
hosts/base/base-nogui/security.nix
View File

@@ -1,31 +0,0 @@
{ lib, pkgs, ... }:
{
security = {
rtkit.enable = lib.mkDefault true;
# configure sudo
sudo.enable = lib.mkDefault false;
sudo-rs = {
enable = lib.mkDefault true;
extraRules = [
{
commands = [
{
command = "${pkgs.systemd}/bin/systemctl suspend";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}
];
};
};
}

27
hosts/base/default.nix
View File

@@ -1,27 +0,0 @@
# { lib, config, ... }:
# let
# cfg = config.base;
# cosmicPath =
# if cfg.desktopEnvironments.cosmic.enableSpecialisation then
# ../../modules/desktop-environments/cosmic/specialisation.nix
# else
# ../../modules/desktop-environments/cosmic/default.nix;
# hyprlandPath =
# if cfg.desktopEnvironments.hyprland.enableSpecialisation then
# ../../modules/desktop-environments/hyprland/specialisation.nix
# else
# ../../modules/desktop-environments/hyprland/default.nix;
# extraImports = lib.optionals cfg.enable (
# [ ./base-nogui ]
# ++ lib.optional cfg.baseGui.enable ./base-gui
# ++ lib.optional cfg.desktopEnvironments.cosmic.enable cosmicPath
# ++ lib.optional cfg.desktopEnvironments.hyprland.enable hyprlandPath
# );
# in
# {
# imports = [ ./options.nix ] ++ extraImports;
# }

35
hosts/base/options.nix
View File

@@ -1,35 +0,0 @@
{ lib, ... }:
with lib;
{
options.base = {
enable = mkEnableOption "base config";
baseGui.enable = mkOption {
type = types.bool;
default = false;
};
desktopEnvironments = {
cosmic = {
enable = mkOption {
type = types.bool;
default = false;
};
enableSpecialisation = mkOption {
type = types.bool;
default = false;
};
};
hyprland = {
enable = mkOption {
type = types.bool;
default = false;
};
enableSpecialisation = mkOption {
type = types.bool;
default = false;
};
};
};
};
}

100
hosts/deck/configuration.nix
View File

@@ -1,100 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[
./boot.nix
./jovian.nix
./networking.nix
./sops.nix
];
nix = {
settings = {
substituters = [
"https://cache.mjallen.dev"
];
trusted-public-keys = [
"cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
];
builders-use-substitutes = true;
};
distributedBuilds = true;
buildMachines = [
{
hostName = "jalle-nas.local";
system = "x86_64-linux";
maxJobs = 10;
sshUser = "admin";
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
}
];
};
# Define a user account. Don't forget to set a password with passwd.
users.users = {
deck = {
hashedPasswordFile = config.sops.secrets."steamdeck/deck-password".path;
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [
# macBook
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
# desktop windows
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
# desktop nixos
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
];
packages = with pkgs; [
firefox
tree
];
shell = pkgs.zsh;
};
root.shell = pkgs.zsh;
};
programs.coolercontrol.enable = true;
services = {
btrfs = {
autoScrub.enable = lib.mkDefault true;
autoScrub.fileSystems = lib.mkDefault [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
];
};
};
chaotic.mesa-git.enable = true;
services.displayManager.gdm.enable = lib.mkForce false;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment = {
systemPackages = with pkgs; [
fuse
jq
newt
sbctl
steam-run
udisks2
zenity
];
variables = {
STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
GDK_SCALE = "1";
};
};
}

44
hosts/deck/networking.nix
View File

@@ -1,44 +0,0 @@
{ config, lib, ... }:
let
hostname = "steamdeck";
wifiSsid = "Joey's Jungle 5G";
in
{
networking = {
hostName = hostname;
networkmanager = {
enable = true;
wifi.powersave = lib.mkDefault false;
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
ensureProfiles = {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = {
wifiSsid = {
connection = {
id = wifiSsid;
type = "wifi";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = wifiSsid;
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
};
};
};
};
}

125
hosts/desktop/configuration.nix
View File

@@ -1,125 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
lib,
pkgs,
...
}:
let
pkgsVersion = pkgs; #.unstable;
environmentVariables = {
STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
GDK_SCALE = "1";
EDITOR = "${pkgs.vscodium}/bin/codium --wait";
VISUAL = "${pkgs.vscodium}/bin/codium --wait";
};
systemPackages = with pkgsVersion; [
acpilight
aha
aspell
aspellDicts.en
aspellDicts.en-computers
aspellDicts.en-science
borgbackup
brightnessctl
# brscan5
ddcui
ddcutil
ddccontrol
ddccontrol-db
efibootmgr
kdePackages.ksvg
memtest86-efi
memtest86plus
os-prober
nil
qemu_full
rclone
rclone-browser
restic
restic-browser
restic-integrity
sane-frontends
sbctl
tpm2-tools
tpm2-tss
udisks2
unzip
winetricks
];
in
{
imports = [
./boot.nix
./filesystems.nix
./hardware-configuration.nix
./networking.nix
./nix.nix
./services.nix
./sops.nix
./users.nix
];
nix = {
settings = {
substituters = [
"https://cache.mjallen.dev"
];
trusted-public-keys = [
"cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
];
};
};
chaotic.mesa-git.enable = true;
# Environment configuration
environment = {
systemPackages = systemPackages;
variables = environmentVariables;
};
# Hardware configuration
hardware = {
# Enable the QMK firmware flashing tool.
keyboard = {
qmk.enable = true;
};
# Enable Sane and Brother printer support.
sane = {
enable = true;
brscan5.enable = false;
# extraBackends = [ pkgsVersion.brscan5 ];
};
};
# Common Configuration
share = {
gaming.enable = true;
hardware.amd = {
enable = lib.mkDefault true;
lact.enable = lib.mkDefault true;
};
};
programs.coolercontrol.enable = true;
# Time configuration
time = {
hardwareClockInLocalTime = lib.mkDefault false;
};
# Virtualisation configuration
virtualisation = {
libvirtd.enable = lib.mkDefault true;
waydroid.enable = lib.mkDefault true;
};
services.udev.extraRules = ''
KERNEL=="i2c-[0-9]*", GROUP="i2c", MODE="0660"
'';
}

66
hosts/desktop/home.nix
View File

@@ -1,66 +0,0 @@
{ pkgs, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
update-flake = "nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager --flake /etc/nixos";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
};
in
{
home.username = "matt";
sops = {
age.keyFile = "/home/matt/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/desktop-nixos" = {
path = "/home/matt/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/desktop-nixos" = {
path = "/home/matt/.ssh/id_ed25519";
mode = "0600";
};
};
};
services = {
remmina = {
enable = true;
addRdpMimeTypeAssoc = true;
};
};
programs = {
password-store.enable = true;
zsh.shellAliases = shellAliases;
};
home.packages = with pkgs; [
bottles
unstable.compose2nix
discord
heroic
stable.vmware-horizon-client
jq
lutris
lzip
morph
orca-slicer
piper
prismlauncher
protontricks
protonvpn-gui
python3
qmk
smile
unigine-heaven
via
virt-manager
vorta
waydroid-helper
];
}

46
hosts/desktop/networking.nix
View File

@@ -1,46 +0,0 @@
{ lib, config, ... }:
let
hostname = "matt-nixos";
in
{
# Networking configs
networking = {
hostName = lib.mkDefault hostname;
# Enable Network Manager
networkmanager = {
enable = lib.mkDefault true;
wifi.powersave = lib.mkDefault false;
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
ensureProfiles = {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = {
"Joey's Jungle 6G" = {
connection = {
id = "Joey's Jungle 6G";
type = "wifi";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 6G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
};
};
};
};
}

33
hosts/desktop/nix.nix
View File

@@ -1,33 +0,0 @@
{ lib, ... }:
let
user = "matt";
in
{
nix = {
settings = {
substituters = [
"https://cache.mjallen.dev/nas-cache"
];
trusted-public-keys = [
"nas-cache:5ibTWOXJYlKBaoNtdDEPmvdLPtfnbwf9jvdnfwi5dUs="
];
warn-dirty = lib.mkForce false;
experimental-features = lib.mkForce [
"nix-command"
"flakes"
];
trusted-users = [ user ];
};
# settings.builders-use-substitutes = true;
# distributedBuilds = true;
buildMachines = [
{
hostName = "jallen-nas.local";
system = "x86_64-linux";
maxJobs = 10;
sshUser = "admin";
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
}
];
};
}

108
hosts/desktop/services.nix
View File

@@ -1,108 +0,0 @@
{ config, lib, pkgs, ... }:
let
pkgsVersion = pkgs; #.unstable;
in
{
services = {
# Enable Flatpak
flatpak.enable = lib.mkDefault false;
# enable auto discovery of printers
avahi = {
enable = lib.mkDefault true;
nssmdns4 = lib.mkDefault true;
openFirewall = lib.mkDefault true;
};
restic.backups = {
jallen-nas = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
environmentFile = config.sops.templates."restic.env".path;
passwordFile = config.sops.secrets."desktop/restic/password".path;
repositoryFile = config.sops.secrets."desktop/restic/repo".path;
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Steam"
"/home/matt/Heroic"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
proton-drive = {
initialize = true;
createWrapper = true;
inhibitsSleep = true;
passwordFile = config.sops.secrets."desktop/restic/password".path;
rcloneConfigFile = "/home/matt/.config/rclone/rclone.conf";
repository = "rclone:proton-drive:backup-nix";
paths = [
"/home/matt"
];
exclude = [
"/home/matt/Steam"
"/home/matt/Heroic"
"/home/matt/1TB"
"/home/matt/Downloads"
"/home/matt/Nextcloud"
"/home/matt/.cache"
"/home/matt/.local/share/Steam"
"/home/matt/.var/app/com.valvesoftware.Steam"
"/home/matt/.tmp"
"/home/matt/.thumbnails"
"/home/matt/.compose-cache"
];
};
};
btrfs = {
autoScrub.enable = lib.mkDefault true;
autoScrub.fileSystems = lib.mkDefault [
"/nix"
"/root"
"/etc"
"/var/log"
"/home"
];
};
ratbagd.enable = lib.mkDefault true;
};
systemd = {
user.services = {
rclone-home-proton = {
enable = lib.mkDefault false;
path = with pkgsVersion; [
bash
pkgs.rclone
];
script = ''
rclone sync /home/matt proton-drive:backup-nix --exclude '/home/matt/Games/**' --exclude '/home/matt/1TB/**' --exclude '/home/matt/Downloads/**'
'';
};
rsync-home = {
enable = lib.mkDefault false;
path = with pkgsVersion; [
bash
rsync
openssh
];
script = ''
rsync -rtpogvPlHzs --ignore-existing --exclude={'/home/matt/Games', '/home/matt/1TB', '/home/matt/Downloads/*', '/home/matt/.cache'} -e ssh /home/matt admin@10.0.1.3:/media/nas/main/backup/desktop-nix/home
'';
};
};
};
}

26
hosts/desktop/users.nix
View File

@@ -1,26 +0,0 @@
{ config, lib, pkgs, ... }:
let
user = "matt";
passwordFile = config.sops.secrets."desktop/matt_password".path;
pkgsVersion = pkgs; #.unstable;
in
{
users.users."${user}" = {
isNormalUser = lib.mkDefault true;
extraGroups = [
"wheel"
"keys"
"networkmanager"
"ratbagd"
"input"
"scanner"
"lp"
"video"
"i2c"
]; # Enable sudo for the user.
hashedPasswordFile = passwordFile;
shell = pkgsVersion.zsh;
};
users.users.root.shell = pkgsVersion.zsh;
}

236
hosts/homeassistant/automations.yaml
View File

@@ -1,236 +0,0 @@
- id: '1740678838632'
alias: Bedroom Light Switch
description: ''
triggers:
- domain: mqtt
device_id: 8b3a5a5b6faaba744c70ee940446a8af
type: action
subtype: on-press
trigger: device
id: on press
- domain: mqtt
device_id: 8b3a5a5b6faaba744c70ee940446a8af
type: action
subtype: off-press
trigger: device
id: off press
- domain: mqtt
device_id: 8b3a5a5b6faaba744c70ee940446a8af
type: action
subtype: up-press
trigger: device
id: up press
- domain: mqtt
device_id: 8b3a5a5b6faaba744c70ee940446a8af
type: action
subtype: down-press
trigger: device
id: down press
conditions: []
actions:
- choose:
- conditions:
- condition: trigger
id:
- on press
sequence:
- action: light.turn_on
metadata: {}
data:
transition: 2
brightness_pct: 100
kelvin: 6004
target:
entity_id: light.bedroom_lights
- conditions:
- condition: trigger
id:
- off press
sequence:
- action: light.turn_off
metadata: {}
data:
transition: 2
target:
entity_id: light.bedroom_lights
- conditions:
- condition: trigger
id:
- up press
sequence:
- action: light.turn_on
metadata: {}
data:
brightness_step_pct: 10
target:
entity_id: light.bedroom_lights
- conditions:
- condition: trigger
id:
- down press
sequence:
- action: light.turn_on
metadata: {}
data:
brightness_step_pct: -10
target:
entity_id: light.bedroom_lights
mode: single
- id: '1740697291423'
alias: Living Rooom Lights
description: ''
triggers:
- domain: mqtt
device_id: b4fb325dfe68d4f80391417998f35843
type: action
subtype: on-press
trigger: device
id: on press
- domain: mqtt
device_id: b4fb325dfe68d4f80391417998f35843
type: action
subtype: off-press
trigger: device
id: off press
- domain: mqtt
device_id: b4fb325dfe68d4f80391417998f35843
type: action
subtype: up-press
trigger: device
id: up press
- domain: mqtt
device_id: b4fb325dfe68d4f80391417998f35843
type: action
subtype: down-press
trigger: device
id: down press
- domain: mqtt
device_id: b4fb325dfe68d4f80391417998f35843
type: action
subtype: on-hold
trigger: device
id: on-hold
conditions: []
actions:
- choose:
- conditions:
- condition: trigger
id:
- on press
sequence:
- action: light.turn_on
metadata: {}
data:
transition: 2
brightness_pct: 100
kelvin: 6004
target:
entity_id:
- light.living_room_lights
- conditions:
- condition: trigger
id:
- off press
sequence:
- action: light.turn_off
metadata: {}
data:
transition: 2
target:
entity_id:
- light.living_room_lights
- conditions:
- condition: trigger
id:
- up press
sequence:
- action: light.turn_on
metadata: {}
data:
brightness_step_pct: 10
target:
entity_id: light.living_room_lights
- conditions:
- condition: trigger
id:
- down press
sequence:
- action: light.turn_on
metadata: {}
data:
brightness_step_pct: -10
target:
entity_id: light.living_room_light_1
- conditions:
- condition: trigger
id:
- on-hold
sequence:
- action: light.turn_on
metadata: {}
data:
transition: 0
brightness_pct: 100
rgb_color:
- 224
- 27
- 36
target:
entity_id: light.living_room_lights
mode: single
- id: '1741048414771'
alias: Front Closet
description: ''
triggers:
- type: present
device_id: c6519ea1e715f397dbbf7b73452f9e49
entity_id: c3a7b8892b8b372d2c40556e770ddc68
domain: binary_sensor
trigger: device
for:
hours: 0
minutes: 0
seconds: 0
id: present
- type: not_present
device_id: c6519ea1e715f397dbbf7b73452f9e49
entity_id: c3a7b8892b8b372d2c40556e770ddc68
domain: binary_sensor
trigger: device
for:
hours: 0
minutes: 0
seconds: 5
id: not
conditions: []
actions:
- choose:
- conditions:
- condition: trigger
id:
- present
sequence:
- action: light.turn_on
metadata: {}
data:
transition: 2
brightness_pct: 100
kelvin: 6010
target:
entity_id:
- light.front_closet_light_1
- light.front_closet_light_2
- conditions:
- condition: trigger
id:
- not
sequence:
- action: light.turn_off
metadata: {}
data:
transition: 2
target:
entity_id:
- light.front_closet_light_1
- light.front_closet_light_2
mode: single

576
hosts/homeassistant/automations.yaml.ori
View File

@@ -1,576 +0,0 @@
- id: '1692388103102'
alias: Weekly Backup
description: Create a full backup every Sunday at 3 am and store it on the NAS
trigger:
- platform: time
at: 03:00:00
condition:
- condition: time
weekday:
- sun
action:
- service: hassio.backup_full
data:
compressed: true
mode: single
- id: '1692389901297'
alias: Livingroom Lights
description: ''
trigger:
- platform: device
domain: mqtt
device_id: 37d42431de65199af00220b43dae04c1
type: action
subtype: on_press
id: 'on'
- platform: device
domain: mqtt
device_id: 37d42431de65199af00220b43dae04c1
type: action
subtype: off_press
id: 'off'
- platform: device
domain: mqtt
device_id: 37d42431de65199af00220b43dae04c1
type: action
subtype: up_press
id: up
- platform: device
domain: mqtt
device_id: 37d42431de65199af00220b43dae04c1
type: action
subtype: down_press
id: down
- platform: device
domain: mqtt
device_id: 37d42431de65199af00220b43dae04c1
type: action
subtype: on_hold
id: hold
condition: []
action:
- choose:
- conditions:
- condition: trigger
id:
- 'on'
sequence:
- data:
brightness_pct: 100
color_temp_kelvin: 5000
transition: 1
target:
entity_id: light.livingroom_lights
action: light.turn_on
- conditions:
- condition: trigger
id:
- 'off'
sequence:
- data:
transition: 1
target:
entity_id: light.livingroom_lights
action: light.turn_off
- conditions:
- condition: trigger
id:
- hold
sequence:
- data:
brightness_pct: 100
rgb_color:
- 255
- 38
- 0
transition: 1
target:
entity_id: light.livingroom_lights
action: light.turn_on
- conditions:
- condition: trigger
id:
- dim up
sequence:
- data:
brightness_step_pct: 20
target:
entity_id: light.livingroom_lights
action: light.turn_on
- conditions:
- condition: trigger
id:
- dim down
sequence:
- data:
brightness_step_pct: -20
target:
entity_id: light.livingroom_lights
action: light.turn_on
mode: single
- id: '1692390365798'
alias: Bedroom Lights
description: ''
triggers:
- domain: mqtt
device_id: a492c0abb8f14e0888df08101f77f484
type: action
subtype: off_press
id: 'off'
trigger: device
- domain: mqtt
device_id: a492c0abb8f14e0888df08101f77f484
type: action
subtype: on_press
id: 'on'
trigger: device
- domain: mqtt
device_id: a492c0abb8f14e0888df08101f77f484
type: action
subtype: up_press
id: up
trigger: device
- domain: mqtt
device_id: a492c0abb8f14e0888df08101f77f484
type: action
subtype: down_press
id: down
trigger: device
- domain: mqtt
device_id: a492c0abb8f14e0888df08101f77f484
type: action
subtype: on_hold
id: hold on
trigger: device
conditions: []
actions:
- choose:
- conditions:
- condition: trigger
id:
- 'on'
sequence:
- data:
brightness_pct: 100
color_temp_kelvin: 5000
transition: 1
target:
entity_id: light.bedroom_lights
action: light.turn_on
- conditions:
- condition: trigger
id:
- 'off'
sequence:
- data:
transition: 1
target:
entity_id:
- light.bedroom_lights
action: light.turn_off
- conditions:
- condition: trigger
id:
- up
sequence:
- device_id: 171fa001578683249ff26f2d85817fef
domain: light
entity_id: 55d41329665f60a55a732c5bbececd22
type: brightness_increase
- device_id: c92fea3d569ca668e6617a189f917a28
domain: light
entity_id: 0c8630c2b37ae9615f9cf815aaebf40f
type: brightness_increase
- conditions:
- condition: trigger
id:
- down
sequence:
- device_id: 171fa001578683249ff26f2d85817fef
domain: light
entity_id: 55d41329665f60a55a732c5bbececd22
type: brightness_decrease
- device_id: c92fea3d569ca668e6617a189f917a28
domain: light
entity_id: 0c8630c2b37ae9615f9cf815aaebf40f
type: brightness_decrease
- conditions:
- condition: trigger
id:
- hold on
sequence:
- metadata: {}
data:
rgb_color:
- 255
- 0
- 0
brightness_pct: 100
target:
entity_id: light.bedroom_lights
action: light.turn_on
mode: single
- id: '1694441037420'
alias: Air Purifier Schedule
description: ''
trigger:
- platform: time
at: 07:00:00
id: fan off
- platform: time
at: '23:00:00'
id: fan on
condition: []
action:
- choose:
- conditions:
- condition: trigger
id:
- fan on
sequence:
- service: fan.set_percentage
data:
percentage: 100
target:
entity_id: fan.bedroom_air_purifier
- conditions:
- condition: trigger
id:
- fan off
sequence:
- service: fan.set_preset_mode
data:
preset_mode: auto
target:
entity_id: fan.bedroom_air_purifier
mode: single
- id: '1705949582146'
alias: Ice Maker Power Schedule
description: ''
trigger:
- platform: time_pattern
hours: '*'
minutes: '0'
seconds: '0'
condition: []
action:
- type: toggle
device_id: 41c66532e23aadc4c6ac95e520e5d345
entity_id: bd17ac75a91e62ed7e6b148cfe33d43d
domain: switch
- alias: Set Ice Maker Light to Dim
device_id: 41c66532e23aadc4c6ac95e520e5d345
domain: select
entity_id: 8f4f90c62b00df9008d14f7ce8967199
type: select_option
option: 'On'
mode: single
- id: '1708978401738'
alias: Soundbar
description: ''
trigger: []
condition: []
action:
- service: media_player.turn_on
metadata: {}
data: {}
target:
entity_id: media_player.soundbar
- service: media_player.select_source
metadata: {}
data:
source: wifi
target:
entity_id: media_player.soundbar
- service: media_player.play_media
metadata: {}
data:
media_content_id: media-source://radio_browser/2eff3a1f-b821-4267-9f37-f8d7e72061e4
media_content_type: audio/mpeg
target:
entity_id: media_player.soundbar
mode: single
- id: '1711147285926'
alias: Grow Light Schedule
description: ''
trigger:
- platform: time
at: 07:00:00
id: day
- platform: time
at: '20:00:00'
id: night
condition: []
action:
- choose:
- conditions:
- condition: trigger
id:
- day
sequence:
- service: switch.turn_on
metadata: {}
data: {}
target:
entity_id: switch.grow_lights
- conditions:
- condition: trigger
id:
- night
sequence:
- service: switch.turn_off
metadata: {}
data: {}
target:
entity_id: switch.grow_lights
mode: single
- id: '1723142554607'
alias: Restart Luci's Box
description: for some reason this box sucks and needs to get reboot periodically
trigger:
- platform: time_pattern
hours: '*'
condition: []
action:
- type: turn_off
device_id: e7f8974c31567dddbbffb036fe8381bc
entity_id: e1e71e4acdfcbb6c4afdc174807ad8be
domain: switch
- delay:
hours: 0
minutes: 0
seconds: 1
milliseconds: 0
- type: turn_on
device_id: e7f8974c31567dddbbffb036fe8381bc
entity_id: e1e71e4acdfcbb6c4afdc174807ad8be
domain: switch
- type: turn_on
device_id: d5eb3c182a1ef2a231b94b09c26aed45
entity_id: 7106df7ebde274ac4bc2b197d5c45bea
domain: fan
- device_id: d5eb3c182a1ef2a231b94b09c26aed45
domain: number
entity_id: 59a7cd3cb2883bf6002f789c2ff4824c
type: set_value
value: 3
mode: single
- id: '1724707092916'
alias: HASS Updates
description: ''
use_blueprint:
path: edwardtfn/auto_update_scheduled.yaml
input:
schedule_entity: schedule.updates
restart_bool: true
- id: '1724707291994'
alias: IOT Battery Checker
description: ''
use_blueprint:
path: sbyx/low-battery-level-detection-notification-for-all-battery-sensors.yaml
input:
exclude:
entity_id: []
device_id:
- 66e9cee67a740e8925dae5fc9ce940f0
- df76e3a3e48b49e13bd3006350826740
actions:
- action: notify.persistent_notification
metadata: {}
data:
message: Device Battery Low
- id: '1729708621620'
alias: Closet Lights
description: ''
triggers:
- type: present
device_id: 0924cbdcd24416e768caa52301db59f7
entity_id: e9f0acef50550033cd96155bd501b7c3
domain: binary_sensor
trigger: device
for:
hours: 0
minutes: 0
seconds: 0
id: Present
- type: not_present
device_id: 0924cbdcd24416e768caa52301db59f7
entity_id: e9f0acef50550033cd96155bd501b7c3
domain: binary_sensor
trigger: device
for:
hours: 0
minutes: 0
seconds: 0
id: empty
conditions: []
actions:
- choose:
- conditions:
- condition: trigger
id:
- Present
sequence:
- action: light.turn_on
metadata: {}
data:
transition: 3
brightness_pct: 100
kelvin: 5008
target:
device_id:
- e25128ac8fcf62af66a039cde3104760
- ddcfd5ea4fc5f5a88e18325b01c615db
- conditions:
- condition: trigger
id:
- empty
sequence:
- action: light.turn_off
metadata: {}
data:
transition: 3
target:
device_id:
- e25128ac8fcf62af66a039cde3104760
- ddcfd5ea4fc5f5a88e18325b01c615db
mode: single
- id: '1729881464325'
alias: Bedroom Closet
description: ''
triggers:
- type: present
device_id: 28e7f211c72409fe244183219abf6ffa
entity_id: aa474f323868586cef62070654f36936
domain: binary_sensor
trigger: device
id: Present
- type: not_present
device_id: 28e7f211c72409fe244183219abf6ffa
entity_id: aa474f323868586cef62070654f36936
domain: binary_sensor
trigger: device
id: empty
conditions: []
actions:
- choose:
- conditions:
- condition: trigger
id:
- Present
sequence:
- type: turn_on
device_id: f5936d6143b7927433e9c0430c79acab
entity_id: f6ec42c9db2c191866a335a346b1ec44
domain: switch
- conditions:
- condition: trigger
id:
- empty
sequence:
- type: turn_off
device_id: f5936d6143b7927433e9c0430c79acab
entity_id: f6ec42c9db2c191866a335a346b1ec44
domain: switch
mode: single
- id: '1740179328446'
alias: Living Room Lights
description: ''
triggers:
- domain: mqtt
device_id: f7482a462dc7cc05b4ceaa0d882dc469
type: action
subtype: off_press
trigger: device
id: 'off'
- domain: mqtt
device_id: f7482a462dc7cc05b4ceaa0d882dc469
type: action
subtype: on_press
trigger: device
id: 'on'
- domain: mqtt
device_id: f7482a462dc7cc05b4ceaa0d882dc469
type: action
subtype: up_press
trigger: device
id: up
- domain: mqtt
device_id: f7482a462dc7cc05b4ceaa0d882dc469
type: action
subtype: down_press
trigger: device
id: down
- domain: mqtt
device_id: f7482a462dc7cc05b4ceaa0d882dc469
type: action
subtype: on_hold
trigger: device
id: hold on
conditions: []
actions:
- choose:
- conditions:
- condition: trigger
id:
- 'on'
sequence:
- data:
brightness_pct: 100
color_temp_kelvin: 5000
transition: 1
action: light.turn_on
target:
entity_id: light.livingroom_lights
- conditions:
- condition: trigger
id:
- 'off'
sequence:
- data:
transition: 1
action: light.turn_off
target:
entity_id: light.livingroom_lights
- conditions:
- condition: trigger
id:
- up
sequence:
- device_id: 8bc2033b03d5a474ca3204c5ca53e308
domain: light
entity_id: 4a3cc9043ff985e9271683e1916bd9e1
type: brightness_increase
- device_id: 8f4f51aed9b3b4284f520af25358efd9
domain: light
entity_id: f45e74498c4b6bae65aaf5adf67e29d6
type: brightness_increase
- conditions:
- condition: trigger
id:
- down
sequence:
- device_id: 8bc2033b03d5a474ca3204c5ca53e308
domain: light
entity_id: 4a3cc9043ff985e9271683e1916bd9e1
type: brightness_decrease
- device_id: 8bc2033b03d5a474ca3204c5ca53e308
domain: light
entity_id: 4a3cc9043ff985e9271683e1916bd9e1
type: brightness_decrease
- conditions:
- condition: trigger
id:
- hold on
sequence:
- metadata: {}
data:
rgb_color:
- 255
- 0
- 0
brightness_pct: 100
action: light.turn_on
target:
entity_id: light.livingroom_lights
mode: single

40
hosts/homeassistant/boot.nix
View File

@@ -1,40 +0,0 @@
{ lib, pkgs, ... }:
let
kernel = pkgs.linuxPackages_latest;
in
{
# Configure bootloader with lanzaboot and secureboot
boot = {
kernelModules = [ "nct6775" ];
loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
initrd = {
verbose = false;
systemd.enable = true;
};
plymouth = {
enable = true;
};
kernelPackages = kernel;
kernelParams = [
"quiet"
"splash"
];
consoleLogLevel = 3;
bootspec.enable = true;
};
environment.systemPackages = with pkgs; [
edk2-uefi-shell
];
}

141
hosts/homeassistant/configuration.nix
View File

@@ -1,141 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
let
user = "hass-admin";
password = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06";
SSID = "Joey's Jungle 5G";
SSIDpassword = "kR8v&3Qd"; # config.sops.templates."wifi-password".content;
interface = "wlp0s20f3";
timezone = "America/Chicago";
hostname = "jallen-hass";
in
{
imports = [
# Include the results of the hardware scan.
./boot.nix
./hardware-configuration.nix
./impermanence.nix
./homeassistant.nix
../default.nix
];
# Enable nix flakes and nix-command tools
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.trusted-users = [ "@wheel" ];
# Set your time zone.
time.timeZone = timezone;
networking = {
networkmanager = {
enable = true;
# Configure the static connection for eno1
# ensureProfiles = {
# profiles = {
# joeys-jungle = {
# connection = {
# id = "joeys-jungle";
# permissions = "";
# type = "wifi";
# };
# ipv4 = {
# dns-search = "";
# method = "auto";
# };
# ipv6 = {
# addr-gen-mode = "stable-privacy";
# dns-search = "";
# method = "auto";
# };
# wifi = {
# mac-address-blacklist = "";
# mode = "infrastructure";
## ssid = SSID;
# };
# wifi-security = {
# auth-alg = "open";
# key-mgmt = "wpa-psk";
# psk = SSIDpassword;
# };
# };
# "static-eno1" = {
# connection = {
# id = "static-eno1";
# type = "ethernet";
# interface-name = "eno1";
# };
# ipv4 = {
# method = "manual";
# addresses = "10.0.1.19/24";
# gateway = "10.0.1.1";
# dns = "10.0.1.1";
# };
# };
# };
# };
};
hostName = hostname;
wireless = {
enable = false;
networks."${SSID}".psk = SSIDpassword;
interfaces = [ interface ];
};
};
environment.systemPackages = with pkgs; [
vim
htop
git
protonmail-bridge
pass
gnome-keyring
openssl
];
services.xserver.desktopManager.surf-display = {
enable = true;
defaultWwwUri = "http://jallen-hass:8123"; # todo: external maybe for reasons???
};
services.openssh.enable = true;
services.protonmail-bridge = {
enable = true;
path = with pkgs; [ pass gnome-keyring ];
};
# Enable Avahi for .local hostname resolution
services.avahi = {
enable = true;
nssmdns4 = true; # For modern systems, use nssmdns4 instead of nssmdns
publish = {
enable = true;
addresses = true;
domain = true;
workstation = true;
};
};
users = {
mutableUsers = false;
users."${user}" = {
isNormalUser = lib.mkForce true;
initialHashedPassword = password;
extraGroups = [
"wheel"
"docker"
"network-manager"
"hass"
];
shell = pkgs.zsh;
};
};
}

70
hosts/homeassistant/hardware-configuration.nix
View File

@@ -1,70 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/AB0D-A6A2";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
fsType = "btrfs";
options = [ "subvol=etc" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
fsType = "btrfs";
options = [ "subvol=log" ];
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
fsType = "btrfs";
options = [ "subvol=root" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/a6ef033d-c305-42d9-88b2-5591008b2a11";
fsType = "btrfs";
options = [ "subvol=home" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/d631d42b-b70a-4579-bfb4-57412ae7c682"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

64
hosts/homeassistant/home.nix
View File

@@ -1,64 +0,0 @@
{ lib, pkgs, ... }:
let
shellAliases = {
ll = "ls -alh";
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
update-flake = "sudo nix flake update ~/nix-config";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
nas-ssh = "kitten ssh admin@10.0.1.3";
ducks = "du -cksh * | sort -hr | head -n 15";
};
gitAliases = {
co = "checkout";
ci = "commit";
cia = "commit --amend";
s = "status";
st = "status";
b = "branch";
p = "pull --rebase";
pu = "push";
};
in
{
home.username = "hass-admin";
home.homeDirectory = "/home/hass-admin";
home.stateVersion = "23.11";
programs.home-manager.enable = true;
programs = {
fish.enable = false;
mangohud.enable = true;
java.enable = true;
zsh = {
enable = true;
enableCompletion = true;
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
shellAliases = shellAliases;
oh-my-zsh = {
enable = true;
plugins = [ "git" ];
theme = "fishy";
};
};
};
programs.git = {
enable = true;
userName = "mjallen18";
userEmail = "matt.l.jallen@gmail.com";
aliases = gitAliases;
};
home.packages = with pkgs; [
age
fastfetch
firefox
];
}

453
hosts/homeassistant/homeassistant.nix
View File

@@ -1,453 +0,0 @@
{ config, pkgs, ... }:
let
mosquittoPort = 1883;
zigbee2mqttPort = 8080;
# "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="
ha-bambulab = pkgs.stdenv.mkDerivation {
pname = "ha-bambulab";
version = "v2.1.5"; # Update with correct version
src = pkgs.fetchFromGitHub {
owner = "greghesp"; # Update with correct owner
repo = "ha-bambulab"; # Update with correct repo name
rev = "v2.1.5"; # Or specific tag/commit
sha256 = "sha256-iVcNFdkzdMVjbQuzrTLib8fhirnc+OJdPzM60EnyVe0="; # Replace with actual hash
};
installPhase = ''
mkdir -p $out/custom_components
cp -r custom_components/bambu_lab $out/custom_components/
'';
};
ha-gehome = pkgs.stdenv.mkDerivation {
pname = "ha-gehome";
version = "v2025.2.1"; # Update with correct version
src = pkgs.fetchFromGitHub {
owner = "simbaja"; # Update with correct owner
repo = "ha_gehome"; # Update with correct repo name
rev = "v2025.2.1"; # Or specific tag/commit
sha256 = "sha256-nb+KrJoWqvhqH6E7A22xXwQzTYp7yn+hl9WRDXn95Cc="; # Replace with actual hash
};
installPhase = ''
mkdir -p $out/custom_components
cp -r custom_components/ge_home $out/custom_components/
'';
};
ha-mail-and-packages = pkgs.stdenv.mkDerivation {
pname = "Home-Assistant-Mail-And-Packages";
version = "0.4.2"; # Update with correct version
src = pkgs.fetchFromGitHub {
owner = "moralmunky"; # Update with correct owner
repo = "Home-Assistant-Mail-And-Packages"; # Update with correct repo name
rev = "0.4.2"; # Or specific tag/commit
sha256 = "sha256-5LBTlRlkSUx8DOY+F7UvUs4dzjZKdBdgnDUdK6DBdew="; # Replace with actual hash
};
installPhase = ''
mkdir -p $out/custom_components
cp -r custom_components/mail_and_packages $out/custom_components/
'';
};
ha-overseerr = pkgs.stdenv.mkDerivation {
pname = "ha-overseerr";
version = "0.1.42"; # Update with correct version
src = pkgs.fetchFromGitHub {
owner = "vaparr"; # Update with correct owner
repo = "ha-overseerr"; # Update with correct repo name
rev = "0.1.42"; # Or specific tag/commit
sha256 = "sha256-UvUowCgfay9aRV+iC/AQ9vvJzhGZbH+/1kVjxPFBKcI="; # Replace with actual hash
};
installPhase = ''
mkdir -p $out/custom_components
cp -r custom_components/overseerr $out/custom_components/
'';
};
ha-petlibro = pkgs.stdenv.mkDerivation {
pname = "ha-petlibro";
version = "v1.0.21.1"; # Update with correct version
src = pkgs.fetchzip {
url = "https://github.com/jjjonesjr33/petlibro/archive/refs/tags/v1.0.21.1.zip";
sha256 = "sha256-3EckyAgWxlZeqy9g13yP2nKCcjnyVIp8EdiE/A1pNu4="; # Replace with actual hash
};
installPhase = ''
mkdir -p $out/custom_components
cp -r custom_components/petlibro $out/custom_components/
'';
};
ha-wyzeapi = pkgs.stdenv.mkDerivation {
pname = "ha-wyzeapi";
version = "0.1.32"; # Update with correct version
src = pkgs.fetchzip {
url = "https://github.com/SecKatie/ha-wyzeapi/archive/refs/tags/0.1.32.zip";
sha256 = "sha256-3xUynZBEHuO2hKLYCb2sBpJAe0JF/8uKqR304Y7JQmE="; # Replace with actual hash
};
installPhase = ''
mkdir -p $out/custom_components
cp -r custom_components/wyzeapi $out/custom_components/
'';
};
# In configuration.nix or a separate file
pythonSteam = pkgs.python3.withPackages (ps: [
(ps.buildPythonPackage rec {
pname = "steam";
version = "1.4.4"; # Check for the latest version
src = pkgs.fetchPypi {
inherit pname version;
sha256 = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="; # Get the correct hash
};
doCheck = false;
propagatedBuildInputs = [ ps.requests ps.protobuf ];
})
]);
in
{
services.home-assistant = {
enable = true;
openFirewall = true;
configWritable = true; # todo
extraComponents = [
# Components required to complete the onboarding
"analytics"
"google_translate"
"met"
"radio_browser"
"shopping_list"
# Recommended for fast zlib compression
# https://www.home-assistant.io/integrations/isal
"isal"
"subaru"
"vesync"
"mqtt" # Enables MQTT integration in HA
"ffmpeg" # Enables camera streams
"zha" # Enables Zigbee integration
"homekit"
"music_assistant"
];
customComponents = with pkgs.home-assistant-custom-components; [
auth-header
];
customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
atomic-calendar-revive
bubble-card
button-card
hourly-weather
mini-graph-card
mini-media-player
multiple-entity-row
mushroom
vacuum-card
weather-chart-card
zigbee2mqtt-networkmap
];
# use postgresql instead of sqlite
extraPackages = ps: with ps; [
# Core functionality
aiohttp
aiodns
paho-mqtt
pillow
pytz
pyyaml
sqlalchemy
# Discovery & networking
zeroconf
netdisco
ifaddr
ssdp
# Device protocols
pyserial # Serial communications
bluepy # Bluetooth LE
# Smart home ecosystems
mutagen # Media file metadata
pysonos # Sonos
pywemo # Belkin WeMo
python-miio # Xiaomi devices
python-kasa # TP-Link
# Sensors & monitoring
meteocalc # Weather calculations
speedtest-cli # Internet speed
# Visualization & UI
matplotlib # Graphing
# Security
bcrypt
cryptography
pyjwt
# Media
ha-ffmpeg # Camera streams
# Specialized integrations
python-matter-server # Matter protocol
# System integrations
psutil # System monitoring
psycopg2
numpy
hassil
pyturbojpeg
paho-mqtt
pychromecast
pyatv
python-otbr-api
brother
pyipp
govee-ble
adguardhome
nextcord
aiogithubapi
jellyfin-apiclient-python
pylitterbot
dateparser
aionut
nextcloudmonitor
ollama
pynecil
aiopyarr
pysabnzbd
getmac
zigpy
bellows # For Zigbee EmberZNet-based adapters
zigpy-xbee # For XBee adapters
zigpy-deconz # For ConBee/RaspBee adapters
pyicloud # iCloud
pyatv # Apple TV
opencv-python
face-recognition
ibeacon-ble
gehomesdk
onedrive-personal-sdk
python-roborock
pythonSteam
apple-weatherkit
];
config = {
# Includes dependencies for a basic setup
# https://www.home-assistant.io/integrations/default_config/
default_config = {};
cloud = false;
frontend = {
themes = "!include_dir_merge_named themes";
};
"automation ui" = "!include /etc/nixos/hosts/homeassistant/automations.yaml";
"scene ui" = "!include /etc/nixos/hosts/homeassistant/scenes.yaml";
"script ui" = "!include /etc/nixos/hosts/homeassistant/scripts.yaml";
http = {
use_x_forwarded_for = true;
trusted_proxies = [
"172.30.33.0/24"
"10.0.1.3"
"10.0.1.0/24"
];
};
recorder = {
db_url = "postgresql://@/hass";
purge_keep_days = 180;
};
auth_header = {
debug = false;
username_header = "X-authentik-username";
};
# https://www.home-assistant.io/integrations/ota_updater/
zha.zigpy_config.ota.z2m_remote_index = "https://raw.githubusercontent.com/Koenkk/zigbee-OTA/master/index.json";
};
};
# https://www.home-assistant.io/integrations/automation/
# systemd.tmpfiles.rules = [
# "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass"
# ];
# This bypasses the component validation and places it directly in HA's data directory
system.activationScripts.installCustomComponents = ''
mkdir -p ${config.services.home-assistant.configDir}/custom_components
cp -r ${ha-bambulab}/custom_components/bambu_lab ${config.services.home-assistant.configDir}/custom_components/
cp -r ${ha-gehome}/custom_components/ge_home ${config.services.home-assistant.configDir}/custom_components/
cp -r ${ha-mail-and-packages}/custom_components/mail_and_packages ${config.services.home-assistant.configDir}/custom_components/
cp -r ${ha-overseerr}/custom_components/overseerr ${config.services.home-assistant.configDir}/custom_components/
cp -r ${ha-petlibro}/custom_components/petlibro ${config.services.home-assistant.configDir}/custom_components/
cp -r ${ha-wyzeapi}/custom_components/wyzeapi ${config.services.home-assistant.configDir}/custom_components/
ln -sf /etc/nixos/hosts/homeassistant/automations.yaml ${config.services.home-assistant.configDir}/automations.yaml
ln -sf /etc/nixos/hosts/homeassistant/scenes.yaml ${config.services.home-assistant.configDir}/scenes.yaml
ln -sf /etc/nixos/hosts/homeassistant/scripts.yaml ${config.services.home-assistant.configDir}/scripts.yaml
chown -R hass:hass ${config.services.home-assistant.configDir}
chmod -R 750 ${config.services.home-assistant.configDir}
'';
services = {
postgresql = {
enable = true;
ensureDatabases = [ "hass" ];
ensureUsers = [{
name = "hass";
ensureDBOwnership = true;
}];
};
# Enable and configure Mosquitto MQTT broker
mosquitto = {
enable = true;
listeners = [
{
acl = [ "pattern readwrite #" ];
omitPasswordAuth = true;
settings.allow_anonymous = true;
}
];
};
zigbee2mqtt = {
enable = true;
settings = {
homeassistant = {
enabled = config.services.home-assistant.enable;
# Optional: Home Assistant discovery topic (default: shown below)
# Note: should be different from [MQTT base topic](../mqtt.md) to prevent errors in HA software
discovery_topic = "homeassistant";
# Optional: Home Assistant status topic (default: shown below)
status_topic = "homeassistant/status";
# Optional: Experimental support for Home Assistant event entities, may break in the future (default: shown below) when enabled:
# - An `event` entity will be discovered for each 'action'.
# - The `event_type` attribute will contain the action itself, additional attributes like `button` will have further information.
experimental_event_entities = false;
# Optional: Home Assistant legacy action sensor (default: `false`), when enabled:
# - Zigbee2MQTT will send an empty 'action' after one has been send
# - A 'sensor_action' will be discovered
legacy_action_sensor = false;
};
permit_join = true;
# Web interface
frontend = {
port = zigbee2mqttPort; # Choose an available port
};
# MQTT configuration
mqtt = {
base_topic = "zigbee2mqtt";
server = "mqtt://localhost:1883";
# If using authentication:
# user = "mqttuser";
# password = "your-password";
};
serial = {
port = "/dev/ttyUSB0";
};
};
};
music-assistant = {
enable = true;
providers = [
# "airplay" # music-assistant: airplay support is missing libraop, a library we will not package because it depends on OpenSSL 1.1.
"apple_music"
"bluesound"
"builtin"
"chromecast"
"deezer"
"dlna"
"fanarttv"
"filesystem_local"
"filesystem_smb"
"fully_kiosk"
"hass"
"hass_players"
"jellyfin"
"musicbrainz"
"opensubsonic"
"player_group"
"plex"
"qobuz"
"radiobrowser"
"siriusxm"
"snapcast"
"sonos"
"sonos_s1"
"soundcloud"
"spotify"
"template_player_provider"
"test"
"theaudiodb"
"tidal"
"tunein"
"ytmusic"
];
};
# Enable AirPlay
pipewire = {
# opens UDP ports 6001-6002
raopOpenFirewall = true;
extraConfig.pipewire = {
"10-airplay" = {
"context.modules" = [
{
name = "libpipewire-module-raop-discover";
# increase the buffer size if you get dropouts/glitches
# args = {
# "raop.latency.ms" = 500;
# };
}
];
};
};
};
};
# Enable required hardware support for the Zigbee adapter
hardware.bluetooth.enable = true; # Some adapters use Bluetooth
# Ensure proper permissions for Zigbee USB devices
# services.udev.extraRules = ''
# # For CC2531, CC2530, CC1352P-2, CC2538 and similar adapters
# SUBSYSTEM=="tty", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="zigbee", MODE="0666"
# SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="zigbee", MODE="0666"
# # For ConBee/RaspBee by Dresden Elektronik
# SUBSYSTEM=="tty", ATTRS{idVendor}=="1cf1", ATTRS{idProduct}=="0030", SYMLINK+="zigbee", MODE="0666"
# # For Electrolama zig-a-zig-ah (zzh!)
# SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="zigbee", MODE="0666"
# '';
environment.systemPackages = with pkgs; [
mosquitto # MQTT command-line tools
usbutils # For lsusb to help identify your adapter
];
networking.firewall.allowedTCPPorts = [
mosquittoPort
zigbee2mqttPort
8095
8097
];
}

57
hosts/homeassistant/impermanence.nix
View File

@@ -1,57 +0,0 @@
{ ... }:
{
# Set up impernance configuration for things like bluetooth
# In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
environment.persistence."/nix/persist/system" = {
hideMounts = true;
directories = [
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/tailscale"
"/var/lib/systemd/coredump"
"/var/lib/zigbee2mqtt"
"/var/lib/postgresql"
# "/var/lib/music-assistant"
"/etc/NetworkManager/system-connections"
"/etc/secureboot"
{
directory = "/var/lib/private/authentik/media";
user = "authentik";
group = "authentik";
mode = "u=rwx,g=,o=";
}
{
directory = "/var/lib/hass";
user = "hass";
group = "hass";
mode = "u=rwx,g=,o=";
}
{
directory = "/var/lib/private";
mode = "u=rwx,g=rx,o=";
}
{
directory = "/var/lib/colord";
user = "colord";
group = "colord";
mode = "u=rwx,g=rx,o=";
}
{
directory = "/etc/nix";
user = "root";
group = "wheel";
mode = "u=rwx,g=rx,o=rx";
}
];
files = [
"/var/cache-priv-key.pem"
"/etc/machine-id"
];
};
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
}

0
hosts/homeassistant/scenes.yaml
View File

0
hosts/homeassistant/scripts.yaml
View File

7
hosts/mac-nixos/apple-silicon-support/default.nix
View File

@@ -1,7 +0,0 @@
{ ... }:
{
imports = [
./modules/default.nix
];
}

55
hosts/mac-nixos/apple-silicon-support/modules/boot-m1n1/default.nix
View File

@@ -1,55 +0,0 @@
{ config, pkgs, lib, ... }:
let
pkgs' = config.hardware.asahi.pkgs;
bootM1n1 = pkgs'.m1n1.override {
isRelease = true;
withTools = false;
customLogo = config.boot.m1n1CustomLogo;
};
bootUBoot = pkgs'.uboot-asahi.override {
m1n1 = bootM1n1;
};
bootFiles = {
"m1n1/boot.bin" = pkgs.runCommand "boot.bin" {} ''
cat ${bootM1n1}/build/m1n1.bin > $out
cat ${config.boot.kernelPackages.kernel}/dtbs/apple/*.dtb >> $out
cat ${bootUBoot}/u-boot-nodtb.bin.gz >> $out
if [ -n "${config.boot.m1n1ExtraOptions}" ]; then
echo '${config.boot.m1n1ExtraOptions}' >> $out
fi
'';
};
in {
config = lib.mkIf config.hardware.asahi.enable {
# install m1n1 with the boot loader
boot.loader.grub.extraFiles = bootFiles;
boot.loader.systemd-boot.extraFiles = bootFiles;
# ensure the installer has m1n1 in the image
system.extraDependencies = lib.mkForce [ bootM1n1 bootUBoot ];
system.build.m1n1 = bootFiles."m1n1/boot.bin";
};
options.boot = {
m1n1ExtraOptions = lib.mkOption {
type = lib.types.str;
default = "";
description = ''
Append extra options to the m1n1 boot binary. Might be useful for fixing
display problems on Mac minis.
https://github.com/AsahiLinux/m1n1/issues/159
'';
};
m1n1CustomLogo = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
Custom logo to build into m1n1. The path must point to a 256x256 PNG.
'';
};
};
}

92
hosts/mac-nixos/apple-silicon-support/modules/default.nix
View File

@@ -1,92 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports = [
./kernel
./mesa
./peripheral-firmware
./boot-m1n1
./sound
];
config = let
cfg = config.hardware.asahi;
in lib.mkIf cfg.enable {
nixpkgs.overlays = lib.mkBefore [ cfg.overlay ];
# patch systemd-boot to boot in Apple Silicon UEFI environment.
# This regression only appeared in systemd 256.7.
# see https://github.com/NixOS/nixpkgs/pull/355290
# and https://github.com/systemd/systemd/issues/35026
systemd.package = let
systemdBroken = (pkgs.systemd.version == "256.7");
systemdPatched = pkgs.systemd.overrideAttrs (old: {
patches = let
oldPatches = (old.patches or []);
# not sure why there are non-paths in there but oh well
patchNames = (builtins.map (p: if ((builtins.typeOf p) == "path") then builtins.baseNameOf p else "") oldPatches);
fixName = "0019-Revert-boot-Make-initrd_prepare-semantically-equival.patch";
alreadyPatched = builtins.elem fixName patchNames;
in oldPatches ++ lib.optionals (!alreadyPatched) [
(pkgs.fetchpatch {
url = "https://raw.githubusercontent.com/NixOS/nixpkgs/125e99477b0ac0a54b7cddc6c5a704821a3074c7/pkgs/os-specific/linux/systemd/${fixName}";
hash = "sha256-UW3DZiaykQUUNcGA5UFxN+/wgNSW3ufxDDCZ7emD16o=";
})
];
});
in if systemdBroken then systemdPatched else pkgs.systemd;
hardware.asahi.pkgs =
if cfg.pkgsSystem != "aarch64-linux"
then
import (pkgs.path) {
crossSystem.system = "aarch64-linux";
localSystem.system = cfg.pkgsSystem;
overlays = [ cfg.overlay ];
}
else pkgs;
};
options.hardware.asahi = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Enable the basic Asahi Linux components, such as kernel and boot setup.
'';
};
pkgsSystem = lib.mkOption {
type = lib.types.str;
default = "aarch64-linux";
description = ''
System architecture that should be used to build the major Asahi
packages, if not the default aarch64-linux. This allows installing from
a cross-built ISO without rebuilding them during installation.
'';
};
pkgs = lib.mkOption {
type = lib.types.raw;
description = ''
Package set used to build the major Asahi packages. Defaults to the
ambient set if not cross-built, otherwise re-imports the ambient set
with the system defined by `hardware.asahi.pkgsSystem`.
'';
};
overlay = lib.mkOption {
type = lib.mkOptionType {
name = "nixpkgs-overlay";
description = "nixpkgs overlay";
check = lib.isFunction;
merge = lib.mergeOneOption;
};
default = import ../packages/overlay.nix;
defaultText = "overlay provided with the module";
description = ''
The nixpkgs overlay for asahi packages.
'';
};
};
}

106
hosts/mac-nixos/apple-silicon-support/modules/kernel/default.nix
View File

@@ -1,106 +0,0 @@
# the Asahi Linux kernel and options that must go along with it
{ config, pkgs, lib, ... }:
{
config = lib.mkIf config.hardware.asahi.enable {
boot.kernelPackages = let
pkgs' = config.hardware.asahi.pkgs;
in
pkgs'.linux-asahi.override {
_kernelPatches = config.boot.kernelPatches;
withRust = config.hardware.asahi.withRust;
};
# we definitely want to use CONFIG_ENERGY_MODEL, and
# schedutil is a prerequisite for using it
# source: https://www.kernel.org/doc/html/latest/scheduler/sched-energy.html
powerManagement.cpuFreqGovernor = lib.mkOverride 800 "schedutil";
boot.initrd.includeDefaultModules = false;
boot.initrd.availableKernelModules = [
# list of initrd modules stolen from
# https://github.com/AsahiLinux/asahi-scripts/blob/f461f080a1d2575ae4b82879b5624360db3cff8c/initcpio/install/asahi
"apple-mailbox"
"nvme_apple"
"pinctrl-apple-gpio"
"macsmc"
"macsmc-rtkit"
"i2c-pasemi-platform"
"tps6598x"
"apple-dart"
"dwc3"
"dwc3-of-simple"
"xhci-pci"
"pcie-apple"
"gpio_macsmc"
"phy-apple-atc"
"nvmem_apple_efuses"
"spi-apple"
"spi-hid-apple"
"spi-hid-apple-of"
"rtc-macsmc"
"simple-mfd-spmi"
"spmi-apple-controller"
"nvmem_spmi_mfd"
"apple-dockchannel"
"dockchannel-hid"
"apple-rtkit-helper"
# additional stuff necessary to boot off USB for the installer
# and if the initrd (i.e. stage 1) goes wrong
"usb-storage"
"xhci-plat-hcd"
"usbhid"
"hid_generic"
];
boot.kernelParams = [
"earlycon"
"console=tty0"
"boot.shell_on_fail"
# Apple's SSDs are slow (~dozens of ms) at processing flush requests which
# slows down programs that make a lot of fsync calls. This parameter sets
# a delay in ms before actually flushing so that such requests can be
# coalesced. Be warned that increasing this parameter above zero (default
# is 1000) has the potential, though admittedly unlikely, risk of
# UNBOUNDED data corruption in case of power loss!!!! Don't even think
# about it on desktops!!
"nvme_apple.flush_interval=0"
];
# U-Boot does not support EFI variables
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
# U-Boot does not support switching console mode
boot.loader.systemd-boot.consoleMode = "0";
# GRUB has to be installed as removable if the user chooses to use it
boot.loader.grub = lib.mkDefault {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
# autosuspend was enabled as safe for the PCI SD card reader
# "Genesys Logic, Inc GL9755 SD Host Controller [17a0:9755] (rev 01)"
# by recent systemd versions, but this has a "negative interaction"
# with our kernel/SoC and causes random boot hangs. disable it!
services.udev.extraHwdb = ''
pci:v000017A0d00009755*
ID_AUTOSUSPEND=0
'';
};
imports = [
(lib.mkRemovedOptionModule [ "hardware" "asahi" "addEdgeKernelConfig" ]
"All edge kernel config options are now the default.")
];
options.hardware.asahi.withRust = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Build the Asahi Linux kernel with Rust support.
'';
};
}

53
hosts/mac-nixos/apple-silicon-support/modules/mesa/default.nix
View File

@@ -1,53 +0,0 @@
{ options, config, pkgs, lib, ... }:
{
config = let
isMode = mode: (config.hardware.asahi.useExperimentalGPUDriver
&& config.hardware.asahi.experimentalGPUInstallMode == mode);
in lib.mkIf config.hardware.asahi.enable (lib.mkMerge [
{
# required for proper DRM setup even without GPU driver
services.xserver.config = ''
Section "OutputClass"
Identifier "appledrm"
MatchDriver "apple"
Driver "modesetting"
Option "PrimaryGPU" "true"
EndSection
'';
}
(lib.mkIf config.hardware.asahi.useExperimentalGPUDriver {
# install the Asahi Mesa version
hardware.graphics.package = config.hardware.asahi.pkgs.mesa-asahi-edge;
# required for in-kernel GPU driver
hardware.asahi.withRust = true;
})
]);
options.hardware.asahi.useExperimentalGPUDriver = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Use the experimental Asahi Mesa GPU driver.
Do not report issues using this driver under NixOS to the Asahi project.
'';
};
# hopefully no longer used, should be deprecated eventually
options.hardware.asahi.experimentalGPUInstallMode = lib.mkOption {
type = lib.types.enum [ "driver" "replace" "overlay" ];
default = "replace";
description = ''
Mode to use to install the experimental GPU driver into the system.
driver: install only as a driver, do not replace system Mesa.
Causes issues with certain programs like Plasma Wayland.
replace (default): use replaceRuntimeDependencies to replace system Mesa with Asahi Mesa.
Does not work in pure evaluation context (i.e. in flakes by default).
overlay: overlay system Mesa with Asahi Mesa
Requires rebuilding the world.
'';
};
}

69
hosts/mac-nixos/apple-silicon-support/modules/peripheral-firmware/default.nix
View File

@@ -1,69 +0,0 @@
{ config, pkgs, lib, ... }:
{
config = lib.mkIf config.hardware.asahi.enable {
assertions = lib.mkIf config.hardware.asahi.extractPeripheralFirmware [
{ assertion = config.hardware.asahi.peripheralFirmwareDirectory != null;
message = ''
Asahi peripheral firmware extraction is enabled but the firmware
location appears incorrect.
'';
}
];
hardware.firmware = let
pkgs' = config.hardware.asahi.pkgs;
in
lib.mkIf ((config.hardware.asahi.peripheralFirmwareDirectory != null)
&& config.hardware.asahi.extractPeripheralFirmware) [
(pkgs.stdenv.mkDerivation {
name = "asahi-peripheral-firmware";
nativeBuildInputs = [ pkgs'.asahi-fwextract pkgs.cpio ];
buildCommand = ''
mkdir extracted
asahi-fwextract ${config.hardware.asahi.peripheralFirmwareDirectory} extracted
mkdir -p $out/lib/firmware
cat extracted/firmware.cpio | cpio -id --quiet --no-absolute-filenames
mv vendorfw/* $out/lib/firmware
'';
})
];
};
options.hardware.asahi = {
extractPeripheralFirmware = lib.mkOption {
type = lib.types.bool;
default = true;
description = ''
Automatically extract the non-free non-redistributable peripheral
firmware necessary for features like Wi-Fi.
'';
};
peripheralFirmwareDirectory = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = lib.findFirst (path: builtins.pathExists (path + "/all_firmware.tar.gz")) null
[
# path when the system is operating normally
/boot/asahi
# path when the system is mounted in the installer
/mnt/boot/asahi
];
description = ''
Path to the directory containing the non-free non-redistributable
peripheral firmware necessary for features like Wi-Fi. Ordinarily, this
will automatically point to the appropriate location on the ESP. Flake
users and those interested in maximum purity will want to copy those
files elsewhere and specify this manually.
Currently, this consists of the files `all-firmware.tar.gz` and
`kernelcache*`. The official Asahi Linux installer places these files
in the `asahi` directory of the EFI system partition when creating it.
'';
};
};
}

49
hosts/mac-nixos/apple-silicon-support/modules/sound/default.nix
View File

@@ -1,49 +0,0 @@
{ config, options, pkgs, lib, ... }:
{
options.hardware.asahi = {
setupAsahiSound = lib.mkOption {
type = lib.types.bool;
default = config.hardware.asahi.enable;
description = ''
Set up the Asahi DSP components so that the speakers and headphone jack
work properly and safely.
'';
};
};
config = let
cfg = config.hardware.asahi;
in lib.mkIf (cfg.setupAsahiSound && cfg.enable) (lib.mkMerge [
{
# can't be used by Asahi sound infrastructure
services.pulseaudio.enable = false;
# enable pipewire to run real-time and avoid audible glitches
security.rtkit.enable = true;
# set up pipewire with the supported capabilities (instead of pulseaudio)
# and asahi-audio configs and plugins
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
configPackages = [ pkgs.asahi-audio ];
wireplumber = {
enable = true;
configPackages = [ pkgs.asahi-audio ];
};
};
# set up enivronment so that UCM configs are used as well
environment.variables.ALSA_CONFIG_UCM2 = "${pkgs.alsa-ucm-conf-asahi}/share/alsa/ucm2";
systemd.user.services.pipewire.environment.ALSA_CONFIG_UCM2 = config.environment.variables.ALSA_CONFIG_UCM2;
systemd.user.services.wireplumber.environment.ALSA_CONFIG_UCM2 = config.environment.variables.ALSA_CONFIG_UCM2;
# enable speakersafetyd to protect speakers
systemd.packages = [ pkgs.speakersafetyd ];
services.udev.packages = [ pkgs.speakersafetyd ];
}
]);
}

22
hosts/mac-nixos/apple-silicon-support/packages/alsa-ucm-conf-asahi/default.nix
View File

@@ -1,22 +0,0 @@
{ lib
, fetchFromGitHub
, alsa-ucm-conf
}:
(alsa-ucm-conf.overrideAttrs (oldAttrs: let
versionAsahi = "8";
srcAsahi = fetchFromGitHub {
# tracking: https://src.fedoraproject.org/rpms/alsa-ucm-asahi
owner = "AsahiLinux";
repo = "alsa-ucm-conf-asahi";
rev = "v${versionAsahi}";
hash = "sha256-FPrAzscc1ICSCQSqULaGLqG4UCq8GZU9XLV7TUSBBRM=";
};
in {
name = "${oldAttrs.pname}-${oldAttrs.version}-asahi-${versionAsahi}";
postInstall = oldAttrs.postInstall or "" + ''
cp -r ${srcAsahi}/ucm2 $out/share/alsa
'';
}))

46
hosts/mac-nixos/apple-silicon-support/packages/asahi-audio/default.nix
View File

@@ -1,46 +0,0 @@
{ stdenv
, lib
, fetchFromGitHub
, lsp-plugins
, bankstown-lv2
, triforce-lv2
}:
stdenv.mkDerivation rec {
pname = "asahi-audio";
# tracking: https://src.fedoraproject.org/rpms/asahi-audio
version = "3.3";
src = fetchFromGitHub {
owner = "AsahiLinux";
repo = "asahi-audio";
rev = "v${version}";
hash = "sha256-p0M1pPxov+wSLT2F4G6y5NZpCXzbjZkzle+75zQ4xxU=";
};
preBuild = ''
export PREFIX=$out
readarray -t configs < <(\
find . \
-name '*.conf' -or \
-name '*.json' -or \
-name '*.lua'
)
substituteInPlace "''${configs[@]}" --replace \
"/usr/share/asahi-audio" \
"$out/asahi-audio"
'';
postInstall = ''
# no need to link the asahi-audio dir globally
mv $out/share/asahi-audio $out
'';
passthru.requiredLv2Packages = [
lsp-plugins
bankstown-lv2
triforce-lv2
];
}

32
hosts/mac-nixos/apple-silicon-support/packages/asahi-fwextract/default.nix
View File

@@ -1,32 +0,0 @@
{ lib
, python3
, fetchFromGitHub
, gzip
, gnutar
, lzfse
}:
python3.pkgs.buildPythonApplication rec {
pname = "asahi-fwextract";
version = "0.7.8";
# tracking version: https://packages.fedoraproject.org/pkgs/asahi-installer/python3-asahi_firmware/
src = fetchFromGitHub {
owner = "AsahiLinux";
repo = "asahi-installer";
rev = "v${version}";
hash = "sha256-UmgHWKIRbcg9PK44YPPM4tyuEDC0+ANKO3Mzc4N9RHo=";
};
postPatch = ''
substituteInPlace asahi_firmware/img4.py \
--replace 'liblzfse.so' '${lzfse}/lib/liblzfse.so'
substituteInPlace asahi_firmware/update.py \
--replace '"tar"' '"${gnutar}/bin/tar"' \
--replace '"xf"' '"-x", "-I", "${gzip}/bin/gzip", "-f"'
'';
nativeBuildInputs = [ python3.pkgs.setuptools ];
doCheck = false;
}

7855
hosts/mac-nixos/apple-silicon-support/packages/linux-asahi/config
View File

File diff suppressed because it is too large Load Diff

104
hosts/mac-nixos/apple-silicon-support/packages/linux-asahi/default.nix
View File

@@ -1,104 +0,0 @@
{ lib
, callPackage
, writeText
, linuxPackagesFor
, withRust ? true
, _kernelPatches ? [ ]
}:
let
i = builtins.elemAt;
# parse <OPT> [ymn]|foo style configuration as found in a patch's extraConfig
# into a list of k, v tuples
parseExtraConfig = config:
let
lines =
builtins.filter (s: s != "") (lib.strings.splitString "\n" config);
parseLine = line: let
t = lib.strings.splitString " " line;
join = l: builtins.foldl' (a: b: "${a} ${b}")
(builtins.head l) (builtins.tail l);
v = if (builtins.length t) > 2 then join (builtins.tail t) else (i t 1);
in [ "CONFIG_${i t 0}" v ];
in map parseLine lines;
# parse <OPT>=lib.kernel.(yes|module|no)|lib.kernel.freeform "foo"
# style configuration as found in a patch's extraStructuredConfig into
# a list of k, v tuples
parseExtraStructuredConfig = config: lib.attrsets.mapAttrsToList
(k: v: [ "CONFIG_${k}" (v.tristate or v.freeform) ] ) config;
parsePatchConfig = { extraConfig ? "", extraStructuredConfig ? {}, ... }:
(parseExtraConfig extraConfig) ++
(parseExtraStructuredConfig extraStructuredConfig);
# parse CONFIG_<OPT>=[ymn]|"foo" style configuration as found in a config file
# into a list of k, v tuples
parseConfig = config:
let
parseLine = builtins.match ''(CONFIG_[[:upper:][:digit:]_]+)=(([ymn])|"([^"]*)")'';
# get either the [ymn] option or the "foo" option; whichever matched
t = l: let v = (i l 2); in [ (i l 0) (if v != null then v else (i l 3)) ];
lines = lib.strings.splitString "\n" config;
in map t (builtins.filter (l: l != null) (map parseLine lines));
origConfigfile = ./config;
linux-asahi-pkg = { stdenv, lib, fetchFromGitHub, fetchpatch, linuxKernel,
rustc, rust-bindgen, ... } @ args:
let
origConfigText = builtins.readFile origConfigfile;
# extraConfig from all patches in order
extraConfig =
lib.fold (patch: ex: ex ++ (parsePatchConfig patch)) [] _kernelPatches
++ (lib.optional withRust [ "CONFIG_RUST" "y" ]);
# config file text for above
extraConfigText = let
text = k: v: if (v == "y") || (v == "m") || (v == "n")
then "${k}=${v}" else ''${k}="${v}"'';
in (map (t: text (i t 0) (i t 1)) extraConfig);
# final config as a text file path
configfile = if extraConfig == [] then origConfigfile else
writeText "config" ''
${origConfigText}
# Patches
${lib.strings.concatStringsSep "\n" extraConfigText}
'';
# final config as an attrset
configAttrs = let
makePair = t: lib.nameValuePair (i t 0) (i t 1);
configList = (parseConfig origConfigText) ++ extraConfig;
in builtins.listToAttrs (map makePair (lib.lists.reverseList configList));
# used to fix issues when nixpkgs gets ahead of the kernel
rustAtLeast = version: withRust && (lib.versionAtLeast rustc.version version);
bindgenAtLeast = version: withRust && (lib.versionAtLeast rust-bindgen.unwrapped.version version);
in
linuxKernel.manualConfig rec {
inherit stdenv lib;
version = "6.14.8-asahi";
modDirVersion = version;
extraMeta.branch = "6.14";
src = fetchFromGitHub {
# tracking: https://github.com/AsahiLinux/linux/tree/asahi-wip (w/ fedora verification)
owner = "AsahiLinux";
repo = "linux";
rev = "asahi-6.14.8-1";
hash = "sha256-JrWVw1FiF9LYMiOPm0QI0bg/CrZAMSSVcs4AWNDIH3Q=";
};
kernelPatches = [
] ++ _kernelPatches;
inherit configfile;
config = configAttrs;
};
linux-asahi = (callPackage linux-asahi-pkg { });
in lib.recurseIntoAttrs (linuxPackagesFor linux-asahi)

110
hosts/mac-nixos/apple-silicon-support/packages/m1n1/default.nix
View File

@@ -1,110 +0,0 @@
{ stdenv
, buildPackages
, lib
, fetchFromGitHub
, python3
, dtc
, imagemagick
, isRelease ? false
, withTools ? true
, withChainloading ? false
, customLogo ? null
}:
let
pyenv = python3.withPackages (p: with p; [
construct
pyserial
]);
stdenvOpts = {
targetPlatform.system = "aarch64-none-elf";
targetPlatform.rust.rustcTarget = "${stdenv.hostPlatform.parsed.cpu.name}-unknown-none-softfloat";
targetPlatform.rust.rustcTargetSpec = "${stdenv.hostPlatform.parsed.cpu.name}-unknown-none-softfloat";
};
rust = buildPackages.rust.override {
stdenv = lib.recursiveUpdate buildPackages.stdenv stdenvOpts;
};
rustPackages = rust.packages.stable.overrideScope (f: p: {
rustc-unwrapped = p.rustc-unwrapped.override {
stdenv = lib.recursiveUpdate p.rustc-unwrapped.stdenv stdenvOpts;
};
});
rustPlatform = buildPackages.makeRustPlatform rustPackages;
in stdenv.mkDerivation rec {
pname = "m1n1";
version = "1.4.21";
src = fetchFromGitHub {
# tracking: https://src.fedoraproject.org/rpms/m1n1
owner = "AsahiLinux";
repo = "m1n1";
rev = "v${version}";
hash = "sha256-PEjTaSwcsV8PzM9a3rDWMYXGX9FlrM0oeElrP5HYRPg=";
fetchSubmodules = true;
};
cargoVendorDir = ".";
makeFlags = [ "ARCH=${stdenv.cc.targetPrefix}" ]
++ lib.optional isRelease "RELEASE=1"
++ lib.optional withChainloading "CHAINLOADING=1";
nativeBuildInputs = [
dtc
] ++ lib.optionals withChainloading [rustPackages.rustc rustPackages.cargo rustPlatform.cargoSetupHook]
++ lib.optional (customLogo != null) imagemagick;
postPatch = ''
substituteInPlace proxyclient/m1n1/asm.py \
--replace 'aarch64-linux-gnu-' 'aarch64-unknown-linux-gnu-' \
--replace 'TOOLCHAIN = ""' 'TOOLCHAIN = "'$out'/toolchain-bin/"'
'';
preConfigure = lib.optionalString (customLogo != null) ''
pushd data &>/dev/null
ln -fs ${customLogo} bootlogo_256.png
if [[ "$(magick identify bootlogo_256.png)" != 'bootlogo_256.png PNG 256x256'* ]]; then
echo "Custom logo is not a 256x256 PNG"
exit 1
fi
rm bootlogo_128.png
convert bootlogo_256.png -resize 128x128 bootlogo_128.png
patchShebangs --build ./makelogo.sh
./makelogo.sh
popd &>/dev/null
'';
installPhase = ''
runHook preInstall
mkdir -p $out/build
cp build/m1n1.bin $out/build
'' + (lib.optionalString withTools ''
mkdir -p $out/{bin,script,toolchain-bin}
cp -r proxyclient $out/script
cp -r tools $out/script
for toolpath in $out/script/proxyclient/tools/*.py; do
tool=$(basename $toolpath .py)
script=$out/bin/m1n1-$tool
cat > $script <<EOF
#!/bin/sh
${pyenv}/bin/python $toolpath "\$@"
EOF
chmod +x $script
done
GCC=${buildPackages.gcc}
BINUTILS=${buildPackages.binutils-unwrapped}
ln -s $GCC/bin/${stdenv.cc.targetPrefix}gcc $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}ld $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objcopy $out/toolchain-bin/
ln -s $BINUTILS/bin/${stdenv.cc.targetPrefix}objdump $out/toolchain-bin/
ln -s $GCC/bin/${stdenv.cc.targetPrefix}nm $out/toolchain-bin/
'') + ''
runHook postInstall
'';
}

48
hosts/mac-nixos/apple-silicon-support/packages/mesa-asahi-edge/default.nix
View File

@@ -1,48 +0,0 @@
{ lib
, fetchFromGitLab
, mesa
}:
(mesa.override {
galliumDrivers = [ "softpipe" "llvmpipe" "asahi" ];
vulkanDrivers = [ "swrast" "asahi" ];
}).overrideAttrs (oldAttrs: {
version = "25.1.0-asahi";
src = fetchFromGitLab {
# tracking: https://pagure.io/fedora-asahi/mesa/commits/asahi
domain = "gitlab.freedesktop.org";
owner = "asahi";
repo = "mesa";
tag = "asahi-20250425";
hash = "sha256-3c3uewzKv5wL9BRwaVL4E3FnyA04veQwAPxfHiL7wII=";
};
mesonFlags =
let
badFlags = [
"-Dinstall-mesa-clc"
"-Dgallium-nine"
"-Dtools"
];
isBadFlagList = f: builtins.map (b: lib.hasPrefix b f) badFlags;
isGoodFlag = f: !(builtins.foldl' (x: y: x || y) false (isBadFlagList f));
in
(builtins.filter isGoodFlag oldAttrs.mesonFlags) ++ [
# we do not build any graphics drivers these features can be enabled for
"-Dgallium-va=disabled"
"-Dgallium-vdpau=disabled"
"-Dgallium-xa=disabled"
"-Dtools=asahi"
];
# replace patches with ones tweaked slightly to apply to this version
patches = [
./opencl.patch
];
postInstall = (oldAttrs.postInstall or "") + ''
# we don't build anything to go in this output but it needs to exist
touch $spirv2dxil
touch $cross_tools
'';
})

54
hosts/mac-nixos/apple-silicon-support/packages/mesa-asahi-edge/opencl.patch
View File

@@ -1,54 +0,0 @@
diff --git a/meson.build b/meson.build
index 07991a6..4c875b9 100644
--- a/meson.build
+++ b/meson.build
@@ -1900,7 +1900,7 @@ endif
dep_clang = null_dep
if with_clc or with_gallium_clover
- llvm_libdir = dep_llvm.get_variable(cmake : 'LLVM_LIBRARY_DIR', configtool: 'libdir')
+ llvm_libdir = get_option('clang-libdir')
dep_clang = cpp.find_library('clang-cpp', dirs : llvm_libdir, required : false)
diff --git a/meson.options b/meson.options
index 84e0f20..38ea92c 100644
--- a/meson.options
+++ b/meson.options
@@ -795,3 +795,10 @@ option(
value : false,
description : 'Install the drivers internal shader compilers (if needed for cross builds).'
)
+
+option(
+ 'clang-libdir',
+ type : 'string',
+ value : '',
+ description : 'Locations to search for clang libraries.'
+)
diff --git a/src/gallium/targets/opencl/meson.build b/src/gallium/targets/opencl/meson.build
index ab2c835..a59e88e 100644
--- a/src/gallium/targets/opencl/meson.build
+++ b/src/gallium/targets/opencl/meson.build
@@ -56,7 +56,7 @@ if with_opencl_icd
configuration : _config,
input : 'mesa.icd.in',
output : 'mesa.icd',
- install : true,
+ install : false,
install_tag : 'runtime',
install_dir : join_paths(get_option('sysconfdir'), 'OpenCL', 'vendors'),
)
diff --git a/src/gallium/targets/rusticl/meson.build b/src/gallium/targets/rusticl/meson.build
index 2b214ad..7f91939 100644
--- a/src/gallium/targets/rusticl/meson.build
+++ b/src/gallium/targets/rusticl/meson.build
@@ -64,7 +64,7 @@ configure_file(
configuration : _config,
input : 'rusticl.icd.in',
output : 'rusticl.icd',
- install : true,
+ install : false,
install_tag : 'runtime',
install_dir : join_paths(get_option('sysconfdir'), 'OpenCL', 'vendors'),
)

9
hosts/mac-nixos/apple-silicon-support/packages/overlay.nix
View File

@@ -1,9 +0,0 @@
final: prev: {
linux-asahi = final.callPackage ./linux-asahi { };
m1n1 = final.callPackage ./m1n1 { };
uboot-asahi = final.callPackage ./uboot-asahi { };
asahi-fwextract = final.callPackage ./asahi-fwextract { };
mesa-asahi-edge = final.callPackage ./mesa-asahi-edge { };
alsa-ucm-conf-asahi = final.callPackage ./alsa-ucm-conf-asahi { inherit (prev) alsa-ucm-conf; };
asahi-audio = final.callPackage ./asahi-audio { };
}

44
hosts/mac-nixos/apple-silicon-support/packages/uboot-asahi/default.nix
View File

@@ -1,44 +0,0 @@
{ lib
, fetchFromGitHub
, buildUBoot
, m1n1
}:
(buildUBoot rec {
src = fetchFromGitHub {
# tracking: https://pagure.io/fedora-asahi/uboot-tools/commits/main
owner = "AsahiLinux";
repo = "u-boot";
rev = "asahi-v2025.04-1";
hash = "sha256-/z37qj26AqsyEBsFT6UEN3GjG6KVsoJOoUB4s9BRDbE=";
};
version = "2025.04-1-asahi";
defconfig = "apple_m1_defconfig";
extraMeta.platforms = [ "aarch64-linux" ];
filesToInstall = [
"u-boot-nodtb.bin.gz"
"m1n1-u-boot.bin"
];
extraConfig = ''
CONFIG_IDENT_STRING=" ${version}"
CONFIG_VIDEO_FONT_4X6=n
CONFIG_VIDEO_FONT_8X16=n
CONFIG_VIDEO_FONT_SUN12X22=n
CONFIG_VIDEO_FONT_16X32=y
CONFIG_CMD_BOOTMENU=y
'';
}).overrideAttrs (o: {
# nixos's downstream patches are not applicable
patches = [
];
# DTC= flag somehow breaks DTC compilation so we remove it
makeFlags = builtins.filter (s: (!(lib.strings.hasPrefix "DTC=" s))) o.makeFlags;
preInstall = ''
# compress so that m1n1 knows U-Boot's size and can find things after it
gzip -n u-boot-nodtb.bin
cat ${m1n1}/build/m1n1.bin arch/arm/dts/t[68]*.dtb u-boot-nodtb.bin.gz > m1n1-u-boot.bin
'';
})

34
hosts/mac-nixos/boot.nix
View File

@@ -1,34 +0,0 @@
{ pkgs, lib, ... }:
{
# Use the systemd-boot EFI boot loader.
boot = {
loader = {
systemd-boot = {
enable = true;
configurationLimit = 15;
consoleMode = lib.mkDefault "max";
};
efi.canTouchEfiVariables = lib.mkForce false;
};
kernelParams = [
"apple_dcp.show_notch=1"
];
extraModprobeConfig = ''
options hid_apple iso_layout=0
'';
binfmt.registrations. "x86_64-linux" = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
openBinary = true;
interpreter = "${pkgs.box64}/bin/box64";
preserveArgvZero = true;
matchCredentials = true;
fixBinary = false;
};
};
zramSwap.enable = true;
}

70
hosts/mac-nixos/configuration.nix
View File

@@ -1,70 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ pkgs, lib, ... }:
let
plasma = false;
in
{
imports = [
./boot.nix
./hardware-configuration.nix
./networking.nix
./services.nix
];
hardware.asahi = {
enable = true;
useExperimentalGPUDriver = true;
peripheralFirmwareDirectory = ./firmware;
setupAsahiSound = true;
};
hardware.graphics.enable32Bit = lib.mkForce false;
nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnsupportedSystem = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.matt = {
isNormalUser = true;
extraGroups = [
"wheel"
"keys"
"networkmanager"
"ratbagd"
"input"
"scanner"
"lp"
"video"
"i2c"
]; # Enable sudo for the user.
shell = pkgs.zsh;
packages = with pkgs; [
firefox
tree
git
box64
prismlauncher
distrobox
];
};
virtualisation = {
containers.enable = true;
podman.enable = true;
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
micro
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
];
environment.sessionVariables = {
DBX_CONTAINER_MANAGER = "podman";
};
}

78
hosts/mac-nixos/hardware-configuration.nix
View File

@@ -1,78 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "uas" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/root" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=root" ];
};
fileSystems."/etc" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=etc" ];
};
fileSystems."/tmp" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=tmp" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=nix" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "subvol=log" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/adcc14fa-8bf7-4b4b-a9e4-b038993b96cc";
fsType = "btrfs";
options = [ "compress=zstd" "subvol=home" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/23FA-AD3E";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [
{
device = "/tmp/swapfile";
randomEncryption.enable = true;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

14
hosts/mac-nixos/home.nix
View File

@@ -1,14 +0,0 @@
{ pkgs, ... }:
{
home.username = "matt";
home.homeDirectory = "/home/matt";
home.stateVersion = "23.11";
home.packages = with pkgs; [
iw
iwd
orca-slicer
vscodium
];
}

44
hosts/mac-nixos/hyprland-settings.nix
View File

@@ -1,44 +0,0 @@
{
monitor = [
"eDP-1,3456x2234@60.00000,0x0,1.0,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,0.98"
];
workspace = [
"name:firefox, monitor:eDP-1, default:false, special, class:(.*firefox.*)"
"name:discord, monitor:eDP-1, default:true, special, title:(.*vesktop.*), title:(.*Apple Music.*)"
"name:steam, monitor:eDP-1, default:false, special, class:(.*[Ss]team.*)"
];
windowRule = [
# "tag +fakefull, fullscreen: 0"
# "float, tag:fakefull"
# "size 3356 2160, tag:fakefull"
# "move 100 74, tag:fakefull"
# "noanim, tag:fakefull"
# "noblur, tag:fakefull"
# "norounding, tag:fakefull"
# "noshadow, tag:fakefull"
# "immediate, tag:fakefull"
# "noborder, tag:fakefull"
# "nodim, tag:fakefull"
# "idleinhibit, tag:fakefull"
"size 2160 3356, tag:horizonrdp"
];
waybar = {
modules-right = [
"tray"
"temperature"
"temperature#gpu"
"keyboard-state#capslock"
"keyboard-state#numlock"
"wireplumber#sink"
# "wireplumber#source"
"bluetooth"
"network"
"clock"
"battery"
"custom/weather"
];
};
}

37
hosts/mac-nixos/networking.nix
View File

@@ -1,37 +0,0 @@
{ pkgs, lib, ... }:
{
# Networking configs
networking = {
hostName = "macbook-pro-nixos";
wireless.iwd = {
enable = true;
settings = {
General = {
EnableNetworkConfiguration = true;
};
Rank = {
BandModifier2_4GHz = 1.0;
BandModifier5GHz = 5.0;
BandModifier6GHz = 10.0;
};
# DriverQuirks = {
# PowerSaveDisable = "hci_bcm4377,brcmfmac";
# };
Network = {
AutoConnect = true;
};
};
};
# Enable Network Manager
networkmanager = {
enable = lib.mkForce false;
wifi = {
backend = lib.mkForce "iwd";
powersave = lib.mkDefault false;
};
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
};
};
}

123
hosts/mac-nixos/omnissa.nix
View File

@@ -1,123 +0,0 @@
{ stdenv
, lib
, buildFHSEnv
, fetchurl
, makeWrapper
, gsettings-desktop-schemas
, opensc
, writeTextDir
, configText ? ""
}:
let
version = "2503-8.15.0";
sysArch = "armhf";
mainProgram = "horizon-client";
wrapBinCommands = path: name: ''
makeWrapper "$out/${path}/${name}" "$out/bin/${name}_wrapper" \
--set GTK_THEME Adwaita \
--suffix XDG_DATA_DIRS : "${gsettings-desktop-schemas}/share/gsettings-schemas/${gsettings-desktop-schemas.name}" \
--suffix LD_LIBRARY_PATH : "$out/lib/omnissa/horizon:$out/lib/omnissa/horizon/vdpService:$out/lib/omnissa"
'';
omnissaHorizonClientFiles = stdenv.mkDerivation {
pname = "omnissa-horizon-armhf-files";
inherit version;
src = fetchurl {
url = "https://download3.omnissa.com/software/CART26FQ1_LIN_2503_TARBALL/Omnissa-Horizon-Client-Linux-2503-8.15.0-14256322247.tar.gz";
sha256 = "sha256-x98ITXF9xwzlPq375anQ2qBpMbZAcCqDVXBfvZPha7Q=";
};
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir ext
tar -xzf $src
cd Omnissa-Horizon-Client-Linux-*/${sysArch}
mkdir -p ext
for archive in *.tar.gz; do
tar -C ext --strip-components=1 -xf "$archive"
done
chmod -R u+w ext/usr/lib
mkdir -p $out
mv ext/usr $out
mv ext/${sysArch}/lib $out/
mv ext/${sysArch}/include $out/
mkdir -p $out/lib/omnissa/horizon/pkcs11
ln -s ${opensc}/lib/pkcs11/opensc-pkcs11.so $out/lib/omnissa/horizon/pkcs11/libopenscpkcs11.so
chmod +x "$out/usr/bin/horizon-client"
${wrapBinCommands "usr/bin" "horizon-client"}
'';
};
omnissaFHSUserEnv =
pname:
buildFHSEnv {
inherit pname version;
runScript = "${omnissaHorizonClientFiles}/bin/${pname}_wrapper";
targetPkgs = pkgs: with pkgs; [
atk
cairo
dbus
file
fontconfig
freetype
gdk-pixbuf
glib
gtk3
libjpeg
libpng
libpulseaudio
libtiff
libuuid
libv4l
libxml2
pango
pcsclite
pixman
udev
omnissaHorizonClientFiles
xorg.libX11
xorg.libXau
xorg.libXcursor
xorg.libXext
xorg.libXi
xorg.libXrandr
xorg.libXrender
xorg.libXtst
zlib
(writeTextDir "etc/omnissa/config" configText)
];
};
in
stdenv.mkDerivation {
pname = "omnissa-horizon-client";
inherit version;
dontUnpack = true;
installPhase = ''
mkdir -p $out/bin
ln -s ${omnissaFHSUserEnv "horizon-client"}/bin/horizon-client $out/bin/
ln -s ${omnissaFHSUserEnv "horizon-eucusbarbitrator"}/bin/horizon-eucusbarbitrator $out/bin/
'';
passthru.unwrapped = omnissaHorizonClientFiles;
meta = {
description = "Omnissa Horizon Client for ARM";
homepage = "https://www.omnissa.com/products/horizon-8/";
license = lib.licenses.unfree;
platforms = [ "aarch64-linux" "armv7l-linux" ];
};
}

83
hosts/mac-nixos/services.nix
View File

@@ -1,83 +0,0 @@
{ lib, ... }:
{
services = {
auto-cpufreq = {
enable = true;
settings = {
# settings for when connected to a power source
charger = {
# see available governors by running: cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors
# preferred governor
governor = "performance";
# minimum cpu frequency (in kHz)
# example: for 800 MHz = 800000 kHz --> scaling_min_freq = 800000
# see conversion info: https://www.rapidtables.com/convert/frequency/mhz-to-hz.html
# to use this feature, uncomment the following line and set the value accordingly
# scaling_min_freq = 800000
# maximum cpu frequency (in kHz)
# example: for 1GHz = 1000 MHz = 1000000 kHz -> scaling_max_freq = 1000000
# see conversion info: https://www.rapidtables.com/convert/frequency/mhz-to-hz.html
# to use this feature, uncomment the following line and set the value accordingly
# scaling_max_freq = 1000000
# turbo boost setting. possible values: always, auto, never
turbo = "auto";
};
# settings for when using battery power
battery = {
# see available governors by running: cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors
# preferred governor
governor = "schedutil";
# minimum cpu frequency (in kHz)
# example: for 800 MHz = 800000 kHz --> scaling_min_freq = 800000
# see conversion info: https://www.rapidtables.com/convert/frequency/mhz-to-hz.html
# to use this feature, uncomment the following line and set the value accordingly
# scaling_min_freq = 800000
# maximum cpu frequency (in kHz)
# see conversion info: https://www.rapidtables.com/convert/frequency/mhz-to-hz.html
# example: for 1GHz = 1000 MHz = 1000000 kHz -> scaling_max_freq = 1000000
# to use this feature, uncomment the following line and set the value accordingly
# scaling_max_freq = 1000000
# turbo boost setting (always, auto, or never)
turbo = "auto";
# battery charging threshold
# reference: https://github.com/AdnanHodzic/auto-cpufreq/#battery-charging-thresholds
#enable_thresholds = true
#start_threshold = 20
#stop_threshold = 80
};
};
};
displayManager = {
sddm = {
enable = lib.mkForce true;
wayland.enable = lib.mkForce true;
};
gdm.enable = lib.mkForce false;
};
desktopManager = {
plasma6.enable = lib.mkForce false;
gnome.enable = lib.mkForce false;
};
logind = {
lidSwitch = "suspend";
lidSwitchExternalPower = "ignore";
powerKey = "suspend";
powerKeyLongPress = "poweroff";
};
# Enable Flatpak
flatpak.enable = lib.mkDefault false;
gvfs.enable = true;
};
}

78
hosts/mac/configuration.nix
View File

@@ -1,78 +0,0 @@
{ pkgs, ... }:
{
#nix run nix-darwin -- switch --flake ~/nix-config
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs; [
asitop
mas
python3
python3Packages.beautifulsoup4
python3Packages.requests
python3Packages.selenium
vim
];
# Homebrew
homebrew.enable = true;
homebrew.casks = [
"spotify"
"protonvpn"
"omnissa-horizon-client"
"tg-pro"
"steam"
"orcaslicer"
"vscodium"
"epic-games"
"wine-stable"
"scroll-reverser"
];
homebrew.masApps = {
Tailscale = 1475387142;
Infuse = 1136220934;
Amphetamine = 937984704;
};
# homebrew.global.autoUpdate = true;
security.pam.services.sudo_local.touchIdAuth = true;
# Auto upgrade nix package and the daemon service.
# services.nix-daemon.enable = true;
# nix.package = pkgs.nix;
# Necessary for using flakes on this system.
nix.settings.experimental-features = "nix-command flakes";
# Allow unfree
nixpkgs.config.allowUnfree = true;
# Create /etc/zshrc that loads the nix-darwin environment.
programs.zsh.enable = true; # default shell on catalina
system = {
defaults = {
trackpad.Clicking = true;
dock.autohide = false;
NSGlobalDomain = {
AppleInterfaceStyle = "Dark";
"com.apple.mouse.tapBehavior" = 1;
"com.apple.keyboard.fnState" = false;
};
};
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
stateVersion = 5;
};
# The platform the configuration will be used on.
nixpkgs.hostPlatform = "aarch64-darwin";
users.users.mattjallen = {
name = "mattjallen";
home = "/Users/mattjallen";
};
}

111
hosts/mac/home.nix
View File

@@ -1,111 +0,0 @@
{ ... }:
let
shellAliases = {
update-switch = "darwin-rebuild switch --flake ~/nix-config";
update-flake = "nix flake update ~/nix-config";
ducks = "du -cksh * | sort -hr | head -n 15";
};
gitAliases = {
co = "checkout";
ci = "commit";
cia = "commit --amend";
s = "status";
st = "status";
b = "branch";
p = "pull --rebase";
pu = "push";
};
in
{
imports = [ ./trampoline-apps ];
# Home Manager needs a bit of information about you and the
# paths it should manage.
home.username = "mattjallen";
home.homeDirectory = "/Users/mattjallen";
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards
# incompatible changes.
#
# You can update Home Manager without changing this value. See
# the Home Manager release notes for a list of state version
# changes in each release.
home.stateVersion = "23.11";
programs = {
# Let Home Manager install and manage itself.
home-manager = {
enable = true;
};
vscode = {
enable = true;
};
btop.enable = true;
zsh = {
enable = true;
enableCompletion = true;
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
shellAliases = shellAliases;
oh-my-zsh = {
enable = true;
plugins = [ "git" ];
theme = "fishy";
};
};
librewolf = {
enable = true;
settings = {
"identity.fxaccounts.enabled" = true; # Enable Firefox Accounts
"privacy.clearOnShutdown.history" = false; # Disable clearing history on shutdown
"privacy.clearOnShutdown.downloads" = false; # Disable clearing downloads on shutdown
"privacy.clearOnShutdown.cache" = false; # Disable clearing cache on shutdown
"privacy.clearOnShutdown.cookiesAndStorage" = false; # Disable clearing cookies and storage on shutdown
"privacy.clearOnShutdown.cookies" = false; # Disable clearing cookies on shutdown
"privacy.clearOnShutdown_v2.cache" = false; # Disable clearing cache on shutdown
"privacy.clearOnShutdown_v2.cookiesAndStorage" = false; # Disable clearing cookies and storage on shutdown
"privacy.clearOnShutdown.formdata" = false; # Disable clearing form data on shutdown
"privacy.clearOnShutdown.offlineApps" = false; # Disable clearing offline apps on shutdown
"privacy.clearHistory.cache" = false; # Disable clearing cache on history clear
"privacy.clearHistory.cookiesAndStorage" = false; # Disable clearing cookies on history clear
"privacy.clearHistory.historyFormDataAndDownloads" = false; # Disable clearing history, form data, and downloads on history clear
"privacy.clearHistory.browsingHistoryAndDownloads" = false; # Disable clearing browsing history and downloads on history clear
"privacy.clearSiteData.cache" = false; # Disable clearing cache on site data clear
"privacy.clearSiteData.cookiesAndStorage" = false; # Disable clearing cookies on site data clear
"services.sync.prefs.sync.privacy.clearOnShutdown.cache" = true; # Enable syncing cache clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown.cookies" = true; # Enable syncing cookies clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown.downloads" = true; # Enable syncing downloads clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown.formdata" = true; # Enable syncing form data clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown.history" = true; # Enable syncing history clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown.offlineApps" = true; # Enable syncing offline apps clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown.sessions" = true; # Enable syncing sessions clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown.siteSettings" = true; # Enable syncing site settings clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown_v2.cache" = true; # Enable syncing cache clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown_v2.cookiesAndStorage" = true; # Enable syncing cookies clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown_v2.downloads" = true; # Enable syncing downloads clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; # Enable syncing form data clear on shutdown
"services.sync.prefs.sync.privacy.clearOnShutdown_v2.siteSettings" = true; # Enable syncing site settings clear on shutdown
"browser.newtabpage.activity-stream.feeds.topsites" = true; # Enable top sites on new tab page
"browser.newtabpage.activity-stream.topSitesRows" = 3; # Set number of rows for top sites on new tab page
};
};
};
programs.git = {
enable = true;
userName = "mjallen18";
userEmail = "matt.l.jallen@gmail.com";
aliases = gitAliases;
};
# Manage bug in compilations - who uses manpages in 2024 anyways? :P
manual.manpages.enable = false;
}

25
hosts/mac/trampoline-apps/default.nix
View File

@@ -1,25 +0,0 @@
# Hook home-manager to make a trampoline for each app we install
# from: https://github.com/nix-community/home-manager/issues/1341#issuecomment-1870352014
{
config,
lib,
pkgs,
...
}:
with lib;
{
config = mkIf pkgs.stdenv.hostPlatform.isDarwin {
# Install MacOS applications to the user Applications folder. Also update Docked applications
home.extraActivationPath = with pkgs; [
rsync
dockutil
gawk
];
home.activation.trampolineApps = hm.dag.entryAfter [ "writeBoundary" ] ''
${builtins.readFile ./lib-bash/trampoline-apps.sh}
fromDir="$HOME/Applications/Home Manager Apps"
toDir="$HOME/Applications/Home Manager Trampolines"
sync_trampolines "$fromDir" "$toDir"
'';
};
}

131
hosts/mac/trampoline-apps/lib-bash/trampoline-apps.sh
View File

@@ -1,131 +0,0 @@
# Utilities not in nixpkgs.
plutil="/usr/bin/plutil"
killall="/usr/bin/killall"
osacompile="/usr/bin/osacompile"
copyable_app_props=(
"CFBundleDevelopmentRegion"
"CFBundleDocumentTypes"
"CFBundleGetInfoString"
"CFBundleIconFile"
"CFBundleIdentifier"
"CFBundleInfoDictionaryVersion"
"CFBundleName"
"CFBundleShortVersionString"
"CFBundleURLTypes"
"NSAppleEventsUsageDescription"
"NSAppleScriptEnabled"
"NSDesktopFolderUsageDescription"
"NSDocumentsFolderUsageDescription"
"NSDownloadsFolderUsageDescription"
"NSPrincipalClass"
"NSRemovableVolumesUsageDescription"
"NSServices"
"UTExportedTypeDeclarations"
)
function sync_icons() {
local from="$1"
local to="$2"
from_resources="$from/Contents/Resources/"
to_resources="$to/Contents/Resources/"
find "$to_resources" -name "*.icns" -delete
rsync --include "*.icns" --exclude "*" --recursive "$from_resources" "$to_resources"
}
function copy_paths() {
local from="$1"
local to="$2"
local paths=("${@:3}")
keys=$(jq -n '$ARGS.positional' --args "${paths[@]}")
jqfilter="to_entries |[.[]| select(.key as \$item| \$keys | index(\$item) >= 0) ] | from_entries"
temp_dir=$(mktemp -d)
trap 'rm -rf "$temp_dir"' EXIT
pushd $temp_dir >/dev/null
cp "$from" "orig"
chmod u+w "orig"
cp "$to" "bare-wrapper"
chmod u+w "bare-wrapper"
$plutil -convert json -- "orig"
$plutil -convert json -- "bare-wrapper"
jq --argjson keys "$keys" "$jqfilter" <"orig" >"filtered"
cat "bare-wrapper" "filtered" | jq -s add >"final"
$plutil -convert xml1 -- "final"
cp "final" "$to"
popd >/dev/null
}
function sync_dock() {
# Make sure all environment variables are cleared that might affect dockutil
unset SUDO_USER
# Array of applications to sync
declare -a apps=("$@")
# Iterate through each provided app
for app_path in "${apps[@]}"; do
if [ -d "$app_path" ]; then
# Extract the name of the app from the path
app_name=$(basename "$app_path")
app_name=${app_name%.*} # Remove the '.app' extension
resolved_path=$(realpath "$app_path")
# Find the current Dock item for the app, if it exists
current_dock_item=$(dockutil --list --no-restart | grep "$app_name.app" | awk -F "\t" '{print $1}' || echo "")
if [ -n "$current_dock_item" ]; then
# The app is currently in the Dock, attempt to replace it
echo "Updating $app_name in Dock..."
dockutil --add "$resolved_path" --replacing "$current_dock_item" --no-restart
else
# The app is not in the Dock; you might choose to add it or do nothing
echo "$app_name is not currently in the Dock."
fi
else
echo "Warning: Provided path $app_path is not valid."
fi
done
# Restart the Dock to apply changes
$killall Dock
}
function mktrampoline() {
local app="$1"
local trampoline="$2"
if [[ ! -d $app ]]; then
echo "app path is not directory."
return 1
fi
cmd="do shell script \"open '$app'\""
$osacompile -o "$trampoline" -e "$cmd"
sync_icons "$app" "$trampoline"
copy_paths "$(realpath "$app/Contents/Info.plist")" "$(realpath "$trampoline/Contents/Info.plist")" "${copyable_app_props[@]}"
}
function sync_trampolines() {
[[ ! -d "$1" ]] && echo "Source directory does not exist" && return 1
if [[ -d "$2" ]]; then
rm -rf "$2"
fi
mkdir -p "$2"
apps=("$1"/*.app)
for app in "${apps[@]}"; do
trampoline="$2/$(basename "$app")"
mktrampoline "$app" "$trampoline"
done
sync_dock "${apps[@]}"
}

105
hosts/nas/apps.nix
View File

@@ -1,105 +0,0 @@
{ pkgs, lib, ... }:
let
settings = import ./settings.nix;
in
{
imports = [
./apps/actual
./apps/arrs
./apps/crowdsec
./apps/excalidraw
./apps/gitea
./apps/immich
./apps/jellyfin
./apps/jellyseerr
./apps/lubelogger
./apps/nextcloud
./apps/ollama
./apps/orca
./apps/paperless
./apps/traefik
./apps/wyoming
../../modules
];
nas-apps = {
actual = {
enable = true;
port = 3333;
localAddress = "10.0.3.18";
dataDir = "/media/nas/ssd/nix-app-data/actual";
reverseProxy = {
enable = true;
host = "actual.mjallen.dev";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
};
};
arrs = {
enable = true;
localAddress = "10.0.1.51";
downloadsDir = "/media/nas/ssd/ssd_app_data/downloads";
incompleteDownloadsDir = "/media/nas/ssd/ssd_app_data/downloads-incomplete";
moviesDir = "/media/nas/main/movies";
tvDir = "/media/nas/main/tv";
isosDir = "/media/nas/main/isos";
radarr = {
enable = true;
port = 7878;
dataDir = "/media/nas/ssd/nix-app-data/radarr";
};
sonarr = {
enable = true;
port = 8989;
dataDir = "/media/nas/ssd/nix-app-data/sonarr";
};
sabnzbd = {
enable = true;
port = 8280;
dataDir = "/media/nas/ssd/nix-app-data/sabnzbd";
};
deluge = {
enable = true;
port = 8112;
};
jackett = {
enable = true;
port = 9117;
dataDir = "/media/nas/ssd/nix-app-data/jackett";
};
};
crowdsec = {
enable = true;
port = 9898;
apiAddress = settings.hostAddress;
apiKey = "1daH89qmJ41r2Lpd9hvDw4sxtOAtBzaj3aKFOFqE";
dataDir = "/media/nas/ssd/nix-app-data/crowdsec";
};
gitea = {
enable = true;
httpPort = 3000;
sshPort = 2222;
localAddress = "10.0.4.18";
dataDir = "/media/nas/ssd/nix-app-data/gitea";
reverseProxy = {
enable = true;
host = "gitea.mjallen.dev";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
};
};
free-games-claimer.enable = true;
manyfold.enable = true;
orca-slicer = {
enable = true;
httpPort = "3100";
httpsPort = "3101";
};
tdarr.enable = true;
};
}

125
hosts/nas/apps/actual/default.nix
View File

@@ -1,125 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.nas-apps.actual;
settings = import ../settings.nix;
dataDir = "/data";
hostAddress = settings.hostAddress;
actualUserId = config.users.users.nix-apps.uid;
actualGroupId = config.users.groups.jallen-nas.gid;
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
containers.actual = {
autoStart = true;
privateNetwork = true;
hostAddress = hostAddress;
localAddress = cfg.localAddress;
bindMounts = {
${dataDir} = {
hostPath = cfg.dataDir;
isReadOnly = false;
};
};
config = { lib, ... }:
{
services.actual = {
enable = true;
openFirewall = true;
settings = {
trustedProxies = [ hostAddress ];
port = cfg.port;
dataDir = dataDir;
serverFiles = "${dataDir}/server-files";
userFiles = "${dataDir}/user-files";
};
};
users.users.actual = {
isSystemUser = true;
uid = lib.mkForce actualUserId;
group = "actual";
};
users.groups = {
actual = {
gid = lib.mkForce actualGroupId;
};
};
# System packages
environment.systemPackages = with pkgs; [
sqlite
];
# Create and set permissions for required directories
system.activationScripts.actual-dirs = ''
mkdir -p ${dataDir}
chown -R actual:actual ${dataDir}
chmod -R 0700 ${dataDir}
'';
systemd.services = {
actual = {
environment.ACTUAL_CONFIG_PATH = lib.mkForce "${dataDir}/config.json";
serviceConfig = {
ExecStart = lib.mkForce "${pkgs.actual-server}/bin/actual-server --config ${dataDir}/config.json";
WorkingDirectory = lib.mkForce dataDir;
StateDirectory = lib.mkForce dataDir;
StateDirectoryMode = lib.mkForce 0700;
DynamicUser = lib.mkForce false;
ProtectSystem = lib.mkForce null;
};
};
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ cfg.port ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
};
services.traefik.dynamicConfigOptions = lib.mkIf cfg.reverseProxy.enable {
services.actual.loadBalancer.servers = [
{
url = "http://${cfg.localAddress}:${toString cfg.port}";
}
];
routers.actual = {
entryPoints = [ "websecure" ];
rule = "Host(`${cfg.reverseProxy.host}`)";
service = "actual";
middlewares = cfg.reverseProxy.middlewares;
tls.certResolver = "letsencrypt";
};
};
networking = {
nat = {
forwardPorts = [
{
destination = "${cfg.localAddress}:${toString cfg.port}";
sourcePort = cfg.port;
}
];
};
firewall = {
allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ];
};
};
};
}

37
hosts/nas/apps/actual/options.nix
View File

@@ -1,37 +0,0 @@
{ lib, ... }:
with lib;
{
options.nas-apps.actual = {
enable = mkEnableOption "actual service";
port = mkOption {
type = types.int;
default = 80;
};
localAddress = mkOption {
type = types.str;
default = "127.0.0.1";
};
dataDir = mkOption {
type = types.str;
default = "";
};
reverseProxy = {
enable = mkOption {
type = types.bool;
default = false;
};
host = mkOption {
type = types.str;
default = "";
};
middlewares = mkOption {
type = with types; listOf str;
default = [ ];
};
};
};
}

58
hosts/nas/apps/crowdsec/default.nix
View File

@@ -1,58 +0,0 @@
{ outputs, config, lib, pkgs, ... }:
with lib;
let
cfg = config.nas-apps.crowdsec;
in
{
imports = [ ./options.nix ];
config = lib.mkIf cfg.enable {
services = {
crowdsec = let
yaml = (pkgs.formats.yaml {}).generate;
acquisitions_file = yaml "acquisitions.yaml" {
source = "journalctl";
journalctl_filter = ["_SYSTEMD_UNIT=sshd.service"];
labels.type = "syslog";
};
in {
enable = true;
enrollKeyFile = "${cfg.dataDir}/enroll.key";
settings = {
crowdsec_service.acquisition_path = acquisitions_file;
api.server = {
listen_uri = "0.0.0.0:${toString cfg.port}";
};
};
};
crowdsec-firewall-bouncer = {
enable = true;
settings = {
api_key = cfg.apiKey;
api_url = "http://${cfg.apiAddress}:${toString cfg.port}";
};
};
};
systemd.services.crowdsec.serviceConfig = {
ExecStartPre = let
script = pkgs.writeScriptBin "register-bouncer" ''
#!${pkgs.runtimeShell}
set -eu
set -o pipefail
if ! cscli bouncers list | grep -q "nas-bouncer"; then
cscli bouncers add "nas-bouncer" --key "${cfg.apiKey}"
fi
'';
in ["${script}/bin/register-bouncer"];
};
networking = {
firewall = {
allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ];
};
};
};
}

27
hosts/nas/apps/crowdsec/options.nix
View File

@@ -1,27 +0,0 @@
{ lib, ... }:
with lib;
{
options.nas-apps.crowdsec = {
enable = mkEnableOption "crowdsec service";
port = mkOption {
type = types.int;
default = 9898;
};
apiAddress = mkOption {
type = types.str;
default = "127.0.0.1";
};
apiKey = mkOption {
type = types.str;
default = "";
};
dataDir = mkOption {
type = types.str;
default = "";
};
};
}

13
hosts/nas/apps/excalidraw/default.nix
View File

@@ -1,13 +0,0 @@
{ config, ... }:
{
virtualisation.oci-containers.containers.excalidraw = {
autoStart = true;
image = "excalidraw/excalidraw";
ports = [ "8765:80" ];
environment = {
PUID = toString config.users.users.nix-apps.uid;
PGID = toString config.users.groups.jallen-nas.gid;
TZ = "America/Chicago";
};
};
}

131
hosts/nas/apps/gitea/default.nix
View File

@@ -1,131 +0,0 @@
{ config, lib, ... }:
with lib;
let
cfg = config.nas-apps.gitea;
settings = import ../settings.nix;
hostAddress = settings.hostAddress;
# localAddress = "10.0.4.18";
# httpPort = 3000;
# sshPort = 2222;
rootUrl = "https://gitea.mjallen.dev/";
# stateDir = "/media/nas/ssd/nix-app-data/gitea";
dataDir = "/var/lib/gitea";
secretsDir = "/run/secrets/jallen-nas/gitea";
mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path;
metricsTokenFile = config.sops.secrets."jallen-nas/gitea/metrics-key".path;
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
containers.gitea = {
autoStart = true;
privateNetwork = true;
hostAddress = hostAddress;
localAddress = cfg.localAddress;
bindMounts = {
${dataDir} = {
hostPath = cfg.dataDir;
isReadOnly = false;
};
secrets = {
hostPath = secretsDir;
isReadOnly = true;
mountPoint = secretsDir;
};
};
config = { lib, ... }:
{
services.gitea = {
enable = true;
stateDir = dataDir;
mailerPasswordFile = mailerPasswordFile;
metricsTokenFile = metricsTokenFile;
settings = {
server = {
DOMAIN = "jallen-nas";
HTTP_ADDR = "0.0.0.0";
HTTP_PORT = cfg.httpPort;
PROTOCOL = "http";
ROOT_URL = rootUrl;
START_SSH_SERVER = true;
SSH_PORT = cfg.sshPort;
};
service = {
REGISTER_EMAIL_CONFIRM = false;
ENABLE_CAPTCHA = false;
DISABLE_REGISTRATION = true;
ENABLE_OPENID_SIGNIN = false;
ENABLE_LDAP_SIGNIN = false;
ENABLE_SSH_SIGNIN = true;
ENABLE_BUILTIN_SSH_SERVER = true;
ENABLE_REVERSE_PROXY_AUTHENTICATION = true;
};
};
};
users.users.gitea = {
extraGroups = [ "keys" ];
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ cfg.httpPort cfg.sshPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
# Create and set permissions for required directories
system.activationScripts.gitea-dirs = ''
mkdir -p /var/lib/gitea
chown -R gitea:gitea /var/lib/gitea
chmod -R 775 /var/lib/gitea
mkdir -p /run/secrets/jallen-nas
chown -R gitea:gitea /run/secrets/jallen-nas
chmod -R 775 /run/secrets/jallen-nas
'';
services.resolved.enable = true;
system.stateVersion = "23.11";
};
};
services.traefik.dynamicConfigOptions = lib.mkIf cfg.reverseProxy.enable {
services.gitea.loadBalancer.servers = [
{
url = "http://${cfg.localAddress}:${toString cfg.httpPort}";
}
];
routers.gitea = {
entryPoints = [ "websecure" ];
rule = "Host(`${cfg.reverseProxy.host}`)";
service = "gitea";
middlewares = cfg.reverseProxy.middlewares;
tls.certResolver = "letsencrypt";
};
};
networking = {
nat = {
forwardPorts = [
{
destination = "${cfg.localAddress}:${toString cfg.httpPort}";
sourcePort = cfg.httpPort;
}
{
destination = "${cfg.localAddress}:${toString cfg.sshPort}";
sourcePort = cfg.sshPort;
}
];
};
firewall = {
allowedTCPPorts = [ cfg.httpPort cfg.sshPort ];
allowedUDPPorts = [ cfg.httpPort cfg.sshPort ];
};
};
};
}

27
hosts/nas/apps/immich/default.nix
View File

@@ -1,27 +0,0 @@
{ config, lib, ... }:
let
settings = import ../settings.nix;
immichPort = 2283;
dataDir = "/media/nas/main/photos";
dbPassword = config.sops.secrets."jallen-nas/immich/db-password".path;
in
{
# Enable immich service
services.immich = {
enable = true;
port = immichPort;
openFirewall = true;
secretsFile = dbPassword;
mediaLocation = dataDir;
environment = {
IMMICH_HOST = lib.mkForce "0.0.0.0";
IMMICH_TRUSTED_PROXIES = settings.hostAddress;
TZ = "America/Chicago";
};
machine-learning = {
enable = true;
};
};
}

11
hosts/nas/apps/jellyfin/default.nix
View File

@@ -1,11 +0,0 @@
{ ... }:
{
services.jellyfin = {
enable = true;
openFirewall = true;
user = "nix-apps";
group = "jallen-nas";
dataDir = "/media/nas/ssd/nix-app-data/jellyfin";
# cacheDir = "/cache";
};
}

73
hosts/nas/apps/jellyseerr/default.nix
View File

@@ -1,73 +0,0 @@
{ ... }:
let
jellyseerrPort = 5055;
dataDir = "/var/lib/private/jellyseerr";
settings = import ../settings.nix;
in
{
containers.jellyseerr = {
autoStart = true;
privateNetwork = true;
hostAddress = settings.hostAddress;
localAddress = "10.0.1.52";
hostAddress6 = "fc00::1";
localAddress6 = "fc00::4";
bindMounts = {
${dataDir} = {
hostPath = "/media/nas/ssd/nix-app-data/jellyseerr";
isReadOnly = false;
};
};
config =
{
lib,
...
}:
{
# Enable jellyseerr service
services.jellyseerr = {
enable = true;
port = jellyseerrPort;
# package = package;
openFirewall = true;
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ jellyseerrPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
# Create and set permissions for required directories
system.activationScripts.jellyseerr-dirs = ''
mkdir -p /var/lib/private/jellyseerr
chown -R jellyseerr:jellyseerr /var/lib/private/jellyseerr
chmod -R 775 /var/lib/private/jellyseerr
ln -sf /var/lib/private/jellyseerr /var/lib/jellyfin
'';
services.resolved.enable = true;
system.stateVersion = "23.11";
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.1.52:5055";
sourcePort = jellyseerrPort;
}
];
};
}

20
hosts/nas/apps/lubelogger/default.nix
View File

@@ -1,20 +0,0 @@
{ config, ... }:
{
virtualisation.oci-containers.containers.lubelogger = {
autoStart = true;
image = "ghcr.io/hargata/lubelogger";
ports = [ "6754:8080" ];
volumes = [
"/media/nas/ssd/nix-app-data/lubelogger:/App/data"
"/media/nas/ssd/nix-app-data/lubelogger/keys:/root/.aspnet/DataProtection-Keys"
];
environmentFiles = [
"/media/nas/ssd/nix-app-data/lubelogger/lubelogger.env"
];
environment = {
PUID = toString config.users.users.nix-apps.uid;
PGID = toString config.users.groups.jallen-nas.gid;
TZ = "America/Chicago";
};
};
}

241
hosts/nas/apps/nextcloud/default.nix
View File

@@ -1,241 +0,0 @@
{ config, pkgs, ... }:
let
settings = import ../settings.nix;
adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path;
jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
nextcloudUserId = config.users.users.nix-apps.uid;
nextcloudGroupId = config.users.groups.jallen-nas.gid;
nextcloudPackage = pkgs.unstable.nextcloud31;
hostAddress = settings.hostAddress;
localAddress = "10.0.2.18";
nextcloudPortExtHttp = 9988;
nextcloudPortExtHttps = 9943;
onlyofficePortExt = 9943;
in
{
containers.nextcloud = {
autoStart = true;
privateNetwork = true;
hostAddress = hostAddress;
localAddress = localAddress;
bindMounts = {
secrets = {
hostPath = "/run/secrets/jallen-nas/nextcloud";
isReadOnly = true;
mountPoint = "/run/secrets/jallen-nas/nextcloud";
};
secrets2 = {
hostPath = "/run/secrets/jallen-nas/onlyoffice-key";
isReadOnly = true;
mountPoint = "/run/secrets/jallen-nas/onlyoffice-key";
};
data = {
hostPath = "/media/nas/main/nextcloud";
isReadOnly = false;
mountPoint = "/data";
};
"/var/lib/nextcloud" = {
hostPath = "/media/nas/ssd/nix-app-data/nextcloud";
isReadOnly = false;
mountPoint = "/var/lib/nextcloud";
};
"/var/lib/onlyoffice" = {
hostPath = "/media/nas/ssd/nix-app-data/onlyoffice";
isReadOnly = false;
mountPoint = "/var/lib/onlyoffice";
};
};
config =
{ pkgs, lib, ... }:
{
imports = [ ../../../../share/nvidia ];
nixpkgs.config.allowUnfree = true;
networking.extraHosts = ''
${hostAddress} host.containers protonmail-bridge
'';
services = {
nextcloud = {
enable = true;
package = nextcloudPackage;
# datadir = "/data";
database.createLocally = true;
hostName = "cloud.mjallen.dev";
appstoreEnable = true;
caching.redis = true;
configureRedis = true;
enableImagemagick = true;
https = true;
secretFile = secretsFile;
config = {
adminuser = "mjallen";
adminpassFile = adminpass;
dbhost = "localhost";
dbtype = "sqlite";
dbname = "nextcloud";
dbuser = "nextcloud";
};
settings = {
loglevel = 3;
allow_local_remote_servers = true;
upgrade.disable-web = false;
datadirectory = "/data";
trusted_domains = [
"${hostAddress}:${toString nextcloudPortExtHttp}"
"${hostAddress}:${toString nextcloudPortExtHttps}"
"${localAddress}:80"
"${localAddress}:443"
"cloud.mjallen.dev"
];
opcache.interned_strings_buffer = 16;
trusted_proxies = [ hostAddress ];
maintenance_window_start = 6;
default_phone_region = "US";
enable_previews = true;
enabledPreviewProviders = [
"OC\\Preview\\PNG"
"OC\\Preview\\JPEG"
"OC\\Preview\\GIF"
"OC\\Preview\\BMP"
"OC\\Preview\\XBitmap"
"OC\\Preview\\MP3"
"OC\\Preview\\TXT"
"OC\\Preview\\MarkDown"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\Krita"
"OC\\Preview\\HEIC"
"OC\\Preview\\Movie"
"OC\\Preview\\MSOffice2003"
"OC\\Preview\\MSOffice2007"
"OC\\Preview\\MSOfficeDoc"
];
installed = true;
user_oidc = {
auto_provision = false;
soft_auto_provision = false;
allow_multiple_user_backends = false; # auto redirect to authentik for login
};
};
};
};
services.onlyoffice = {
enable = true;
port = onlyofficePortExt;
hostname = "office.mjallen.dev";
jwtSecretFile = jwtSecretFile;
};
# System packages
environment.systemPackages = with pkgs; [
cudaPackages.cudnn
cudatoolkit
ffmpeg
# libtensorflow-bin
nextcloud31
nodejs
onlyoffice-documentserver
sqlite
];
# Create required users and groups
users.users.nextcloud = {
isSystemUser = true;
uid = lib.mkForce nextcloudUserId;
group = "nextcloud";
};
users.users.onlyoffice = {
group = lib.mkForce "nextcloud";
};
users.groups = {
nextcloud = {
gid = lib.mkForce nextcloudGroupId;
};
downloads = { };
};
# Create and set permissions for required directories
system.activationScripts.nextcloud-dirs = ''
mkdir -p /data
chown -R nextcloud:nextcloud /data
chown -R nextcloud:nextcloud /run/secrets/jallen-nas/nextcloud
chmod -R 775 /data
chmod -R 750 /run/secrets/jallen-nas/nextcloud
'';
hardware = {
graphics = {
enable = true;
# setLdLibraryPath = true;
};
};
programs = {
nix-ld.enable = true;
};
share.hardware.nvidia = {
enable = true;
enableBeta = true;
enableOpen = true;
nvidiaSettings = true;
enableNvidiaDocker = true;
};
system.stateVersion = "23.11";
networking = {
firewall = {
enable = true;
allowedTCPPorts = [
80
443
onlyofficePortExt
];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
};
};
networking = {
nat = {
forwardPorts = [
{
destination = "${localAddress}:443";
sourcePort = nextcloudPortExtHttps;
}
{
destination = "${localAddress}:80";
sourcePort = nextcloudPortExtHttp;
}
{
destination = "${localAddress}:8000";
sourcePort = 8000;
}
{
destination = "${localAddress}:${toString onlyofficePortExt}";
sourcePort = onlyofficePortExt;
}
];
};
};
}

70
hosts/nas/apps/ollama/default.nix
View File

@@ -1,70 +0,0 @@
{ config, pkgs, ... }:
let
llamaPackage = pkgs.llama-cpp.overrideAttrs (old: {
src = pkgs.fetchFromGitHub {
owner = "ggml-org";
repo = "llama.cpp";
rev = "b4920";
sha256 = "sha256-SnQIeY74JpAPRMxWcpklDH5D4CQvAgi0GYx5+ECk2J4=";
};
# Optionally override other attributes if you need to
# version = "my-fork-version";
# pname = "llama-cpp-custom";
});
in
{
services.ollama = {
enable = true;
port = 11434;
host = "0.0.0.0";
user = "nix-apps";
group = "jallen-nas";
openFirewall = true;
acceleration = "cuda";
home = "/media/nas/ssd/nix-app-data/ollama";
};
environment.systemPackages = [ llamaPackage ];
services.llama-cpp = {
enable = true;
port = 8127;
host = "0.0.0.0";
openFirewall = true;
model = "/media/nas/ssd/nix-app-data/llama-cpp/models/functionary-small-v3.2-GGUF/functionary-small-v3.2.Q4_0.gguf";
package = llamaPackage; # pkgs.unstable.llama-cpp;
extraFlags = [
"--n_gpu-layers"
"500"
"-c"
"0"
"--numa"
"numactl"
"--jinja"
];
};
services.open-webui = {
enable = false;
host = "0.0.0.0";
port = 8888;
openFirewall = true;
# stateDir = "/media/nas/ssd/nix-app-data/open-webui";
environmentFile = config.sops.secrets."jallen-nas/open-webui".path;
environment = {
OPENID_PROVIDER_URL = "https://authentik.mjallen.dev/application/o/chat/.well-known/openid-configuration";
OAUTH_PROVIDER_NAME = "authentik";
OPENID_REDIRECT_URI = "https://chat.mjallen.dev/oauth/oidc/callback";
ENABLE_OAUTH_SIGNUP = "False";
OAUTH_MERGE_ACCOUNTS_BY_EMAIL = "True";
ENABLE_SIGNUP = "False";
ENABLE_LOGIN_FORM = "False";
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
OLLAMA_API_BASE_URL = "http://127.0.0.1:11434";
LOCAL_FILES_ONLY = "False";
WEBUI_AUTH = "False";
};
};
}

46
hosts/nas/apps/options.nix
View File

@@ -1,46 +0,0 @@
{ lib, ... }:
let
inherit (lib) types mkOption;
in
{
options.nas-apps = mkOption {
type = types.attrsOf (types.submodule ({ config, name, ... }: {
options = {
enable = mkOption {
type = types.bool;
default = false;
};
port = mkOption {
type = types.int;
default = 80;
};
localAddress = mkOption {
type = types.str;
default = "127.0.0.1";
};
dataDir = mkOption {
type = types.str;
default = "";
};
reverseProxy = {
enable = mkOption {
type = types.bool;
default = false;
};
host = mkOption {
type = types.str;
default = "";
};
middlewares = mkOption {
type = with types; listOf str;
default = [ ];
};
};
};
}));
};
}

104
hosts/nas/apps/paperless/default.nix
View File

@@ -1,104 +0,0 @@
{
config,
pkgs,
...
}:
let
settings = import ../settings.nix;
paperlessPort = 28981;
paperlessUserId = config.users.users.nix-apps.uid;
paperlessGroupId = config.users.groups.jallen-nas.gid;
paperlessEnv = config.sops.templates."paperless.env".path;
paperlessPkg = pkgs.paperless-ngx;
in
{
containers.paperless = {
autoStart = true;
privateNetwork = true;
hostAddress = settings.hostAddress;
localAddress = "10.0.1.20";
hostAddress6 = "fc00::1";
localAddress6 = "fc00::20";
config =
{
lib,
...
}:
{
# Enable paperless service
services.paperless = {
enable = false;
package = paperlessPkg;
port = paperlessPort;
user = "paperless";
address = "0.0.0.0";
passwordFile = "/var/lib/paperless/paperless-password";
# environmentFile = paperlessEnv; # unstable is too unstable, but this doesnt exist in stable.... disabling altogether....
};
# Create required users and groups
users.groups = {
documents = {
gid = lib.mkForce paperlessGroupId;
};
};
users.users.paperless = {
isSystemUser = true;
uid = lib.mkForce paperlessUserId;
group = lib.mkForce "documents";
};
# Create and set permissions for required directories
system.activationScripts.paperless-dirs = ''
mkdir -p /var/lib/paperless
chown -R paperless:documents /var/lib/paperless
chmod -R 775 /var/lib/paperless
'';
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ paperlessPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
# Bind mount directories from host
bindMounts = {
"/var/lib/paperless" = {
hostPath = "/media/nas/ssd/nix-app-data/paperless";
isReadOnly = false;
};
secrets = {
hostPath = "/run/secrets/jallen-nas/paperless";
isReadOnly = true;
mountPoint = "/run/secrets/jallen-nas/paperless";
};
secret-env = {
hostPath = "/run/secrets/rendered/paperless.env";
isReadOnly = true;
mountPoint = "/run/secrets/rendered/paperless.env";
};
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.1.20:28981";
sourcePort = paperlessPort;
}
];
};
}

391
hosts/nas/apps/traefik/default.nix
View File

@@ -1,391 +0,0 @@
{ config, ... }:
let
settings = import ../settings.nix;
domain = "mjallen.dev";
serverIp = settings.hostAddress;
# Forward services
authUrl = "http://${serverIp}:9000/outpost.goauthentik.io";
actualUrl = "http://${config.containers.actual.localAddress}:${toString config.containers.actual.config.services.actual.settings.port}";
authentikUrl = "http://${serverIp}:9000";
cacheUrl = "http://${serverIp}:9012";
cloudUrl = "http://${config.containers.nextcloud.localAddress}:80";
giteaUrl = "http://${config.containers.gitea.localAddress}:${toString config.containers.gitea.config.services.gitea.settings.server.HTTP_PORT}";
hassUrl = "http://homeassistant.local:8123";
immichUrl = "http://${serverIp}:${toString config.services.immich.port}";
jellyfinUrl = "http://${serverIp}:8096";
jellyseerrUrl = "http://${config.containers.jellyseerr.localAddress}:${toString config.containers.jellyseerr.config.services.jellyseerr.port}";
lubeloggerUrl = "http://${serverIp}:6754";
onlyofficeUrl = "http://${config.containers.nextcloud.localAddress}:${toString config.containers.nextcloud.config.services.onlyoffice.port}";
openWebUIUrl = "http://${serverIp}:8888";
paperlessUrl = "http://${config.containers.paperless.localAddress}:${toString config.containers.paperless.config.services.paperless.port}";
# Plugins
traefikPlugins = {
bouncer = {
moduleName = "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin";
version = "v1.4.2";
};
geoblock = {
moduleName = "github.com/PascalMinder/geoblock";
version = "v0.2.5";
};
};
crowdsecAppsecHost = "${serverIp}:7422";
crowdsecLapiKeyFile = config.sops.secrets."jallen-nas/traefik/crowdsec-lapi-key".path;
# Ports
httpPort = 80;
httpsPort = 443;
traefikPort = 8080;
metricsPort = 8082;
forwardPorts = [
httpPort
httpsPort
traefikPort
metricsPort
];
# misc
letsEncryptEmail = "jalle008@proton.me";
dataDir = "/media/nas/ssd/nix-app-data/traefik";
authentikAddress = "http://${serverIp}:9000/outpost.goauthentik.io/auth/traefik";
in
{
sops = {
secrets = {
"jallen-nas/traefik/crowdsec-lapi-key" = {
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
"jallen-nas/traefik/cloudflare-dns-api-token" = { };
"jallen-nas/traefik/cloudflare-zone-api-token" = { };
"jallen-nas/traefik/cloudflare-api-key" = { };
"jallen-nas/traefik/cloudflare-email" = { };
};
templates = {
"traefik.env" = {
content = ''
CLOUDFLARE_DNS_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"}
CLOUDFLARE_ZONE_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"}
CLOUDFLARE_API_KEY = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"}
CLOUDFLARE_EMAIL = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"}
'';
owner = config.users.users.traefik.name;
group = config.users.users.traefik.group;
restartUnits = [ "traefik.service" ];
};
};
};
networking.firewall = {
allowedTCPPorts = forwardPorts;
allowedUDPPorts = forwardPorts;
};
services.traefik = {
enable = true;
dataDir = dataDir;
group = "jallen-nas";#group;
environmentFiles = [ "${config.services.traefik.dataDir}/traefik.env" ]; # todo: sops
staticConfigOptions = {
entryPoints = {
web = {
address = ":${toString httpPort}";
asDefault = true;
http.redirections.entrypoint = {
to = "websecure";
scheme = "https";
};
};
websecure = {
address = ":${toString httpsPort}";
asDefault = true;
http.tls.certResolver = "letsencrypt";
};
metrics = {
address = ":${toString metricsPort}"; # Port for metrics
};
};
log = {
level = "INFO";
};
metrics = {
prometheus = {
entryPoint = "metrics";
addEntryPointsLabels = true;
addServicesLabels = true;
buckets = [0.1 0.3 1.2 5.0]; # Response time buckets
};
};
certificatesResolvers.letsencrypt.acme = {
email = letsEncryptEmail;
storage = "${config.services.traefik.dataDir}/acme.json";
dnsChallenge = {
provider = "cloudflare";
resolvers = [
"1.1.1.1:53"
"8.8.8.8:53"
];
};
};
api.dashboard = true;
# Access the Traefik dashboard on <Traefik IP>:8080 of your server
api.insecure = true;
experimental = {
plugins = traefikPlugins;
};
};
dynamicConfigOptions = {
http = {
middlewares = {
authentik = {
forwardAuth = {
tls.insecureSkipVerify = true;
address = authentikAddress;
trustForwardHeader = true;
authResponseHeaders = [
"X-authentik-username"
"X-authentik-groups"
"X-authentik-email"
"X-authentik-name"
"X-authentik-uid"
"X-authentik-jwt"
"X-authentik-meta-jwks"
"X-authentik-meta-outpost"
"X-authentik-meta-provider"
"X-authentik-meta-app"
"X-authentik-meta-version"
];
};
};
onlyoffice-websocket = {
headers.customrequestheaders = {
X-Forwarded-Proto = "https";
};
};
crowdsec = {
plugin = {
bouncer = {
crowdsecAppsecEnabled = true;
crowdsecAppsecHost = crowdsecAppsecHost;
crowdsecAppsecFailureBlock = true;
crowdsecAppsecUnreachableBlock = true;
crowdsecLapiKeyFile = crowdsecLapiKeyFile;
};
};
};
whitelist-geoblock = {
plugin = {
geoblock = {
silentStartUp = false;
allowLocalRequests = true;
logLocalRequests = false;
logAllowedRequests = false;
logApiRequests = false;
api = "https://get.geojs.io/v1/ip/country/{ip}";
apiTimeoutMs = 500;
cacheSize = 25;
forceMonthlyUpdate = true;
allowUnknownCountries = false;
unknownCountryApiResponse = "nil";
blackListMode = false;
countries = [
"CA"
"US"
];
};
};
};
internal-ipallowlist =
{
ipAllowList = {
sourceRange = [
"127.0.0.1/32"
"10.0.1.0/24"
];
};
};
};
services = {
auth.loadBalancer.servers = [
{
url = authUrl;
}
];
actual.loadBalancer.servers = [
{
url = actualUrl;
}
];
authentik.loadBalancer.servers = [
{
url = authentikUrl;
}
];
cache.loadBalancer.servers = [
{
url = cacheUrl;
}
];
chat.loadBalancer.servers = [
{
url = openWebUIUrl;
}
];
cloud.loadBalancer.servers = [
{
url = cloudUrl;
}
];
gitea.loadBalancer.servers = [
{
url = giteaUrl;
}
];
hass.loadBalancer.servers = [
{
url = hassUrl;
}
];
immich.loadBalancer.servers = [
{
url = immichUrl;
}
];
jellyfin.loadBalancer.servers = [
{
url = jellyfinUrl;
}
];
jellyseerr.loadBalancer.servers = [
{
url = jellyseerrUrl;
}
];
lubelogger.loadBalancer.servers = [
{
url = lubeloggerUrl;
}
];
onlyoffice.loadBalancer.servers = [
{
url = onlyofficeUrl;
}
];
paperless.loadBalancer.servers = [
{
url = paperlessUrl;
}
];
};
routers = {
auth = {
entryPoints = [ "websecure" ];
rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
priority = 15;
tls.certResolver = "letsencrypt";
};
actual = {
entryPoints = [ "websecure" ];
rule = "Host(`actual.${domain}`)";
service = "actual";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
authentik = {
entryPoints = [ "websecure" ];
rule = "Host(`authentik.${domain}`)";
service = "authentik";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
cache = {
entryPoints = [ "websecure" ];
rule = "Host(`cache.${domain}`)";
service = "cache";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
priority = 10;
tls.certResolver = "letsencrypt";
};
cloud = {
entryPoints = [ "websecure" ];
rule = "Host(`cloud.${domain}`)";
service = "cloud";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
gitea = {
entryPoints = [ "websecure" ];
rule = "Host(`gitea.${domain}`)";
service = "gitea";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
hass = {
entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)";
service = "hass";
middlewares = [ "crowdsec" "whitelist-geoblock" "authentik" ];
priority = 10;
tls.certResolver = "letsencrypt";
};
immich = {
entryPoints = [ "websecure" ];
rule = "Host(`immich.${domain}`)";
service = "immich";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
jellyfin = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.${domain}`)";
service = "jellyfin";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
jellyseerr = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyseerr.${domain}`)";
service = "jellyseerr";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
lubelogger = {
entryPoints = [ "websecure" ];
rule = "Host(`lubelogger.${domain}`)";
service = "lubelogger";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
tls.certResolver = "letsencrypt";
};
onlyoffice = {
entryPoints = [ "websecure" ];
rule = "Host(`office.${domain}`)";
service = "onlyoffice";
middlewares = [ "crowdsec" "whitelist-geoblock" "onlyoffice-websocket" ];
tls.certResolver = "letsencrypt";
};
};
};
};
};
}

19
hosts/nas/apps/wyoming/default.nix
View File

@@ -1,19 +0,0 @@
{ pkgs, ... }:
{
services.wyoming = {
faster-whisper.servers.hass-whisper = {
enable = true;
useTransformers = false;
device = "cuda";
language = "en";
model = "distil-large-v3";
uri = "tcp://0.0.0.0:10300";
};
piper.servers.hass-piper = {
enable = true;
voice = "en-us-ryan-high";
uri = "tcp://0.0.0.0:10200";
};
};
}

68
hosts/nas/boot.nix
View File

@@ -1,68 +0,0 @@
{ pkgs, ... }:
let
configLimit = 50;
kernel = pkgs.linuxPackages; # linuxPackages_latest;
in
{
# Configure bootloader with lanzaboot and secureboot
boot = {
kernelModules = [ "nct6775" ];
loader = {
systemd-boot = {
enable = false;
configurationLimit = configLimit;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
settings = {
console-mode = "max";
};
configurationLimit = configLimit;
};
kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
"vm.swappiness" = 60;
};
# Override kernel to latest
kernelPackages = kernel;
kernelParams = [
"nohibernate"
];
consoleLogLevel = 3;
bootspec.enable = true;
initrd = {
kernelModules = [
"tpm"
"tpm_tis"
"tpm_crb"
"tpm_infineon"
];
systemd = {
enable = true;
# tpm2.enable = true;
tpm2.enable = true;
};
};
# Enable binfmt emulation for ARM
binfmt.emulatedSystems = [ "aarch64-linux" ]; # --argstr system aarch64-linux
};
zramSwap = {
enable = true;
};
}

199
hosts/nas/configuration.nix
View File

@@ -1,199 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
pkgs,
lib,
inputs,
...
}:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./filesystems.nix
./boot.nix
./apps.nix
./grafana.nix
./networking.nix
./nixpkgs.nix
./ups.nix
./users.nix
./samba.nix
./services.nix
./sops.nix
];
powerManagement.cpuFreqGovernor = "powersave";
share.hardware.nvidia = {
enable = true;
enableBeta = true;
enableOpen = true;
nvidiaSettings = true;
enableNvidiaDocker = true;
};
security.tpm2 = {
enable = true;
};
# Configure environment
environment = {
etc.crypttab.text = ''
ssd1 UUID=eff4b19c-aba7-41ab-b452-a8c6654d8754 none tpm2-device=auto
ssd2 UUID=c8640e19-6cd9-49d0-a355-bac09d17ea0d none tpm2-device=auto
hdd1 UUID=8d7dd657-d9b0-47ed-97e1-a9d1eba12b56 none tpm2-device=auto
hdd2 UUID=11ee92b0-6334-4be7-bb2d-d85f5a3f51a6 none tpm2-device=auto
hdd3 UUID=4463ea6f-3fcf-4e49-80c8-ba7f424471f0 none tpm2-device=auto
hdd4 UUID=13fe7737-b72b-4d5f-a79d-1ca0d438f8f0 none tpm2-device=auto
hdd5 UUID=2b4be219-613d-4512-8277-0260989d5377 none tpm2-device=auto
'';
etc.machine-id.text = ''
57cdf5fc27f3469f80d0a339f1238aeb
'';
systemPackages = with pkgs; [
attic-client
binutils
cryptsetup
cmake
deconz
duperemove
efibootmgr
ffmpeg
gcc
glances
ipset
jq
llama-cpp
ninja
inputs.nas-nixai.packages.x86_64-linux.nixai
networkmanagerapplet
nmon
nut
packagekit
pass
protonmail-bridge
protonvpn-cli
python3
unstable.python3Packages.llama-cpp-python
qrencode
rcon
sbctl
speedtest-cli
tigervnc
tpm2-tools
tpm2-tss
];
};
# Configure programs
programs = {
virt-manager.enable = true;
nix-ld.enable = true;
screen.enable = true;
coolercontrol = {
enable = true;
nvidiaSupport = true;
};
msmtp = {
enable = true;
accounts = {
default = {
auth = true;
tls_starttls = false;
host = "smtp.gmail.com";
user = "matt.l.jallen";
from = "matt.l.jallen@gmail.com";
passwordeval = "cat ${config.sops.secrets."jallen-nas/gitea/mail-key".path}";
};
};
defaults = {
port = 465;
tls = true;
};
};
};
hardware.fancontrol = {
enable = false;
config = ''
# Configuration file generated by pwmconfig, changes will be lost
# hwmon6/temp9_input -- chipset temp?
# hwmon2/temp1_input -- cpu temp?
# hwmon6/pwm5 -- chipset fan?
# hwmon6/pwm2, hwmon6/pwm3 -- cpu fans?
# hwmon6/pwm4 -- case fans?
INTERVAL=10
DEVPATH=hwmon2=devices/pci0000:00/0000:00:18.3 hwmon6=devices/platform/nct6775.656
DEVNAME=hwmon2=k10temp hwmon6=nct6798
FCTEMPS=hwmon6/pwm5=hwmon6/temp9_input hwmon6/pwm2=hwmon2/temp1_input hwmon6/pwm3=hwmon2/temp1_input hwmon6/pwm4=hwmon2/temp1_input
FCFANS=hwmon6/pwm5=hwmon6/fan5_input hwmon6/pwm2=hwmon6/fan2_input hwmon6/pwm3=hwmon6/fan3_input hwmon6/pwm4=hwmon6/fan4_input
MINTEMP=hwmon6/pwm5=20 hwmon6/pwm2=20 hwmon6/pwm3=20 hwmon6/pwm4=20
MAXTEMP=hwmon6/pwm5=60 hwmon6/pwm2=90 hwmon6/pwm3=90 hwmon6/pwm4=90
MINSTART=hwmon6/pwm5=16 hwmon6/pwm2=90 hwmon6/pwm3=45 hwmon6/pwm4=60
MINSTOP=hwmon6/pwm5=14 hwmon6/pwm2=0 hwmon6/pwm3=30 hwmon6/pwm4=45
MINPWM=hwmon6/pwm5=14 hwmon6/pwm2=0 hwmon6/pwm3=0 hwmon6/pwm4=0
MAXPWM=hwmon6/pwm5=255 hwmon6/pwm2=255 hwmon6/pwm3=255 hwmon6/pwm4=255
'';
};
# Virtualisation
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
autoPrune.enable = true;
defaultNetwork.settings = {
dns_enabled = true;
};
};
libvirtd.enable = true;
};
# Enable nix flakes and nix-command tools
nix = {
settings = {
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
warn-dirty = lib.mkForce false;
experimental-features = lib.mkForce [
"nix-command"
"flakes"
];
trusted-users = [ "@wheel" ];
};
# Garbage collect automatically every week
gc.automatic = lib.mkDefault true;
gc.options = lib.mkDefault "--delete-older-than 30d";
optimise.automatic = lib.mkDefault true;
};
# Nixpkgs configuration
nixpkgs = {
config = {
allowUnfree = lib.mkForce true;
allowUnsupportedSystem = true;
permittedInsecurePackages = [
# ...
];
};
};
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"vscode-extension-github-copilot"
];
}

135
hosts/nas/filesystems.nix
View File

@@ -1,135 +0,0 @@
{ ... }:
let
defaultOptions = [ "compress=zstd" ];
in
{
fileSystems."/media/nas/ssd/nix-app-data" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [ "subvol=nix-app-data" ] ++ defaultOptions;
};
fileSystems."/media/nas/ssd/ssd_app_data" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [ "subvol=ssd_app_data" ] ++ defaultOptions;
};
fileSystems."/media/nas/ssd/mariadb" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [ "subvol=mariadb" ] ++ defaultOptions;
};
fileSystems."/media/nas/ssd/mongodb" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [ "subvol=mongodb" ] ++ defaultOptions;
};
fileSystems."/media/nas/ssd/VMs" = {
device = "/dev/disk/by-uuid/09ac8b6b-e553-4cd8-ae62-8d8c17fe8b0c";
fsType = "btrfs";
options = [ "subvol=VMs" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/3d_printer" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=3d_printer" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/backup" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=backup" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/books" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=books" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/documents" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=documents" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/homeassistant" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=homeassistant" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/isos" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=isos" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/movies" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=movies" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/nextcloud" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=nextcloud" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/photos" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=photos" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/switch" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=switch" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/tv" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=tv" ] ++ defaultOptions;
};
fileSystems."/media/nas/main/timemachine" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [ "subvol=timemachine" ] ++ defaultOptions;
};
fileSystems."/run/mount/ssd" = {
device = "/dev/mapper/ssd1";
fsType = "btrfs";
};
fileSystems."/run/mount/main" = {
device = "/dev/mapper/hdd1";
fsType = "btrfs";
};
# fileSystems."/media/nas/junk/nextcloud-backup" = {
# device = "/dev/disk/by-uuid/11948951106919390044";
# fsType = "btrfs";
# options = [
# "subvol=nextcloud-backup"
# ]
# ++ defaultOptions;
# };
# fileSystems."/media/nas/main/vms" = {
# device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
# fsType = "btrfs";
# options = [
# "subvol=vms"
# ]
# ++ defaultOptions;
# };
}

Some files were not shown because too many files have changed in this diff Show More