mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mjallen:snowfall
Branches Tags
mjallen:main mjallen:stylix mjallen:bcfs mjallen:snowfall mjallen:macbook-hyprland
...
compare: mjallen:bcfs
Branches Tags
mjallen:main mjallen:stylix mjallen:bcfs mjallen:snowfall mjallen:macbook-hyprland

57 Commits
snowfall ... bcfs

Author SHA1 Message Date
mjallen18
33385d5275 testing done 2025-08-21 20:54:43 -05:00
mjallen18
19bf815be8 end test 2025-08-21 20:52:13 -05:00
mjallen18
0152438472 more cleanup 2025-08-21 20:05:58 -05:00
mjallen18
f9b07deb19 cleanup 2025-08-21 19:45:03 -05:00
mjallen18
6e55d375d2 user updates 2025-08-21 19:40:32 -05:00
mjallen18
0e066cb4d7 move some apps to namespace 2025-08-21 19:06:51 -05:00
mjallen18
bd64283f04 idk 2025-08-21 16:17:17 -05:00
mjallen18
6025b6c4f1 bcfs root? 2025-08-21 16:10:04 -05:00
mjallen18
92b04773b2 move python-steam 2025-08-21 14:26:50 -05:00
mjallen18
783a7a3390 README 2025-08-21 14:17:33 -05:00
mjallen18
0ef4354c1a aarch 2025-08-21 13:24:04 -05:00
mjallen18
192a978d46 fix proxies 2025-08-21 11:45:06 -05:00
mjallen18
a4519904b6 fix pi4 hostname 2025-08-21 11:45:06 -05:00
mjallen18
83a6e45bf4 test 2025-08-20 22:02:24 -05:00
mjallen18
2ba6f3466f clev 2025-08-20 21:30:18 -05:00
mjallen18
b3f5b4b406 more pi stuff 2025-08-20 21:30:18 -05:00
mjallen18
2e680f2519 fix lol 2025-08-20 21:30:18 -05:00
mjallen18
445183f826 pi stuff 2025-08-20 21:30:18 -05:00
mjallen18
aec980e6fe sops but idk 2025-08-20 21:30:18 -05:00
mjallen18
68f732ec4b cleanup 2025-08-20 21:30:18 -05:00
mjallen18
dc382dcfcc cache 2025-08-20 21:30:18 -05:00
mjallen18
b1a06034f1 disable gnome 2025-08-20 21:30:18 -05:00
mjallen18
aa3e8cc263 finally update traefik 2025-08-20 21:30:18 -05:00
mjallen18
b680255bc5 macos 2025-08-20 21:30:18 -05:00
mjallen18
a3f7af4e39 sops 2025-08-20 21:30:18 -05:00
mjallen18
cd5c8a0034 no splash 2025-08-20 21:30:18 -05:00
mjallen18
1f14f020ed ssh 2025-08-20 21:30:18 -05:00
mjallen18
05affb6b1f test 2025-08-18 20:54:03 -05:00
mjallen18
2623efc997 update hass addons 2025-08-18 19:52:09 -05:00
mjallen18
c053da2e30 bcachefs 2025-08-17 21:01:59 -05:00
mjallen18
533d6a4170 pi5 upd 2025-08-17 20:58:54 -05:00
mjallen18
5b3e01820b desktop omnissa 2025-08-12 21:25:07 -05:00
mjallen
5cef58ade0 fix 2025-08-12 17:04:25 +00:00
mjallen18
981b41f4c2 upd 2025-08-12 08:18:19 -05:00
mjallen18
ae8039dba0 weather 2025-08-07 22:30:20 -05:00
mjallen18
54f56c3f83 upd 2025-08-07 22:30:01 -05:00
mjallen18
ce142bb64a fix this package 2025-07-30 21:44:57 -05:00
mjallen18
fd3f61a0ac lsfg 2025-07-29 20:02:37 -05:00
mjallen18
d0ac22c211 bcachefs 2025-07-29 19:34:10 -05:00
mjallen18
caa326d496 test 2025-07-29 18:26:50 -05:00
mjallen18
04ef2a4b8c temp 2025-07-29 16:43:51 -05:00
mjallen18
7e35a27b2e lsfg-vk 2025-07-28 15:16:56 -05:00
mjallen18
48108e693a gnome home manager on steamdeck 2025-07-28 14:49:03 -05:00
mjallen18
8e3d3e4281 openhasp 2025-07-28 14:18:54 -05:00
mjallen18
c7c99b339b fix package 2025-07-28 11:27:06 -05:00
mjallen18
c8f5547727 openhasp 2025-07-28 11:27:00 -05:00
mjallen18
6f5e592d8c cleanup 2025-07-28 11:06:32 -05:00
mjallen18
5ae3f1a9ef desktop home sops 2025-07-28 09:33:54 -05:00
mjallen18
1a3b091588 desktop stuff 2025-07-28 09:32:31 -05:00
mjallen18
5b34456571 yamlfmt 2025-07-24 11:25:18 -05:00
mjallen18
5918611469 yamlfmt 2025-07-24 11:22:29 -05:00
mjallen18
f3aafffcaa deadnix 2025-07-24 11:19:19 -05:00
mjallen18
3d213c8769 nixfmt 2025-07-24 11:06:08 -05:00
mjallen18
f05972d6ae move commented file: 2025-07-24 10:38:13 -05:00
mjallen18
b77dda0e6f fix some stuff 2025-07-24 10:31:50 -05:00
mjallen18
3c1a956c81 cleanup 2025-07-24 10:19:32 -05:00
mjallen18
5dc1a96f6d cleanup 2025-07-23 19:36:06 -05:00
239 changed files with 4561 additions and 12348 deletions
Expand all files Collapse all files

4
.sops.yaml
View File

@@ -10,8 +10,8 @@ keys:
- &pi5 age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje - &pi5 age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje
- &deck age1c8qw59ffcq9l77gfmtyc3djtvt3md0u6dwhrjcgsm98ntyf72ufqugj7cg - &deck age1c8qw59ffcq9l77gfmtyc3djtvt3md0u6dwhrjcgsm98ntyf72ufqugj7cg
- &steamdeck age1er5qucsc2mugrzrr7n3xhzv7kemkrqrw4m84r544fkk7nkg5g5eswxkqj0 - &steamdeck age1er5qucsc2mugrzrr7n3xhzv7kemkrqrw4m84r544fkk7nkg5g5eswxkqj0
- &matt_macbook-pro age1xg6mvj3x6s3t8058c6rsk3q4kskvm6nsffwckxkkjzhyn7r6tczqgkj23p - &matt_macbook-pro age19daqsncuzeh3j6cwk8uxp6yfj8h0qtz02jxlwwy4v8j0mfgznsvq30440g
- &macbook-pro age1rdn39ywgzmc8wlsl5lrfe77e652wzjmjx58gx4k2ydghd35kdqvqscrf3h - &macbook-pro age19w4zafpwnq9yhzuf8r5te2yhq7xlqj76rcgzcz935hllyrz4yvws4jn6ca
- &nuc age1wurzgc20e6ye79wsg85vvqk4aj3mmc0llxshcy9532ex8f4c6dqql76c78 - &nuc age1wurzgc20e6ye79wsg85vvqk4aj3mmc0llxshcy9532ex8f4c6dqql76c78
- &admin_nuc age1luyejgmqjj0esydlr2jxqkg48vexmx57gdz7cy5gq7rz8kf5cups2rnfa9 - &admin_nuc age1luyejgmqjj0esydlr2jxqkg48vexmx57gdz7cy5gq7rz8kf5cups2rnfa9
creation_rules: creation_rules:

156
README.md
View File

@@ -1,50 +1,118 @@
# nixOS Config # NixOS Configuration Repository
### Common Files This repository contains my personal NixOS configurations for multiple systems, managed using [Snowfall Lib](https://github.com/snowfallorg/lib) and the Nix Flakes system.
* [flake.nix](./flake.nix)
* [impermenance.nix](./share/impermanence/default.nix) ## Overview
* [share](./share)
* [overlays](./overlays) This repository provides a centralized, declarative configuration for all my systems, including:
- Desktop PC (AMD)
- NAS server
- Steam Deck
- Intel NUC
- Raspberry Pi 4
- Raspberry Pi 5
- MacBook Pro (NixOS on Apple Silicon)
- MacBook Pro (Darwin/macOS)
## Repository Structure
```
.
├── checks/ # Pre-commit hooks and other checks
├── flake.nix # Main flake configuration
├── homes/ # Home-manager configurations for users
│ ├── aarch64-darwin/ # macOS home configurations
│ ├── aarch64-linux/ # ARM Linux home configurations
│ └── x86_64-linux/ # x86 Linux home configurations
├── modules/ # Reusable configuration modules
│ ├── home/ # Home-manager modules
│ └── nixos/ # NixOS system modules
├── overlays/ # Nixpkgs overlays
├── packages/ # Custom package definitions
├── secrets/ # Encrypted secrets (managed with sops-nix)
└── systems/ # System-specific configurations
├── aarch64-darwin/ # macOS system configurations
├── aarch64-linux/ # ARM Linux system configurations
└── x86_64-linux/ # x86 Linux system configurations
```
## Key Features
- **Modular Design**: Reusable modules for various system components
- **Multi-System Support**: Configurations for different hardware platforms
- **Home Manager Integration**: User environment management
- **Secret Management**: Encrypted secrets with sops-nix
- **Disk Management**: Declarative disk partitioning with disko
- **State Management**: Persistent state management with impermanence
- **Desktop Environments**: Support for GNOME, Hyprland, and COSMIC
- **Hardware-Specific Optimizations**: Tailored configurations for different hardware
## Key Technologies
- [Nix](https://nixos.org/) and [NixOS](https://nixos.org/)
- [Nix Flakes](https://nixos.wiki/wiki/Flakes)
- [Snowfall Lib](https://github.com/snowfallorg/lib)
- [Home Manager](https://github.com/nix-community/home-manager)
- [sops-nix](https://github.com/Mic92/sops-nix)
- [disko](https://github.com/nix-community/disko)
- [impermanence](https://github.com/nix-community/impermanence)
- [lanzaboote](https://github.com/nix-community/lanzaboote) (Secure Boot)
## Notable System Configurations
### Desktop ### Desktop
* [boot.nix](./hosts/desktop/boot.nix)
* [configuration.nix](./hosts/desktop/configuration.nix) A powerful AMD-based desktop with gaming capabilities, featuring:
* [hardware-configuration.nix](./hosts/desktop/hardware-configuration.nix) - AMD CPU and GPU optimizations
* [filesystems.nix](./hosts/desktop/filesystems.nix) - Multiple desktop environment options (GNOME, Hyprland, COSMIC)
* [home.nix](./hosts/desktop/home.nix) - Gaming setup with Steam and related tools
* [sops.nix](./hosts/desktop/sops.nix)
* [specialisations.hyprland](./hosts/desktop/hyprland)
* [specialisations.gnome](./hosts/desktop/gnome)
* [specialisations.cosmic](./hosts/desktop/cosmic)
### NAS ### NAS
* [boot.nix](./hosts/nas/boot.nix)
* [configuration.nix](./hosts/nas/configuration.nix)
* [hardware-configuration.nix](./hosts/nas/hardware-configuration.nix)
* [impermenance.nix](./hosts/nas/impermenance.nix)
* [apps.nix](./hosts/desktop/apps.nix)
* [home.nix](./hosts/desktop/home.nix)
* [networking.nix](./hosts/desktop/networking.nix)
* [services.nix](./hosts/desktop/services.nix)
* [sops.nix](./hosts/desktop/sops.nix)
* [ups.nix](./hosts/desktop/ups.nix)
* [samba](./modules/samba)
* nas-apps
* [arrs](./hosts/nas/apps/arrs/default.nix)
* [free-games-claimer](./modules/apps/free-games-claimer)
* [jackett](./modules/apps/jackett)
* [jellyfin](./hosts/nas/apps/jellyfin/default.nix)
* [jellyseerr](./hosts/nas/apps/jellyseerr/default.nix)
* [jackett](./modules/apps/manyfold)
* [mariadb](./modules/apps/mariadb)
* [mealie](./modules/apps/mealie)
* [nextcloud+onlyoffice](./hosts/nas/apps/nextcloud/default.nix)
* [ollama](./hosts/nas/apps/ollama/default.nix)
* [paperless](./hosts/nas/apps/paperless/default.nix)
* [tdarr](./modules/apps/tdarr)
* [traefik](./hosts/nas/apps/traefik/default.nix)
* [wireguard](./modules/apps/your-spotify)
### Raspberry Pi 4 A home server with various self-hosted services:
* [configuration.nix](./hosts/pi4/configuration.nix) - Media management (Jellyfin, Jellyseerr)
* [hardware-configuration.nix](./hosts/pi4/hardware-configuration.nix) - Download automation (Sonarr, Radarr, etc.)
- Document management (Paperless)
- File sharing (Samba, Nextcloud)
- AI services (Ollama)
### Raspberry Pi
Configurations for both Pi 4 and Pi 5:
- Hardware-specific optimizations
- Disk partitioning suitable for ARM devices
- Bluetooth and wireless support
### Steam Deck
Custom NixOS configuration for the Steam Deck:
- Integration with Jovian for Steam Deck compatibility
- Gaming optimizations
- Steam ROM Manager
### MacBook Pro
Configurations for both:
- NixOS on Apple Silicon
- nix-darwin for macOS
## Usage
### Building a System Configuration
```bash
# Build and activate a system configuration
sudo nixos-rebuild switch --flake .#hostname
```
### Building a Home Configuration
```bash
# Build and activate a home configuration
home-manager switch --flake .#username@hostname
```
## License
This project is licensed under the MIT License - see the LICENSE file for details.

13
checks/pre-commit-hooks/default.nix
View File

@@ -1,19 +1,22 @@
{ {
inputs, inputs,
pkgs, pkgs,
lib,
... ...
}: }:
let let
inherit (inputs) git-hooks-nix; inherit (inputs) pre-commit-hooks-nix;
in in
git-hooks-nix.lib.${pkgs.system}.run { pre-commit-hooks-nix.lib.${pkgs.system}.run {
src = ../..; src = ../..;
hooks = { hooks = {
pre-commit-hook-ensure-sops.enable = true; pre-commit-hook-ensure-sops.enable = true;
treefmt = { treefmt = {
enable = true; enable = lib.mkForce true;
settings.fail-on-change = false; settings.fail-on-change = lib.mkForce false;
packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs ../../treefmt.nix; packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs (
lib.snowfall.fs.get-file "treefmt.nix"
);
}; };
}; };
} }

249
flake.lock generated
View File

@@ -30,11 +30,11 @@
"uv2nix": "uv2nix" "uv2nix": "uv2nix"
}, },
"locked": { "locked": {
"lastModified": 1751033152, "lastModified": 1753369162,
"narHash": "sha256-0ANu9OLQJszcEyvnfDB7G957uqskZwCrTzRXz/yfAmE=", "narHash": "sha256-pSAsUVueht3WyyFJ3K+QJKWqFZNbyvsXijHOAHApeLk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "authentik-nix", "repo": "authentik-nix",
"rev": "1a4d6a5dd6fef39b99eb7ea4db79c5d5c7d7f1bf", "rev": "1361d269fe10c527528264185567a053252e22b0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -46,16 +46,16 @@
"authentik-src": { "authentik-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1751031262, "lastModified": 1753187012,
"narHash": "sha256-SNgRMQUjL3DTlWkMyRMan+pY1FfIV+DMeq5BiTM0N0k=", "narHash": "sha256-bs/ThY3YixwBObahcS7BrOWj0gsaUXI664ldUQlJul8=",
"owner": "goauthentik", "owner": "goauthentik",
"repo": "authentik", "repo": "authentik",
"rev": "b34665fabd8d938d81ce871a4e86ca528c5f253b", "rev": "23ffad1c6be80bea223caf5f1cf265b984b76328",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "goauthentik", "owner": "goauthentik",
"ref": "version/2025.4.3", "ref": "version/2025.6.4",
"repo": "authentik", "repo": "authentik",
"type": "github" "type": "github"
} }
@@ -63,16 +63,16 @@
"brew-src": { "brew-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1751910772, "lastModified": 1753461463,
"narHash": "sha256-jQNdIkq2iRDNWskd5f8kX6q9BO/CBSXhMH41WNRft8E=", "narHash": "sha256-kGc7pRH0diLzKmOHsEFA8sZ9NJpgT+tqxAMsuqNd5Po=",
"owner": "Homebrew", "owner": "Homebrew",
"repo": "brew", "repo": "brew",
"rev": "700d67a85e0129ab8a893ff69246943479e33df1", "rev": "4d14be89e99a45181c18e96a5f19a5b43343cc0f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "Homebrew", "owner": "Homebrew",
"ref": "4.5.9", "ref": "4.5.13",
"repo": "brew", "repo": "brew",
"type": "github" "type": "github"
} }
@@ -86,11 +86,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1753146705, "lastModified": 1755444192,
"narHash": "sha256-WzmXODUzg8jeEsAhpmp55zk5I2fmv3kv+RofZ/+FYlg=", "narHash": "sha256-9eVUtk3ces32aJpHnsrO49UJNvMKNMxlV7NeNSAADLo=",
"owner": "chaotic-cx", "owner": "chaotic-cx",
"repo": "nyx", "repo": "nyx",
"rev": "02b3c2a45f6ddbd704f797c5730bc2d161f10ce0", "rev": "958ba486ee73019e3820b9ebd97a38660f736f40",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -160,11 +160,11 @@
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1751313918, "lastModified": 1755275010,
"narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", "narHash": "sha256-lEApCoWUEWh0Ifc3k1JdVjpMtFFXeL2gG1qvBnoRc2I=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", "rev": "7220b01d679e93ede8d7b25d6f392855b81dd475",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -180,16 +180,15 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742690494, "lastModified": 1755519972,
"narHash": "sha256-SFacEbSRMoTyWG5VXh4ieofJGge+cLq9lH8ifB+zjBg=", "narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=",
"owner": "nvmd", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "9dc58d4d49c9f74623a06e2fc20cdfd8bb3cbe8b", "rev": "4073ff2f481f9ef3501678ff479ed81402caae6d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nvmd", "owner": "nix-community",
"ref": "gpt-attrs",
"repo": "disko", "repo": "disko",
"type": "github" "type": "github"
} }
@@ -244,11 +243,11 @@
}, },
"flake-compat_4": { "flake-compat_4": {
"locked": { "locked": {
"lastModified": 1688025799, "lastModified": 1746162366,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", "narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c", "rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -260,11 +259,11 @@
"flake-compat_5": { "flake-compat_5": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1747046372,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -504,11 +503,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753132348, "lastModified": 1755313937,
"narHash": "sha256-0i3jU9AHuNXb0wYGzImnVwaw+miE0yW13qfjC0F+fIE=", "narHash": "sha256-pQb7bNcolxYGRiylUCrTddiF+qW2wsUiM9+eRIDUrVU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e4bf85da687027cfc4a8853ca11b6b86ce41d732", "rev": "2a749f4790a14f7168be67cdf6e548ef1c944e10",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -524,11 +523,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753180535, "lastModified": 1755442500,
"narHash": "sha256-KEtlzMs2O7FDvciFtjk9W4hyau013Pj9qZNK9a0PxEc=", "narHash": "sha256-RHK4H6SWzkAtW/5WBHsyugaXJX25yr5y7FAZznxcBJs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "847711c7ffa9944b0c5c39a8342ac8eb6a9f9abc", "rev": "d2ffdedfc39c591367b1ddf22b4ce107f029dcc3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -540,11 +539,11 @@
"homebrew-cask": { "homebrew-cask": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1753192390, "lastModified": 1755480455,
"narHash": "sha256-B/MI7F4IliXNY6QEKCmIEsO4A0Qt9jUZXfMfrX9/5hE=", "narHash": "sha256-cIMlCE5M5Zq1DjfS9mV4AepUv/hn9nrFj0klK7C784c=",
"owner": "homebrew", "owner": "homebrew",
"repo": "homebrew-cask", "repo": "homebrew-cask",
"rev": "4f64bf7953d412b473d1f459208c725861646a6d", "rev": "e1e54f7a14ae909bfefc1f0928c1f70fbfb31c84",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -556,11 +555,11 @@
"homebrew-core": { "homebrew-core": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1753194897, "lastModified": 1755480844,
"narHash": "sha256-jo7SLfGCgQbLKK9kbHXgLJY8bbzESn1K6Sr2x7EFzKY=", "narHash": "sha256-4Uz2TZckTG5dh2CPCj577BsmrGIEV8Ji3o/B8nv1tVE=",
"owner": "homebrew", "owner": "homebrew",
"repo": "homebrew-core", "repo": "homebrew-core",
"rev": "a427a5a802b98591899d4bda471a7a14ed5ff2fd", "rev": "be6e3ae8531ba128ec039d057f76078b1a1513be",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -593,11 +592,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1752755091, "lastModified": 1755151620,
"narHash": "sha256-H/k35QJLyQxkFnXR5ckMv/Z+ElNa5f22qNKdyGBMAn4=", "narHash": "sha256-fVMalQZ+tRXR8oue2SdWu4CdlsS2NII+++rI40XQ8rU=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "0d09755fe1df1886e5f07dbb16f7ed373080f86a", "rev": "16e12d22754d97064867006acae6e16da7a142a6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -612,11 +611,11 @@
"nixpkgs": "nixpkgs_6" "nixpkgs": "nixpkgs_6"
}, },
"locked": { "locked": {
"lastModified": 1752755091, "lastModified": 1755151620,
"narHash": "sha256-H/k35QJLyQxkFnXR5ckMv/Z+ElNa5f22qNKdyGBMAn4=", "narHash": "sha256-fVMalQZ+tRXR8oue2SdWu4CdlsS2NII+++rI40XQ8rU=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "0d09755fe1df1886e5f07dbb16f7ed373080f86a", "rev": "16e12d22754d97064867006acae6e16da7a142a6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -649,6 +648,27 @@
"type": "github" "type": "github"
} }
}, },
"lsfg-vk": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1753837013,
"narHash": "sha256-+kBJhOSS5S6gPp/pbTk1B3EL9Xr08yFuQoGGQ+SoQwQ=",
"owner": "mjallen18",
"repo": "lsfg-vk-flake",
"rev": "f7fc5f9d421d64d3cf24c8d0955a80718ef70bac",
"type": "github"
},
"original": {
"owner": "mjallen18",
"ref": "main",
"repo": "lsfg-vk-flake",
"type": "github"
}
},
"napalm": { "napalm": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": [
@@ -725,11 +745,11 @@
"brew-src": "brew-src" "brew-src": "brew-src"
}, },
"locked": { "locked": {
"lastModified": 1752160973, "lastModified": 1754250993,
"narHash": "sha256-BCC8KB7TEtwv7vZN1WDu870tRbXtzUcmF9xNr6ws5Wc=", "narHash": "sha256-MEin+qoQKtFC1b0f4tnQ+Z82BQWSCgh6Ef7rpmH9gig=",
"owner": "zhaofengli", "owner": "zhaofengli",
"repo": "nix-homebrew", "repo": "nix-homebrew",
"rev": "69c1aa2f136f3c3326d9b6770e0eb54f12832971", "rev": "314d057294e79bc2596972126b84c6f9f144499a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -745,11 +765,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1752985182, "lastModified": 1755404379,
"narHash": "sha256-sX8Neff8lp3TCHai6QmgLr5AD8MdsQQX3b52C1DVXR8=", "narHash": "sha256-Q6ZxZDBmD/B988Jjbx7/NchxOKIpOKBBrx9Yb0zMzpQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "fafdcb505ba605157ff7a7eeea452bc6d6cbc23c", "rev": "ebbc1c05f786ae39bb5e04e57bf2c10c44a649e3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -764,11 +784,11 @@
"nixpkgs": "nixpkgs_8" "nixpkgs": "nixpkgs_8"
}, },
"locked": { "locked": {
"lastModified": 1753150460, "lastModified": 1755396877,
"narHash": "sha256-q2dkvuIfEb5fWBF6TJePJbcP1hqxARAUddfPGVGvD38=", "narHash": "sha256-92gZRDz3zEsodraI0ZxPzZrpjSqc2qjxTW9HOflzKFw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "d13827556415f4050b510e9cfb9873c1ce9aaec4", "rev": "0cf076c0bafbe7cbd33a3b7377ed24827674e8be",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -783,11 +803,11 @@
"nixpkgs": "nixpkgs_9" "nixpkgs": "nixpkgs_9"
}, },
"locked": { "locked": {
"lastModified": 1751669768, "lastModified": 1755154580,
"narHash": "sha256-/WSZcdPwng24i8Z3LgrpZTBt94fvDknidtLQjohAnHg=", "narHash": "sha256-ADGapM7FrEgA3tDSYADtfy2EPeAmBzbL3pFvXNhD0D0=",
"owner": "olafkfreund", "owner": "olafkfreund",
"repo": "nix-ai-help", "repo": "nix-ai-help",
"rev": "b79e8cc14623d7ba5f6beea64cec32512997cd5a", "rev": "e71204cb39358ad1dc4c09202c3a17ede541c2d9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -799,14 +819,15 @@
"nixos-apple-silicon": { "nixos-apple-silicon": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_4",
"nixpkgs": "nixpkgs_10" "nixpkgs": "nixpkgs_10",
"treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1753175937, "lastModified": 1755124568,
"narHash": "sha256-DtDt87Gld0RCI2qHb7uUb1eWB16FFC4aNDfxZpic/Nw=", "narHash": "sha256-8fXTYruAwE6OiIz/99P5qknQYag7ZX985pNT+jhIIrU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-apple-silicon", "repo": "nixos-apple-silicon",
"rev": "5ddfff8387edf7c92ce36effb06fb2c52624fece", "rev": "2f873fc3ef373e59cd3a7dad4087685fc8ce02ca",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -817,11 +838,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1753122741, "lastModified": 1755330281,
"narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -864,11 +885,11 @@
"nixpkgs": "nixpkgs_11" "nixpkgs": "nixpkgs_11"
}, },
"locked": { "locked": {
"lastModified": 1753141210, "lastModified": 1755008580,
"narHash": "sha256-yV7+cv0q5XL7uv9gvSG7R0jktgXgB+forv3c7TfY2T8=", "narHash": "sha256-rh4OhOutko9W9COhhxQnqt9J22ZPj7gSZN7wrX0cYEs=",
"owner": "mjallen18", "owner": "mjallen18",
"repo": "nixos-raspberrypi", "repo": "nixos-raspberrypi",
"rev": "e0f487998cb4409408f03e019c71c21011edb84c", "rev": "7b5cf1ef3cf48ac1b43730eb366225f3dd0791cb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -942,11 +963,11 @@
}, },
"nixpkgs-stable_3": { "nixpkgs-stable_3": {
"locked": { "locked": {
"lastModified": 1753115646, "lastModified": 1755274400,
"narHash": "sha256-yLuz5cz5Z+sn8DRAfNkrd2Z1cV6DaYO9JMrEz4KZo/c=", "narHash": "sha256-rTInmnp/xYrfcMZyFMH3kc8oko5zYfxsowaLv1LVobY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "92c2e04a475523e723c67ef872d8037379073681", "rev": "ad7196ae55c295f53a7d1ec39e4a06d922f3b899",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -958,11 +979,11 @@
}, },
"nixpkgs_10": { "nixpkgs_10": {
"locked": { "locked": {
"lastModified": 1748460289, "lastModified": 1754725699,
"narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -974,11 +995,11 @@
}, },
"nixpkgs_11": { "nixpkgs_11": {
"locked": { "locked": {
"lastModified": 1752372066, "lastModified": 1754432582,
"narHash": "sha256-d1oy2MNitnWBkIX/WedzG/WB8jCaqGjtIebQuVIlqSg=", "narHash": "sha256-oebayZREKV/4Fgy6drsj4M7URut4kQVics78DxL2imk=",
"owner": "nvmd", "owner": "nvmd",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3699bec87ab236af2c45aa6d4539140a6342a77a", "rev": "81f9846bc3c9edbd2d4c92783e7bfb4b55db14c4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -990,11 +1011,11 @@
}, },
"nixpkgs_12": { "nixpkgs_12": {
"locked": { "locked": {
"lastModified": 1752427638, "lastModified": 1755186698,
"narHash": "sha256-ANNyaXW/cnZLszjXB4LXGxaWZ2cRz7Ar06WjYoawgFo=", "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b2e5044b3e79793df83d01c9983c054cae5ea6ff", "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1006,11 +1027,11 @@
}, },
"nixpkgs_13": { "nixpkgs_13": {
"locked": { "locked": {
"lastModified": 1730768919, "lastModified": 1754340878,
"narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", "narHash": "sha256-lgmUyVQL9tSnvvIvBp7x1euhkkCho7n3TMzgjdvgPoU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc", "rev": "cab778239e705082fe97bb4990e0d24c50924c04",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1038,11 +1059,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1752950548, "lastModified": 1755186698,
"narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c87b95e25065c028d31a94f06a62927d18763fdf", "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1101,11 +1122,11 @@
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1751984180, "lastModified": 1755027561,
"narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1197,11 +1218,11 @@
"nixpkgs": "nixpkgs_13" "nixpkgs": "nixpkgs_13"
}, },
"locked": { "locked": {
"lastModified": 1750779888, "lastModified": 1755446520,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "narHash": "sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW+7uSsOUM=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "rev": "4b04db83821b819bbbe32ed0a025b31e7971f22e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1274,6 +1295,7 @@
"impermanence": "impermanence", "impermanence": "impermanence",
"jovian": "jovian_2", "jovian": "jovian_2",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"lsfg-vk": "lsfg-vk",
"nix-homebrew": "nix-homebrew", "nix-homebrew": "nix-homebrew",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nix-vscode-extensions": "nix-vscode-extensions", "nix-vscode-extensions": "nix-vscode-extensions",
@@ -1287,7 +1309,7 @@
"snowfall-lib": "snowfall-lib", "snowfall-lib": "snowfall-lib",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"steam-rom-manager": "steam-rom-manager", "steam-rom-manager": "steam-rom-manager",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix_2"
} }
}, },
"rust-overlay": { "rust-overlay": {
@@ -1298,11 +1320,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753066249, "lastModified": 1755311859,
"narHash": "sha256-j2UBrfDRIePGx3532Bbb9UeosNX2F73hfOAHtmACfnM=", "narHash": "sha256-NspGtm0ZpihxlFD628pvh5ZEhL/Q6/Z9XBpe3n6ZtEw=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "0751b65633a1785743ca44fd7c14a633c54c1f91", "rev": "07619500e5937cc4669f24fec355d18a8fec0165",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1380,11 +1402,11 @@
"nixpkgs": "nixpkgs_14" "nixpkgs": "nixpkgs_14"
}, },
"locked": { "locked": {
"lastModified": 1752544651, "lastModified": 1754988908,
"narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "2c8def626f54708a9c38a5861866660395bb3461", "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1494,15 +1516,36 @@
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixos-apple-silicon",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1753006367, "lastModified": 1754847726,
"narHash": "sha256-tzbhc4XttkyEhswByk5R38l+ztN9UDbnj0cTcP6Hp9A=", "narHash": "sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl+V/PsmIiJREG4rE=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "421b56313c65a0815a52b424777f55acf0b56ddf", "rev": "7d81f6fb2e19bf84f1c65135d1060d829fae2408",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1754847726,
"narHash": "sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl+V/PsmIiJREG4rE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "7d81f6fb2e19bf84f1c65135d1060d829fae2408",
"type": "github" "type": "github"
}, },
"original": { "original": {

26
flake.nix
View File

@@ -43,8 +43,8 @@
disko = { disko = {
# the fork is needed for partition attributes support # the fork is needed for partition attributes support
url = "github:nvmd/disko/gpt-attrs"; # url = "github:nvmd/disko/gpt-attrs";
# url = "github:nix-community/disko"; url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@@ -81,12 +81,17 @@
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
}; };
}; };
lsfg-vk = {
url = "github:mjallen18/lsfg-vk-flake/main";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
# We will handle this in the next section. # We will handle this in the next section.
outputs = inputs: outputs =
let inputs:
snowfall = inputs.snowfall-lib.mkFlake { inputs.snowfall-lib.mkFlake {
# You must provide our flake inputs to Snowfall Lib. # You must provide our flake inputs to Snowfall Lib.
inherit inputs; inherit inputs;
@@ -129,6 +134,7 @@
nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-hidpi nixos-hardware.nixosModules.common-hidpi
nixos-hardware.nixosModules.common-pc nixos-hardware.nixosModules.common-pc
lsfg-vk.nixosModules.default
]; ];
}; };
@@ -150,7 +156,7 @@
# ###################################################### # ######################################################
# Steamdeck # # Steamdeck #
# ###################################################### # ######################################################
deck = { steamdeck = {
modules = with inputs; [ modules = with inputs; [
disko.nixosModules.disko disko.nixosModules.disko
jovian.nixosModules.jovian jovian.nixosModules.jovian
@@ -160,6 +166,7 @@
nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-hidpi nixos-hardware.nixosModules.common-hidpi
nixos-hardware.nixosModules.common-pc nixos-hardware.nixosModules.common-pc
lsfg-vk.nixosModules.default
]; ];
}; };
@@ -209,6 +216,7 @@
macbook-pro-nixos = { macbook-pro-nixos = {
modules = with inputs; [ modules = with inputs; [
nixos-apple-silicon.nixosModules.default nixos-apple-silicon.nixosModules.default
lsfg-vk.nixosModules.default
]; ];
}; };
}; };
@@ -231,7 +239,7 @@
# sops-nix.homeManagerModules.sops # sops-nix.homeManagerModules.sops
# ]; # ];
# }; # };
"deck@deck" = { "deck@steamdeck" = {
modules = with inputs; [ modules = with inputs; [
steam-rom-manager.homeManagerModules.default steam-rom-manager.homeManagerModules.default
]; ];
@@ -260,8 +268,4 @@
formatter = inputs.treefmt-nix.lib.mkWrapper channels.nixpkgs ./treefmt.nix; formatter = inputs.treefmt-nix.lib.mkWrapper channels.nixpkgs ./treefmt.nix;
}; };
}; };
in
snowfall // {
nixosConfigurations = snowfall.nixosConfigurations;
};
} }

13
homes/aarch64-darwin/mattjallen@macbook-pro/default.nix
View File

@@ -1,4 +1,9 @@
{ lib, pkgs, home, ... }: {
lib,
pkgs,
home,
...
}:
let let
shellAliases = { shellAliases = {
update-switch = "darwin-rebuild switch --flake ~/nix-config"; update-switch = "darwin-rebuild switch --flake ~/nix-config";
@@ -17,12 +22,6 @@ let
]; ];
in in
{ {
# imports = [
# ../../modules/home/defaults.nix
# ../../modules/home/git.nix
# ../../modules/home/shell.nix
# ../../modules/home/vscode.nix
# ];
# Home Manager needs a bit of information about you and the # Home Manager needs a bit of information about you and the
# paths it should manage. # paths it should manage.
home = { home = {

6
homes/aarch64-linux/matt@macbook-pro-nixos/default.nix
View File

@@ -41,7 +41,6 @@ in
"name:steam, monitor:${display.input}, default:false, special, class:(.*[Ss]team.*)" "name:steam, monitor:${display.input}, default:false, special, class:(.*[Ss]team.*)"
]; ];
windowRule = [ windowRule = [
"size 2160 3356, tag:horizonrdp" "size 2160 3356, tag:horizonrdp"
]; ];
@@ -76,7 +75,6 @@ in
layer = "bottom"; layer = "bottom";
modules-right = [ modules-right = [
"tray"
"temperature" "temperature"
"temperature#gpu" "temperature#gpu"
"keyboard-state#capslock" "keyboard-state#capslock"
@@ -95,7 +93,7 @@ in
tooltip = false; tooltip = false;
exec = "waybar-hass --get_light light.living_room_lights"; exec = "waybar-hass --get_light light.living_room_lights";
interval = "once"; interval = "once";
format = "{text}";#"󱉓"; format = "{text}"; # "󱉓";
on-click = "waybar-hass --toggle_light light.living_room_lights"; on-click = "waybar-hass --toggle_light light.living_room_lights";
return-type = "json"; return-type = "json";
}; };
@@ -113,6 +111,8 @@ in
background: ${theme.polarNight.nord3}; background: ${theme.polarNight.nord3};
} }
''; '';
windowOffset = 75;
}; };
wlogout.enable = true; wlogout.enable = true;
wofi.enable = true; wofi.enable = true;

71
homes/aarch64-linux/matt@pi4/default.nix
View File

@@ -1,24 +1,22 @@
{ lib, ... }: { lib, ... }:
let
shellAliases = {
ll = "ls -alh";
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
update-flake = "nix flake update pi4-nixpkgs pi4-home-manager pi4-impermanence pi4-sops-nix pi4-nixos-hardware pi4-nixos-raspberrypi pi4-disko --flake /etc/nixos";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
nas-ssh = "kitten ssh admin@10.0.1.3";
ducks = "du -cksh * | sort -hr | head -n 15";
};
in
{ {
imports = [
../../../modules/home/home
../../../modules/home/programs/git
../../../modules/home/programs/zsh
];
home.username = "matt"; home.username = "matt";
mjallen = {
shell-aliases = {
enable = true;
flakeInputs = [
"pi4-nixpkgs"
"pi4-home-manager"
"pi4-impermanence"
"pi4-sops-nix"
"pi4-nixos-hardware"
"pi4-nixos-raspberrypi"
"pi4-disko"
];
};
};
sops = { sops = {
age.keyFile = "/home/matt/.config/sops/age/keys.txt"; age.keyFile = "/home/matt/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
@@ -32,34 +30,37 @@ in
path = "/home/matt/.ssh/id_ed25519"; path = "/home/matt/.ssh/id_ed25519";
mode = "0600"; mode = "0600";
}; };
# "ssh-keys-public/desktop-nixos" = { # "ssh-keys-public/desktop-nixos" = {
# path = "/home/matt/.ssh/authorized_keys"; # path = "/home/matt/.ssh/authorized_keys";
# mode = "0600"; # mode = "0600";
# }; # };
# "ssh-keys-public/desktop-nixos-root" = { # "ssh-keys-public/desktop-nixos-root" = {
# path = "/home/matt/.ssh/authorized_keys2"; # path = "/home/matt/.ssh/authorized_keys2";
# mode = "0600"; # mode = "0600";
# }; # };
# "ssh-keys-public/desktop-windows" = { # "ssh-keys-public/desktop-windows" = {
# path = "/home/matt/.ssh/authorized_keys3"; # path = "/home/matt/.ssh/authorized_keys3";
# mode = "0600"; # mode = "0600";
# }; # };
# "ssh-keys-public/macbook-macos" = { # "ssh-keys-public/macbook-macos" = {
# path = "/home/matt/.ssh/authorized_keys4"; # path = "/home/matt/.ssh/authorized_keys4";
# mode = "0600"; # mode = "0600";
# }; # };
}; };
}; };
programs = { programs = {
mangohud.enable = lib.mkForce true; mangohud.enable = lib.mkForce true;
zsh.shellAliases = shellAliases;
}; };
services = { services = {
nextcloud-client.enable = lib.mkForce true; nextcloud-client.enable = lib.mkForce false;
kdeconnect = {
enable = false;
indicator = false;
};
}; };
} }

13
homes/aarch64-linux/matt@pi5/default.nix
View File

@@ -1,4 +1,7 @@
{ pkgs, lib, config, namespace, ... }: {
config,
...
}:
let let
shellAliases = { shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3"; update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
@@ -54,4 +57,12 @@ in
programs = { programs = {
zsh.shellAliases = shellAliases; zsh.shellAliases = shellAliases;
}; };
services = {
nextcloud-client.enable = false;
kdeconnect = {
enable = false;
indicator = false;
};
};
} }

8
homes/aarch64-linux/root@pi4/default.nix
View File

@@ -15,4 +15,12 @@ in
programs = { programs = {
zsh.shellAliases = shellAliases; zsh.shellAliases = shellAliases;
}; };
services = {
nextcloud-client.enable = lib.mkForce false;
kdeconnect = {
enable = false;
indicator = false;
};
};
} }

27
homes/x86_64-linux/admin@nas/default.nix
View File

@@ -1,16 +1,27 @@
{ pkgs, ... }: { pkgs, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10";
update-switch = "sudo nixos-rebuild switch --max-jobs 10";
update-flake = "nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix --flake /etc/nixos";
};
in
{ {
home.username = "admin"; home.username = "admin";
# mjallen.home.enable = true; # mjallen.home.enable = true;
mjallen = {
shell-aliases = {
enable = true;
buildHost = ""; # NAS builds locally
flakeInputs = [
"nas-nixpkgs"
"nas-authentik-nix"
"nas-cosmic"
"nas-crowdsec"
"nas-home-manager"
"nas-impermanence"
"nas-lanzaboote"
"nas-nixos-hardware"
"nas-sops-nix"
];
};
};
sops = { sops = {
age.keyFile = "/home/admin/.config/sops/age/keys.txt"; age.keyFile = "/home/admin/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
@@ -60,8 +71,6 @@ in
} }
]; ];
}; };
zsh.shellAliases = shellAliases;
}; };
# services.nixai = { # services.nixai = {

2
homes/x86_64-linux/admin@nuc/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs,... }: { ... }:
let let
shellAliases = { shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10"; update-boot = "sudo nixos-rebuild boot --max-jobs 10";

14
homes/x86_64-linux/deck@deck/default.nix → homes/x86_64-linux/deck@steamdeck/default.nix
View File

@@ -10,6 +10,8 @@ in
{ {
home.username = "deck"; home.username = "deck";
mjallen.desktop.gnome.enable = true;
sops = { sops = {
age.keyFile = "/home/deck/.config/sops/age/keys.txt"; age.keyFile = "/home/deck/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml"; defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
@@ -44,7 +46,15 @@ in
enable = true; enable = true;
package = pkgs.dolphin-emu; package = pkgs.dolphin-emu;
romFolder = "gc"; romFolder = "gc";
fileTypes = [ ".iso" ".ISO" ".gcm" ".GCM" ".ciso" ".CISO" "rvz" ]; fileTypes = [
".iso"
".ISO"
".gcm"
".GCM"
".ciso"
".CISO"
"rvz"
];
extraArgs = "-b -e \"\${filePath}\""; extraArgs = "-b -e \"\${filePath}\"";
}; };
@@ -68,6 +78,6 @@ in
mgba mgba
prismlauncher prismlauncher
ryujinx-greemdev ryujinx-greemdev
vmware-horizon-client omnissa-horizon-client
]; ];
} }

34
homes/x86_64-linux/matt@desktop/default.nix
View File

@@ -1,15 +1,26 @@
{ pkgs, namespace, ... }: { pkgs, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
update-flake = "nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager --flake /etc/nixos";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
};
in
{ {
home.username = "matt"; home.username = "matt";
mjallen = {
sops = {
enable = true;
};
shell-aliases = {
enable = true;
flakeInputs = [
"desktop-nixpkgs"
"desktop-chaotic"
"desktop-home-manager"
"desktop-impermanence"
"desktop-lanzaboote"
"desktop-nixos-hardware"
"desktop-sops-nix"
"desktop-steam-rom-manager"
];
};
};
services = { services = {
remmina = { remmina = {
enable = true; enable = true;
@@ -19,8 +30,6 @@ in
programs = { programs = {
password-store.enable = true; password-store.enable = true;
zsh.shellAliases = shellAliases;
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
@@ -29,7 +38,7 @@ in
discord discord
distrobox distrobox
heroic heroic
stable.vmware-horizon-client omnissa-horizon-client
jq jq
lutris lutris
lzip lzip
@@ -40,6 +49,7 @@ in
protontricks protontricks
protonvpn-gui protonvpn-gui
python3 python3
runelite
smile smile
unigine-heaven unigine-heaven
via via

7
modules/home/desktop/gnome/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.mjallen.desktop.gnome; cfg = config.mjallen.desktop.gnome;
in in

17
modules/home/desktop/hyprland/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mjallen.desktop.hyprland; cfg = config.mjallen.desktop.hyprland;
@@ -265,7 +270,7 @@ in
# this tag will set the below options to the vdi window # this tag will set the below options to the vdi window
# this will have it auto open as a 2160x7680 window # this will have it auto open as a 2160x7680 window
# and makes multi-monitor work # and makes multi-monitor work
"tag +horizonrdp, class:(.*[Vv][Mm]ware-view),title:(USPS Next VDI)" "tag +horizonrdp, class:(.*[Hh]orizon-client),title:(USPS Next VDI)"
"noanim, tag:horizonrdp" "noanim, tag:horizonrdp"
"noblur, tag:horizonrdp" "noblur, tag:horizonrdp"
@@ -282,12 +287,13 @@ in
# "size 2160 7680, tag:horizonrdp" # "size 2160 7680, tag:horizonrdp"
# "move onscreen 0 0, tag:horizonrdp" # "move onscreen 0 0, tag:horizonrdp"
# float the vmware window cause its annoying to use in fullscreen # float the vmware window cause its annoying to use in fullscreen
"float, class:(.*[Vv][Mm]ware-view),title:([Vv][Mm]ware [Hh]orizon [Cc]lient)" "float, class:(.*[Hh]orizon-client),title:([Oo]mnissa [Hh]orizon [Cc]lient)"
"tag +waydroid, class:([Ww]aydroid.*)" "tag +waydroid, class:([Ww]aydroid.*)"
"float, tag:waydroid" "float, tag:waydroid"
"pin, tag:waydroid" "pin, tag:waydroid"
] ++ cfg.windowRule; ]
++ cfg.windowRule;
plugin = { plugin = {
touch_gestures = { touch_gestures = {
@@ -397,7 +403,8 @@ in
exec-once = xhost +SI:localuser:root exec-once = xhost +SI:localuser:root
exec-once = nwg-look -a exec-once = nwg-look -a
exec-once = nwg-dock-hyprland -d exec-once = nwg-dock-hyprland -d
'' + cfg.extraConfig or ''''; ''
+ cfg.extraConfig or '''';
}; };
}; };
} }

56
modules/home/desktop/hyprland/options.nix
View File

@@ -45,31 +45,31 @@ with lib;
wallpaper = mkOption { wallpaper = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = []; default = [ ];
description = "list of hyprland wallpaper configs"; description = "list of hyprland wallpaper configs";
}; };
monitor = mkOption { monitor = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = []; default = [ ];
description = "list of hyprland monitor configs"; description = "list of hyprland monitor configs";
}; };
monitorv2 = mkOption { monitorv2 = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = []; default = [ ];
description = "list of hyprland monitorv2 configs"; description = "list of hyprland monitorv2 configs";
}; };
workspace = mkOption { workspace = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = []; default = [ ];
description = "list of hyprland workspace definitions"; description = "list of hyprland workspace definitions";
}; };
windowRule = mkOption { windowRule = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = []; default = [ ];
description = "list of hyprland window rules"; description = "list of hyprland window rules";
}; };
@@ -92,14 +92,38 @@ with lib;
defaultApps = mkOption { defaultApps = mkOption {
type = types.submodule { type = types.submodule {
options = { options = {
browser = mkOption { type = types.package; default = pkgs.firefox; }; browser = mkOption {
editor = mkOption { type = types.package; default = pkgs.micro; }; type = types.package;
fileExplorer = mkOption { type = types.package; default = pkgs.nemo; }; default = pkgs.firefox;
visual = mkOption { type = types.package; default = pkgs.vscodium; }; };
terminal = mkOption { type = types.package; default = pkgs.kitty; }; editor = mkOption {
office = mkOption { type = types.package; default = pkgs.onlyoffice-bin_latest; }; type = types.package;
video = mkOption { type = types.package; default = pkgs.vlc; }; default = pkgs.micro;
imageViewer = mkOption { type = types.package; default = pkgs.nomacs; }; };
fileExplorer = mkOption {
type = types.package;
default = pkgs.nemo;
};
visual = mkOption {
type = types.package;
default = pkgs.vscodium;
};
terminal = mkOption {
type = types.package;
default = pkgs.kitty;
};
office = mkOption {
type = types.package;
default = pkgs.onlyoffice-bin_latest;
};
video = mkOption {
type = types.package;
default = pkgs.vlc;
};
imageViewer = mkOption {
type = types.package;
default = pkgs.nomacs;
};
}; };
}; };
description = "Default applications used across the system."; description = "Default applications used across the system.";
@@ -108,15 +132,15 @@ with lib;
hyprIdle = { hyprIdle = {
lockScreenTimer = mkOption { lockScreenTimer = mkOption {
type = with types; int; type = with types; int;
default = 5; default = 300;
}; };
screenOffTimer = mkOption { screenOffTimer = mkOption {
type = with types; int; type = with types; int;
default = 15; default = 900;
}; };
suspendTimer = mkOption { suspendTimer = mkOption {
type = with types; int; type = with types; int;
default = 30; default = 1800;
}; };
}; };
}; };

9
modules/home/desktop/hyprland/packages.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mjallen.desktop.hyprland; cfg = config.mjallen.desktop.hyprland;
@@ -62,6 +67,8 @@ in
xorg.xhost xorg.xhost
xsettingsd xsettingsd
xwayland xwayland
pkgs.mjallen.pipewire-python
]; ];
}; };
} }

9
modules/home/desktop/hyprland/services/hypridle/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
let let
cfg = config.${namespace}.desktop.hyprland; cfg = config.${namespace}.desktop.hyprland;
in in
@@ -7,7 +12,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.hypridle = { services.hypridle = {
enable = false; enable = true;
settings = { settings = {
general = { general = {
before_sleep_cmd = "loginctl lock-session"; # lock before suspend. before_sleep_cmd = "loginctl lock-session"; # lock before suspend.

7
modules/home/desktop/hyprland/services/hyprlock/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
let let
cfg = config.${namespace}.desktop.hyprland; cfg = config.${namespace}.desktop.hyprland;
in in

7
modules/home/desktop/hyprland/services/hyprpaper/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
let let
cfg = config.${namespace}.desktop.hyprland; cfg = config.${namespace}.desktop.hyprland;
in in

7
modules/home/desktop/hyprland/theme.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mjallen.desktop.hyprland; cfg = config.mjallen.desktop.hyprland;

19
modules/home/home/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
home = { home = {
enableNixpkgsReleaseCheck = lib.mkDefault false; enableNixpkgsReleaseCheck = lib.mkDefault false;
@@ -47,10 +52,14 @@
nh = { nh = {
enable = true; enable = true;
flake = "/etc/nixos"; flake = "/etc/nixos";
clean = {
enable = true;
extraArgs = "--keep 5";
};
}; };
micro = { micro = {
enable = true; enable = lib.mkDefault true;
settings = { settings = {
autoindent = true; autoindent = true;
autosu = true; autosu = true;
@@ -61,7 +70,7 @@
}; };
tmux = { tmux = {
enable = true; enable = lib.mkDefault true;
terminal = "screen-256color"; terminal = "screen-256color";
sensibleOnTop = true; sensibleOnTop = true;
focusEvents = true; focusEvents = true;
@@ -104,8 +113,8 @@
nextcloud-client.enable = lib.mkDefault true; nextcloud-client.enable = lib.mkDefault true;
pass-secret-service.enable = lib.mkDefault true; pass-secret-service.enable = lib.mkDefault true;
kdeconnect = { kdeconnect = {
enable = true; enable = lib.mkDefault true;
indicator = true; indicator = lib.mkDefault true;
}; };
}; };
} }

2
modules/home/programs/btop/default.nix
View File

@@ -2,7 +2,7 @@
with lib; with lib;
let let
cfg = config.mjallen.programs.btop; cfg = config.mjallen.programs.btop;
nord = import ../../desktop/theme/nord.nix; nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

39
modules/home/programs/code/default.nix
View File

@@ -1,21 +1,16 @@
{ config, lib, pkgs, system, ... }: {
config,
pkgs,
system,
namespace,
...
}:
let let
isArm = "aarch64-linux" == system; isArm = "aarch64-linux" == system;
open-remote-ssh = pkgs.vscode-utils.buildVscodeExtension {
pname = "open-remote-ssh";
version = "0.0.49";
vscodeExtPublisher = "jeanp413";
vscodeExtName = "open-remote-ssh";
vscodeExtUniqueId = "jeanp413.open-remote-ssh";
src = pkgs.fetchurl {
url = "https://open-vsx.org/api/jeanp413/open-remote-ssh/0.0.49/file/jeanp413.open-remote-ssh-0.0.49.vsix";
sha256 = "sha256-QfJnAAx+kO2iJ1EzWoO5HLogJKg3RiC3hg1/u2Jm6t4";
name = "open-remote-ssh.zip";
};
};
x86_only = with pkgs; [ x86_only = with pkgs; [
vscode-extensions.redhat.vscode-xml vscode-extensions.redhat.vscode-xml
]; ];
open-remote-ssh = pkgs.${namespace}.open-remote-ssh;
in in
{ {
programs = { programs = {
@@ -27,7 +22,9 @@ in
default = { default = {
enableUpdateCheck = false; enableUpdateCheck = false;
enableExtensionUpdateCheck = false; enableExtensionUpdateCheck = false;
extensions = with pkgs; [ extensions =
with pkgs;
[
vscode-extensions.arrterian.nix-env-selector vscode-extensions.arrterian.nix-env-selector
vscode-extensions.bbenoist.nix vscode-extensions.bbenoist.nix
vscode-extensions.brettm12345.nixfmt-vscode vscode-extensions.brettm12345.nixfmt-vscode
@@ -44,8 +41,10 @@ in
# open-remote-ssh # open-remote-ssh
# nix-vscode-extensions.open-vsx.jeanp413.open-remote-ssh # nix-vscode-extensions.open-vsx.jeanp413.open-remote-ssh
# open-vsx.jeanp413.open-remote-ssh open-remote-ssh
] ++ ( if !isArm then x86_only else [ ] ) ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ ]
++ (if !isArm then x86_only else [ ])
++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
{ {
name = "copilot-mcp"; name = "copilot-mcp";
publisher = "automatalabs"; publisher = "automatalabs";
@@ -110,10 +109,12 @@ in
# You can write arbitary Nix expressions here, to produce valid "options" declaration result. # You can write arbitary Nix expressions here, to produce valid "options" declaration result.
# Tip: for flake-based configuration, utilize `builtins.getFlake` # Tip: for flake-based configuration, utilize `builtins.getFlake`
"nixos" = { "nixos" = {
"expr" = "(builtins.getFlake \"${config.home.homeDirectory}/nix-config\").nixosConfigurations.<name>.options"; "expr" =
"(builtins.getFlake \"${config.home.homeDirectory}/nix-config\").nixosConfigurations.<name>.options";
}; };
"home-manager" = { "home-manager" = {
"expr" = "(builtins.getFlake \"${config.home.homeDirectory}/nix-config\").homeConfigurations.<name>.options"; "expr" =
"(builtins.getFlake \"${config.home.homeDirectory}/nix-config\").homeConfigurations.<name>.options";
}; };
# # Tip: use ${workspaceFolder} variable to define path # # Tip: use ${workspaceFolder} variable to define path
# "nix-darwin" = { # "nix-darwin" = {
@@ -139,6 +140,8 @@ in
"*.db" = "default"; "*.db" = "default";
}; };
}; };
"enable-proposed-api" = [ "jeanp413.open-remote-ssh" ];
}; };
}; };
}; };

2
modules/home/programs/kitty/default.nix
View File

@@ -2,7 +2,7 @@
with lib; with lib;
let let
cfg = config.mjallen.programs.kitty; cfg = config.mjallen.programs.kitty;
nord = import ../../desktop/theme/nord.nix; nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

4
modules/home/programs/kitty/options.nix
View File

@@ -15,13 +15,13 @@ with lib;
}; };
size = mkOption { size = mkOption {
type = with types; int; type = with types; int;
default = 8; default = 12;
}; };
}; };
theme = mkOption { theme = mkOption {
type = types.attrs; type = types.attrs;
default = import ../../desktop/theme/nord.nix; default = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
}; };
}; };
} }

3
modules/home/programs/librewolf/default.nix
View File

@@ -36,7 +36,8 @@
"browser.newtabpage.activity-stream.topSitesRows" = 3; # Set number of rows for top sites on new tab page "browser.newtabpage.activity-stream.topSitesRows" = 3; # Set number of rows for top sites on new tab page
"layout.css.light-dark.enabled" = true; # Enable light/dark theme support "layout.css.light-dark.enabled" = true; # Enable light/dark theme support
"extensions.activeThemeID" = "default-theme@mozilla.org"; # Set active theme "extensions.activeThemeID" = "default-theme@mozilla.org"; # Set active theme
"extensions.webextensions.uuids" = "{\"formautofill@mozilla.org\" =\"851c83b7-26d5-449c-8cc9-d8951a0ce78d\",\"pictureinpicture@mozilla.org\" =\"42fa2650-5134-4bef-bafa-b73f9ae51bad\",\"screenshots@mozilla.org\" =\"efd2b692-43c4-433a-aea5-0cb79f8312d4\",\"webcompat-reporter@mozilla.org\" =\"c43a6be2-fb56-4253-b384-ce8e09a89999\",\"webcompat@mozilla.org\" =\"e25fd1bb-7c53-413f-9528-bb922c322a56\",\"default-theme@mozilla.org\" =\"610b67c3-9145-46f7-814f-d8ee2cc8edff\",\"addons-search-detection@mozilla.com\:\"caedb3ca-5cf5-4e23-a251-d742f23e6fc8\",\"uBlock0@raymondhill.net\" =\"7e7d9fd9-12bf-42d3-9c7c-9ffd05420ec7\",\"78272b6fa58f4a1abaac99321d503a20@proton.me\" =\"7242a067-06d8-430b-94a3-00d264cdd57b\",\"addon@darkreader.org\" =\"2f02b112-6acd-4bdc-af2c-1432eb527339\",\"jid1-xUfzOsOFlzSOXg@jetpack\" =\"d0c72046-9903-4118-8160-a028840bf928\",\"chrome-gnome-shell@gnome.org\" =\"a1ab53e6-b765-4f25-8349-383cc04682a0\",\"user-agent-switcher@ninetailed.ninja\" =\"259d07cc-bb32-4ed5-b90f-6d73abdeb7bb\",\"firefoxdav@icloud.com\" =\"110e6e2c-18f8-461d-9f26-b8f04482b6f1\",\"ciscowebexstart1@cisco.com\" =\"a4062240-e73a-4353-bddb-d608d84881f7\",\"{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}\" =\"9164e437-812b-4a07-8dfd-2fd73b39329b\",\"{036a55b4-5e72-4d05-a06c-cba2dfcc134a}\" =\"648fc678-a6fb-47cd-9792-fb9520678c17\",\"{446900e4-71c2-419f-a6a7-df9c091e268b}\" =\"f0b43422-070e-466e-85c9-6543f209f075\",\"jid1-MnnxcxisBPnSXQ@jetpack\" =\"4c448202-c843-4cae-b5c3-d11f2da58fa3\",\"soundfixer@unrelenting.technology\" =\"59b35eb8-1c85-4919-a905-80d120993ddc\",\"floccus@handmadeideas.org\" =\"8ad2956c-8091-41af-a689-7d2108f5958d\",\"{79b9dbcf-cc5a-4cda-89ef-c4ab097eb074}\" =\"c2a223a7-32e0-4726-9f20-17236702b1f5\",\"linkgopher@oooninja.com\" =\"a257858c-0dce-415b-b123-6222876cf843\"}"; "extensions.webextensions.uuids" =
"{\"formautofill@mozilla.org\" =\"851c83b7-26d5-449c-8cc9-d8951a0ce78d\",\"pictureinpicture@mozilla.org\" =\"42fa2650-5134-4bef-bafa-b73f9ae51bad\",\"screenshots@mozilla.org\" =\"efd2b692-43c4-433a-aea5-0cb79f8312d4\",\"webcompat-reporter@mozilla.org\" =\"c43a6be2-fb56-4253-b384-ce8e09a89999\",\"webcompat@mozilla.org\" =\"e25fd1bb-7c53-413f-9528-bb922c322a56\",\"default-theme@mozilla.org\" =\"610b67c3-9145-46f7-814f-d8ee2cc8edff\",\"addons-search-detection@mozilla.com\:\"caedb3ca-5cf5-4e23-a251-d742f23e6fc8\",\"uBlock0@raymondhill.net\" =\"7e7d9fd9-12bf-42d3-9c7c-9ffd05420ec7\",\"78272b6fa58f4a1abaac99321d503a20@proton.me\" =\"7242a067-06d8-430b-94a3-00d264cdd57b\",\"addon@darkreader.org\" =\"2f02b112-6acd-4bdc-af2c-1432eb527339\",\"jid1-xUfzOsOFlzSOXg@jetpack\" =\"d0c72046-9903-4118-8160-a028840bf928\",\"chrome-gnome-shell@gnome.org\" =\"a1ab53e6-b765-4f25-8349-383cc04682a0\",\"user-agent-switcher@ninetailed.ninja\" =\"259d07cc-bb32-4ed5-b90f-6d73abdeb7bb\",\"firefoxdav@icloud.com\" =\"110e6e2c-18f8-461d-9f26-b8f04482b6f1\",\"ciscowebexstart1@cisco.com\" =\"a4062240-e73a-4353-bddb-d608d84881f7\",\"{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}\" =\"9164e437-812b-4a07-8dfd-2fd73b39329b\",\"{036a55b4-5e72-4d05-a06c-cba2dfcc134a}\" =\"648fc678-a6fb-47cd-9792-fb9520678c17\",\"{446900e4-71c2-419f-a6a7-df9c091e268b}\" =\"f0b43422-070e-466e-85c9-6543f209f075\",\"jid1-MnnxcxisBPnSXQ@jetpack\" =\"4c448202-c843-4cae-b5c3-d11f2da58fa3\",\"soundfixer@unrelenting.technology\" =\"59b35eb8-1c85-4919-a905-80d120993ddc\",\"floccus@handmadeideas.org\" =\"8ad2956c-8091-41af-a689-7d2108f5958d\",\"{79b9dbcf-cc5a-4cda-89ef-c4ab097eb074}\" =\"c2a223a7-32e0-4726-9f20-17236702b1f5\",\"linkgopher@oooninja.com\" =\"a257858c-0dce-415b-b123-6222876cf843\"}";
}; };
}; };
} }

2
modules/home/programs/mako/default.nix
View File

@@ -2,7 +2,7 @@
with lib; with lib;
let let
cfg = config.mjallen.programs.mako; cfg = config.mjallen.programs.mako;
nord = import ../../desktop/theme/nord.nix; nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

9
modules/home/programs/nwg-dock/default.nix
View File

@@ -1,8 +1,13 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mjallen.programs.nwg-dock; cfg = config.mjallen.programs.nwg-dock;
nord = import ../../desktop/theme/nord.nix; nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

9
modules/home/programs/nwg-drawer/default.nix
View File

@@ -1,8 +1,13 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mjallen.programs.nwg-drawer; cfg = config.mjallen.programs.nwg-drawer;
nord = import ../../desktop/theme/nord.nix; nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

40
modules/home/programs/nwg-panel/options.nix
View File

@@ -7,14 +7,38 @@ with lib;
defaultApps = mkOption { defaultApps = mkOption {
type = types.submodule { type = types.submodule {
options = { options = {
browser = mkOption { type = types.package; default = pkgs.firefox; }; browser = mkOption {
editor = mkOption { type = types.package; default = pkgs.micro; }; type = types.package;
fileExplorer = mkOption { type = types.package; default = pkgs.nemo; }; default = pkgs.firefox;
visual = mkOption { type = types.package; default = pkgs.vscodium; }; };
terminal = mkOption { type = types.package; default = pkgs.kitty; }; editor = mkOption {
office = mkOption { type = types.package; default = pkgs.onlyoffice-bin_latest; }; type = types.package;
video = mkOption { type = types.package; default = pkgs.vlc; }; default = pkgs.micro;
imageViewer = mkOption { type = types.package; default = pkgs.gnome-photos; }; };
fileExplorer = mkOption {
type = types.package;
default = pkgs.nemo;
};
visual = mkOption {
type = types.package;
default = pkgs.vscodium;
};
terminal = mkOption {
type = types.package;
default = pkgs.kitty;
};
office = mkOption {
type = types.package;
default = pkgs.onlyoffice-bin_latest;
};
video = mkOption {
type = types.package;
default = pkgs.vlc;
};
imageViewer = mkOption {
type = types.package;
default = pkgs.gnome-photos;
};
}; };
}; };
description = "Default applications used across the system."; description = "Default applications used across the system.";

66
modules/home/programs/waybar/default.nix
View File

@@ -2,7 +2,7 @@
with lib; with lib;
let let
cfg = config.mjallen.programs.waybar; cfg = config.mjallen.programs.waybar;
nord = import ../../desktop/theme/nord.nix; nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
defaultOpacity = "opacity: 0.85;"; defaultOpacity = "opacity: 0.85;";
defaultBorderRadius = "border-radius: 1rem;"; defaultBorderRadius = "border-radius: 1rem;";
@@ -61,7 +61,30 @@ in
modules-center = [ "hyprland/window" ]; modules-center = [ "hyprland/window" ];
modules-right = cfg.modules-right; modules-right = [
"tray"
"custom/left-end"
"temperature"
"temperature#gpu"
"keyboard-state#capslock"
"keyboard-state#numlock"
"wireplumber#sink"
"bluetooth"
"network"
"idle_inhibitor"
"custom/right-end"
"custom/left-end"
"clock"
"battery"
"custom/weather"
"custom/right-end"
];
# modules-right = [
# "tray"
# "custom/left-end" ] ++
# cfg.modules-right ++
# [ "custom/right-end" ];
# Module Definitions # Module Definitions
# Left # Left
@@ -290,7 +313,18 @@ in
return-type = "json"; return-type = "json";
markup = "pango"; markup = "pango";
}; };
} // cfg.extraModules;
"custom/left-end" = {
format = "&nbsp";
tooltip = false;
};
"custom/right-end" = {
format = "&nbsp";
tooltip = false;
};
}
// cfg.extraModules;
}; };
# * { font-size: 13px; } # * { font-size: 13px; }
@@ -372,7 +406,7 @@ in
${defaultBorderRadius} ${defaultBorderRadius}
${defaultCenterOptions} ${defaultCenterOptions}
margin-left: 4rem; margin-left: 4rem;
margin-right: 4rem; margin-right: ${toString cfg.windowOffset}rem;
} }
/* make window module transparent when no windows present */ /* make window module transparent when no windows present */
@@ -384,7 +418,8 @@ in
color: ${nord.frost.nord10}; color: ${nord.frost.nord10};
background-color: ${nord.polarNight.nord0}; background-color: ${nord.polarNight.nord0};
${defaultOpacity} ${defaultOpacity}
${borderRight} ${defaultCenterOptions}
border-radius: 0;
} }
#battery { #battery {
@@ -400,7 +435,8 @@ in
color: ${nord.frost.nord9}; color: ${nord.frost.nord9};
background-color: ${nord.polarNight.nord0}; background-color: ${nord.polarNight.nord0};
${defaultOpacity} ${defaultOpacity}
${borderLeft} ${defaultCenterOptions}
border-radius: 0;
} }
/* ------------- */ /* ------------- */
@@ -409,7 +445,8 @@ in
color: ${nord.frost.nord10}; color: ${nord.frost.nord10};
background-color: ${nord.polarNight.nord0}; background-color: ${nord.polarNight.nord0};
${defaultOpacity} ${defaultOpacity}
${borderRight} ${defaultCenterOptions}
border-radius: 0;
padding-right: 1rem; padding-right: 1rem;
} }
@@ -528,7 +565,20 @@ in
} }
/* ------------- */ /* ------------- */
'' + cfg.extraModulesStyle or '''';
#custom-left-end {
background-color: ${nord.polarNight.nord0};
${defaultOpacity}
${borderLeft}
}
#custom-right-end {
background-color: ${nord.polarNight.nord0};
${defaultOpacity}
${borderRight}
}
''
+ cfg.extraModulesStyle or '''';
}; };
}; };
} }

39
modules/home/programs/waybar/options.nix
View File

@@ -11,7 +11,7 @@ with lib;
modules-right = mkOption { modules-right = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = []; default = [ ];
}; };
networkInterface = mkOption { networkInterface = mkOption {
@@ -28,5 +28,42 @@ with lib;
type = types.str; type = types.str;
default = ""; default = "";
}; };
windowOffset = mkOption {
type = types.int;
default = 4;
};
# Waybar modules config
# modules = mkOption {
# type = types.submodule {
# options = {
# # Modules
# window = mkOption {
# type = types.submodule {
# options = {
# # Waybar Module CSS
# margin-right = mkOption {
# type = types.str;
# default = "4";
# };
# };
# };
# };
# temperature = mkOption {
# type = types.submodule {
# options = {
# # Waybar Module CSS
# margin-right = mkOption {
# type = types.str;
# default = "4";
# };
# };
# };
# };
# };
# };
# default = { };
# };
}; };
} }

10
modules/home/programs/waybar/scripts/hass.nix
View File

@@ -1,8 +1,14 @@
{ config, lib, namespace, pkgs, ... }: {
config,
lib,
namespace,
pkgs,
...
}:
let let
cfg = config.mjallen.programs.waybar; cfg = config.mjallen.programs.waybar;
pythonEnv = pkgs.python3.withPackages (ps: [ pythonEnv = pkgs.python3.withPackages (_ps: [
pkgs.${namespace}.homeassistant-api pkgs.${namespace}.homeassistant-api
]); ]);

34
modules/home/programs/waybar/scripts/weather.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.mjallen.programs.waybar; cfg = config.mjallen.programs.waybar;
@@ -7,7 +12,6 @@ let
#! nix-shell -i python3 --pure #! nix-shell -i python3 --pure
#! nix-shell -p python3 python3Packages.requests #! nix-shell -p python3 python3Packages.requests
"""get waybar weather"""
import os import os
import json import json
import shutil import shutil
@@ -93,12 +97,16 @@ let
WIND_DIRECTION = { WIND_DIRECTION = {
"S": "", "S": "",
"SW": "", "SW": "",
"SSW": "",
"W": "", "W": "",
"NW": "", "NW": "",
"NNW": "",
"N": "", "N": "",
"NE": "", "NE": "",
"NNE": "",
"E": "", "E": "",
"SE": "", "SE": "",
"SSE": "",
} }
MOON_PHASES = ( MOON_PHASES = (
@@ -334,11 +342,13 @@ let
moon_phase = astronomy['moon_phase'] moon_phase = astronomy['moon_phase']
wego = WEATHER_CODES_WEGO[current_condition['weatherCode']] wego = WEATHER_CODES_WEGO[current_condition['weatherCode']]
tooltip = f"{wego[0]}{weather_description} {temp_f}°\n" current = f"{wego[0]}{weather_description} {temp_f}°\n"
tooltip += f"{wego[1]}Feels like: {feels_like_f}°\n" feels = f"{wego[1]}Feels like: {feels_like_f}°\n"
tooltip += f"{wego[2]}Wind: {wind_speed}mph {WIND_DIRECTION[wind_dir]}\n" wind = f"{wego[2]}Wind: {wind_speed}mph {WIND_DIRECTION[wind_dir]}\n"
tooltip += f"{wego[3]}Humidity: {humidity}%\n" humidityl = f"{wego[3]}Humidity: {humidity}%\n"
tooltip += f"{wego[4]}Moon phase: {moon_phase} " + moon_icon + "\n" moon = f"{wego[4]}Moon phase: {moon_phase} " + moon_icon + "\n"
tooltip = current + feels + wind + humidityl + moon
return tooltip return tooltip
@@ -414,9 +424,12 @@ let
current_condition = weather["current_condition"][0] current_condition = weather["current_condition"][0]
astronomy = weather["weather"][0]['astronomy'][0] astronomy = weather["weather"][0]['astronomy'][0]
data["text"] = build_text(current_condition) text = build_text(current_condition)
data["tooltip"] = build_tooltip(current_condition, astronomy, moon_icon)
data["tooltip"] += build_forecast(weather["weather"]) tooltip = build_tooltip(current_condition, astronomy, moon_icon) + build_forecast(weather["weather"])
data["text"] = text
data["tooltip"] = tooltip
return json.dumps(data) return json.dumps(data)
@@ -425,6 +438,7 @@ let
try: try:
print(get_wttr_json()) print(get_wttr_json())
except Exception as e: except Exception as e:
print("error")
print(e) print(e)
main() main()

2
modules/home/programs/wlogout/default.nix
View File

@@ -2,7 +2,7 @@
with lib; with lib;
let let
cfg = config.mjallen.programs.wlogout; cfg = config.mjallen.programs.wlogout;
nord = import ../../desktop/theme/nord.nix; nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

2
modules/home/programs/wofi/default.nix
View File

@@ -2,7 +2,7 @@
with lib; with lib;
let let
cfg = config.mjallen.programs.wofi; cfg = config.mjallen.programs.wofi;
nord = import ../../desktop/theme/nord.nix; nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

57
modules/home/shell-aliases/default.nix Normal file
View File

@@ -0,0 +1,57 @@
{
config,
lib,
...
}:
let
cfg = config.mjallen.shell-aliases;
in
{
options.mjallen.shell-aliases = {
enable = lib.mkEnableOption "Common shell aliases";
buildHost = lib.mkOption {
type = lib.types.str;
default = "admin@10.0.1.3";
description = "Build host for nixos-rebuild commands";
};
flakeInputs = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "List of flake inputs to update";
};
extraAliases = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = { };
description = "Additional host-specific aliases";
};
};
config = lib.mkIf cfg.enable {
programs.zsh.shellAliases = {
# Common file operations
ll = "ls -alh";
ducks = "du -cksh * | sort -hr | head -n 15";
# NixOS rebuild commands
update-boot =
"sudo nixos-rebuild boot --max-jobs 10"
+ lib.optionalString (cfg.buildHost != "") " --build-host ${cfg.buildHost}";
update-switch =
"sudo nixos-rebuild switch --max-jobs 10"
+ lib.optionalString (cfg.buildHost != "") " --build-host ${cfg.buildHost}";
# Flake update command
update-flake = lib.mkIf (
cfg.flakeInputs != [ ]
) "nix flake update ${lib.concatStringsSep " " cfg.flakeInputs} --flake /etc/nixos";
# NAS management
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
nas-ssh = "kitten ssh admin@10.0.1.3";
}
// cfg.extraAliases;
};
}

8
modules/home/sops/default.nix
View File

@@ -1,9 +1,13 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
let let
cfg = config.mjallen.sops; cfg = config.mjallen.sops;
user = config.${namespace}.user.name; user = config.${namespace}.user.name;
hostname = config.${namespace}.network.hostname;
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

3
modules/home/user/default.nix
View File

@@ -65,8 +65,7 @@ in
]; ];
home = { home = {
file = file = {
{
"Desktop/.keep".text = ""; "Desktop/.keep".text = "";
"Documents/.keep".text = ""; "Documents/.keep".text = "";
"Downloads/.keep".text = ""; "Downloads/.keep".text = "";

15
modules/nixos/actual/default.nix
View File

@@ -1,7 +1,13 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.nas-apps.actual; cfg = config.${namespace}.services.actual;
dataDir = "/data"; dataDir = "/data";
hostAddress = "10.0.1.3"; hostAddress = "10.0.1.3";
actualUserId = config.users.users.nix-apps.uid; actualUserId = config.users.users.nix-apps.uid;
@@ -24,7 +30,8 @@ in
}; };
}; };
config = { lib, ... }: config =
{ lib, ... }:
{ {
services.actual = { services.actual = {
enable = true; enable = true;
@@ -69,7 +76,7 @@ in
ExecStart = lib.mkForce "${pkgs.actual-server}/bin/actual-server --config ${dataDir}/config.json"; ExecStart = lib.mkForce "${pkgs.actual-server}/bin/actual-server --config ${dataDir}/config.json";
WorkingDirectory = lib.mkForce dataDir; WorkingDirectory = lib.mkForce dataDir;
StateDirectory = lib.mkForce dataDir; StateDirectory = lib.mkForce dataDir;
StateDirectoryMode = lib.mkForce 0700; StateDirectoryMode = lib.mkForce 700;
DynamicUser = lib.mkForce false; DynamicUser = lib.mkForce false;
ProtectSystem = lib.mkForce null; ProtectSystem = lib.mkForce null;
}; };

4
modules/nixos/actual/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }: { lib, namespace, ... }:
with lib; with lib;
{ {
options.nas-apps.actual = { options.${namespace}.services.actual = {
enable = mkEnableOption "actual service"; enable = mkEnableOption "actual service";
port = mkOption { port = mkOption {

2
modules/nixos/amd/default.nix
View File

@@ -6,7 +6,7 @@
}: }:
let let
cfg = config.share.hardware.amd; cfg = config.share.hardware.amd;
pkgsVersion = pkgs;#.unstable; pkgsVersion = pkgs; # .unstable;
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

9
modules/nixos/apps/free-games-claimer/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, ... }: {
lib,
config,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.nas-apps.free-games-claimer; cfg = config.${namespace}.services.free-games-claimer;
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

6
modules/nixos/apps/free-games-claimer/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }: { lib, namespace, ... }:
with lib; with lib;
{ {
options.nas-apps.free-games-claimer = { options.${namespace}.services.free-games-claimer = {
enable = mkEnableOption "free-games-claimer docker service"; enable = mkEnableOption "free-games-claimer docker service";
autoStart = mkOption { autoStart = mkOption {
@@ -26,7 +26,7 @@ with lib;
dataPath = mkOption { dataPath = mkOption {
type = types.str; type = types.str;
default = "/media/nas/ssd/nix-app-data/free-games-claimer"; default = "/media/nas/main/nix-app-data/free-games-claimer";
}; };
puid = mkOption { puid = mkOption {

9
modules/nixos/apps/manyfold/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, ... }: {
lib,
config,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.nas-apps.manyfold; cfg = config.${namespace}.services.manyfold;
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

6
modules/nixos/apps/manyfold/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }: { lib, namespace, ... }:
with lib; with lib;
{ {
options.nas-apps.manyfold = { options.${namespace}.services.manyfold = {
enable = mkEnableOption "manyfold docker service"; enable = mkEnableOption "manyfold docker service";
autoStart = mkOption { autoStart = mkOption {
@@ -26,7 +26,7 @@ with lib;
configPath = mkOption { configPath = mkOption {
type = types.str; type = types.str;
default = "/media/nas/ssd/nix-app-data/manyfold"; default = "/media/nas/main/nix-app-data/manyfold";
}; };
dataPath = mkOption { dataPath = mkOption {

9
modules/nixos/apps/mongodb/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, ... }: {
lib,
config,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.nas-apps.mongodb; cfg = config.${namespace}.services.mongodb;
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

6
modules/nixos/apps/mongodb/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }: { lib, namespace, ... }:
with lib; with lib;
{ {
options.nas-apps.mongodb = { options.${namespace}.services.mongodb = {
enable = mkEnableOption "mongodb docker service"; enable = mkEnableOption "mongodb docker service";
autoStart = mkOption { autoStart = mkOption {
@@ -26,7 +26,7 @@ with lib;
configPath = mkOption { configPath = mkOption {
type = types.str; type = types.str;
default = "/media/nas/ssd/mongodb"; default = "/media/nas/main/mongodb";
}; };
puid = mkOption { puid = mkOption {

9
modules/nixos/apps/tdarr/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, ... }: {
lib,
config,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.nas-apps.tdarr; cfg = config.${namespace}.services.tdarr;
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

12
modules/nixos/apps/tdarr/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }: { lib, namespace, ... }:
with lib; with lib;
{ {
options.nas-apps.tdarr = { options.${namespace}.services.tdarr = {
enable = mkEnableOption "tdarr docker service"; enable = mkEnableOption "tdarr docker service";
autoStart = mkOption { autoStart = mkOption {
@@ -31,22 +31,22 @@ with lib;
configPath = mkOption { configPath = mkOption {
type = types.str; type = types.str;
default = "/media/nas/ssd/nix-app-data/tdarr/config"; default = "/media/nas/main/nix-app-data/tdarr/config";
}; };
serverPath = mkOption { serverPath = mkOption {
type = types.str; type = types.str;
default = "/media/nas/ssd/nix-app-data/tdarr/server"; default = "/media/nas/main/nix-app-data/tdarr/server";
}; };
logPath = mkOption { logPath = mkOption {
type = types.str; type = types.str;
default = "/media/nas/ssd/nix-app-data/tdarr/logs"; default = "/media/nas/main/nix-app-data/tdarr/logs";
}; };
transcodePath = mkOption { transcodePath = mkOption {
type = types.str; type = types.str;
default = "/media/nas/ssd/nix-app-data/tdarr/transcode"; default = "/media/nas/main/nix-app-data/tdarr/transcode";
}; };
moviesPath = mkOption { moviesPath = mkOption {

9
modules/nixos/apps/your-spotify/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, ... }: {
lib,
config,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.nas-apps.your_spotify; cfg = config.${namespace}.services.your_spotify;
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

6
modules/nixos/apps/your-spotify/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }: { lib, namespace, ... }:
with lib; with lib;
{ {
options.nas-apps.your_spotify = { options.${namespace}.services.your_spotify = {
enable = mkEnableOption "your_spotify docker service"; enable = mkEnableOption "your_spotify docker service";
autoStart = mkOption { autoStart = mkOption {
@@ -36,7 +36,7 @@ with lib;
configPath = mkOption { configPath = mkOption {
type = types.str; type = types.str;
default = "/media/nas/ssd/nix-app-data/your_spotify"; default = "/media/nas/main/nix-app-data/your_spotify";
}; };
puid = mkOption { puid = mkOption {

25
modules/nixos/arrs/default.nix
View File

@@ -2,11 +2,12 @@
config, config,
pkgs, pkgs,
lib, lib,
namespace,
... ...
}: }:
with lib; with lib;
let let
cfg = config.nas-apps.arrs; cfg = config.${namespace}.services.arrs;
radarrDataDir = "/var/lib/radarr"; radarrDataDir = "/var/lib/radarr";
downloadDir = "/downloads"; downloadDir = "/downloads";
incompleteDir = "/downloads-incomplete"; incompleteDir = "/downloads-incomplete";
@@ -40,7 +41,9 @@ in
{ {
nixpkgs.config = { nixpkgs.config = {
allowUnfree = lib.mkForce true; allowUnfree = lib.mkForce true;
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"unrar" "unrar"
]; ];
}; };
@@ -232,8 +235,22 @@ in
]; ];
}; };
firewall = { firewall = {
allowedTCPPorts = [ cfg.radarr.port cfg.sonarr.port cfg.sabnzbd.port 8080 cfg.deluge.port cfg.jackett.port ]; allowedTCPPorts = [
allowedUDPPorts = [ cfg.radarr.port cfg.sonarr.port cfg.sabnzbd.port 8080 cfg.deluge.port cfg.jackett.port ]; cfg.radarr.port
cfg.sonarr.port
cfg.sabnzbd.port
8080
cfg.deluge.port
cfg.jackett.port
];
allowedUDPPorts = [
cfg.radarr.port
cfg.sonarr.port
cfg.sabnzbd.port
8080
cfg.deluge.port
cfg.jackett.port
];
}; };
}; };
}; };

4
modules/nixos/arrs/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }: { lib, namespace, ... }:
with lib; with lib;
{ {
options.nas-apps.arrs = { options.${namespace}.services.arrs = {
enable = mkEnableOption "arrs services"; enable = mkEnableOption "arrs services";
radarr = { radarr = {

24
modules/nixos/boot/default.nix
View File

@@ -1,9 +1,31 @@
{ ... }: {
pkgs,
system,
lib,
...
}:
let
isArm = ("aarch64-linux" == system);
in
{ {
boot = { boot = {
kernelParams = [ kernelParams = [
"quiet" "quiet"
]; ];
binfmt = lib.mkIf isArm {
registrations."x86_64-linux" = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
openBinary = true;
interpreter = "${pkgs.box64}/bin/box64";
preserveArgvZero = true;
matchCredentials = true;
fixBinary = false;
};
};
supportedFilesystems = [ "bcachefs" ];
}; };
zramSwap.enable = true; zramSwap.enable = true;

7
modules/nixos/boot/lanzaboote/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, inputs, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.bootloader.lanzaboote; cfg = config.${namespace}.bootloader.lanzaboote;

26
modules/nixos/crowdsec/default.nix
View File

@@ -1,20 +1,28 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.nas-apps.crowdsec; cfg = config.${namespace}.services.crowdsec;
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services = { services = {
crowdsec = let crowdsec =
yaml = (pkgs.formats.yaml {}).generate; let
yaml = (pkgs.formats.yaml { }).generate;
acquisitions_file = yaml "acquisitions.yaml" { acquisitions_file = yaml "acquisitions.yaml" {
source = "journalctl"; source = "journalctl";
journalctl_filter = ["_SYSTEMD_UNIT=sshd.service"]; journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ];
labels.type = "syslog"; labels.type = "syslog";
}; };
in { in
{
enable = true; enable = true;
enrollKeyFile = "${cfg.dataDir}/enroll.key"; enrollKeyFile = "${cfg.dataDir}/enroll.key";
settings = { settings = {
@@ -35,7 +43,8 @@ in
}; };
systemd.services.crowdsec.serviceConfig = { systemd.services.crowdsec.serviceConfig = {
ExecStartPre = let ExecStartPre =
let
script = pkgs.writeScriptBin "register-bouncer" '' script = pkgs.writeScriptBin "register-bouncer" ''
#!${pkgs.runtimeShell} #!${pkgs.runtimeShell}
set -eu set -eu
@@ -45,7 +54,8 @@ in
cscli bouncers add "nas-bouncer" --key "${cfg.apiKey}" cscli bouncers add "nas-bouncer" --key "${cfg.apiKey}"
fi fi
''; '';
in ["${script}/bin/register-bouncer"]; in
[ "${script}/bin/register-bouncer" ];
}; };
networking = { networking = {

4
modules/nixos/crowdsec/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }: { lib, namespace, ... }:
with lib; with lib;
{ {
options.nas-apps.crowdsec = { options.${namespace}.services.crowdsec = {
enable = mkEnableOption "crowdsec service"; enable = mkEnableOption "crowdsec service";
port = mkOption { port = mkOption {

7
modules/nixos/desktop/cosmic/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
let let
cfg = config.${namespace}.desktop.cosmic; cfg = config.${namespace}.desktop.cosmic;
in in

10
modules/nixos/desktop/gnome/default.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, pkgs, namespace, ... }: {
config,
lib,
pkgs,
namespace,
...
}:
let let
cfg = config.${namespace}.desktop.gnome; cfg = config.${namespace}.desktop.gnome;
in in
@@ -22,7 +28,7 @@ in
programs = { programs = {
kdeconnect = { kdeconnect = {
enable = true; enable = lib.mkDefault true;
package = pkgs.gnomeExtensions.gsconnect; package = pkgs.gnomeExtensions.gsconnect;
}; };
}; };

16
modules/nixos/desktop/hyprland/default.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, lib, namespace, ... }: {
config,
pkgs,
lib,
namespace,
...
}:
let let
cfg = config.${namespace}.desktop.hyprland; cfg = config.${namespace}.desktop.hyprland;
@@ -26,7 +32,10 @@ in
imports = [ ../../../home/desktop/hyprland/options.nix ]; imports = [ ../../../home/desktop/hyprland/options.nix ];
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = [ bing-wallpaper pkgs.jq ]; environment.systemPackages = [
bing-wallpaper
pkgs.jq
];
services = { services = {
displayManager = { displayManager = {
@@ -131,9 +140,6 @@ in
}; };
}; };
}; };
extraConfig = ''
DefaultTimeoutStopSec=10s
'';
}; };
security = { security = {

92
modules/nixos/development/default.nix Normal file
View File

@@ -0,0 +1,92 @@
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.development;
in
{
options.${namespace}.development = {
enable = lib.mkEnableOption "Common development tools and packages";
includeLanguages = lib.mkOption {
type = lib.types.listOf (
lib.types.enum [
"python"
"c"
"rust"
"nodejs"
]
);
default = [
"python"
"c"
];
description = "Programming languages to include tools for";
};
includeContainers = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Include container development tools";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages =
with pkgs;
[
# Version control
git
# Build tools
cmake
ninja
binutils
# System utilities
jq
# Text processing
]
++ lib.optionals (builtins.elem "python" cfg.includeLanguages) [
python3
python3Packages.pip
]
++ lib.optionals (builtins.elem "c" cfg.includeLanguages) [
gcc
gdb
]
++ lib.optionals (builtins.elem "rust" cfg.includeLanguages) [
rustc
cargo
]
++ lib.optionals (builtins.elem "nodejs" cfg.includeLanguages) [
nodejs
npm
]
++ lib.optionals cfg.includeContainers [
docker-compose
podman-compose
];
# Enable container support if requested
virtualisation.podman = lib.mkIf cfg.includeContainers {
enable = true;
dockerCompat = true;
autoPrune.enable = true;
defaultNetwork.settings = {
dns_enabled = true;
};
};
# Common development programs
programs = {
nix-ld.enable = lib.mkDefault true;
};
};
}

141
modules/nixos/disko/aarch64-linux/default.nix
View File

@@ -1,19 +1,79 @@
{ config, lib, system, ... }: {
config,
lib,
system,
namespace,
...
}:
let let
cfg = config.${namespace}.hardware.disko;
isArm = builtins.match "aarch64*" system != null; isArm = builtins.match "aarch64*" system != null;
rootDisk = "/dev/nvme0n1"; rootDisk = "/dev/nvme0n1";
in
{ # BTRFS root partition configuration
config = lib.mkIf isArm { btrfsRoot = {
disko.devices = { name = "btrfs-root";
nodev."/" = { size = "100%";
fsType = "tmpfs"; content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
"home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"root" = {
mountOptions = [ mountOptions = [
"mode=755" "compress=zstd"
"defaults" "noatime"
"size=2G" ];
mountpoint = "/root";
};
"nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"etc" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/etc";
};
"log" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/var/log";
};
};
};
};
# BCacheFS root partition configuration
bcachefsRoot = {
size = "100%";
content = {
type = "bcachefs";
# This refers to a filesystem in the `bcachefs_filesystems` attrset below.
filesystem = "mounted_subvolumes_in_multi";
label = "ssd.ssd1";
extraFormatArgs = [
"--discard"
]; ];
}; };
};
in
{
imports = [ ../options.nix ];
config = lib.mkIf (isArm && cfg.enable) {
disko.devices = {
# root disk setup # root disk setup
disk.main = { disk.main = {
type = "disk"; type = "disk";
@@ -53,58 +113,33 @@ in
}; };
}; };
root = { root = if cfg.filesystem == "btrfs" then btrfsRoot else bcachefsRoot;
name = "btrfs-root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
"home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
}; };
"root" = { };
mountOptions = [ };
"compress=zstd"
"noatime" bcachefs_filesystems = lib.mkIf (cfg.filesystem == "bcachefs") {
mounted_subvolumes_in_multi = {
type = "bcachefs_filesystem";
# passwordFile = "/etc/nixos/pool.jwe";
extraFormatArgs = [
"--compression=zstd"
]; ];
mountpoint = "/root"; subvolumes = {
"/root" = {
mountpoint = "/";
}; };
"nix" = { "/persistent" = {
mountpoint = "/persistent";
};
"/nix" = {
mountOptions = [ mountOptions = [
"compress=zstd"
"noatime" "noatime"
]; ];
mountpoint = "/nix"; mountpoint = "/nix";
}; };
"etc" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/etc";
};
"tmp" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/tmp";
};
"log" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/var/log";
};
};
};
};
}; };
mountpoint = "/partition-root";
}; };
}; };
}; };

8
modules/nixos/disko/options.nix
View File

@@ -3,5 +3,13 @@ with lib;
{ {
options.${namespace}.hardware.disko = { options.${namespace}.hardware.disko = {
enable = mkEnableOption "enable disko"; enable = mkEnableOption "enable disko";
filesystem = mkOption {
type = types.enum [
"bcachefs"
"btrfs"
];
default = "btrfs";
description = "Filesystem to use for the root partition";
};
}; };
} }

127
modules/nixos/disko/x86_64-linux/default.nix
View File

@@ -1,47 +1,17 @@
{ config, lib, system, namespace, ... }: {
config,
lib,
system,
namespace,
...
}:
let let
cfg = config.${namespace}.hardware.disko; cfg = config.${namespace}.hardware.disko;
isArm = builtins.match "aarch64*" system != null; isArm = builtins.match "aarch64*" system != null;
rootDisk = "/dev/nvme0n1"; rootDisk = "/dev/nvme0n1";
in
{
imports = [ ../options.nix ];
config = lib.mkIf (cfg.enable && !isArm) { # BTRFS root partition configuration
disko.devices = { btrfsRoot = {
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"mode=755"
"defaults"
"size=25%"
];
};
# root disk setup
disk.main = {
type = "disk";
device = rootDisk;
imageSize = "32G";
content = {
type = "gpt";
# specify partitions
partitions = {
# /boot
ESP = {
priority = 1;
name = "ESP";
start = "1M";
end = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
name = "btrfs-root"; name = "btrfs-root";
size = "100%"; size = "100%";
content = { content = {
@@ -85,9 +55,88 @@ in
}; };
}; };
}; };
# BCacheFS root partition configuration
bcachefsRoot = {
size = "100%";
content = {
type = "bcachefs";
# This refers to a filesystem in the `bcachefs_filesystems` attrset below.
filesystem = "mounted_subvolumes_in_multi";
label = "ssd.ssd1";
extraFormatArgs = [
"--discard"
];
};
};
in
{
imports = [ ../options.nix ];
config = lib.mkIf (!isArm && cfg.enable) {
disko.devices = lib.mkMerge [
{
disk = {
main = {
device = rootDisk;
type = "disk";
imageSize = "32G";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "100M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = if cfg.filesystem == "btrfs" then btrfsRoot else bcachefsRoot;
}; };
}; };
}; };
}; };
bcachefs_filesystems = lib.mkIf (cfg.filesystem == "bcachefs") {
mounted_subvolumes_in_multi = {
type = "bcachefs_filesystem";
# passwordFile = "/etc/nixos/pool.jwe";
extraFormatArgs = [
"--compression=zstd"
];
subvolumes = {
"subvolumes/root" = {
mountpoint = "/";
mountOptions = [
"verbose"
];
};
"subvolumes/persistent" = {
mountpoint = "/persistent";
};
"subvolumes/nix" = {
mountOptions = [
"noatime"
];
mountpoint = "/nix";
};
};
};
};
}
(lib.mkIf (cfg.filesystem == "btrfs") {
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"mode=755"
"defaults"
"size=25%"
];
};
})
];
}; };
} }

7
modules/nixos/fonts/default.nix
View File

@@ -1,11 +1,14 @@
{ lib, pkgs, ... }: { lib, pkgs, ... }:
{ {
fonts.packages = with pkgs; [ fonts.packages =
with pkgs;
[
font-awesome font-awesome
noto-fonts noto-fonts
noto-fonts-color-emoji noto-fonts-color-emoji
meslo-lgs-nf meslo-lgs-nf
] ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts); ]
++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
fonts.fontconfig.defaultFonts = { fonts.fontconfig.defaultFonts = {
emoji = [ emoji = [

13
modules/nixos/gaming/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.share.gaming; cfg = config.share.gaming;
pkgsVersion = pkgs; #.unstable; pkgsVersion = pkgs; # .unstable;
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];
@@ -17,7 +22,7 @@ in
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
# Open ports in the firewall for Source Dedicated Server # Open ports in the firewall for Source Dedicated Server
dedicatedServer.openFirewall = true; dedicatedServer.openFirewall = true;
extraCompatPackages = with pkgsVersion; [ proton-ge-bin]; extraCompatPackages = with pkgsVersion; [ proton-ge-bin ];
gamescopeSession = { gamescopeSession = {
enable = true; enable = true;
args = [ args = [
@@ -57,7 +62,7 @@ in
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override { steam = pkgs.steam.override {
extraPkgs = extraPkgs =
pkgs: with pkgsVersion; [ _pkgs: with pkgsVersion; [
xorg.libXcursor xorg.libXcursor
xorg.libXi xorg.libXi
xorg.libXinerama xorg.libXinerama

29
modules/nixos/gitea/default.nix
View File

@@ -1,13 +1,18 @@
{ config, lib, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.nas-apps.gitea; cfg = config.${namespace}.services.gitea;
hostAddress = "10.0.1.3"; hostAddress = "10.0.1.3";
# localAddress = "10.0.4.18"; # localAddress = "10.0.4.18";
# httpPort = 3000; # httpPort = 3000;
# sshPort = 2222; # sshPort = 2222;
rootUrl = "https://gitea.mjallen.dev/"; rootUrl = "https://gitea.mjallen.dev/";
# stateDir = "/media/nas/ssd/nix-app-data/gitea"; # stateDir = "/media/nas/main/nix-app-data/gitea";
dataDir = "/var/lib/gitea"; dataDir = "/var/lib/gitea";
secretsDir = "/run/secrets/jallen-nas/gitea"; secretsDir = "/run/secrets/jallen-nas/gitea";
mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path; mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path;
@@ -34,7 +39,8 @@ in
}; };
}; };
config = { lib, ... }: config =
{ lib, ... }:
{ {
services.gitea = { services.gitea = {
enable = true; enable = true;
@@ -71,7 +77,10 @@ in
networking = { networking = {
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [ cfg.httpPort cfg.sshPort ]; allowedTCPPorts = [
cfg.httpPort
cfg.sshPort
];
}; };
# Use systemd-resolved inside the container # Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
@@ -122,8 +131,14 @@ in
]; ];
}; };
firewall = { firewall = {
allowedTCPPorts = [ cfg.httpPort cfg.sshPort ]; allowedTCPPorts = [
allowedUDPPorts = [ cfg.httpPort cfg.sshPort ]; cfg.httpPort
cfg.sshPort
];
allowedUDPPorts = [
cfg.httpPort
cfg.sshPort
];
}; };
}; };
}; };

4
modules/nixos/gitea/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }: { lib, namespace, ... }:
with lib; with lib;
{ {
options.nas-apps.gitea = { options.${namespace}.services.gitea = {
enable = mkEnableOption "gitea service"; enable = mkEnableOption "gitea service";
httpPort = mkOption { httpPort = mkOption {

16
modules/nixos/home/default.nix
View File

@@ -4,8 +4,12 @@
options, options,
namespace, namespace,
inputs, inputs,
system,
... ...
}: }:
let
isArm = ("aarch64-linux" == system);
in
{ {
options.${namespace}.home = with lib.types; { options.${namespace}.home = with lib.types; {
@@ -47,13 +51,17 @@
}; };
# Make ALL external HM modules available globally # Make ALL external HM modules available globally
sharedModules = with inputs; [ sharedModules =
with inputs;
[
sops-nix.homeManagerModules.sops sops-nix.homeManagerModules.sops
steam-rom-manager.homeManagerModules.default
# Add any other external HM modules here # Add any other external HM modules here
]; ]
++ (if (!isArm) then with inputs; [ steam-rom-manager.homeManagerModules.default ] else [ ]);
users.${config.${namespace}.user.name} = lib.mkAliasDefinitions options.${namespace}.home.extraOptions; users.${config.${namespace}.user.name} =
lib.mkAliasDefinitions
options.${namespace}.home.extraOptions;
# users.admin = lib.mkAliasDefinitions options.${namespace}.home.extraOptions; # users.admin = lib.mkAliasDefinitions options.${namespace}.home.extraOptions;
verbose = true; verbose = true;

77
modules/nixos/homeassistant/default.nix
View File

@@ -1,23 +1,14 @@
{ config, lib, pkgs, namespace, ... }: {
config,
lib,
pkgs,
namespace,
...
}:
let let
cfg = config.${namespace}.services.home-assistant; cfg = config.${namespace}.services.home-assistant;
mosquittoPort = 1883; mosquittoPort = 1883;
zigbee2mqttPort = 8080; zigbee2mqttPort = 8080;
# In configuration.nix or a separate file
python-steam = pkgs.python3Packages.buildPythonPackage rec {
pname = "steam";
version = "1.4.4";
pyproject = false;
src = pkgs.fetchPypi {
inherit pname version;
sha256 = "sha256-K1vWkRwNSnMS9EG40WK52NR8i+u478bIhnOTsDI/pS4=";
};
buildInputs = with pkgs.python3Packages; [ setuptools ];
doCheck = false; # no tests in the PyPI tarball
};
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];
@@ -60,6 +51,7 @@ in
"nws" "nws"
"ollama" "ollama"
"onedrive" "onedrive"
"open_router"
"ping" "ping"
"radio_browser" "radio_browser"
"samsungtv" "samsungtv"
@@ -87,6 +79,7 @@ in
pkgs.${namespace}.ha-icloud3 pkgs.${namespace}.ha-icloud3
pkgs.${namespace}.ha-mail-and-packages pkgs.${namespace}.ha-mail-and-packages
pkgs.${namespace}.ha-nanokvm pkgs.${namespace}.ha-nanokvm
pkgs.${namespace}.ha-openhasp
pkgs.${namespace}.ha-overseerr pkgs.${namespace}.ha-overseerr
pkgs.${namespace}.ha-petlibro pkgs.${namespace}.ha-petlibro
pkgs.${namespace}.ha-wyzeapi pkgs.${namespace}.ha-wyzeapi
@@ -106,7 +99,8 @@ in
zigbee2mqtt-networkmap zigbee2mqtt-networkmap
]; ];
# use postgresql instead of sqlite # use postgresql instead of sqlite
extraPackages = ps: with ps; [ extraPackages =
ps: with ps; [
# Core functionality # Core functionality
aiohttp aiohttp
aiodns aiodns
@@ -190,7 +184,7 @@ in
gehomesdk gehomesdk
onedrive-personal-sdk onedrive-personal-sdk
python-roborock python-roborock
python-steam pkgs.${namespace}.python-steam
apple-weatherkit apple-weatherkit
samsungctl samsungctl
@@ -209,7 +203,7 @@ in
config = { config = {
# Includes dependencies for a basic setup # Includes dependencies for a basic setup
# https://www.home-assistant.io/integrations/default_config/ # https://www.home-assistant.io/integrations/default_config/
default_config = {}; default_config = { };
cloud = false; cloud = false;
@@ -226,7 +220,7 @@ in
trusted_proxies = [ trusted_proxies = [
"172.30.33.0/24" "172.30.33.0/24"
"10.0.1.4" "10.0.1.4"
"10.0.4.2" "10.0.1.3"
"10.0.1.18" "10.0.1.18"
"10.0.1.0/24" "10.0.1.0/24"
]; ];
@@ -244,6 +238,43 @@ in
# https://www.home-assistant.io/integrations/ota_updater/ # https://www.home-assistant.io/integrations/ota_updater/
zha.zigpy_config.ota.z2m_remote_index = "https://raw.githubusercontent.com/Koenkk/zigbee-OTA/master/index.json"; zha.zigpy_config.ota.z2m_remote_index = "https://raw.githubusercontent.com/Koenkk/zigbee-OTA/master/index.json";
openhasp = {
plate = {
objects = [
{
obj = "p0b1"; # temperature label on all pages
properties = {
"text" = ''{{ states("sensor.thermostat_current_temperature") }}°F'';
};
}
{
obj = "p1b2"; # light-switch toggle button
properties = {
"val" = ''{{ 1 if states("light.living_room_lights") == "on" else 0 }}'';
"text" = ''{{ "\uE6E8" if is_state("light.living_room_lights", "on") else "\uE335" | e }}'';
};
event = {
"up" = {
service = "homeassistant.toggle";
entity_id = "light.living_room_lights";
};
};
}
{
obj = "p1b3"; # dropdown
event = {
"changed" = {
service = "persistent_notification.create";
data = {
message = "I like {{ text }}";
};
};
};
}
];
};
};
}; };
}; };
@@ -262,10 +293,12 @@ in
postgresql = { postgresql = {
enable = true; enable = true;
ensureDatabases = [ "hass" ]; ensureDatabases = [ "hass" ];
ensureUsers = [{ ensureUsers = [
{
name = "hass"; name = "hass";
ensureDBOwnership = true; ensureDBOwnership = true;
}]; }
];
}; };
# Enable and configure Mosquitto MQTT broker # Enable and configure Mosquitto MQTT broker

7
modules/nixos/immich/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.immich; cfg = config.${namespace}.services.immich;

143
modules/nixos/impermanence/default.nix
View File

@@ -1,9 +1,137 @@
{ ... }:
{ {
# Set up impernance configuration for things like bluetooth config,
# In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints. lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.impermanence;
in
{
imports = [ ./options.nix ];
environment.persistence."/nix/persist/system" = { config = mkIf cfg.enable {
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
system.activationScripts = {
"var-lib-private-permissions" = {
deps = [ "createPersistentStorageDirs" ];
text = ''
mkdir -p /var/lib/private
chmod 0700 /var/lib/private
'';
};
};
boot.initrd.systemd.services.rootfs-cleanup = {
description = "Clean file system root";
wantedBy = [
"initrd.target"
];
after = [
"initrd-root-device.target"
];
before = [
"sysroot.mount"
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script =
if (hasAttr "/" config.fileSystems) && (config.fileSystems."/".fsType == "btrfs") then
''
# workaround for machines without working rtc battery
# The time may not yet be correctly set, so wait until it is
if [[ $(date '+%s') -lt 1730469314 ]]; then
sleep 30 # this should hopefully be enough
fi
mkdir /btrfs_tmp
mount ${config.fileSystems."/".device} -t btrfs /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %X /btrfs_tmp/root)" "+%Y-%m-%d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1" || rm -rf "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -atime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
''
else if (hasAttr "/" config.fileSystems) && (config.fileSystems."/".fsType == "bcachefs") then
''
# workaround for machines without working rtc battery
# The time may not yet be correctly set, so wait until it is
if [[ $(date '+%s') -lt 1730469314 ]]; then
sleep 30 # this should hopefully be enough
fi
if [[ -e /root_tmp/root ]]; then
mkdir -p /root_tmp/old_roots
timestamp=$(date --date="@$(stat -c %X /root_tmp/root)" "+%Y-%m-%d_%H:%M:%S")
mv /root_tmp/root "/root_tmp/old_roots/$timestamp"
fi
for i in $(find /root_tmp/old_roots/ -maxdepth 1 -atime +30); do
bcachefs subvolume delete $i
done
bcachefs subvolume create /root_tmp/root
''
else
# For tmpfs or other filesystems, do nothing
"";
};
assertions = [
{
assertion = hasAttr "/" config.fileSystems;
message = "To use impermanence, you need to define a root volume";
}
{
assertion =
if hasAttr "/" config.fileSystems then
config.fileSystems."/".fsType == "btrfs"
|| config.fileSystems."/".fsType == "bcachefs"
|| config.fileSystems."/".fsType == "tmpfs"
else
false;
message = "rootfs must be btrfs, bcachefs, or tmpfs; not " + config.fileSystems."/".fsType;
}
{
assertion =
if
hasAttr "/" config.fileSystems
&& (config.fileSystems."/".fsType == "btrfs" || config.fileSystems."/".fsType == "bcachefs")
then
any (
t: t == "subvol=root" || t == "subvol=/root" || t == "X-mount.subdir=subvolumes/root"
) config.fileSystems."/".options
else
true;
message = "btrfs or bcachefs rootfs must mount subvolume root";
}
{
assertion = !config.boot.isContainer;
message = "impermanence is not supported in containers";
}
];
environment.persistence.${cfg.persistencePath} = {
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/var/lib/bluetooth" "/var/lib/bluetooth"
@@ -64,10 +192,5 @@
"/etc/machine-id" "/etc/machine-id"
]; ];
}; };
};
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
} }

12
modules/nixos/impermanence/options.nix Normal file
View File

@@ -0,0 +1,12 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.impermanence = {
enable = mkEnableOption "enable impermanence";
persistencePath = mkOption {
type = types.str;
default = "/nix/persist/system";
description = "Path to the persistence directory";
};
};
}

9
modules/nixos/jellyfin/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.jellyfin; cfg = config.${namespace}.services.jellyfin;
@@ -12,7 +17,7 @@ in
openFirewall = true; openFirewall = true;
user = "nix-apps"; user = "nix-apps";
group = "jallen-nas"; group = "jallen-nas";
dataDir = "/media/nas/ssd/nix-app-data/jellyfin"; dataDir = "/media/nas/main/nix-app-data/jellyfin";
# cacheDir = "/cache"; # cacheDir = "/cache";
}; };
}; };

9
modules/nixos/jellyseerr/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.jellyseerr; cfg = config.${namespace}.services.jellyseerr;
@@ -20,7 +25,7 @@ in
bindMounts = { bindMounts = {
${dataDir} = { ${dataDir} = {
hostPath = "/media/nas/ssd/nix-app-data/jellyseerr"; hostPath = "/media/nas/main/nix-app-data/jellyseerr";
isReadOnly = false; isReadOnly = false;
}; };
}; };

13
modules/nixos/lubelogger/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.lubelogger; cfg = config.${namespace}.services.lubelogger;
@@ -12,11 +17,11 @@ in
image = "ghcr.io/hargata/lubelogger"; image = "ghcr.io/hargata/lubelogger";
ports = [ "6754:8080" ]; ports = [ "6754:8080" ];
volumes = [ volumes = [
"/media/nas/ssd/nix-app-data/lubelogger:/App/data" "/media/nas/main/nix-app-data/lubelogger:/App/data"
"/media/nas/ssd/nix-app-data/lubelogger/keys:/root/.aspnet/DataProtection-Keys" "/media/nas/main/nix-app-data/lubelogger/keys:/root/.aspnet/DataProtection-Keys"
]; ];
environmentFiles = [ environmentFiles = [
"/media/nas/ssd/nix-app-data/lubelogger/lubelogger.env" "/media/nas/main/nix-app-data/lubelogger/lubelogger.env"
]; ];
environment = { environment = {
PUID = toString config.users.users.nix-apps.uid; PUID = toString config.users.users.nix-apps.uid;

53
modules/nixos/monitoring/default.nix Normal file
View File

@@ -0,0 +1,53 @@
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.monitoring;
in
{
options.${namespace}.monitoring = {
enable = lib.mkEnableOption "Common monitoring and system tools";
includeNetworkTools = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Include network monitoring tools";
};
includePerformanceTools = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Include performance monitoring tools";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages =
with pkgs;
[
# Basic system monitoring
htop
]
++ lib.optionals cfg.includePerformanceTools [
glances
nmon
iotop
]
++ lib.optionals cfg.includeNetworkTools [
speedtest-cli
iftop
nethogs
tcpdump
wireshark-cli
];
# Enable common system services for monitoring
programs.screen.enable = lib.mkDefault true;
};
}

191
modules/nixos/network/default.nix
View File

@@ -9,113 +9,45 @@ let
cfg = config.${namespace}.network; cfg = config.${namespace}.network;
in in
{ {
options.${namespace}.network = with types; { imports = [
hostName = lib.mkOption { ./options.nix
type = str; ];
default = "nixos";
description = "The hostname of the system.";
};
ipv4 = {
method = mkOption {
type = types.str;
default = "auto";
};
address = lib.mkOption {
type = types.str;
default = "10.0.1.1";
};
gateway = lib.mkOption {
type = types.str;
default = "10.0.1.1";
};
dns = lib.mkOption {
type = types.str;
default = "10.0.1.1";
};
};
};
config = { config = {
networking = { networking = {
hostName = lib.mkForce cfg.hostName; hostName = lib.mkForce cfg.hostName;
# Enable Network Manager # Use networkd if enabled
networkmanager = { useNetworkd = lib.mkIf cfg.useNetworkd true;
# Set default gateway and nameservers if in manual mode
defaultGateway = lib.mkIf (cfg.ipv4.method == "manual") {
address = cfg.ipv4.gateway;
interface = lib.mkIf (cfg.ipv4.interface != "") cfg.ipv4.interface;
};
nameservers = lib.mkIf (cfg.ipv4.method == "manual") [ cfg.ipv4.dns ];
# Set hostId if provided
hostId = lib.mkIf (cfg.hostId != "") cfg.hostId;
# Configure NAT if enabled
nat = lib.mkIf cfg.nat.enable {
enable = true; enable = true;
wifi.powersave = lib.mkDefault false; internalInterfaces = cfg.nat.internalInterfaces;
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt"; externalInterface = cfg.nat.externalInterface;
ensureProfiles = { enableIPv6 = cfg.nat.enableIPv6;
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = {
"Joey's Jungle 6G" = {
connection = {
id = "Joey's Jungle 6G";
type = "wifi";
};
ipv4 = if (cfg.ipv4.method == "auto")
then
{
method = "auto";
}
else
{
address1 = cfg.ipv4.address;
dns = cfg.ipv4.dns;
gateway = cfg.ipv4.gateway;
method = "manual";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 6G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
}; };
"Joey's Jungle 5G" = { # Configure firewall
connection = {
id = "Joey's Jungle 5G";
type = "wifi";
};
ipv4 = if (cfg.ipv4.method == "auto")
then
{
method = "auto";
}
else
{
address1 = cfg.ipv4.address;
dns = cfg.ipv4.dns;
gateway = cfg.ipv4.gateway;
method = "manual";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 5G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
};
};
};
firewall = { firewall = {
enable = cfg.firewall.enable;
allowPing = cfg.firewall.allowPing;
allowedTCPPorts = cfg.firewall.allowedTCPPorts;
allowedUDPPorts = cfg.firewall.allowedUDPPorts;
trustedInterfaces = cfg.firewall.trustedInterfaces;
# Default port ranges for KDE Connect
allowedTCPPortRanges = [ allowedTCPPortRanges = [
{ {
from = 1714; from = 1714;
@@ -123,7 +55,70 @@ in
} }
]; ];
allowedUDPPortRanges = config.networking.firewall.allowedTCPPortRanges; allowedUDPPortRanges = config.networking.firewall.allowedTCPPortRanges;
# Extra firewall commands
extraCommands = lib.mkIf (cfg.extraFirewallCommands != "") cfg.extraFirewallCommands;
}; };
# Configure iwd if enabled
wireless.iwd = lib.mkIf cfg.iwd.enable {
enable = true;
settings = cfg.iwd.settings;
};
# Configure NetworkManager
networkmanager = mkMerge [
# Disable NetworkManager when iwd is enabled
(mkIf cfg.iwd.enable {
enable = mkForce false;
wifi.backend = mkForce "iwd";
})
# Enable NetworkManager when wifi is enabled and iwd is disabled
(mkIf (cfg.wifi.enable && !cfg.iwd.enable) {
enable = true;
wifi.powersave = cfg.wifi.powersave;
settings.connectivity.uri = mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
# Configure WiFi profiles if any are defined
ensureProfiles = mkIf (cfg.wifi.profiles != { }) {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = mapAttrs (name: profile: {
connection = {
id = name;
type = "wifi";
};
ipv4 =
if (cfg.ipv4.method == "auto") then
{
method = "auto";
}
else
{
address1 = cfg.ipv4.address;
dns = cfg.ipv4.dns;
gateway = cfg.ipv4.gateway;
method = "manual";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = profile.ssid;
};
wifi-security = {
key-mgmt = profile.keyMgmt;
psk = profile.psk;
};
}) cfg.wifi.profiles;
};
})
];
}; };
}; };
} }

162
modules/nixos/network/options.nix Normal file
View File

@@ -0,0 +1,162 @@
{
lib,
namespace,
...
}:
with lib;
{
options.${namespace}.network = with types; {
hostName = lib.mkOption {
type = str;
default = "nixos";
description = "The hostname of the system.";
};
ipv4 = {
method = mkOption {
type = types.str;
default = "auto";
description = "Method for IPv4 configuration (auto or manual).";
};
address = lib.mkOption {
type = types.str;
default = "10.0.1.1/24";
description = "IPv4 address with subnet mask (e.g., 10.0.1.1/24).";
};
gateway = lib.mkOption {
type = types.str;
default = "10.0.1.1";
description = "IPv4 default gateway.";
};
interface = lib.mkOption {
type = types.str;
default = "";
description = "Interface for the default gateway (required when using networkd).";
};
dns = lib.mkOption {
type = types.str;
default = "10.0.1.1";
description = "IPv4 DNS server.";
};
};
useNetworkd = mkOption {
type = types.bool;
default = false;
description = "Whether to use systemd-networkd for networking.";
};
nat = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable NAT.";
};
internalInterfaces = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of internal interfaces for NAT.";
};
externalInterface = mkOption {
type = types.str;
default = "";
description = "External interface for NAT.";
};
enableIPv6 = mkOption {
type = types.bool;
default = false;
description = "Whether to enable IPv6 NAT.";
};
};
firewall = {
enable = mkOption {
type = types.bool;
default = true;
description = "Whether to enable the firewall.";
};
allowPing = mkOption {
type = types.bool;
default = true;
description = "Whether to allow ICMP ping.";
};
allowedTCPPorts = mkOption {
type = types.listOf types.port;
default = [ ];
description = "List of allowed TCP ports.";
};
allowedUDPPorts = mkOption {
type = types.listOf types.port;
default = [ ];
description = "List of allowed UDP ports.";
};
trustedInterfaces = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of trusted interfaces.";
};
};
wifi = {
enable = mkOption {
type = types.bool;
default = true;
description = "Whether to enable WiFi configuration.";
};
powersave = mkOption {
type = types.bool;
default = false;
description = "Whether to enable WiFi power saving.";
};
profiles = mkOption {
type = types.attrsOf (
types.submodule {
options = {
ssid = mkOption {
type = types.str;
description = "SSID of the WiFi network.";
};
psk = mkOption {
type = types.str;
default = "$PSK";
description = "PSK environment variable for the WiFi password.";
};
keyMgmt = mkOption {
type = types.str;
default = "sae";
description = "Key management type (e.g., sae, wpa-psk).";
};
};
}
);
default = { };
description = "WiFi network profiles.";
};
};
hostId = mkOption {
type = types.str;
default = "";
description = "Host ID for ZFS and other services.";
};
iwd = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable iwd for wireless networking.";
};
settings = mkOption {
type = types.attrs;
default = { };
description = "Settings for iwd.";
};
};
extraFirewallCommands = mkOption {
type = types.str;
default = "";
description = "Extra commands for the firewall.";
};
};
}

17
modules/nixos/nextcloud/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, namespace, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.nextcloud; cfg = config.${namespace}.services.nextcloud;
@@ -47,20 +52,24 @@ in
}; };
"/var/lib/nextcloud" = { "/var/lib/nextcloud" = {
hostPath = "/media/nas/ssd/nix-app-data/nextcloud"; hostPath = "/media/nas/main/nix-app-data/nextcloud";
isReadOnly = false; isReadOnly = false;
mountPoint = "/var/lib/nextcloud"; mountPoint = "/var/lib/nextcloud";
}; };
"/var/lib/onlyoffice" = { "/var/lib/onlyoffice" = {
hostPath = "/media/nas/ssd/nix-app-data/onlyoffice"; hostPath = "/media/nas/main/nix-app-data/onlyoffice";
isReadOnly = false; isReadOnly = false;
mountPoint = "/var/lib/onlyoffice"; mountPoint = "/var/lib/onlyoffice";
}; };
}; };
config = config =
{ pkgs, lib, namespace, ... }: {
pkgs,
lib,
...
}:
{ {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking.extraHosts = '' networking.extraHosts = ''

4
modules/nixos/nix/default.nix
View File

@@ -3,10 +3,12 @@
nix = { nix = {
settings = { settings = {
substituters = [ substituters = [
"https://nixos-raspberrypi.cachix.org"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://cache.nixos.org/" "https://cache.nixos.org/"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
]; ];
warn-dirty = lib.mkForce false; warn-dirty = lib.mkForce false;
@@ -30,6 +32,8 @@
allowUnsupportedSystem = true; allowUnsupportedSystem = true;
permittedInsecurePackages = [ permittedInsecurePackages = [
# ... # ...
"libsoup-2.74.3"
"libxml2-2.13.8"
]; ];
}; };
}; };

30
modules/nixos/ollama/default.nix
View File

@@ -1,19 +1,13 @@
{ config, lib, pkgs, namespace, ... }: {
config,
lib,
pkgs,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.ollama; cfg = config.${namespace}.services.ollama;
llamaPackage = pkgs.llama-cpp.overrideAttrs (old: {
src = pkgs.fetchFromGitHub {
owner = "ggml-org";
repo = "llama.cpp";
rev = "b4920";
sha256 = "sha256-SnQIeY74JpAPRMxWcpklDH5D4CQvAgi0GYx5+ECk2J4=";
};
# Optionally override other attributes if you need to
# version = "my-fork-version";
# pname = "llama-cpp-custom";
});
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];
@@ -27,18 +21,18 @@ in
group = "jallen-nas"; group = "jallen-nas";
openFirewall = true; openFirewall = true;
acceleration = "cuda"; acceleration = "cuda";
home = "/media/nas/ssd/nix-app-data/ollama"; home = "/media/nas/main/nix-app-data/ollama";
}; };
environment.systemPackages = [ llamaPackage ]; environment.systemPackages = [ pkgs.stable.llama-cpp ];
services.llama-cpp = { services.llama-cpp = {
enable = true; enable = true;
port = 8127; port = 8127;
host = "0.0.0.0"; host = "0.0.0.0";
openFirewall = true; openFirewall = true;
model = "/media/nas/ssd/nix-app-data/llama-cpp/models/functionary-small-v3.2-GGUF/functionary-small-v3.2.Q4_0.gguf"; model = "/media/nas/main/nix-app-data/llama-cpp/models/functionary-small-v3.2-GGUF/functionary-small-v3.2.Q4_0.gguf";
package = llamaPackage; # pkgs.unstable.llama-cpp; package = pkgs.stable.llama-cpp;
extraFlags = [ extraFlags = [
"--n_gpu-layers" "--n_gpu-layers"
"500" "500"
@@ -55,7 +49,7 @@ in
host = "0.0.0.0"; host = "0.0.0.0";
port = 8888; port = 8888;
openFirewall = true; openFirewall = true;
# stateDir = "/media/nas/ssd/nix-app-data/open-webui"; # stateDir = "/media/nas/main/nix-app-data/open-webui";
environmentFile = config.sops.secrets."jallen-nas/open-webui".path; environmentFile = config.sops.secrets."jallen-nas/open-webui".path;
environment = { environment = {
OPENID_PROVIDER_URL = "https://authentik.mjallen.dev/application/o/chat/.well-known/openid-configuration"; OPENID_PROVIDER_URL = "https://authentik.mjallen.dev/application/o/chat/.well-known/openid-configuration";

4
modules/nixos/orca/default.nix
View File

@@ -1,12 +1,12 @@
{ {
lib, lib,
pkgs,
config, config,
namespace,
... ...
}: }:
with lib; with lib;
let let
cfg = config.nas-apps.orca-slicer; cfg = config.${namespace}.services.orca-slicer;
in in
{ {
imports = [ ./options.nix ]; imports = [ ./options.nix ];

6
modules/nixos/orca/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }: { lib, namespace, ... }:
with lib; with lib;
{ {
options.nas-apps.orca-slicer = { options.${namespace}.services.orca-slicer = {
enable = mkEnableOption "orca slicer docker service"; enable = mkEnableOption "orca slicer docker service";
autoStart = mkOption { autoStart = mkOption {
@@ -31,7 +31,7 @@ with lib;
configPath = mkOption { configPath = mkOption {
type = types.str; type = types.str;
default = "/media/nas/ssd/ssd_app_data/orca-slicer"; default = "/media/nas/main/ssd_app_data/orca-slicer";
}; };
dataPath = mkOption { dataPath = mkOption {

10
modules/nixos/paperless/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.paperless; cfg = config.${namespace}.services.paperless;
@@ -6,7 +11,6 @@ let
paperlessPort = 28981; paperlessPort = 28981;
paperlessUserId = config.users.users.nix-apps.uid; paperlessUserId = config.users.users.nix-apps.uid;
paperlessGroupId = config.users.groups.jallen-nas.gid; paperlessGroupId = config.users.groups.jallen-nas.gid;
paperlessEnv = config.sops.templates."paperless.env".path;
paperlessPkg = pkgs.paperless-ngx; paperlessPkg = pkgs.paperless-ngx;
in in
{ {
@@ -78,7 +82,7 @@ in
# Bind mount directories from host # Bind mount directories from host
bindMounts = { bindMounts = {
"/var/lib/paperless" = { "/var/lib/paperless" = {
hostPath = "/media/nas/ssd/nix-app-data/paperless"; hostPath = "/media/nas/main/nix-app-data/paperless";
isReadOnly = false; isReadOnly = false;
}; };
secrets = { secrets = {

92
modules/nixos/raspberry-pi/default.nix Normal file
View File

@@ -0,0 +1,92 @@
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.hardware.raspberry-pi;
in
{
options.${namespace}.hardware.raspberry-pi = {
enable = lib.mkEnableOption "Raspberry Pi common configuration";
variant = lib.mkOption {
type = lib.types.enum [
"4"
"5"
];
description = "Raspberry Pi variant (4 or 5)";
};
};
config = lib.mkIf cfg.enable {
# Common Raspberry Pi packages
environment.systemPackages =
with pkgs;
[
libraspberrypi
raspberrypi-eeprom
raspberrypifw
raspberrypiWirelessFirmware
raspberrypi-armstubs
]
++ lib.optionals (cfg.variant == "4") [
i2c-tools
]
++ lib.optionals (cfg.variant == "5") [
erofs-utils
fex
squashfuse
squashfsTools
];
# Common nixpkgs overlays for Raspberry Pi
nixpkgs.overlays = lib.mkAfter [
(_self: super: {
# This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
# enableRedistributableFirmware is enabled
inherit (super) raspberrypiWirelessFirmware;
# Some derivations want to use it as an input,
# e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
inherit (super) raspberrypifw;
})
];
# Common Bluetooth configuration
systemd.services.btattach = {
before = [ "bluetooth.service" ];
after = [ "dev-ttyAMA0.device" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
};
};
# Common hardware settings
hardware.i2c.enable = lib.mkIf (cfg.variant == "4") true;
# Pi 5 specific settings
hardware.graphics.enable32Bit = lib.mkIf (cfg.variant == "5") (lib.mkForce false);
zramSwap.enable = lib.mkIf (cfg.variant == "5") true;
# Pi 5 specific system tags
system.nixos.tags = lib.mkIf (cfg.variant == "5") (
let
bootCfg = config.boot.loader.raspberry-pi;
in
[
"raspberry-pi-${bootCfg.variant}"
bootCfg.bootloader
config.boot.kernelPackages.kernel.version
]
);
# Common programs
programs.kdeconnect.enable = lib.mkDefault false;
# Root user shell configuration
users.users.root.shell = pkgs.zsh;
};
}

19
systems/aarch64-linux/macbook-pro-nixos/sops.nix → modules/nixos/sops/default.nix
View File

@@ -1,6 +1,7 @@
{ config, ... }: { lib, ... }:
let let
user = "matt"; # defaultSops = (lib.snowfall.fs.get-file "secrets/pi4-secrets.yaml");
defaultSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
in in
{ {
# Permission modes are in octal representation (same as chmod), # Permission modes are in octal representation (same as chmod),
@@ -18,42 +19,40 @@ in
# Either the group id or group name representation of the secret group # Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration # It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = { sops = {
defaultSopsFile = ../../secrets/secrets.yaml; defaultSopsFile = defaultSops;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------ # ------------------------------
# Secrets # Secrets
# ------------------------------ # ------------------------------
secrets = { secrets = {
"wifi" = { "wifi" = { };
sopsFile = ../../secrets/secrets.yaml;
};
# ------------------------------ # ------------------------------
# SSH keys # SSH keys
# ------------------------------ # ------------------------------
# "ssh-keys-public/desktop-nixos" = { # "ssh-keys-public/desktop-nixos" = {
# sopsFile = ../../secrets/secrets.yaml; # sopsFile = sharedSops;
# mode = "0644"; # mode = "0644";
# owner = config.users.users."${user}".name; # owner = config.users.users."${user}".name;
# group = config.users.users."${user}".group; # group = config.users.users."${user}".group;
# restartUnits = [ "sshd.service" ]; # restartUnits = [ "sshd.service" ];
# }; # };
# "ssh-keys-private/desktop-nixos" = { # "ssh-keys-private/desktop-nixos" = {
# sopsFile = ../../secrets/secrets.yaml; # sopsFile = sharedSops;
# mode = "0600"; # mode = "0600";
# owner = config.users.users."${user}".name; # owner = config.users.users."${user}".name;
# group = config.users.users."${user}".group; # group = config.users.users."${user}".group;
# restartUnits = [ "sshd.service" ]; # restartUnits = [ "sshd.service" ];
# }; # };
# "ssh-keys-public/desktop-nixos-root" = { # "ssh-keys-public/desktop-nixos-root" = {
# sopsFile = ../../secrets/secrets.yaml; # sopsFile = sharedSops;
# path = "/root/.ssh/id_ed25519.pub"; # path = "/root/.ssh/id_ed25519.pub";
# mode = "0600"; # mode = "0600";
# restartUnits = [ "sshd.service" ]; # restartUnits = [ "sshd.service" ];
# }; # };
# "ssh-keys-private/desktop-nixos-root" = { # "ssh-keys-private/desktop-nixos-root" = {
# sopsFile = ../../secrets/secrets.yaml; # sopsFile = sharedSops;
# path = "/root/.ssh/id_ed25519"; # path = "/root/.ssh/id_ed25519";
# mode = "0600"; # mode = "0600";
# restartUnits = [ "sshd.service" ]; # restartUnits = [ "sshd.service" ];

89
modules/nixos/traefik/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.traefik; cfg = config.${namespace}.services.traefik;
@@ -14,7 +19,7 @@ let
cacheUrl = "http://${serverIp}:9012"; cacheUrl = "http://${serverIp}:9012";
cloudUrl = "http://${config.containers.nextcloud.localAddress}:80"; cloudUrl = "http://${config.containers.nextcloud.localAddress}:80";
giteaUrl = "http://${config.containers.gitea.localAddress}:${toString config.containers.gitea.config.services.gitea.settings.server.HTTP_PORT}"; giteaUrl = "http://${config.containers.gitea.localAddress}:${toString config.containers.gitea.config.services.gitea.settings.server.HTTP_PORT}";
hassUrl = "http://homeassistant.local:8123"; hassUrl = "http://nuc-nixos.local:8123";
immichUrl = "http://${serverIp}:${toString config.services.immich.port}"; immichUrl = "http://${serverIp}:${toString config.services.immich.port}";
jellyfinUrl = "http://${serverIp}:8096"; jellyfinUrl = "http://${serverIp}:8096";
jellyseerrUrl = "http://${config.containers.jellyseerr.localAddress}:${toString config.containers.jellyseerr.config.services.jellyseerr.port}"; jellyseerrUrl = "http://${config.containers.jellyseerr.localAddress}:${toString config.containers.jellyseerr.config.services.jellyseerr.port}";
@@ -53,7 +58,7 @@ let
# misc # misc
letsEncryptEmail = "jalle008@proton.me"; letsEncryptEmail = "jalle008@proton.me";
dataDir = "/media/nas/ssd/nix-app-data/traefik"; dataDir = "/media/nas/main/nix-app-data/traefik";
authentikAddress = "http://${serverIp}:9000/outpost.goauthentik.io/auth/traefik"; authentikAddress = "http://${serverIp}:9000/outpost.goauthentik.io/auth/traefik";
in in
{ {
@@ -76,7 +81,9 @@ in
"traefik.env" = { "traefik.env" = {
content = '' content = ''
CLOUDFLARE_DNS_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"} CLOUDFLARE_DNS_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"}
CLOUDFLARE_ZONE_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"} CLOUDFLARE_ZONE_API_TOKEN = ${
config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"
}
CLOUDFLARE_API_KEY = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"} CLOUDFLARE_API_KEY = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"}
CLOUDFLARE_EMAIL = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"} CLOUDFLARE_EMAIL = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"}
''; '';
@@ -95,7 +102,7 @@ in
services.traefik = { services.traefik = {
enable = true; enable = true;
dataDir = dataDir; dataDir = dataDir;
group = "jallen-nas";#group; group = "jallen-nas"; # group;
environmentFiles = [ "${config.services.traefik.dataDir}/traefik.env" ]; # todo: sops environmentFiles = [ "${config.services.traefik.dataDir}/traefik.env" ]; # todo: sops
staticConfigOptions = { staticConfigOptions = {
@@ -129,7 +136,12 @@ in
entryPoint = "metrics"; entryPoint = "metrics";
addEntryPointsLabels = true; addEntryPointsLabels = true;
addServicesLabels = true; addServicesLabels = true;
buckets = [0.1 0.3 1.2 5.0]; # Response time buckets buckets = [
0.1
0.3
1.2
5.0
]; # Response time buckets
}; };
}; };
@@ -215,8 +227,7 @@ in
}; };
}; };
}; };
internal-ipallowlist = internal-ipallowlist = {
{
ipAllowList = { ipAllowList = {
sourceRange = [ sourceRange = [
"127.0.0.1/32" "127.0.0.1/32"
@@ -305,7 +316,10 @@ in
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)"; rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth"; service = "auth";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
priority = 15; priority = 15;
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
@@ -314,21 +328,30 @@ in
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`actual.${domain}`)"; rule = "Host(`actual.${domain}`)";
service = "actual"; service = "actual";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
authentik = { authentik = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`authentik.${domain}`)"; rule = "Host(`authentik.${domain}`)";
service = "authentik"; service = "authentik";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
cache = { cache = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`cache.${domain}`)"; rule = "Host(`cache.${domain}`)";
service = "cache"; service = "cache";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
priority = 10; priority = 10;
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
@@ -336,21 +359,31 @@ in
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`cloud.${domain}`)"; rule = "Host(`cloud.${domain}`)";
service = "cloud"; service = "cloud";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
gitea = { gitea = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`gitea.${domain}`)"; rule = "Host(`gitea.${domain}`)";
service = "gitea"; service = "gitea";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
hass = { hass = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)"; rule = "Host(`hass.${domain}`)";
service = "hass"; service = "hass";
middlewares = [ "crowdsec" "whitelist-geoblock" "authentik" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
"authentik"
];
priority = 10; priority = 10;
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
@@ -358,35 +391,51 @@ in
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`immich.${domain}`)"; rule = "Host(`immich.${domain}`)";
service = "immich"; service = "immich";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
jellyfin = { jellyfin = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.${domain}`)"; rule = "Host(`jellyfin.${domain}`)";
service = "jellyfin"; service = "jellyfin";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
jellyseerr = { jellyseerr = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`jellyseerr.${domain}`)"; rule = "Host(`jellyseerr.${domain}`)";
service = "jellyseerr"; service = "jellyseerr";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
lubelogger = { lubelogger = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`lubelogger.${domain}`)"; rule = "Host(`lubelogger.${domain}`)";
service = "lubelogger"; service = "lubelogger";
middlewares = [ "crowdsec" "whitelist-geoblock" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
onlyoffice = { onlyoffice = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`office.${domain}`)"; rule = "Host(`office.${domain}`)";
service = "onlyoffice"; service = "onlyoffice";
middlewares = [ "crowdsec" "whitelist-geoblock" "onlyoffice-websocket" ]; middlewares = [
"crowdsec"
"whitelist-geoblock"
"onlyoffice-websocket"
];
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";
}; };
}; };

84
modules/nixos/user/default.nix
View File

@@ -8,6 +8,18 @@
with lib; with lib;
let let
cfg = config.${namespace}.user; cfg = config.${namespace}.user;
isRoot = (cfg.name == "root");
# Common SSH keys used across systems
commonSshKeys = [
# MacBook
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
# Desktop Windows
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
# Desktop NixOS
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
];
in in
{ {
options.${namespace}.user = with types; { options.${namespace}.user = with types; {
@@ -41,11 +53,58 @@ in
default = null; default = null;
description = "Path to the password file for this user account"; description = "Path to the password file for this user account";
}; };
sshKeys = lib.mkOption {
type = listOf str;
default = [ ];
description = "List of SSH public keys for the user.";
};
enableCommonSshKeys = lib.mkOption {
type = bool;
default = true;
description = "Whether to include common SSH keys used across systems.";
};
uid = lib.mkOption {
type = int;
default = if isRoot then ids.uids.root else 1000;
description = "The user ID for the user account.";
};
packages = lib.mkOption {
type = listOf package;
default = [ ];
description = "List of packages to install for this user.";
};
linger = lib.mkOption {
type = bool;
default = false;
description = "Whether to enable systemd user service persistence.";
};
password = lib.mkOption {
type = nullOr str;
default = null;
description = "Plain text password for the user (development only).";
};
hashedPassword = lib.mkOption {
type = nullOr str;
default = null;
description = "Hashed password for the user.";
};
mutableUsers = lib.mkOption {
type = bool;
default = false;
description = "Whether users are mutable (can be modified after creation).";
};
}; };
config = { config = {
users.mutableUsers = cfg.mutableUsers;
users.users.${cfg.name} = { users.users.${cfg.name} = {
inherit (cfg) name; inherit (cfg)
name
uid
linger
packages
;
extraGroups = [ extraGroups = [
"wheel" "wheel"
@@ -64,14 +123,27 @@ in
"power" "power"
"nix" "nix"
"i2c" "i2c"
] ++ cfg.extraGroups; ]
++ cfg.extraGroups;
group = "users"; group = "users";
home = "/home/${cfg.name}"; home = "/home/${cfg.name}";
isNormalUser = true; isNormalUser = (!isRoot);
isSystemUser = isRoot;
shell = lib.mkForce pkgs.zsh; shell = lib.mkForce pkgs.zsh;
uid = 1000;
hashedPasswordFile = cfg.passwordFile; # SSH keys - combine user-specific and common keys
} // cfg.extraOptions; openssh.authorizedKeys.keys = cfg.sshKeys ++ (lib.optionals cfg.enableCommonSshKeys commonSshKeys);
# Authentication - priority: passwordFile > hashedPassword > password
hashedPasswordFile = lib.mkIf (cfg.passwordFile != null) cfg.passwordFile;
hashedPassword = lib.mkIf (
cfg.passwordFile == null && cfg.hashedPassword != null
) cfg.hashedPassword;
password = lib.mkIf (
cfg.passwordFile == null && cfg.hashedPassword == null && cfg.password != null
) cfg.password;
}
// cfg.extraOptions;
}; };
} }

7
modules/nixos/wyoming/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }: {
config,
lib,
namespace,
...
}:
with lib; with lib;
let let
cfg = config.${namespace}.services.wyoming; cfg = config.${namespace}.services.wyoming;

4
overlays/jdk/default.nix
View File

@@ -1,5 +1,5 @@
{ inputs, ... }: { ... }:
final: prev: { final: _prev: {
jdk = final.openjdk17; jdk = final.openjdk17;
openjdk8 = final.openjdk17; openjdk8 = final.openjdk17;
} }

4
overlays/waybar/default.nix
View File

@@ -1,6 +1,6 @@
{ ... }: { ... }:
final: prev: { _final: prev: {
waybar = prev.waybar.overrideAttrs (old: { waybar = prev.waybar.overrideAttrs (old: {
mesonFlags = (old.mesonFlags or []) ++ [ "-Dexperimental=true" ]; mesonFlags = (old.mesonFlags or [ ]) ++ [ "-Dexperimental=true" ];
}); });
} }

7
packages/ha-anycubic/default.nix
View File

@@ -1,4 +1,9 @@
{ buildHomeAssistantComponent, pkgs, namespace, ... }: {
buildHomeAssistantComponent,
pkgs,
namespace,
...
}:
buildHomeAssistantComponent rec { buildHomeAssistantComponent rec {
owner = "adamoutler"; owner = "adamoutler";
domain = "anycubic_wifi"; domain = "anycubic_wifi";

7
packages/ha-bambulab/default.nix
View File

@@ -1,4 +1,9 @@
{ buildHomeAssistantComponent, python3Packages, fetchFromGitHub, ... }: {
buildHomeAssistantComponent,
python3Packages,
fetchFromGitHub,
...
}:
buildHomeAssistantComponent rec { buildHomeAssistantComponent rec {
owner = "greghesp"; owner = "greghesp";
domain = "bambu_lab"; domain = "bambu_lab";

12
packages/ha-gehome/default.nix
View File

@@ -1,14 +1,20 @@
{ buildHomeAssistantComponent, fetchFromGitHub, python3Packages, namespace, ... }: {
buildHomeAssistantComponent,
fetchFromGitHub,
python3Packages,
namespace,
...
}:
buildHomeAssistantComponent rec { buildHomeAssistantComponent rec {
owner = "simbaja"; owner = "simbaja";
domain = "ge_home"; domain = "ge_home";
version = "v2025.5.0"; version = "v2025.7.0";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = owner; owner = owner;
repo = "ha_gehome"; repo = "ha_gehome";
rev = version; rev = version;
hash = "sha256-NlUkM70yvBeC5s7S5BkNxIC2GztfEq8xYrQZr4pkaGU="; hash = "sha256-sCOXzrbUpbRb09QDpcm1Pbr2Xxsg0q3Ecc+tAQv2pXk=";
}; };
propagatedBuildInputs = with python3Packages; [ propagatedBuildInputs = with python3Packages; [

13
packages/ha-icloud3/default.nix
View File

@@ -1,14 +1,19 @@
{ buildHomeAssistantComponent, fetchFromGitHub, python3Packages, ... }: {
buildHomeAssistantComponent,
fetchFromGitHub,
python3Packages,
...
}:
buildHomeAssistantComponent rec { buildHomeAssistantComponent rec {
owner = "gcobb321"; owner = "gcobb321";
domain = "icloud3"; domain = "icloud3";
version = "3.2.2.3"; version = "3.2.3";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = owner; owner = owner;
repo = "icloud3"; repo = "icloud3";
rev = "v.${version}"; rev = "v${version}";
hash = "sha256-OjXioS73jE/U2YeKYf84QnStdQj3Seid4hJ2TH6z13M="; hash = "sha256-RyH25elL/0+xnJcgAx9LzYpLy5JcWuMagJiJXKbgz/s=";
}; };
propagatedBuildInputs = with python3Packages; [ propagatedBuildInputs = with python3Packages; [

7
packages/ha-mail-and-packages/default.nix
View File

@@ -1,4 +1,9 @@
{ buildHomeAssistantComponent, fetchFromGitHub, python3Packages, ... }: {
buildHomeAssistantComponent,
fetchFromGitHub,
python3Packages,
...
}:
buildHomeAssistantComponent rec { buildHomeAssistantComponent rec {
owner = "moralmunky"; owner = "moralmunky";
domain = "mail_and_packages"; domain = "mail_and_packages";

Some files were not shown because too many files have changed in this diff Show More