mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mjallen:snowfall
Branches Tags
mjallen:main mjallen:stylix mjallen:bcfs mjallen:snowfall mjallen:macbook-hyprland
...
compare: mjallen:bcfs
Branches Tags
mjallen:main mjallen:stylix mjallen:bcfs mjallen:snowfall mjallen:macbook-hyprland

57 Commits
snowfall ... bcfs

Author SHA1 Message Date
mjallen18
33385d5275 testing done 2025-08-21 20:54:43 -05:00
mjallen18
19bf815be8 end test 2025-08-21 20:52:13 -05:00
mjallen18
0152438472 more cleanup 2025-08-21 20:05:58 -05:00
mjallen18
f9b07deb19 cleanup 2025-08-21 19:45:03 -05:00
mjallen18
6e55d375d2 user updates 2025-08-21 19:40:32 -05:00
mjallen18
0e066cb4d7 move some apps to namespace 2025-08-21 19:06:51 -05:00
mjallen18
bd64283f04 idk 2025-08-21 16:17:17 -05:00
mjallen18
6025b6c4f1 bcfs root? 2025-08-21 16:10:04 -05:00
mjallen18
92b04773b2 move python-steam 2025-08-21 14:26:50 -05:00
mjallen18
783a7a3390 README 2025-08-21 14:17:33 -05:00
mjallen18
0ef4354c1a aarch 2025-08-21 13:24:04 -05:00
mjallen18
192a978d46 fix proxies 2025-08-21 11:45:06 -05:00
mjallen18
a4519904b6 fix pi4 hostname 2025-08-21 11:45:06 -05:00
mjallen18
83a6e45bf4 test 2025-08-20 22:02:24 -05:00
mjallen18
2ba6f3466f clev 2025-08-20 21:30:18 -05:00
mjallen18
b3f5b4b406 more pi stuff 2025-08-20 21:30:18 -05:00
mjallen18
2e680f2519 fix lol 2025-08-20 21:30:18 -05:00
mjallen18
445183f826 pi stuff 2025-08-20 21:30:18 -05:00
mjallen18
aec980e6fe sops but idk 2025-08-20 21:30:18 -05:00
mjallen18
68f732ec4b cleanup 2025-08-20 21:30:18 -05:00
mjallen18
dc382dcfcc cache 2025-08-20 21:30:18 -05:00
mjallen18
b1a06034f1 disable gnome 2025-08-20 21:30:18 -05:00
mjallen18
aa3e8cc263 finally update traefik 2025-08-20 21:30:18 -05:00
mjallen18
b680255bc5 macos 2025-08-20 21:30:18 -05:00
mjallen18
a3f7af4e39 sops 2025-08-20 21:30:18 -05:00
mjallen18
cd5c8a0034 no splash 2025-08-20 21:30:18 -05:00
mjallen18
1f14f020ed ssh 2025-08-20 21:30:18 -05:00
mjallen18
05affb6b1f test 2025-08-18 20:54:03 -05:00
mjallen18
2623efc997 update hass addons 2025-08-18 19:52:09 -05:00
mjallen18
c053da2e30 bcachefs 2025-08-17 21:01:59 -05:00
mjallen18
533d6a4170 pi5 upd 2025-08-17 20:58:54 -05:00
mjallen18
5b3e01820b desktop omnissa 2025-08-12 21:25:07 -05:00
mjallen
5cef58ade0 fix 2025-08-12 17:04:25 +00:00
mjallen18
981b41f4c2 upd 2025-08-12 08:18:19 -05:00
mjallen18
ae8039dba0 weather 2025-08-07 22:30:20 -05:00
mjallen18
54f56c3f83 upd 2025-08-07 22:30:01 -05:00
mjallen18
ce142bb64a fix this package 2025-07-30 21:44:57 -05:00
mjallen18
fd3f61a0ac lsfg 2025-07-29 20:02:37 -05:00
mjallen18
d0ac22c211 bcachefs 2025-07-29 19:34:10 -05:00
mjallen18
caa326d496 test 2025-07-29 18:26:50 -05:00
mjallen18
04ef2a4b8c temp 2025-07-29 16:43:51 -05:00
mjallen18
7e35a27b2e lsfg-vk 2025-07-28 15:16:56 -05:00
mjallen18
48108e693a gnome home manager on steamdeck 2025-07-28 14:49:03 -05:00
mjallen18
8e3d3e4281 openhasp 2025-07-28 14:18:54 -05:00
mjallen18
c7c99b339b fix package 2025-07-28 11:27:06 -05:00
mjallen18
c8f5547727 openhasp 2025-07-28 11:27:00 -05:00
mjallen18
6f5e592d8c cleanup 2025-07-28 11:06:32 -05:00
mjallen18
5ae3f1a9ef desktop home sops 2025-07-28 09:33:54 -05:00
mjallen18
1a3b091588 desktop stuff 2025-07-28 09:32:31 -05:00
mjallen18
5b34456571 yamlfmt 2025-07-24 11:25:18 -05:00
mjallen18
5918611469 yamlfmt 2025-07-24 11:22:29 -05:00
mjallen18
f3aafffcaa deadnix 2025-07-24 11:19:19 -05:00
mjallen18
3d213c8769 nixfmt 2025-07-24 11:06:08 -05:00
mjallen18
f05972d6ae move commented file: 2025-07-24 10:38:13 -05:00
mjallen18
b77dda0e6f fix some stuff 2025-07-24 10:31:50 -05:00
mjallen18
3c1a956c81 cleanup 2025-07-24 10:19:32 -05:00
mjallen18
5dc1a96f6d cleanup 2025-07-23 19:36:06 -05:00
239 changed files with 4561 additions and 12348 deletions
Expand all files Collapse all files

4
.sops.yaml
View File

@@ -10,8 +10,8 @@ keys:
- &pi5 age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje
- &deck age1c8qw59ffcq9l77gfmtyc3djtvt3md0u6dwhrjcgsm98ntyf72ufqugj7cg
- &steamdeck age1er5qucsc2mugrzrr7n3xhzv7kemkrqrw4m84r544fkk7nkg5g5eswxkqj0
- &matt_macbook-pro age1xg6mvj3x6s3t8058c6rsk3q4kskvm6nsffwckxkkjzhyn7r6tczqgkj23p
- &macbook-pro age1rdn39ywgzmc8wlsl5lrfe77e652wzjmjx58gx4k2ydghd35kdqvqscrf3h
- &matt_macbook-pro age19daqsncuzeh3j6cwk8uxp6yfj8h0qtz02jxlwwy4v8j0mfgznsvq30440g
- &macbook-pro age19w4zafpwnq9yhzuf8r5te2yhq7xlqj76rcgzcz935hllyrz4yvws4jn6ca
- &nuc age1wurzgc20e6ye79wsg85vvqk4aj3mmc0llxshcy9532ex8f4c6dqql76c78
- &admin_nuc age1luyejgmqjj0esydlr2jxqkg48vexmx57gdz7cy5gq7rz8kf5cups2rnfa9
creation_rules:

156
README.md
View File

@@ -1,50 +1,118 @@
# nixOS Config
# NixOS Configuration Repository
### Common Files
* [flake.nix](./flake.nix)
* [impermenance.nix](./share/impermanence/default.nix)
* [share](./share)
* [overlays](./overlays)
This repository contains my personal NixOS configurations for multiple systems, managed using [Snowfall Lib](https://github.com/snowfallorg/lib) and the Nix Flakes system.
## Overview
This repository provides a centralized, declarative configuration for all my systems, including:
- Desktop PC (AMD)
- NAS server
- Steam Deck
- Intel NUC
- Raspberry Pi 4
- Raspberry Pi 5
- MacBook Pro (NixOS on Apple Silicon)
- MacBook Pro (Darwin/macOS)
## Repository Structure
```
.
├── checks/ # Pre-commit hooks and other checks
├── flake.nix # Main flake configuration
├── homes/ # Home-manager configurations for users
│ ├── aarch64-darwin/ # macOS home configurations
│ ├── aarch64-linux/ # ARM Linux home configurations
│ └── x86_64-linux/ # x86 Linux home configurations
├── modules/ # Reusable configuration modules
│ ├── home/ # Home-manager modules
│ └── nixos/ # NixOS system modules
├── overlays/ # Nixpkgs overlays
├── packages/ # Custom package definitions
├── secrets/ # Encrypted secrets (managed with sops-nix)
└── systems/ # System-specific configurations
├── aarch64-darwin/ # macOS system configurations
├── aarch64-linux/ # ARM Linux system configurations
└── x86_64-linux/ # x86 Linux system configurations
```
## Key Features
- **Modular Design**: Reusable modules for various system components
- **Multi-System Support**: Configurations for different hardware platforms
- **Home Manager Integration**: User environment management
- **Secret Management**: Encrypted secrets with sops-nix
- **Disk Management**: Declarative disk partitioning with disko
- **State Management**: Persistent state management with impermanence
- **Desktop Environments**: Support for GNOME, Hyprland, and COSMIC
- **Hardware-Specific Optimizations**: Tailored configurations for different hardware
## Key Technologies
- [Nix](https://nixos.org/) and [NixOS](https://nixos.org/)
- [Nix Flakes](https://nixos.wiki/wiki/Flakes)
- [Snowfall Lib](https://github.com/snowfallorg/lib)
- [Home Manager](https://github.com/nix-community/home-manager)
- [sops-nix](https://github.com/Mic92/sops-nix)
- [disko](https://github.com/nix-community/disko)
- [impermanence](https://github.com/nix-community/impermanence)
- [lanzaboote](https://github.com/nix-community/lanzaboote) (Secure Boot)
## Notable System Configurations
### Desktop
* [boot.nix](./hosts/desktop/boot.nix)
* [configuration.nix](./hosts/desktop/configuration.nix)
* [hardware-configuration.nix](./hosts/desktop/hardware-configuration.nix)
* [filesystems.nix](./hosts/desktop/filesystems.nix)
* [home.nix](./hosts/desktop/home.nix)
* [sops.nix](./hosts/desktop/sops.nix)
* [specialisations.hyprland](./hosts/desktop/hyprland)
* [specialisations.gnome](./hosts/desktop/gnome)
* [specialisations.cosmic](./hosts/desktop/cosmic)
A powerful AMD-based desktop with gaming capabilities, featuring:
- AMD CPU and GPU optimizations
- Multiple desktop environment options (GNOME, Hyprland, COSMIC)
- Gaming setup with Steam and related tools
### NAS
* [boot.nix](./hosts/nas/boot.nix)
* [configuration.nix](./hosts/nas/configuration.nix)
* [hardware-configuration.nix](./hosts/nas/hardware-configuration.nix)
* [impermenance.nix](./hosts/nas/impermenance.nix)
* [apps.nix](./hosts/desktop/apps.nix)
* [home.nix](./hosts/desktop/home.nix)
* [networking.nix](./hosts/desktop/networking.nix)
* [services.nix](./hosts/desktop/services.nix)
* [sops.nix](./hosts/desktop/sops.nix)
* [ups.nix](./hosts/desktop/ups.nix)
* [samba](./modules/samba)
* nas-apps
* [arrs](./hosts/nas/apps/arrs/default.nix)
* [free-games-claimer](./modules/apps/free-games-claimer)
* [jackett](./modules/apps/jackett)
* [jellyfin](./hosts/nas/apps/jellyfin/default.nix)
* [jellyseerr](./hosts/nas/apps/jellyseerr/default.nix)
* [jackett](./modules/apps/manyfold)
* [mariadb](./modules/apps/mariadb)
* [mealie](./modules/apps/mealie)
* [nextcloud+onlyoffice](./hosts/nas/apps/nextcloud/default.nix)
* [ollama](./hosts/nas/apps/ollama/default.nix)
* [paperless](./hosts/nas/apps/paperless/default.nix)
* [tdarr](./modules/apps/tdarr)
* [traefik](./hosts/nas/apps/traefik/default.nix)
* [wireguard](./modules/apps/your-spotify)
### Raspberry Pi 4
* [configuration.nix](./hosts/pi4/configuration.nix)
* [hardware-configuration.nix](./hosts/pi4/hardware-configuration.nix)
A home server with various self-hosted services:
- Media management (Jellyfin, Jellyseerr)
- Download automation (Sonarr, Radarr, etc.)
- Document management (Paperless)
- File sharing (Samba, Nextcloud)
- AI services (Ollama)
### Raspberry Pi
Configurations for both Pi 4 and Pi 5:
- Hardware-specific optimizations
- Disk partitioning suitable for ARM devices
- Bluetooth and wireless support
### Steam Deck
Custom NixOS configuration for the Steam Deck:
- Integration with Jovian for Steam Deck compatibility
- Gaming optimizations
- Steam ROM Manager
### MacBook Pro
Configurations for both:
- NixOS on Apple Silicon
- nix-darwin for macOS
## Usage
### Building a System Configuration
```bash
# Build and activate a system configuration
sudo nixos-rebuild switch --flake .#hostname
```
### Building a Home Configuration
```bash
# Build and activate a home configuration
home-manager switch --flake .#username@hostname
```
## License
This project is licensed under the MIT License - see the LICENSE file for details.

13
checks/pre-commit-hooks/default.nix
View File

@@ -1,19 +1,22 @@
{
inputs,
pkgs,
lib,
...
}:
let
inherit (inputs) git-hooks-nix;
inherit (inputs) pre-commit-hooks-nix;
in
git-hooks-nix.lib.${pkgs.system}.run {
pre-commit-hooks-nix.lib.${pkgs.system}.run {
src = ../..;
hooks = {
pre-commit-hook-ensure-sops.enable = true;
treefmt = {
enable = true;
settings.fail-on-change = false;
packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs ../../treefmt.nix;
enable = lib.mkForce true;
settings.fail-on-change = lib.mkForce false;
packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs (
lib.snowfall.fs.get-file "treefmt.nix"
);
};
};
}

249
flake.lock generated
View File

@@ -30,11 +30,11 @@
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1751033152,
"narHash": "sha256-0ANu9OLQJszcEyvnfDB7G957uqskZwCrTzRXz/yfAmE=",
"lastModified": 1753369162,
"narHash": "sha256-pSAsUVueht3WyyFJ3K+QJKWqFZNbyvsXijHOAHApeLk=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "1a4d6a5dd6fef39b99eb7ea4db79c5d5c7d7f1bf",
"rev": "1361d269fe10c527528264185567a053252e22b0",
"type": "github"
},
"original": {
@@ -46,16 +46,16 @@
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1751031262,
"narHash": "sha256-SNgRMQUjL3DTlWkMyRMan+pY1FfIV+DMeq5BiTM0N0k=",
"lastModified": 1753187012,
"narHash": "sha256-bs/ThY3YixwBObahcS7BrOWj0gsaUXI664ldUQlJul8=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "b34665fabd8d938d81ce871a4e86ca528c5f253b",
"rev": "23ffad1c6be80bea223caf5f1cf265b984b76328",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2025.4.3",
"ref": "version/2025.6.4",
"repo": "authentik",
"type": "github"
}
@@ -63,16 +63,16 @@
"brew-src": {
"flake": false,
"locked": {
"lastModified": 1751910772,
"narHash": "sha256-jQNdIkq2iRDNWskd5f8kX6q9BO/CBSXhMH41WNRft8E=",
"lastModified": 1753461463,
"narHash": "sha256-kGc7pRH0diLzKmOHsEFA8sZ9NJpgT+tqxAMsuqNd5Po=",
"owner": "Homebrew",
"repo": "brew",
"rev": "700d67a85e0129ab8a893ff69246943479e33df1",
"rev": "4d14be89e99a45181c18e96a5f19a5b43343cc0f",
"type": "github"
},
"original": {
"owner": "Homebrew",
"ref": "4.5.9",
"ref": "4.5.13",
"repo": "brew",
"type": "github"
}
@@ -86,11 +86,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1753146705,
"narHash": "sha256-WzmXODUzg8jeEsAhpmp55zk5I2fmv3kv+RofZ/+FYlg=",
"lastModified": 1755444192,
"narHash": "sha256-9eVUtk3ces32aJpHnsrO49UJNvMKNMxlV7NeNSAADLo=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "02b3c2a45f6ddbd704f797c5730bc2d161f10ce0",
"rev": "958ba486ee73019e3820b9ebd97a38660f736f40",
"type": "github"
},
"original": {
@@ -160,11 +160,11 @@
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1751313918,
"narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=",
"lastModified": 1755275010,
"narHash": "sha256-lEApCoWUEWh0Ifc3k1JdVjpMtFFXeL2gG1qvBnoRc2I=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf",
"rev": "7220b01d679e93ede8d7b25d6f392855b81dd475",
"type": "github"
},
"original": {
@@ -180,16 +180,15 @@
]
},
"locked": {
"lastModified": 1742690494,
"narHash": "sha256-SFacEbSRMoTyWG5VXh4ieofJGge+cLq9lH8ifB+zjBg=",
"owner": "nvmd",
"lastModified": 1755519972,
"narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=",
"owner": "nix-community",
"repo": "disko",
"rev": "9dc58d4d49c9f74623a06e2fc20cdfd8bb3cbe8b",
"rev": "4073ff2f481f9ef3501678ff479ed81402caae6d",
"type": "github"
},
"original": {
"owner": "nvmd",
"ref": "gpt-attrs",
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
@@ -244,11 +243,11 @@
},
"flake-compat_4": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
"lastModified": 1746162366,
"narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
"rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b",
"type": "github"
},
"original": {
@@ -260,11 +259,11 @@
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
@@ -504,11 +503,11 @@
]
},
"locked": {
"lastModified": 1753132348,
"narHash": "sha256-0i3jU9AHuNXb0wYGzImnVwaw+miE0yW13qfjC0F+fIE=",
"lastModified": 1755313937,
"narHash": "sha256-pQb7bNcolxYGRiylUCrTddiF+qW2wsUiM9+eRIDUrVU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e4bf85da687027cfc4a8853ca11b6b86ce41d732",
"rev": "2a749f4790a14f7168be67cdf6e548ef1c944e10",
"type": "github"
},
"original": {
@@ -524,11 +523,11 @@
]
},
"locked": {
"lastModified": 1753180535,
"narHash": "sha256-KEtlzMs2O7FDvciFtjk9W4hyau013Pj9qZNK9a0PxEc=",
"lastModified": 1755442500,
"narHash": "sha256-RHK4H6SWzkAtW/5WBHsyugaXJX25yr5y7FAZznxcBJs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "847711c7ffa9944b0c5c39a8342ac8eb6a9f9abc",
"rev": "d2ffdedfc39c591367b1ddf22b4ce107f029dcc3",
"type": "github"
},
"original": {
@@ -540,11 +539,11 @@
"homebrew-cask": {
"flake": false,
"locked": {
"lastModified": 1753192390,
"narHash": "sha256-B/MI7F4IliXNY6QEKCmIEsO4A0Qt9jUZXfMfrX9/5hE=",
"lastModified": 1755480455,
"narHash": "sha256-cIMlCE5M5Zq1DjfS9mV4AepUv/hn9nrFj0klK7C784c=",
"owner": "homebrew",
"repo": "homebrew-cask",
"rev": "4f64bf7953d412b473d1f459208c725861646a6d",
"rev": "e1e54f7a14ae909bfefc1f0928c1f70fbfb31c84",
"type": "github"
},
"original": {
@@ -556,11 +555,11 @@
"homebrew-core": {
"flake": false,
"locked": {
"lastModified": 1753194897,
"narHash": "sha256-jo7SLfGCgQbLKK9kbHXgLJY8bbzESn1K6Sr2x7EFzKY=",
"lastModified": 1755480844,
"narHash": "sha256-4Uz2TZckTG5dh2CPCj577BsmrGIEV8Ji3o/B8nv1tVE=",
"owner": "homebrew",
"repo": "homebrew-core",
"rev": "a427a5a802b98591899d4bda471a7a14ed5ff2fd",
"rev": "be6e3ae8531ba128ec039d057f76078b1a1513be",
"type": "github"
},
"original": {
@@ -593,11 +592,11 @@
]
},
"locked": {
"lastModified": 1752755091,
"narHash": "sha256-H/k35QJLyQxkFnXR5ckMv/Z+ElNa5f22qNKdyGBMAn4=",
"lastModified": 1755151620,
"narHash": "sha256-fVMalQZ+tRXR8oue2SdWu4CdlsS2NII+++rI40XQ8rU=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "0d09755fe1df1886e5f07dbb16f7ed373080f86a",
"rev": "16e12d22754d97064867006acae6e16da7a142a6",
"type": "github"
},
"original": {
@@ -612,11 +611,11 @@
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1752755091,
"narHash": "sha256-H/k35QJLyQxkFnXR5ckMv/Z+ElNa5f22qNKdyGBMAn4=",
"lastModified": 1755151620,
"narHash": "sha256-fVMalQZ+tRXR8oue2SdWu4CdlsS2NII+++rI40XQ8rU=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "0d09755fe1df1886e5f07dbb16f7ed373080f86a",
"rev": "16e12d22754d97064867006acae6e16da7a142a6",
"type": "github"
},
"original": {
@@ -649,6 +648,27 @@
"type": "github"
}
},
"lsfg-vk": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1753837013,
"narHash": "sha256-+kBJhOSS5S6gPp/pbTk1B3EL9Xr08yFuQoGGQ+SoQwQ=",
"owner": "mjallen18",
"repo": "lsfg-vk-flake",
"rev": "f7fc5f9d421d64d3cf24c8d0955a80718ef70bac",
"type": "github"
},
"original": {
"owner": "mjallen18",
"ref": "main",
"repo": "lsfg-vk-flake",
"type": "github"
}
},
"napalm": {
"inputs": {
"flake-utils": [
@@ -725,11 +745,11 @@
"brew-src": "brew-src"
},
"locked": {
"lastModified": 1752160973,
"narHash": "sha256-BCC8KB7TEtwv7vZN1WDu870tRbXtzUcmF9xNr6ws5Wc=",
"lastModified": 1754250993,
"narHash": "sha256-MEin+qoQKtFC1b0f4tnQ+Z82BQWSCgh6Ef7rpmH9gig=",
"owner": "zhaofengli",
"repo": "nix-homebrew",
"rev": "69c1aa2f136f3c3326d9b6770e0eb54f12832971",
"rev": "314d057294e79bc2596972126b84c6f9f144499a",
"type": "github"
},
"original": {
@@ -745,11 +765,11 @@
]
},
"locked": {
"lastModified": 1752985182,
"narHash": "sha256-sX8Neff8lp3TCHai6QmgLr5AD8MdsQQX3b52C1DVXR8=",
"lastModified": 1755404379,
"narHash": "sha256-Q6ZxZDBmD/B988Jjbx7/NchxOKIpOKBBrx9Yb0zMzpQ=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "fafdcb505ba605157ff7a7eeea452bc6d6cbc23c",
"rev": "ebbc1c05f786ae39bb5e04e57bf2c10c44a649e3",
"type": "github"
},
"original": {
@@ -764,11 +784,11 @@
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1753150460,
"narHash": "sha256-q2dkvuIfEb5fWBF6TJePJbcP1hqxARAUddfPGVGvD38=",
"lastModified": 1755396877,
"narHash": "sha256-92gZRDz3zEsodraI0ZxPzZrpjSqc2qjxTW9HOflzKFw=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "d13827556415f4050b510e9cfb9873c1ce9aaec4",
"rev": "0cf076c0bafbe7cbd33a3b7377ed24827674e8be",
"type": "github"
},
"original": {
@@ -783,11 +803,11 @@
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1751669768,
"narHash": "sha256-/WSZcdPwng24i8Z3LgrpZTBt94fvDknidtLQjohAnHg=",
"lastModified": 1755154580,
"narHash": "sha256-ADGapM7FrEgA3tDSYADtfy2EPeAmBzbL3pFvXNhD0D0=",
"owner": "olafkfreund",
"repo": "nix-ai-help",
"rev": "b79e8cc14623d7ba5f6beea64cec32512997cd5a",
"rev": "e71204cb39358ad1dc4c09202c3a17ede541c2d9",
"type": "github"
},
"original": {
@@ -799,14 +819,15 @@
"nixos-apple-silicon": {
"inputs": {
"flake-compat": "flake-compat_4",
"nixpkgs": "nixpkgs_10"
"nixpkgs": "nixpkgs_10",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1753175937,
"narHash": "sha256-DtDt87Gld0RCI2qHb7uUb1eWB16FFC4aNDfxZpic/Nw=",
"lastModified": 1755124568,
"narHash": "sha256-8fXTYruAwE6OiIz/99P5qknQYag7ZX985pNT+jhIIrU=",
"owner": "nix-community",
"repo": "nixos-apple-silicon",
"rev": "5ddfff8387edf7c92ce36effb06fb2c52624fece",
"rev": "2f873fc3ef373e59cd3a7dad4087685fc8ce02ca",
"type": "github"
},
"original": {
@@ -817,11 +838,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1753122741,
"narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=",
"lastModified": 1755330281,
"narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22",
"rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0",
"type": "github"
},
"original": {
@@ -864,11 +885,11 @@
"nixpkgs": "nixpkgs_11"
},
"locked": {
"lastModified": 1753141210,
"narHash": "sha256-yV7+cv0q5XL7uv9gvSG7R0jktgXgB+forv3c7TfY2T8=",
"lastModified": 1755008580,
"narHash": "sha256-rh4OhOutko9W9COhhxQnqt9J22ZPj7gSZN7wrX0cYEs=",
"owner": "mjallen18",
"repo": "nixos-raspberrypi",
"rev": "e0f487998cb4409408f03e019c71c21011edb84c",
"rev": "7b5cf1ef3cf48ac1b43730eb366225f3dd0791cb",
"type": "github"
},
"original": {
@@ -942,11 +963,11 @@
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1753115646,
"narHash": "sha256-yLuz5cz5Z+sn8DRAfNkrd2Z1cV6DaYO9JMrEz4KZo/c=",
"lastModified": 1755274400,
"narHash": "sha256-rTInmnp/xYrfcMZyFMH3kc8oko5zYfxsowaLv1LVobY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "92c2e04a475523e723c67ef872d8037379073681",
"rev": "ad7196ae55c295f53a7d1ec39e4a06d922f3b899",
"type": "github"
},
"original": {
@@ -958,11 +979,11 @@
},
"nixpkgs_10": {
"locked": {
"lastModified": 1748460289,
"narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=",
"lastModified": 1754725699,
"narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102",
"rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054",
"type": "github"
},
"original": {
@@ -974,11 +995,11 @@
},
"nixpkgs_11": {
"locked": {
"lastModified": 1752372066,
"narHash": "sha256-d1oy2MNitnWBkIX/WedzG/WB8jCaqGjtIebQuVIlqSg=",
"lastModified": 1754432582,
"narHash": "sha256-oebayZREKV/4Fgy6drsj4M7URut4kQVics78DxL2imk=",
"owner": "nvmd",
"repo": "nixpkgs",
"rev": "3699bec87ab236af2c45aa6d4539140a6342a77a",
"rev": "81f9846bc3c9edbd2d4c92783e7bfb4b55db14c4",
"type": "github"
},
"original": {
@@ -990,11 +1011,11 @@
},
"nixpkgs_12": {
"locked": {
"lastModified": 1752427638,
"narHash": "sha256-ANNyaXW/cnZLszjXB4LXGxaWZ2cRz7Ar06WjYoawgFo=",
"lastModified": 1755186698,
"narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b2e5044b3e79793df83d01c9983c054cae5ea6ff",
"rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"type": "github"
},
"original": {
@@ -1006,11 +1027,11 @@
},
"nixpkgs_13": {
"locked": {
"lastModified": 1730768919,
"narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=",
"lastModified": 1754340878,
"narHash": "sha256-lgmUyVQL9tSnvvIvBp7x1euhkkCho7n3TMzgjdvgPoU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc",
"rev": "cab778239e705082fe97bb4990e0d24c50924c04",
"type": "github"
},
"original": {
@@ -1038,11 +1059,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1752950548,
"narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=",
"lastModified": 1755186698,
"narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c87b95e25065c028d31a94f06a62927d18763fdf",
"rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"type": "github"
},
"original": {
@@ -1101,11 +1122,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1751984180,
"narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
"lastModified": 1755027561,
"narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
"rev": "005433b926e16227259a1843015b5b2b7f7d1fc3",
"type": "github"
},
"original": {
@@ -1197,11 +1218,11 @@
"nixpkgs": "nixpkgs_13"
},
"locked": {
"lastModified": 1750779888,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
"lastModified": 1755446520,
"narHash": "sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW+7uSsOUM=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
"rev": "4b04db83821b819bbbe32ed0a025b31e7971f22e",
"type": "github"
},
"original": {
@@ -1274,6 +1295,7 @@
"impermanence": "impermanence",
"jovian": "jovian_2",
"lanzaboote": "lanzaboote",
"lsfg-vk": "lsfg-vk",
"nix-homebrew": "nix-homebrew",
"nix-index-database": "nix-index-database",
"nix-vscode-extensions": "nix-vscode-extensions",
@@ -1287,7 +1309,7 @@
"snowfall-lib": "snowfall-lib",
"sops-nix": "sops-nix",
"steam-rom-manager": "steam-rom-manager",
"treefmt-nix": "treefmt-nix"
"treefmt-nix": "treefmt-nix_2"
}
},
"rust-overlay": {
@@ -1298,11 +1320,11 @@
]
},
"locked": {
"lastModified": 1753066249,
"narHash": "sha256-j2UBrfDRIePGx3532Bbb9UeosNX2F73hfOAHtmACfnM=",
"lastModified": 1755311859,
"narHash": "sha256-NspGtm0ZpihxlFD628pvh5ZEhL/Q6/Z9XBpe3n6ZtEw=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "0751b65633a1785743ca44fd7c14a633c54c1f91",
"rev": "07619500e5937cc4669f24fec355d18a8fec0165",
"type": "github"
},
"original": {
@@ -1380,11 +1402,11 @@
"nixpkgs": "nixpkgs_14"
},
"locked": {
"lastModified": 1752544651,
"narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=",
"lastModified": 1754988908,
"narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "2c8def626f54708a9c38a5861866660395bb3461",
"rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
"type": "github"
},
"original": {
@@ -1494,15 +1516,36 @@
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixos-apple-silicon",
"nixpkgs"
]
},
"locked": {
"lastModified": 1753006367,
"narHash": "sha256-tzbhc4XttkyEhswByk5R38l+ztN9UDbnj0cTcP6Hp9A=",
"lastModified": 1754847726,
"narHash": "sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl+V/PsmIiJREG4rE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "421b56313c65a0815a52b424777f55acf0b56ddf",
"rev": "7d81f6fb2e19bf84f1c65135d1060d829fae2408",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1754847726,
"narHash": "sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl+V/PsmIiJREG4rE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "7d81f6fb2e19bf84f1c65135d1060d829fae2408",
"type": "github"
},
"original": {

26
flake.nix
View File

@@ -43,8 +43,8 @@
disko = {
# the fork is needed for partition attributes support
url = "github:nvmd/disko/gpt-attrs";
# url = "github:nix-community/disko";
# url = "github:nvmd/disko/gpt-attrs";
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
@@ -81,12 +81,17 @@
nixpkgs.follows = "nixpkgs";
};
};
lsfg-vk = {
url = "github:mjallen18/lsfg-vk-flake/main";
inputs.nixpkgs.follows = "nixpkgs";
};
};
# We will handle this in the next section.
outputs = inputs:
let
snowfall = inputs.snowfall-lib.mkFlake {
outputs =
inputs:
inputs.snowfall-lib.mkFlake {
# You must provide our flake inputs to Snowfall Lib.
inherit inputs;
@@ -129,6 +134,7 @@
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-hidpi
nixos-hardware.nixosModules.common-pc
lsfg-vk.nixosModules.default
];
};
@@ -150,7 +156,7 @@
# ######################################################
# Steamdeck #
# ######################################################
deck = {
steamdeck = {
modules = with inputs; [
disko.nixosModules.disko
jovian.nixosModules.jovian
@@ -160,6 +166,7 @@
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-hidpi
nixos-hardware.nixosModules.common-pc
lsfg-vk.nixosModules.default
];
};
@@ -209,6 +216,7 @@
macbook-pro-nixos = {
modules = with inputs; [
nixos-apple-silicon.nixosModules.default
lsfg-vk.nixosModules.default
];
};
};
@@ -231,7 +239,7 @@
# sops-nix.homeManagerModules.sops
# ];
# };
"deck@deck" = {
"deck@steamdeck" = {
modules = with inputs; [
steam-rom-manager.homeManagerModules.default
];
@@ -260,8 +268,4 @@
formatter = inputs.treefmt-nix.lib.mkWrapper channels.nixpkgs ./treefmt.nix;
};
};
in
snowfall // {
nixosConfigurations = snowfall.nixosConfigurations;
};
}

13
homes/aarch64-darwin/mattjallen@macbook-pro/default.nix
View File

@@ -1,4 +1,9 @@
{ lib, pkgs, home, ... }:
{
lib,
pkgs,
home,
...
}:
let
shellAliases = {
update-switch = "darwin-rebuild switch --flake ~/nix-config";
@@ -17,12 +22,6 @@ let
];
in
{
# imports = [
# ../../modules/home/defaults.nix
# ../../modules/home/git.nix
# ../../modules/home/shell.nix
# ../../modules/home/vscode.nix
# ];
# Home Manager needs a bit of information about you and the
# paths it should manage.
home = {

4
homes/aarch64-linux/matt@macbook-pro-nixos/default.nix
View File

@@ -41,7 +41,6 @@ in
"name:steam, monitor:${display.input}, default:false, special, class:(.*[Ss]team.*)"
];
windowRule = [
"size 2160 3356, tag:horizonrdp"
];
@@ -76,7 +75,6 @@ in
layer = "bottom";
modules-right = [
"tray"
"temperature"
"temperature#gpu"
"keyboard-state#capslock"
@@ -113,6 +111,8 @@ in
background: ${theme.polarNight.nord3};
}
'';
windowOffset = 75;
};
wlogout.enable = true;
wofi.enable = true;

39
homes/aarch64-linux/matt@pi4/default.nix
View File

@@ -1,24 +1,22 @@
{ lib, ... }:
let
shellAliases = {
ll = "ls -alh";
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
update-flake = "nix flake update pi4-nixpkgs pi4-home-manager pi4-impermanence pi4-sops-nix pi4-nixos-hardware pi4-nixos-raspberrypi pi4-disko --flake /etc/nixos";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
nas-ssh = "kitten ssh admin@10.0.1.3";
ducks = "du -cksh * | sort -hr | head -n 15";
};
in
{
imports = [
../../../modules/home/home
../../../modules/home/programs/git
../../../modules/home/programs/zsh
];
home.username = "matt";
mjallen = {
shell-aliases = {
enable = true;
flakeInputs = [
"pi4-nixpkgs"
"pi4-home-manager"
"pi4-impermanence"
"pi4-sops-nix"
"pi4-nixos-hardware"
"pi4-nixos-raspberrypi"
"pi4-disko"
];
};
};
sops = {
age.keyFile = "/home/matt/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
@@ -56,10 +54,13 @@ in
programs = {
mangohud.enable = lib.mkForce true;
zsh.shellAliases = shellAliases;
};
services = {
nextcloud-client.enable = lib.mkForce true;
nextcloud-client.enable = lib.mkForce false;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

13
homes/aarch64-linux/matt@pi5/default.nix
View File

@@ -1,4 +1,7 @@
{ pkgs, lib, config, namespace, ... }:
{
config,
...
}:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
@@ -54,4 +57,12 @@ in
programs = {
zsh.shellAliases = shellAliases;
};
services = {
nextcloud-client.enable = false;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

8
homes/aarch64-linux/root@pi4/default.nix
View File

@@ -15,4 +15,12 @@ in
programs = {
zsh.shellAliases = shellAliases;
};
services = {
nextcloud-client.enable = lib.mkForce false;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

27
homes/x86_64-linux/admin@nas/default.nix
View File

@@ -1,16 +1,27 @@
{ pkgs, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10";
update-switch = "sudo nixos-rebuild switch --max-jobs 10";
update-flake = "nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix --flake /etc/nixos";
};
in
{
home.username = "admin";
# mjallen.home.enable = true;
mjallen = {
shell-aliases = {
enable = true;
buildHost = ""; # NAS builds locally
flakeInputs = [
"nas-nixpkgs"
"nas-authentik-nix"
"nas-cosmic"
"nas-crowdsec"
"nas-home-manager"
"nas-impermanence"
"nas-lanzaboote"
"nas-nixos-hardware"
"nas-sops-nix"
];
};
};
sops = {
age.keyFile = "/home/admin/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
@@ -60,8 +71,6 @@ in
}
];
};
zsh.shellAliases = shellAliases;
};
# services.nixai = {

2
homes/x86_64-linux/admin@nuc/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs,... }:
{ ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10";

14
homes/x86_64-linux/deck@deck/default.nix → homes/x86_64-linux/deck@steamdeck/default.nix
View File

@@ -10,6 +10,8 @@ in
{
home.username = "deck";
mjallen.desktop.gnome.enable = true;
sops = {
age.keyFile = "/home/deck/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
@@ -44,7 +46,15 @@ in
enable = true;
package = pkgs.dolphin-emu;
romFolder = "gc";
fileTypes = [ ".iso" ".ISO" ".gcm" ".GCM" ".ciso" ".CISO" "rvz" ];
fileTypes = [
".iso"
".ISO"
".gcm"
".GCM"
".ciso"
".CISO"
"rvz"
];
extraArgs = "-b -e \"\${filePath}\"";
};
@@ -68,6 +78,6 @@ in
mgba
prismlauncher
ryujinx-greemdev
vmware-horizon-client
omnissa-horizon-client
];
}

34
homes/x86_64-linux/matt@desktop/default.nix
View File

@@ -1,15 +1,26 @@
{ pkgs, namespace, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
update-flake = "nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager --flake /etc/nixos";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
};
in
{ pkgs, ... }:
{
home.username = "matt";
mjallen = {
sops = {
enable = true;
};
shell-aliases = {
enable = true;
flakeInputs = [
"desktop-nixpkgs"
"desktop-chaotic"
"desktop-home-manager"
"desktop-impermanence"
"desktop-lanzaboote"
"desktop-nixos-hardware"
"desktop-sops-nix"
"desktop-steam-rom-manager"
];
};
};
services = {
remmina = {
enable = true;
@@ -19,8 +30,6 @@ in
programs = {
password-store.enable = true;
zsh.shellAliases = shellAliases;
};
home.packages = with pkgs; [
@@ -29,7 +38,7 @@ in
discord
distrobox
heroic
stable.vmware-horizon-client
omnissa-horizon-client
jq
lutris
lzip
@@ -40,6 +49,7 @@ in
protontricks
protonvpn-gui
python3
runelite
smile
unigine-heaven
via

7
modules/home/desktop/gnome/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.mjallen.desktop.gnome;
in

17
modules/home/desktop/hyprland/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.mjallen.desktop.hyprland;
@@ -265,7 +270,7 @@ in
# this tag will set the below options to the vdi window
# this will have it auto open as a 2160x7680 window
# and makes multi-monitor work
"tag +horizonrdp, class:(.*[Vv][Mm]ware-view),title:(USPS Next VDI)"
"tag +horizonrdp, class:(.*[Hh]orizon-client),title:(USPS Next VDI)"
"noanim, tag:horizonrdp"
"noblur, tag:horizonrdp"
@@ -282,12 +287,13 @@ in
# "size 2160 7680, tag:horizonrdp"
# "move onscreen 0 0, tag:horizonrdp"
# float the vmware window cause its annoying to use in fullscreen
"float, class:(.*[Vv][Mm]ware-view),title:([Vv][Mm]ware [Hh]orizon [Cc]lient)"
"float, class:(.*[Hh]orizon-client),title:([Oo]mnissa [Hh]orizon [Cc]lient)"
"tag +waydroid, class:([Ww]aydroid.*)"
"float, tag:waydroid"
"pin, tag:waydroid"
] ++ cfg.windowRule;
]
++ cfg.windowRule;
plugin = {
touch_gestures = {
@@ -397,7 +403,8 @@ in
exec-once = xhost +SI:localuser:root
exec-once = nwg-look -a
exec-once = nwg-dock-hyprland -d
'' + cfg.extraConfig or '''';
''
+ cfg.extraConfig or '''';
};
};
}

46
modules/home/desktop/hyprland/options.nix
View File

@@ -92,14 +92,38 @@ with lib;
defaultApps = mkOption {
type = types.submodule {
options = {
browser = mkOption { type = types.package; default = pkgs.firefox; };
editor = mkOption { type = types.package; default = pkgs.micro; };
fileExplorer = mkOption { type = types.package; default = pkgs.nemo; };
visual = mkOption { type = types.package; default = pkgs.vscodium; };
terminal = mkOption { type = types.package; default = pkgs.kitty; };
office = mkOption { type = types.package; default = pkgs.onlyoffice-bin_latest; };
video = mkOption { type = types.package; default = pkgs.vlc; };
imageViewer = mkOption { type = types.package; default = pkgs.nomacs; };
browser = mkOption {
type = types.package;
default = pkgs.firefox;
};
editor = mkOption {
type = types.package;
default = pkgs.micro;
};
fileExplorer = mkOption {
type = types.package;
default = pkgs.nemo;
};
visual = mkOption {
type = types.package;
default = pkgs.vscodium;
};
terminal = mkOption {
type = types.package;
default = pkgs.kitty;
};
office = mkOption {
type = types.package;
default = pkgs.onlyoffice-bin_latest;
};
video = mkOption {
type = types.package;
default = pkgs.vlc;
};
imageViewer = mkOption {
type = types.package;
default = pkgs.nomacs;
};
};
};
description = "Default applications used across the system.";
@@ -108,15 +132,15 @@ with lib;
hyprIdle = {
lockScreenTimer = mkOption {
type = with types; int;
default = 5;
default = 300;
};
screenOffTimer = mkOption {
type = with types; int;
default = 15;
default = 900;
};
suspendTimer = mkOption {
type = with types; int;
default = 30;
default = 1800;
};
};
};

9
modules/home/desktop/hyprland/packages.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.mjallen.desktop.hyprland;
@@ -62,6 +67,8 @@ in
xorg.xhost
xsettingsd
xwayland
pkgs.mjallen.pipewire-python
];
};
}

9
modules/home/desktop/hyprland/services/hypridle/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.hyprland;
in
@@ -7,7 +12,7 @@ in
config = lib.mkIf cfg.enable {
services.hypridle = {
enable = false;
enable = true;
settings = {
general = {
before_sleep_cmd = "loginctl lock-session"; # lock before suspend.

7
modules/home/desktop/hyprland/services/hyprlock/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.hyprland;
in

7
modules/home/desktop/hyprland/services/hyprpaper/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.hyprland;
in

7
modules/home/desktop/hyprland/theme.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.mjallen.desktop.hyprland;

19
modules/home/home/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
home = {
enableNixpkgsReleaseCheck = lib.mkDefault false;
@@ -47,10 +52,14 @@
nh = {
enable = true;
flake = "/etc/nixos";
clean = {
enable = true;
extraArgs = "--keep 5";
};
};
micro = {
enable = true;
enable = lib.mkDefault true;
settings = {
autoindent = true;
autosu = true;
@@ -61,7 +70,7 @@
};
tmux = {
enable = true;
enable = lib.mkDefault true;
terminal = "screen-256color";
sensibleOnTop = true;
focusEvents = true;
@@ -104,8 +113,8 @@
nextcloud-client.enable = lib.mkDefault true;
pass-secret-service.enable = lib.mkDefault true;
kdeconnect = {
enable = true;
indicator = true;
enable = lib.mkDefault true;
indicator = lib.mkDefault true;
};
};
}

2
modules/home/programs/btop/default.nix
View File

@@ -2,7 +2,7 @@
with lib;
let
cfg = config.mjallen.programs.btop;
nord = import ../../desktop/theme/nord.nix;
nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in
{
imports = [ ./options.nix ];

39
modules/home/programs/code/default.nix
View File

@@ -1,21 +1,16 @@
{ config, lib, pkgs, system, ... }:
{
config,
pkgs,
system,
namespace,
...
}:
let
isArm = "aarch64-linux" == system;
open-remote-ssh = pkgs.vscode-utils.buildVscodeExtension {
pname = "open-remote-ssh";
version = "0.0.49";
vscodeExtPublisher = "jeanp413";
vscodeExtName = "open-remote-ssh";
vscodeExtUniqueId = "jeanp413.open-remote-ssh";
src = pkgs.fetchurl {
url = "https://open-vsx.org/api/jeanp413/open-remote-ssh/0.0.49/file/jeanp413.open-remote-ssh-0.0.49.vsix";
sha256 = "sha256-QfJnAAx+kO2iJ1EzWoO5HLogJKg3RiC3hg1/u2Jm6t4";
name = "open-remote-ssh.zip";
};
};
x86_only = with pkgs; [
vscode-extensions.redhat.vscode-xml
];
open-remote-ssh = pkgs.${namespace}.open-remote-ssh;
in
{
programs = {
@@ -27,7 +22,9 @@ in
default = {
enableUpdateCheck = false;
enableExtensionUpdateCheck = false;
extensions = with pkgs; [
extensions =
with pkgs;
[
vscode-extensions.arrterian.nix-env-selector
vscode-extensions.bbenoist.nix
vscode-extensions.brettm12345.nixfmt-vscode
@@ -44,8 +41,10 @@ in
# open-remote-ssh
# nix-vscode-extensions.open-vsx.jeanp413.open-remote-ssh
# open-vsx.jeanp413.open-remote-ssh
] ++ ( if !isArm then x86_only else [ ] ) ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
open-remote-ssh
]
++ (if !isArm then x86_only else [ ])
++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
{
name = "copilot-mcp";
publisher = "automatalabs";
@@ -110,10 +109,12 @@ in
# You can write arbitary Nix expressions here, to produce valid "options" declaration result.
# Tip: for flake-based configuration, utilize `builtins.getFlake`
"nixos" = {
"expr" = "(builtins.getFlake \"${config.home.homeDirectory}/nix-config\").nixosConfigurations.<name>.options";
"expr" =
"(builtins.getFlake \"${config.home.homeDirectory}/nix-config\").nixosConfigurations.<name>.options";
};
"home-manager" = {
"expr" = "(builtins.getFlake \"${config.home.homeDirectory}/nix-config\").homeConfigurations.<name>.options";
"expr" =
"(builtins.getFlake \"${config.home.homeDirectory}/nix-config\").homeConfigurations.<name>.options";
};
# # Tip: use ${workspaceFolder} variable to define path
# "nix-darwin" = {
@@ -139,6 +140,8 @@ in
"*.db" = "default";
};
};
"enable-proposed-api" = [ "jeanp413.open-remote-ssh" ];
};
};
};

2
modules/home/programs/kitty/default.nix
View File

@@ -2,7 +2,7 @@
with lib;
let
cfg = config.mjallen.programs.kitty;
nord = import ../../desktop/theme/nord.nix;
nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in
{
imports = [ ./options.nix ];

4
modules/home/programs/kitty/options.nix
View File

@@ -15,13 +15,13 @@ with lib;
};
size = mkOption {
type = with types; int;
default = 8;
default = 12;
};
};
theme = mkOption {
type = types.attrs;
default = import ../../desktop/theme/nord.nix;
default = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
};
};
}

3
modules/home/programs/librewolf/default.nix
View File

@@ -36,7 +36,8 @@
"browser.newtabpage.activity-stream.topSitesRows" = 3; # Set number of rows for top sites on new tab page
"layout.css.light-dark.enabled" = true; # Enable light/dark theme support
"extensions.activeThemeID" = "default-theme@mozilla.org"; # Set active theme
"extensions.webextensions.uuids" = "{\"formautofill@mozilla.org\" =\"851c83b7-26d5-449c-8cc9-d8951a0ce78d\",\"pictureinpicture@mozilla.org\" =\"42fa2650-5134-4bef-bafa-b73f9ae51bad\",\"screenshots@mozilla.org\" =\"efd2b692-43c4-433a-aea5-0cb79f8312d4\",\"webcompat-reporter@mozilla.org\" =\"c43a6be2-fb56-4253-b384-ce8e09a89999\",\"webcompat@mozilla.org\" =\"e25fd1bb-7c53-413f-9528-bb922c322a56\",\"default-theme@mozilla.org\" =\"610b67c3-9145-46f7-814f-d8ee2cc8edff\",\"addons-search-detection@mozilla.com\:\"caedb3ca-5cf5-4e23-a251-d742f23e6fc8\",\"uBlock0@raymondhill.net\" =\"7e7d9fd9-12bf-42d3-9c7c-9ffd05420ec7\",\"78272b6fa58f4a1abaac99321d503a20@proton.me\" =\"7242a067-06d8-430b-94a3-00d264cdd57b\",\"addon@darkreader.org\" =\"2f02b112-6acd-4bdc-af2c-1432eb527339\",\"jid1-xUfzOsOFlzSOXg@jetpack\" =\"d0c72046-9903-4118-8160-a028840bf928\",\"chrome-gnome-shell@gnome.org\" =\"a1ab53e6-b765-4f25-8349-383cc04682a0\",\"user-agent-switcher@ninetailed.ninja\" =\"259d07cc-bb32-4ed5-b90f-6d73abdeb7bb\",\"firefoxdav@icloud.com\" =\"110e6e2c-18f8-461d-9f26-b8f04482b6f1\",\"ciscowebexstart1@cisco.com\" =\"a4062240-e73a-4353-bddb-d608d84881f7\",\"{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}\" =\"9164e437-812b-4a07-8dfd-2fd73b39329b\",\"{036a55b4-5e72-4d05-a06c-cba2dfcc134a}\" =\"648fc678-a6fb-47cd-9792-fb9520678c17\",\"{446900e4-71c2-419f-a6a7-df9c091e268b}\" =\"f0b43422-070e-466e-85c9-6543f209f075\",\"jid1-MnnxcxisBPnSXQ@jetpack\" =\"4c448202-c843-4cae-b5c3-d11f2da58fa3\",\"soundfixer@unrelenting.technology\" =\"59b35eb8-1c85-4919-a905-80d120993ddc\",\"floccus@handmadeideas.org\" =\"8ad2956c-8091-41af-a689-7d2108f5958d\",\"{79b9dbcf-cc5a-4cda-89ef-c4ab097eb074}\" =\"c2a223a7-32e0-4726-9f20-17236702b1f5\",\"linkgopher@oooninja.com\" =\"a257858c-0dce-415b-b123-6222876cf843\"}";
"extensions.webextensions.uuids" =
"{\"formautofill@mozilla.org\" =\"851c83b7-26d5-449c-8cc9-d8951a0ce78d\",\"pictureinpicture@mozilla.org\" =\"42fa2650-5134-4bef-bafa-b73f9ae51bad\",\"screenshots@mozilla.org\" =\"efd2b692-43c4-433a-aea5-0cb79f8312d4\",\"webcompat-reporter@mozilla.org\" =\"c43a6be2-fb56-4253-b384-ce8e09a89999\",\"webcompat@mozilla.org\" =\"e25fd1bb-7c53-413f-9528-bb922c322a56\",\"default-theme@mozilla.org\" =\"610b67c3-9145-46f7-814f-d8ee2cc8edff\",\"addons-search-detection@mozilla.com\:\"caedb3ca-5cf5-4e23-a251-d742f23e6fc8\",\"uBlock0@raymondhill.net\" =\"7e7d9fd9-12bf-42d3-9c7c-9ffd05420ec7\",\"78272b6fa58f4a1abaac99321d503a20@proton.me\" =\"7242a067-06d8-430b-94a3-00d264cdd57b\",\"addon@darkreader.org\" =\"2f02b112-6acd-4bdc-af2c-1432eb527339\",\"jid1-xUfzOsOFlzSOXg@jetpack\" =\"d0c72046-9903-4118-8160-a028840bf928\",\"chrome-gnome-shell@gnome.org\" =\"a1ab53e6-b765-4f25-8349-383cc04682a0\",\"user-agent-switcher@ninetailed.ninja\" =\"259d07cc-bb32-4ed5-b90f-6d73abdeb7bb\",\"firefoxdav@icloud.com\" =\"110e6e2c-18f8-461d-9f26-b8f04482b6f1\",\"ciscowebexstart1@cisco.com\" =\"a4062240-e73a-4353-bddb-d608d84881f7\",\"{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}\" =\"9164e437-812b-4a07-8dfd-2fd73b39329b\",\"{036a55b4-5e72-4d05-a06c-cba2dfcc134a}\" =\"648fc678-a6fb-47cd-9792-fb9520678c17\",\"{446900e4-71c2-419f-a6a7-df9c091e268b}\" =\"f0b43422-070e-466e-85c9-6543f209f075\",\"jid1-MnnxcxisBPnSXQ@jetpack\" =\"4c448202-c843-4cae-b5c3-d11f2da58fa3\",\"soundfixer@unrelenting.technology\" =\"59b35eb8-1c85-4919-a905-80d120993ddc\",\"floccus@handmadeideas.org\" =\"8ad2956c-8091-41af-a689-7d2108f5958d\",\"{79b9dbcf-cc5a-4cda-89ef-c4ab097eb074}\" =\"c2a223a7-32e0-4726-9f20-17236702b1f5\",\"linkgopher@oooninja.com\" =\"a257858c-0dce-415b-b123-6222876cf843\"}";
};
};
}

2
modules/home/programs/mako/default.nix
View File

@@ -2,7 +2,7 @@
with lib;
let
cfg = config.mjallen.programs.mako;
nord = import ../../desktop/theme/nord.nix;
nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in
{
imports = [ ./options.nix ];

9
modules/home/programs/nwg-dock/default.nix
View File

@@ -1,8 +1,13 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.mjallen.programs.nwg-dock;
nord = import ../../desktop/theme/nord.nix;
nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in
{
imports = [ ./options.nix ];

9
modules/home/programs/nwg-drawer/default.nix
View File

@@ -1,8 +1,13 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.mjallen.programs.nwg-drawer;
nord = import ../../desktop/theme/nord.nix;
nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in
{
imports = [ ./options.nix ];

40
modules/home/programs/nwg-panel/options.nix
View File

@@ -7,14 +7,38 @@ with lib;
defaultApps = mkOption {
type = types.submodule {
options = {
browser = mkOption { type = types.package; default = pkgs.firefox; };
editor = mkOption { type = types.package; default = pkgs.micro; };
fileExplorer = mkOption { type = types.package; default = pkgs.nemo; };
visual = mkOption { type = types.package; default = pkgs.vscodium; };
terminal = mkOption { type = types.package; default = pkgs.kitty; };
office = mkOption { type = types.package; default = pkgs.onlyoffice-bin_latest; };
video = mkOption { type = types.package; default = pkgs.vlc; };
imageViewer = mkOption { type = types.package; default = pkgs.gnome-photos; };
browser = mkOption {
type = types.package;
default = pkgs.firefox;
};
editor = mkOption {
type = types.package;
default = pkgs.micro;
};
fileExplorer = mkOption {
type = types.package;
default = pkgs.nemo;
};
visual = mkOption {
type = types.package;
default = pkgs.vscodium;
};
terminal = mkOption {
type = types.package;
default = pkgs.kitty;
};
office = mkOption {
type = types.package;
default = pkgs.onlyoffice-bin_latest;
};
video = mkOption {
type = types.package;
default = pkgs.vlc;
};
imageViewer = mkOption {
type = types.package;
default = pkgs.gnome-photos;
};
};
};
description = "Default applications used across the system.";

66
modules/home/programs/waybar/default.nix
View File

@@ -2,7 +2,7 @@
with lib;
let
cfg = config.mjallen.programs.waybar;
nord = import ../../desktop/theme/nord.nix;
nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
defaultOpacity = "opacity: 0.85;";
defaultBorderRadius = "border-radius: 1rem;";
@@ -61,7 +61,30 @@ in
modules-center = [ "hyprland/window" ];
modules-right = cfg.modules-right;
modules-right = [
"tray"
"custom/left-end"
"temperature"
"temperature#gpu"
"keyboard-state#capslock"
"keyboard-state#numlock"
"wireplumber#sink"
"bluetooth"
"network"
"idle_inhibitor"
"custom/right-end"
"custom/left-end"
"clock"
"battery"
"custom/weather"
"custom/right-end"
];
# modules-right = [
# "tray"
# "custom/left-end" ] ++
# cfg.modules-right ++
# [ "custom/right-end" ];
# Module Definitions
# Left
@@ -290,7 +313,18 @@ in
return-type = "json";
markup = "pango";
};
} // cfg.extraModules;
"custom/left-end" = {
format = "&nbsp";
tooltip = false;
};
"custom/right-end" = {
format = "&nbsp";
tooltip = false;
};
}
// cfg.extraModules;
};
# * { font-size: 13px; }
@@ -372,7 +406,7 @@ in
${defaultBorderRadius}
${defaultCenterOptions}
margin-left: 4rem;
margin-right: 4rem;
margin-right: ${toString cfg.windowOffset}rem;
}
/* make window module transparent when no windows present */
@@ -384,7 +418,8 @@ in
color: ${nord.frost.nord10};
background-color: ${nord.polarNight.nord0};
${defaultOpacity}
${borderRight}
${defaultCenterOptions}
border-radius: 0;
}
#battery {
@@ -400,7 +435,8 @@ in
color: ${nord.frost.nord9};
background-color: ${nord.polarNight.nord0};
${defaultOpacity}
${borderLeft}
${defaultCenterOptions}
border-radius: 0;
}
/* ------------- */
@@ -409,7 +445,8 @@ in
color: ${nord.frost.nord10};
background-color: ${nord.polarNight.nord0};
${defaultOpacity}
${borderRight}
${defaultCenterOptions}
border-radius: 0;
padding-right: 1rem;
}
@@ -528,7 +565,20 @@ in
}
/* ------------- */
'' + cfg.extraModulesStyle or '''';
#custom-left-end {
background-color: ${nord.polarNight.nord0};
${defaultOpacity}
${borderLeft}
}
#custom-right-end {
background-color: ${nord.polarNight.nord0};
${defaultOpacity}
${borderRight}
}
''
+ cfg.extraModulesStyle or '''';
};
};
}

37
modules/home/programs/waybar/options.nix
View File

@@ -28,5 +28,42 @@ with lib;
type = types.str;
default = "";
};
windowOffset = mkOption {
type = types.int;
default = 4;
};
# Waybar modules config
# modules = mkOption {
# type = types.submodule {
# options = {
# # Modules
# window = mkOption {
# type = types.submodule {
# options = {
# # Waybar Module CSS
# margin-right = mkOption {
# type = types.str;
# default = "4";
# };
# };
# };
# };
# temperature = mkOption {
# type = types.submodule {
# options = {
# # Waybar Module CSS
# margin-right = mkOption {
# type = types.str;
# default = "4";
# };
# };
# };
# };
# };
# };
# default = { };
# };
};
}

10
modules/home/programs/waybar/scripts/hass.nix
View File

@@ -1,8 +1,14 @@
{ config, lib, namespace, pkgs, ... }:
{
config,
lib,
namespace,
pkgs,
...
}:
let
cfg = config.mjallen.programs.waybar;
pythonEnv = pkgs.python3.withPackages (ps: [
pythonEnv = pkgs.python3.withPackages (_ps: [
pkgs.${namespace}.homeassistant-api
]);

34
modules/home/programs/waybar/scripts/weather.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.mjallen.programs.waybar;
@@ -7,7 +12,6 @@ let
#! nix-shell -i python3 --pure
#! nix-shell -p python3 python3Packages.requests
"""get waybar weather"""
import os
import json
import shutil
@@ -93,12 +97,16 @@ let
WIND_DIRECTION = {
"S": "",
"SW": "",
"SSW": "",
"W": "",
"NW": "",
"NNW": "",
"N": "",
"NE": "",
"NNE": "",
"E": "",
"SE": "",
"SSE": "",
}
MOON_PHASES = (
@@ -334,11 +342,13 @@ let
moon_phase = astronomy['moon_phase']
wego = WEATHER_CODES_WEGO[current_condition['weatherCode']]
tooltip = f"{wego[0]}{weather_description} {temp_f}°\n"
tooltip += f"{wego[1]}Feels like: {feels_like_f}°\n"
tooltip += f"{wego[2]}Wind: {wind_speed}mph {WIND_DIRECTION[wind_dir]}\n"
tooltip += f"{wego[3]}Humidity: {humidity}%\n"
tooltip += f"{wego[4]}Moon phase: {moon_phase} " + moon_icon + "\n"
current = f"{wego[0]}{weather_description} {temp_f}°\n"
feels = f"{wego[1]}Feels like: {feels_like_f}°\n"
wind = f"{wego[2]}Wind: {wind_speed}mph {WIND_DIRECTION[wind_dir]}\n"
humidityl = f"{wego[3]}Humidity: {humidity}%\n"
moon = f"{wego[4]}Moon phase: {moon_phase} " + moon_icon + "\n"
tooltip = current + feels + wind + humidityl + moon
return tooltip
@@ -414,9 +424,12 @@ let
current_condition = weather["current_condition"][0]
astronomy = weather["weather"][0]['astronomy'][0]
data["text"] = build_text(current_condition)
data["tooltip"] = build_tooltip(current_condition, astronomy, moon_icon)
data["tooltip"] += build_forecast(weather["weather"])
text = build_text(current_condition)
tooltip = build_tooltip(current_condition, astronomy, moon_icon) + build_forecast(weather["weather"])
data["text"] = text
data["tooltip"] = tooltip
return json.dumps(data)
@@ -425,6 +438,7 @@ let
try:
print(get_wttr_json())
except Exception as e:
print("error")
print(e)
main()

2
modules/home/programs/wlogout/default.nix
View File

@@ -2,7 +2,7 @@
with lib;
let
cfg = config.mjallen.programs.wlogout;
nord = import ../../desktop/theme/nord.nix;
nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in
{
imports = [ ./options.nix ];

2
modules/home/programs/wofi/default.nix
View File

@@ -2,7 +2,7 @@
with lib;
let
cfg = config.mjallen.programs.wofi;
nord = import ../../desktop/theme/nord.nix;
nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in
{
imports = [ ./options.nix ];

57
modules/home/shell-aliases/default.nix Normal file
View File

@@ -0,0 +1,57 @@
{
config,
lib,
...
}:
let
cfg = config.mjallen.shell-aliases;
in
{
options.mjallen.shell-aliases = {
enable = lib.mkEnableOption "Common shell aliases";
buildHost = lib.mkOption {
type = lib.types.str;
default = "admin@10.0.1.3";
description = "Build host for nixos-rebuild commands";
};
flakeInputs = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "List of flake inputs to update";
};
extraAliases = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = { };
description = "Additional host-specific aliases";
};
};
config = lib.mkIf cfg.enable {
programs.zsh.shellAliases = {
# Common file operations
ll = "ls -alh";
ducks = "du -cksh * | sort -hr | head -n 15";
# NixOS rebuild commands
update-boot =
"sudo nixos-rebuild boot --max-jobs 10"
+ lib.optionalString (cfg.buildHost != "") " --build-host ${cfg.buildHost}";
update-switch =
"sudo nixos-rebuild switch --max-jobs 10"
+ lib.optionalString (cfg.buildHost != "") " --build-host ${cfg.buildHost}";
# Flake update command
update-flake = lib.mkIf (
cfg.flakeInputs != [ ]
) "nix flake update ${lib.concatStringsSep " " cfg.flakeInputs} --flake /etc/nixos";
# NAS management
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
nas-ssh = "kitten ssh admin@10.0.1.3";
}
// cfg.extraAliases;
};
}

8
modules/home/sops/default.nix
View File

@@ -1,9 +1,13 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
let
cfg = config.mjallen.sops;
user = config.${namespace}.user.name;
hostname = config.${namespace}.network.hostname;
in
{
imports = [ ./options.nix ];

3
modules/home/user/default.nix
View File

@@ -65,8 +65,7 @@ in
];
home = {
file =
{
file = {
"Desktop/.keep".text = "";
"Documents/.keep".text = "";
"Downloads/.keep".text = "";

15
modules/nixos/actual/default.nix
View File

@@ -1,7 +1,13 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.actual;
cfg = config.${namespace}.services.actual;
dataDir = "/data";
hostAddress = "10.0.1.3";
actualUserId = config.users.users.nix-apps.uid;
@@ -24,7 +30,8 @@ in
};
};
config = { lib, ... }:
config =
{ lib, ... }:
{
services.actual = {
enable = true;
@@ -69,7 +76,7 @@ in
ExecStart = lib.mkForce "${pkgs.actual-server}/bin/actual-server --config ${dataDir}/config.json";
WorkingDirectory = lib.mkForce dataDir;
StateDirectory = lib.mkForce dataDir;
StateDirectoryMode = lib.mkForce 0700;
StateDirectoryMode = lib.mkForce 700;
DynamicUser = lib.mkForce false;
ProtectSystem = lib.mkForce null;
};

4
modules/nixos/actual/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.actual = {
options.${namespace}.services.actual = {
enable = mkEnableOption "actual service";
port = mkOption {

9
modules/nixos/apps/free-games-claimer/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, ... }:
{
lib,
config,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.free-games-claimer;
cfg = config.${namespace}.services.free-games-claimer;
in
{
imports = [ ./options.nix ];

6
modules/nixos/apps/free-games-claimer/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.free-games-claimer = {
options.${namespace}.services.free-games-claimer = {
enable = mkEnableOption "free-games-claimer docker service";
autoStart = mkOption {
@@ -26,7 +26,7 @@ with lib;
dataPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/free-games-claimer";
default = "/media/nas/main/nix-app-data/free-games-claimer";
};
puid = mkOption {

9
modules/nixos/apps/manyfold/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, ... }:
{
lib,
config,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.manyfold;
cfg = config.${namespace}.services.manyfold;
in
{
imports = [ ./options.nix ];

6
modules/nixos/apps/manyfold/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.manyfold = {
options.${namespace}.services.manyfold = {
enable = mkEnableOption "manyfold docker service";
autoStart = mkOption {
@@ -26,7 +26,7 @@ with lib;
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/manyfold";
default = "/media/nas/main/nix-app-data/manyfold";
};
dataPath = mkOption {

9
modules/nixos/apps/mongodb/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, ... }:
{
lib,
config,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.mongodb;
cfg = config.${namespace}.services.mongodb;
in
{
imports = [ ./options.nix ];

6
modules/nixos/apps/mongodb/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.mongodb = {
options.${namespace}.services.mongodb = {
enable = mkEnableOption "mongodb docker service";
autoStart = mkOption {
@@ -26,7 +26,7 @@ with lib;
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/mongodb";
default = "/media/nas/main/mongodb";
};
puid = mkOption {

9
modules/nixos/apps/tdarr/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, ... }:
{
lib,
config,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.tdarr;
cfg = config.${namespace}.services.tdarr;
in
{
imports = [ ./options.nix ];

12
modules/nixos/apps/tdarr/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.tdarr = {
options.${namespace}.services.tdarr = {
enable = mkEnableOption "tdarr docker service";
autoStart = mkOption {
@@ -31,22 +31,22 @@ with lib;
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/tdarr/config";
default = "/media/nas/main/nix-app-data/tdarr/config";
};
serverPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/tdarr/server";
default = "/media/nas/main/nix-app-data/tdarr/server";
};
logPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/tdarr/logs";
default = "/media/nas/main/nix-app-data/tdarr/logs";
};
transcodePath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/tdarr/transcode";
default = "/media/nas/main/nix-app-data/tdarr/transcode";
};
moviesPath = mkOption {

9
modules/nixos/apps/your-spotify/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, ... }:
{
lib,
config,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.your_spotify;
cfg = config.${namespace}.services.your_spotify;
in
{
imports = [ ./options.nix ];

6
modules/nixos/apps/your-spotify/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.your_spotify = {
options.${namespace}.services.your_spotify = {
enable = mkEnableOption "your_spotify docker service";
autoStart = mkOption {
@@ -36,7 +36,7 @@ with lib;
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/your_spotify";
default = "/media/nas/main/nix-app-data/your_spotify";
};
puid = mkOption {

25
modules/nixos/arrs/default.nix
View File

@@ -2,11 +2,12 @@
config,
pkgs,
lib,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.arrs;
cfg = config.${namespace}.services.arrs;
radarrDataDir = "/var/lib/radarr";
downloadDir = "/downloads";
incompleteDir = "/downloads-incomplete";
@@ -40,7 +41,9 @@ in
{
nixpkgs.config = {
allowUnfree = lib.mkForce true;
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"unrar"
];
};
@@ -232,8 +235,22 @@ in
];
};
firewall = {
allowedTCPPorts = [ cfg.radarr.port cfg.sonarr.port cfg.sabnzbd.port 8080 cfg.deluge.port cfg.jackett.port ];
allowedUDPPorts = [ cfg.radarr.port cfg.sonarr.port cfg.sabnzbd.port 8080 cfg.deluge.port cfg.jackett.port ];
allowedTCPPorts = [
cfg.radarr.port
cfg.sonarr.port
cfg.sabnzbd.port
8080
cfg.deluge.port
cfg.jackett.port
];
allowedUDPPorts = [
cfg.radarr.port
cfg.sonarr.port
cfg.sabnzbd.port
8080
cfg.deluge.port
cfg.jackett.port
];
};
};
};

4
modules/nixos/arrs/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.arrs = {
options.${namespace}.services.arrs = {
enable = mkEnableOption "arrs services";
radarr = {

24
modules/nixos/boot/default.nix
View File

@@ -1,9 +1,31 @@
{ ... }:
{
pkgs,
system,
lib,
...
}:
let
isArm = ("aarch64-linux" == system);
in
{
boot = {
kernelParams = [
"quiet"
];
binfmt = lib.mkIf isArm {
registrations."x86_64-linux" = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
openBinary = true;
interpreter = "${pkgs.box64}/bin/box64";
preserveArgvZero = true;
matchCredentials = true;
fixBinary = false;
};
};
supportedFilesystems = [ "bcachefs" ];
};
zramSwap.enable = true;

7
modules/nixos/boot/lanzaboote/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, inputs, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.bootloader.lanzaboote;

22
modules/nixos/crowdsec/default.nix
View File

@@ -1,20 +1,28 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.crowdsec;
cfg = config.${namespace}.services.crowdsec;
in
{
imports = [ ./options.nix ];
config = lib.mkIf cfg.enable {
services = {
crowdsec = let
crowdsec =
let
yaml = (pkgs.formats.yaml { }).generate;
acquisitions_file = yaml "acquisitions.yaml" {
source = "journalctl";
journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ];
labels.type = "syslog";
};
in {
in
{
enable = true;
enrollKeyFile = "${cfg.dataDir}/enroll.key";
settings = {
@@ -35,7 +43,8 @@ in
};
systemd.services.crowdsec.serviceConfig = {
ExecStartPre = let
ExecStartPre =
let
script = pkgs.writeScriptBin "register-bouncer" ''
#!${pkgs.runtimeShell}
set -eu
@@ -45,7 +54,8 @@ in
cscli bouncers add "nas-bouncer" --key "${cfg.apiKey}"
fi
'';
in ["${script}/bin/register-bouncer"];
in
[ "${script}/bin/register-bouncer" ];
};
networking = {

4
modules/nixos/crowdsec/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.crowdsec = {
options.${namespace}.services.crowdsec = {
enable = mkEnableOption "crowdsec service";
port = mkOption {

7
modules/nixos/desktop/cosmic/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.cosmic;
in

10
modules/nixos/desktop/gnome/default.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, pkgs, namespace, ... }:
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.gnome;
in
@@ -22,7 +28,7 @@ in
programs = {
kdeconnect = {
enable = true;
enable = lib.mkDefault true;
package = pkgs.gnomeExtensions.gsconnect;
};
};

16
modules/nixos/desktop/hyprland/default.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, lib, namespace, ... }:
{
config,
pkgs,
lib,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.hyprland;
@@ -26,7 +32,10 @@ in
imports = [ ../../../home/desktop/hyprland/options.nix ];
config = lib.mkIf cfg.enable {
environment.systemPackages = [ bing-wallpaper pkgs.jq ];
environment.systemPackages = [
bing-wallpaper
pkgs.jq
];
services = {
displayManager = {
@@ -131,9 +140,6 @@ in
};
};
};
extraConfig = ''
DefaultTimeoutStopSec=10s
'';
};
security = {

92
modules/nixos/development/default.nix Normal file
View File

@@ -0,0 +1,92 @@
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.development;
in
{
options.${namespace}.development = {
enable = lib.mkEnableOption "Common development tools and packages";
includeLanguages = lib.mkOption {
type = lib.types.listOf (
lib.types.enum [
"python"
"c"
"rust"
"nodejs"
]
);
default = [
"python"
"c"
];
description = "Programming languages to include tools for";
};
includeContainers = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Include container development tools";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages =
with pkgs;
[
# Version control
git
# Build tools
cmake
ninja
binutils
# System utilities
jq
# Text processing
]
++ lib.optionals (builtins.elem "python" cfg.includeLanguages) [
python3
python3Packages.pip
]
++ lib.optionals (builtins.elem "c" cfg.includeLanguages) [
gcc
gdb
]
++ lib.optionals (builtins.elem "rust" cfg.includeLanguages) [
rustc
cargo
]
++ lib.optionals (builtins.elem "nodejs" cfg.includeLanguages) [
nodejs
npm
]
++ lib.optionals cfg.includeContainers [
docker-compose
podman-compose
];
# Enable container support if requested
virtualisation.podman = lib.mkIf cfg.includeContainers {
enable = true;
dockerCompat = true;
autoPrune.enable = true;
defaultNetwork.settings = {
dns_enabled = true;
};
};
# Common development programs
programs = {
nix-ld.enable = lib.mkDefault true;
};
};
}

141
modules/nixos/disko/aarch64-linux/default.nix
View File

@@ -1,19 +1,79 @@
{ config, lib, system, ... }:
{
config,
lib,
system,
namespace,
...
}:
let
cfg = config.${namespace}.hardware.disko;
isArm = builtins.match "aarch64*" system != null;
rootDisk = "/dev/nvme0n1";
in
{
config = lib.mkIf isArm {
disko.devices = {
nodev."/" = {
fsType = "tmpfs";
# BTRFS root partition configuration
btrfsRoot = {
name = "btrfs-root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
"home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"root" = {
mountOptions = [
"mode=755"
"defaults"
"size=2G"
"compress=zstd"
"noatime"
];
mountpoint = "/root";
};
"nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"etc" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/etc";
};
"log" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/var/log";
};
};
};
};
# BCacheFS root partition configuration
bcachefsRoot = {
size = "100%";
content = {
type = "bcachefs";
# This refers to a filesystem in the `bcachefs_filesystems` attrset below.
filesystem = "mounted_subvolumes_in_multi";
label = "ssd.ssd1";
extraFormatArgs = [
"--discard"
];
};
};
in
{
imports = [ ../options.nix ];
config = lib.mkIf (isArm && cfg.enable) {
disko.devices = {
# root disk setup
disk.main = {
type = "disk";
@@ -53,58 +113,33 @@ in
};
};
root = {
name = "btrfs-root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
"home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
root = if cfg.filesystem == "btrfs" then btrfsRoot else bcachefsRoot;
};
"root" = {
mountOptions = [
"compress=zstd"
"noatime"
};
};
bcachefs_filesystems = lib.mkIf (cfg.filesystem == "bcachefs") {
mounted_subvolumes_in_multi = {
type = "bcachefs_filesystem";
# passwordFile = "/etc/nixos/pool.jwe";
extraFormatArgs = [
"--compression=zstd"
];
mountpoint = "/root";
subvolumes = {
"/root" = {
mountpoint = "/";
};
"nix" = {
"/persistent" = {
mountpoint = "/persistent";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"etc" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/etc";
};
"tmp" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/tmp";
};
"log" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/var/log";
};
};
};
};
};
mountpoint = "/partition-root";
};
};
};

8
modules/nixos/disko/options.nix
View File

@@ -3,5 +3,13 @@ with lib;
{
options.${namespace}.hardware.disko = {
enable = mkEnableOption "enable disko";
filesystem = mkOption {
type = types.enum [
"bcachefs"
"btrfs"
];
default = "btrfs";
description = "Filesystem to use for the root partition";
};
};
}

127
modules/nixos/disko/x86_64-linux/default.nix
View File

@@ -1,47 +1,17 @@
{ config, lib, system, namespace, ... }:
{
config,
lib,
system,
namespace,
...
}:
let
cfg = config.${namespace}.hardware.disko;
isArm = builtins.match "aarch64*" system != null;
rootDisk = "/dev/nvme0n1";
in
{
imports = [ ../options.nix ];
config = lib.mkIf (cfg.enable && !isArm) {
disko.devices = {
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"mode=755"
"defaults"
"size=25%"
];
};
# root disk setup
disk.main = {
type = "disk";
device = rootDisk;
imageSize = "32G";
content = {
type = "gpt";
# specify partitions
partitions = {
# /boot
ESP = {
priority = 1;
name = "ESP";
start = "1M";
end = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
# BTRFS root partition configuration
btrfsRoot = {
name = "btrfs-root";
size = "100%";
content = {
@@ -85,9 +55,88 @@ in
};
};
};
# BCacheFS root partition configuration
bcachefsRoot = {
size = "100%";
content = {
type = "bcachefs";
# This refers to a filesystem in the `bcachefs_filesystems` attrset below.
filesystem = "mounted_subvolumes_in_multi";
label = "ssd.ssd1";
extraFormatArgs = [
"--discard"
];
};
};
in
{
imports = [ ../options.nix ];
config = lib.mkIf (!isArm && cfg.enable) {
disko.devices = lib.mkMerge [
{
disk = {
main = {
device = rootDisk;
type = "disk";
imageSize = "32G";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "100M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = if cfg.filesystem == "btrfs" then btrfsRoot else bcachefsRoot;
};
};
};
};
bcachefs_filesystems = lib.mkIf (cfg.filesystem == "bcachefs") {
mounted_subvolumes_in_multi = {
type = "bcachefs_filesystem";
# passwordFile = "/etc/nixos/pool.jwe";
extraFormatArgs = [
"--compression=zstd"
];
subvolumes = {
"subvolumes/root" = {
mountpoint = "/";
mountOptions = [
"verbose"
];
};
"subvolumes/persistent" = {
mountpoint = "/persistent";
};
"subvolumes/nix" = {
mountOptions = [
"noatime"
];
mountpoint = "/nix";
};
};
};
};
}
(lib.mkIf (cfg.filesystem == "btrfs") {
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"mode=755"
"defaults"
"size=25%"
];
};
})
];
};
}

7
modules/nixos/fonts/default.nix
View File

@@ -1,11 +1,14 @@
{ lib, pkgs, ... }:
{
fonts.packages = with pkgs; [
fonts.packages =
with pkgs;
[
font-awesome
noto-fonts
noto-fonts-color-emoji
meslo-lgs-nf
] ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
]
++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
fonts.fontconfig.defaultFonts = {
emoji = [

9
modules/nixos/gaming/default.nix
View File

@@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.share.gaming;
pkgsVersion = pkgs; # .unstable;
@@ -57,7 +62,7 @@ in
nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {
extraPkgs =
pkgs: with pkgsVersion; [
_pkgs: with pkgsVersion; [
xorg.libXcursor
xorg.libXi
xorg.libXinerama

29
modules/nixos/gitea/default.nix
View File

@@ -1,13 +1,18 @@
{ config, lib, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.gitea;
cfg = config.${namespace}.services.gitea;
hostAddress = "10.0.1.3";
# localAddress = "10.0.4.18";
# httpPort = 3000;
# sshPort = 2222;
rootUrl = "https://gitea.mjallen.dev/";
# stateDir = "/media/nas/ssd/nix-app-data/gitea";
# stateDir = "/media/nas/main/nix-app-data/gitea";
dataDir = "/var/lib/gitea";
secretsDir = "/run/secrets/jallen-nas/gitea";
mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path;
@@ -34,7 +39,8 @@ in
};
};
config = { lib, ... }:
config =
{ lib, ... }:
{
services.gitea = {
enable = true;
@@ -71,7 +77,10 @@ in
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ cfg.httpPort cfg.sshPort ];
allowedTCPPorts = [
cfg.httpPort
cfg.sshPort
];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
@@ -122,8 +131,14 @@ in
];
};
firewall = {
allowedTCPPorts = [ cfg.httpPort cfg.sshPort ];
allowedUDPPorts = [ cfg.httpPort cfg.sshPort ];
allowedTCPPorts = [
cfg.httpPort
cfg.sshPort
];
allowedUDPPorts = [
cfg.httpPort
cfg.sshPort
];
};
};
};

4
modules/nixos/gitea/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.gitea = {
options.${namespace}.services.gitea = {
enable = mkEnableOption "gitea service";
httpPort = mkOption {

16
modules/nixos/home/default.nix
View File

@@ -4,8 +4,12 @@
options,
namespace,
inputs,
system,
...
}:
let
isArm = ("aarch64-linux" == system);
in
{
options.${namespace}.home = with lib.types; {
@@ -47,13 +51,17 @@
};
# Make ALL external HM modules available globally
sharedModules = with inputs; [
sharedModules =
with inputs;
[
sops-nix.homeManagerModules.sops
steam-rom-manager.homeManagerModules.default
# Add any other external HM modules here
];
]
++ (if (!isArm) then with inputs; [ steam-rom-manager.homeManagerModules.default ] else [ ]);
users.${config.${namespace}.user.name} = lib.mkAliasDefinitions options.${namespace}.home.extraOptions;
users.${config.${namespace}.user.name} =
lib.mkAliasDefinitions
options.${namespace}.home.extraOptions;
# users.admin = lib.mkAliasDefinitions options.${namespace}.home.extraOptions;
verbose = true;

75
modules/nixos/homeassistant/default.nix
View File

@@ -1,23 +1,14 @@
{ config, lib, pkgs, namespace, ... }:
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.services.home-assistant;
mosquittoPort = 1883;
zigbee2mqttPort = 8080;
# In configuration.nix or a separate file
python-steam = pkgs.python3Packages.buildPythonPackage rec {
pname = "steam";
version = "1.4.4";
pyproject = false;
src = pkgs.fetchPypi {
inherit pname version;
sha256 = "sha256-K1vWkRwNSnMS9EG40WK52NR8i+u478bIhnOTsDI/pS4=";
};
buildInputs = with pkgs.python3Packages; [ setuptools ];
doCheck = false; # no tests in the PyPI tarball
};
in
{
imports = [ ./options.nix ];
@@ -60,6 +51,7 @@ in
"nws"
"ollama"
"onedrive"
"open_router"
"ping"
"radio_browser"
"samsungtv"
@@ -87,6 +79,7 @@ in
pkgs.${namespace}.ha-icloud3
pkgs.${namespace}.ha-mail-and-packages
pkgs.${namespace}.ha-nanokvm
pkgs.${namespace}.ha-openhasp
pkgs.${namespace}.ha-overseerr
pkgs.${namespace}.ha-petlibro
pkgs.${namespace}.ha-wyzeapi
@@ -106,7 +99,8 @@ in
zigbee2mqtt-networkmap
];
# use postgresql instead of sqlite
extraPackages = ps: with ps; [
extraPackages =
ps: with ps; [
# Core functionality
aiohttp
aiodns
@@ -190,7 +184,7 @@ in
gehomesdk
onedrive-personal-sdk
python-roborock
python-steam
pkgs.${namespace}.python-steam
apple-weatherkit
samsungctl
@@ -226,7 +220,7 @@ in
trusted_proxies = [
"172.30.33.0/24"
"10.0.1.4"
"10.0.4.2"
"10.0.1.3"
"10.0.1.18"
"10.0.1.0/24"
];
@@ -244,6 +238,43 @@ in
# https://www.home-assistant.io/integrations/ota_updater/
zha.zigpy_config.ota.z2m_remote_index = "https://raw.githubusercontent.com/Koenkk/zigbee-OTA/master/index.json";
openhasp = {
plate = {
objects = [
{
obj = "p0b1"; # temperature label on all pages
properties = {
"text" = ''{{ states("sensor.thermostat_current_temperature") }}°F'';
};
}
{
obj = "p1b2"; # light-switch toggle button
properties = {
"val" = ''{{ 1 if states("light.living_room_lights") == "on" else 0 }}'';
"text" = ''{{ "\uE6E8" if is_state("light.living_room_lights", "on") else "\uE335" | e }}'';
};
event = {
"up" = {
service = "homeassistant.toggle";
entity_id = "light.living_room_lights";
};
};
}
{
obj = "p1b3"; # dropdown
event = {
"changed" = {
service = "persistent_notification.create";
data = {
message = "I like {{ text }}";
};
};
};
}
];
};
};
};
};
@@ -262,10 +293,12 @@ in
postgresql = {
enable = true;
ensureDatabases = [ "hass" ];
ensureUsers = [{
ensureUsers = [
{
name = "hass";
ensureDBOwnership = true;
}];
}
];
};
# Enable and configure Mosquitto MQTT broker

7
modules/nixos/immich/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.immich;

143
modules/nixos/impermanence/default.nix
View File

@@ -1,9 +1,137 @@
{ ... }:
{
# Set up impernance configuration for things like bluetooth
# In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.impermanence;
in
{
imports = [ ./options.nix ];
environment.persistence."/nix/persist/system" = {
config = mkIf cfg.enable {
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
system.activationScripts = {
"var-lib-private-permissions" = {
deps = [ "createPersistentStorageDirs" ];
text = ''
mkdir -p /var/lib/private
chmod 0700 /var/lib/private
'';
};
};
boot.initrd.systemd.services.rootfs-cleanup = {
description = "Clean file system root";
wantedBy = [
"initrd.target"
];
after = [
"initrd-root-device.target"
];
before = [
"sysroot.mount"
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script =
if (hasAttr "/" config.fileSystems) && (config.fileSystems."/".fsType == "btrfs") then
''
# workaround for machines without working rtc battery
# The time may not yet be correctly set, so wait until it is
if [[ $(date '+%s') -lt 1730469314 ]]; then
sleep 30 # this should hopefully be enough
fi
mkdir /btrfs_tmp
mount ${config.fileSystems."/".device} -t btrfs /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %X /btrfs_tmp/root)" "+%Y-%m-%d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1" || rm -rf "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -atime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
''
else if (hasAttr "/" config.fileSystems) && (config.fileSystems."/".fsType == "bcachefs") then
''
# workaround for machines without working rtc battery
# The time may not yet be correctly set, so wait until it is
if [[ $(date '+%s') -lt 1730469314 ]]; then
sleep 30 # this should hopefully be enough
fi
if [[ -e /root_tmp/root ]]; then
mkdir -p /root_tmp/old_roots
timestamp=$(date --date="@$(stat -c %X /root_tmp/root)" "+%Y-%m-%d_%H:%M:%S")
mv /root_tmp/root "/root_tmp/old_roots/$timestamp"
fi
for i in $(find /root_tmp/old_roots/ -maxdepth 1 -atime +30); do
bcachefs subvolume delete $i
done
bcachefs subvolume create /root_tmp/root
''
else
# For tmpfs or other filesystems, do nothing
"";
};
assertions = [
{
assertion = hasAttr "/" config.fileSystems;
message = "To use impermanence, you need to define a root volume";
}
{
assertion =
if hasAttr "/" config.fileSystems then
config.fileSystems."/".fsType == "btrfs"
|| config.fileSystems."/".fsType == "bcachefs"
|| config.fileSystems."/".fsType == "tmpfs"
else
false;
message = "rootfs must be btrfs, bcachefs, or tmpfs; not " + config.fileSystems."/".fsType;
}
{
assertion =
if
hasAttr "/" config.fileSystems
&& (config.fileSystems."/".fsType == "btrfs" || config.fileSystems."/".fsType == "bcachefs")
then
any (
t: t == "subvol=root" || t == "subvol=/root" || t == "X-mount.subdir=subvolumes/root"
) config.fileSystems."/".options
else
true;
message = "btrfs or bcachefs rootfs must mount subvolume root";
}
{
assertion = !config.boot.isContainer;
message = "impermanence is not supported in containers";
}
];
environment.persistence.${cfg.persistencePath} = {
hideMounts = true;
directories = [
"/var/lib/bluetooth"
@@ -64,10 +192,5 @@
"/etc/machine-id"
];
};
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
};
}

12
modules/nixos/impermanence/options.nix Normal file
View File

@@ -0,0 +1,12 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.impermanence = {
enable = mkEnableOption "enable impermanence";
persistencePath = mkOption {
type = types.str;
default = "/nix/persist/system";
description = "Path to the persistence directory";
};
};
}

9
modules/nixos/jellyfin/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.jellyfin;
@@ -12,7 +17,7 @@ in
openFirewall = true;
user = "nix-apps";
group = "jallen-nas";
dataDir = "/media/nas/ssd/nix-app-data/jellyfin";
dataDir = "/media/nas/main/nix-app-data/jellyfin";
# cacheDir = "/cache";
};
};

9
modules/nixos/jellyseerr/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.jellyseerr;
@@ -20,7 +25,7 @@ in
bindMounts = {
${dataDir} = {
hostPath = "/media/nas/ssd/nix-app-data/jellyseerr";
hostPath = "/media/nas/main/nix-app-data/jellyseerr";
isReadOnly = false;
};
};

13
modules/nixos/lubelogger/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.lubelogger;
@@ -12,11 +17,11 @@ in
image = "ghcr.io/hargata/lubelogger";
ports = [ "6754:8080" ];
volumes = [
"/media/nas/ssd/nix-app-data/lubelogger:/App/data"
"/media/nas/ssd/nix-app-data/lubelogger/keys:/root/.aspnet/DataProtection-Keys"
"/media/nas/main/nix-app-data/lubelogger:/App/data"
"/media/nas/main/nix-app-data/lubelogger/keys:/root/.aspnet/DataProtection-Keys"
];
environmentFiles = [
"/media/nas/ssd/nix-app-data/lubelogger/lubelogger.env"
"/media/nas/main/nix-app-data/lubelogger/lubelogger.env"
];
environment = {
PUID = toString config.users.users.nix-apps.uid;

53
modules/nixos/monitoring/default.nix Normal file
View File

@@ -0,0 +1,53 @@
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.monitoring;
in
{
options.${namespace}.monitoring = {
enable = lib.mkEnableOption "Common monitoring and system tools";
includeNetworkTools = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Include network monitoring tools";
};
includePerformanceTools = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Include performance monitoring tools";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages =
with pkgs;
[
# Basic system monitoring
htop
]
++ lib.optionals cfg.includePerformanceTools [
glances
nmon
iotop
]
++ lib.optionals cfg.includeNetworkTools [
speedtest-cli
iftop
nethogs
tcpdump
wireshark-cli
];
# Enable common system services for monitoring
programs.screen.enable = lib.mkDefault true;
};
}

191
modules/nixos/network/default.nix
View File

@@ -9,113 +9,45 @@ let
cfg = config.${namespace}.network;
in
{
options.${namespace}.network = with types; {
hostName = lib.mkOption {
type = str;
default = "nixos";
description = "The hostname of the system.";
};
ipv4 = {
method = mkOption {
type = types.str;
default = "auto";
};
address = lib.mkOption {
type = types.str;
default = "10.0.1.1";
};
gateway = lib.mkOption {
type = types.str;
default = "10.0.1.1";
};
dns = lib.mkOption {
type = types.str;
default = "10.0.1.1";
};
};
};
imports = [
./options.nix
];
config = {
networking = {
hostName = lib.mkForce cfg.hostName;
# Enable Network Manager
networkmanager = {
# Use networkd if enabled
useNetworkd = lib.mkIf cfg.useNetworkd true;
# Set default gateway and nameservers if in manual mode
defaultGateway = lib.mkIf (cfg.ipv4.method == "manual") {
address = cfg.ipv4.gateway;
interface = lib.mkIf (cfg.ipv4.interface != "") cfg.ipv4.interface;
};
nameservers = lib.mkIf (cfg.ipv4.method == "manual") [ cfg.ipv4.dns ];
# Set hostId if provided
hostId = lib.mkIf (cfg.hostId != "") cfg.hostId;
# Configure NAT if enabled
nat = lib.mkIf cfg.nat.enable {
enable = true;
wifi.powersave = lib.mkDefault false;
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
ensureProfiles = {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = {
"Joey's Jungle 6G" = {
connection = {
id = "Joey's Jungle 6G";
type = "wifi";
};
ipv4 = if (cfg.ipv4.method == "auto")
then
{
method = "auto";
}
else
{
address1 = cfg.ipv4.address;
dns = cfg.ipv4.dns;
gateway = cfg.ipv4.gateway;
method = "manual";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 6G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
internalInterfaces = cfg.nat.internalInterfaces;
externalInterface = cfg.nat.externalInterface;
enableIPv6 = cfg.nat.enableIPv6;
};
"Joey's Jungle 5G" = {
connection = {
id = "Joey's Jungle 5G";
type = "wifi";
};
ipv4 = if (cfg.ipv4.method == "auto")
then
{
method = "auto";
}
else
{
address1 = cfg.ipv4.address;
dns = cfg.ipv4.dns;
gateway = cfg.ipv4.gateway;
method = "manual";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 5G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
};
};
};
# Configure firewall
firewall = {
enable = cfg.firewall.enable;
allowPing = cfg.firewall.allowPing;
allowedTCPPorts = cfg.firewall.allowedTCPPorts;
allowedUDPPorts = cfg.firewall.allowedUDPPorts;
trustedInterfaces = cfg.firewall.trustedInterfaces;
# Default port ranges for KDE Connect
allowedTCPPortRanges = [
{
from = 1714;
@@ -123,7 +55,70 @@ in
}
];
allowedUDPPortRanges = config.networking.firewall.allowedTCPPortRanges;
# Extra firewall commands
extraCommands = lib.mkIf (cfg.extraFirewallCommands != "") cfg.extraFirewallCommands;
};
# Configure iwd if enabled
wireless.iwd = lib.mkIf cfg.iwd.enable {
enable = true;
settings = cfg.iwd.settings;
};
# Configure NetworkManager
networkmanager = mkMerge [
# Disable NetworkManager when iwd is enabled
(mkIf cfg.iwd.enable {
enable = mkForce false;
wifi.backend = mkForce "iwd";
})
# Enable NetworkManager when wifi is enabled and iwd is disabled
(mkIf (cfg.wifi.enable && !cfg.iwd.enable) {
enable = true;
wifi.powersave = cfg.wifi.powersave;
settings.connectivity.uri = mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
# Configure WiFi profiles if any are defined
ensureProfiles = mkIf (cfg.wifi.profiles != { }) {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = mapAttrs (name: profile: {
connection = {
id = name;
type = "wifi";
};
ipv4 =
if (cfg.ipv4.method == "auto") then
{
method = "auto";
}
else
{
address1 = cfg.ipv4.address;
dns = cfg.ipv4.dns;
gateway = cfg.ipv4.gateway;
method = "manual";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = profile.ssid;
};
wifi-security = {
key-mgmt = profile.keyMgmt;
psk = profile.psk;
};
}) cfg.wifi.profiles;
};
})
];
};
};
}

162
modules/nixos/network/options.nix Normal file
View File

@@ -0,0 +1,162 @@
{
lib,
namespace,
...
}:
with lib;
{
options.${namespace}.network = with types; {
hostName = lib.mkOption {
type = str;
default = "nixos";
description = "The hostname of the system.";
};
ipv4 = {
method = mkOption {
type = types.str;
default = "auto";
description = "Method for IPv4 configuration (auto or manual).";
};
address = lib.mkOption {
type = types.str;
default = "10.0.1.1/24";
description = "IPv4 address with subnet mask (e.g., 10.0.1.1/24).";
};
gateway = lib.mkOption {
type = types.str;
default = "10.0.1.1";
description = "IPv4 default gateway.";
};
interface = lib.mkOption {
type = types.str;
default = "";
description = "Interface for the default gateway (required when using networkd).";
};
dns = lib.mkOption {
type = types.str;
default = "10.0.1.1";
description = "IPv4 DNS server.";
};
};
useNetworkd = mkOption {
type = types.bool;
default = false;
description = "Whether to use systemd-networkd for networking.";
};
nat = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable NAT.";
};
internalInterfaces = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of internal interfaces for NAT.";
};
externalInterface = mkOption {
type = types.str;
default = "";
description = "External interface for NAT.";
};
enableIPv6 = mkOption {
type = types.bool;
default = false;
description = "Whether to enable IPv6 NAT.";
};
};
firewall = {
enable = mkOption {
type = types.bool;
default = true;
description = "Whether to enable the firewall.";
};
allowPing = mkOption {
type = types.bool;
default = true;
description = "Whether to allow ICMP ping.";
};
allowedTCPPorts = mkOption {
type = types.listOf types.port;
default = [ ];
description = "List of allowed TCP ports.";
};
allowedUDPPorts = mkOption {
type = types.listOf types.port;
default = [ ];
description = "List of allowed UDP ports.";
};
trustedInterfaces = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of trusted interfaces.";
};
};
wifi = {
enable = mkOption {
type = types.bool;
default = true;
description = "Whether to enable WiFi configuration.";
};
powersave = mkOption {
type = types.bool;
default = false;
description = "Whether to enable WiFi power saving.";
};
profiles = mkOption {
type = types.attrsOf (
types.submodule {
options = {
ssid = mkOption {
type = types.str;
description = "SSID of the WiFi network.";
};
psk = mkOption {
type = types.str;
default = "$PSK";
description = "PSK environment variable for the WiFi password.";
};
keyMgmt = mkOption {
type = types.str;
default = "sae";
description = "Key management type (e.g., sae, wpa-psk).";
};
};
}
);
default = { };
description = "WiFi network profiles.";
};
};
hostId = mkOption {
type = types.str;
default = "";
description = "Host ID for ZFS and other services.";
};
iwd = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable iwd for wireless networking.";
};
settings = mkOption {
type = types.attrs;
default = { };
description = "Settings for iwd.";
};
};
extraFirewallCommands = mkOption {
type = types.str;
default = "";
description = "Extra commands for the firewall.";
};
};
}

17
modules/nixos/nextcloud/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.nextcloud;
@@ -47,20 +52,24 @@ in
};
"/var/lib/nextcloud" = {
hostPath = "/media/nas/ssd/nix-app-data/nextcloud";
hostPath = "/media/nas/main/nix-app-data/nextcloud";
isReadOnly = false;
mountPoint = "/var/lib/nextcloud";
};
"/var/lib/onlyoffice" = {
hostPath = "/media/nas/ssd/nix-app-data/onlyoffice";
hostPath = "/media/nas/main/nix-app-data/onlyoffice";
isReadOnly = false;
mountPoint = "/var/lib/onlyoffice";
};
};
config =
{ pkgs, lib, namespace, ... }:
{
pkgs,
lib,
...
}:
{
nixpkgs.config.allowUnfree = true;
networking.extraHosts = ''

4
modules/nixos/nix/default.nix
View File

@@ -3,10 +3,12 @@
nix = {
settings = {
substituters = [
"https://nixos-raspberrypi.cachix.org"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
warn-dirty = lib.mkForce false;
@@ -30,6 +32,8 @@
allowUnsupportedSystem = true;
permittedInsecurePackages = [
# ...
"libsoup-2.74.3"
"libxml2-2.13.8"
];
};
};

30
modules/nixos/ollama/default.nix
View File

@@ -1,19 +1,13 @@
{ config, lib, pkgs, namespace, ... }:
{
config,
lib,
pkgs,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.ollama;
llamaPackage = pkgs.llama-cpp.overrideAttrs (old: {
src = pkgs.fetchFromGitHub {
owner = "ggml-org";
repo = "llama.cpp";
rev = "b4920";
sha256 = "sha256-SnQIeY74JpAPRMxWcpklDH5D4CQvAgi0GYx5+ECk2J4=";
};
# Optionally override other attributes if you need to
# version = "my-fork-version";
# pname = "llama-cpp-custom";
});
in
{
imports = [ ./options.nix ];
@@ -27,18 +21,18 @@ in
group = "jallen-nas";
openFirewall = true;
acceleration = "cuda";
home = "/media/nas/ssd/nix-app-data/ollama";
home = "/media/nas/main/nix-app-data/ollama";
};
environment.systemPackages = [ llamaPackage ];
environment.systemPackages = [ pkgs.stable.llama-cpp ];
services.llama-cpp = {
enable = true;
port = 8127;
host = "0.0.0.0";
openFirewall = true;
model = "/media/nas/ssd/nix-app-data/llama-cpp/models/functionary-small-v3.2-GGUF/functionary-small-v3.2.Q4_0.gguf";
package = llamaPackage; # pkgs.unstable.llama-cpp;
model = "/media/nas/main/nix-app-data/llama-cpp/models/functionary-small-v3.2-GGUF/functionary-small-v3.2.Q4_0.gguf";
package = pkgs.stable.llama-cpp;
extraFlags = [
"--n_gpu-layers"
"500"
@@ -55,7 +49,7 @@ in
host = "0.0.0.0";
port = 8888;
openFirewall = true;
# stateDir = "/media/nas/ssd/nix-app-data/open-webui";
# stateDir = "/media/nas/main/nix-app-data/open-webui";
environmentFile = config.sops.secrets."jallen-nas/open-webui".path;
environment = {
OPENID_PROVIDER_URL = "https://authentik.mjallen.dev/application/o/chat/.well-known/openid-configuration";

4
modules/nixos/orca/default.nix
View File

@@ -1,12 +1,12 @@
{
lib,
pkgs,
config,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.orca-slicer;
cfg = config.${namespace}.services.orca-slicer;
in
{
imports = [ ./options.nix ];

6
modules/nixos/orca/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.orca-slicer = {
options.${namespace}.services.orca-slicer = {
enable = mkEnableOption "orca slicer docker service";
autoStart = mkOption {
@@ -31,7 +31,7 @@ with lib;
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/ssd_app_data/orca-slicer";
default = "/media/nas/main/ssd_app_data/orca-slicer";
};
dataPath = mkOption {

10
modules/nixos/paperless/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.paperless;
@@ -6,7 +11,6 @@ let
paperlessPort = 28981;
paperlessUserId = config.users.users.nix-apps.uid;
paperlessGroupId = config.users.groups.jallen-nas.gid;
paperlessEnv = config.sops.templates."paperless.env".path;
paperlessPkg = pkgs.paperless-ngx;
in
{
@@ -78,7 +82,7 @@ in
# Bind mount directories from host
bindMounts = {
"/var/lib/paperless" = {
hostPath = "/media/nas/ssd/nix-app-data/paperless";
hostPath = "/media/nas/main/nix-app-data/paperless";
isReadOnly = false;
};
secrets = {

92
modules/nixos/raspberry-pi/default.nix Normal file
View File

@@ -0,0 +1,92 @@
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.hardware.raspberry-pi;
in
{
options.${namespace}.hardware.raspberry-pi = {
enable = lib.mkEnableOption "Raspberry Pi common configuration";
variant = lib.mkOption {
type = lib.types.enum [
"4"
"5"
];
description = "Raspberry Pi variant (4 or 5)";
};
};
config = lib.mkIf cfg.enable {
# Common Raspberry Pi packages
environment.systemPackages =
with pkgs;
[
libraspberrypi
raspberrypi-eeprom
raspberrypifw
raspberrypiWirelessFirmware
raspberrypi-armstubs
]
++ lib.optionals (cfg.variant == "4") [
i2c-tools
]
++ lib.optionals (cfg.variant == "5") [
erofs-utils
fex
squashfuse
squashfsTools
];
# Common nixpkgs overlays for Raspberry Pi
nixpkgs.overlays = lib.mkAfter [
(_self: super: {
# This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
# enableRedistributableFirmware is enabled
inherit (super) raspberrypiWirelessFirmware;
# Some derivations want to use it as an input,
# e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
inherit (super) raspberrypifw;
})
];
# Common Bluetooth configuration
systemd.services.btattach = {
before = [ "bluetooth.service" ];
after = [ "dev-ttyAMA0.device" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
};
};
# Common hardware settings
hardware.i2c.enable = lib.mkIf (cfg.variant == "4") true;
# Pi 5 specific settings
hardware.graphics.enable32Bit = lib.mkIf (cfg.variant == "5") (lib.mkForce false);
zramSwap.enable = lib.mkIf (cfg.variant == "5") true;
# Pi 5 specific system tags
system.nixos.tags = lib.mkIf (cfg.variant == "5") (
let
bootCfg = config.boot.loader.raspberry-pi;
in
[
"raspberry-pi-${bootCfg.variant}"
bootCfg.bootloader
config.boot.kernelPackages.kernel.version
]
);
# Common programs
programs.kdeconnect.enable = lib.mkDefault false;
# Root user shell configuration
users.users.root.shell = pkgs.zsh;
};
}

19
systems/aarch64-linux/macbook-pro-nixos/sops.nix → modules/nixos/sops/default.nix
View File

@@ -1,6 +1,7 @@
{ config, ... }:
{ lib, ... }:
let
user = "matt";
# defaultSops = (lib.snowfall.fs.get-file "secrets/pi4-secrets.yaml");
defaultSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
in
{
# Permission modes are in octal representation (same as chmod),
@@ -18,42 +19,40 @@ in
# Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFile = defaultSops;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------
# Secrets
# ------------------------------
secrets = {
"wifi" = {
sopsFile = ../../secrets/secrets.yaml;
};
"wifi" = { };
# ------------------------------
# SSH keys
# ------------------------------
# "ssh-keys-public/desktop-nixos" = {
# sopsFile = ../../secrets/secrets.yaml;
# sopsFile = sharedSops;
# mode = "0644";
# owner = config.users.users."${user}".name;
# group = config.users.users."${user}".group;
# restartUnits = [ "sshd.service" ];
# };
# "ssh-keys-private/desktop-nixos" = {
# sopsFile = ../../secrets/secrets.yaml;
# sopsFile = sharedSops;
# mode = "0600";
# owner = config.users.users."${user}".name;
# group = config.users.users."${user}".group;
# restartUnits = [ "sshd.service" ];
# };
# "ssh-keys-public/desktop-nixos-root" = {
# sopsFile = ../../secrets/secrets.yaml;
# sopsFile = sharedSops;
# path = "/root/.ssh/id_ed25519.pub";
# mode = "0600";
# restartUnits = [ "sshd.service" ];
# };
# "ssh-keys-private/desktop-nixos-root" = {
# sopsFile = ../../secrets/secrets.yaml;
# sopsFile = sharedSops;
# path = "/root/.ssh/id_ed25519";
# mode = "0600";
# restartUnits = [ "sshd.service" ];

87
modules/nixos/traefik/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.traefik;
@@ -14,7 +19,7 @@ let
cacheUrl = "http://${serverIp}:9012";
cloudUrl = "http://${config.containers.nextcloud.localAddress}:80";
giteaUrl = "http://${config.containers.gitea.localAddress}:${toString config.containers.gitea.config.services.gitea.settings.server.HTTP_PORT}";
hassUrl = "http://homeassistant.local:8123";
hassUrl = "http://nuc-nixos.local:8123";
immichUrl = "http://${serverIp}:${toString config.services.immich.port}";
jellyfinUrl = "http://${serverIp}:8096";
jellyseerrUrl = "http://${config.containers.jellyseerr.localAddress}:${toString config.containers.jellyseerr.config.services.jellyseerr.port}";
@@ -53,7 +58,7 @@ let
# misc
letsEncryptEmail = "jalle008@proton.me";
dataDir = "/media/nas/ssd/nix-app-data/traefik";
dataDir = "/media/nas/main/nix-app-data/traefik";
authentikAddress = "http://${serverIp}:9000/outpost.goauthentik.io/auth/traefik";
in
{
@@ -76,7 +81,9 @@ in
"traefik.env" = {
content = ''
CLOUDFLARE_DNS_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"}
CLOUDFLARE_ZONE_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"}
CLOUDFLARE_ZONE_API_TOKEN = ${
config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"
}
CLOUDFLARE_API_KEY = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"}
CLOUDFLARE_EMAIL = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"}
'';
@@ -129,7 +136,12 @@ in
entryPoint = "metrics";
addEntryPointsLabels = true;
addServicesLabels = true;
buckets = [0.1 0.3 1.2 5.0]; # Response time buckets
buckets = [
0.1
0.3
1.2
5.0
]; # Response time buckets
};
};
@@ -215,8 +227,7 @@ in
};
};
};
internal-ipallowlist =
{
internal-ipallowlist = {
ipAllowList = {
sourceRange = [
"127.0.0.1/32"
@@ -305,7 +316,10 @@ in
entryPoints = [ "websecure" ];
rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
priority = 15;
tls.certResolver = "letsencrypt";
};
@@ -314,21 +328,30 @@ in
entryPoints = [ "websecure" ];
rule = "Host(`actual.${domain}`)";
service = "actual";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
authentik = {
entryPoints = [ "websecure" ];
rule = "Host(`authentik.${domain}`)";
service = "authentik";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
cache = {
entryPoints = [ "websecure" ];
rule = "Host(`cache.${domain}`)";
service = "cache";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
priority = 10;
tls.certResolver = "letsencrypt";
};
@@ -336,21 +359,31 @@ in
entryPoints = [ "websecure" ];
rule = "Host(`cloud.${domain}`)";
service = "cloud";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
gitea = {
entryPoints = [ "websecure" ];
rule = "Host(`gitea.${domain}`)";
service = "gitea";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
hass = {
entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)";
service = "hass";
middlewares = [ "crowdsec" "whitelist-geoblock" "authentik" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
"authentik"
];
priority = 10;
tls.certResolver = "letsencrypt";
};
@@ -358,35 +391,51 @@ in
entryPoints = [ "websecure" ];
rule = "Host(`immich.${domain}`)";
service = "immich";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
jellyfin = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.${domain}`)";
service = "jellyfin";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
jellyseerr = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyseerr.${domain}`)";
service = "jellyseerr";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
lubelogger = {
entryPoints = [ "websecure" ];
rule = "Host(`lubelogger.${domain}`)";
service = "lubelogger";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
onlyoffice = {
entryPoints = [ "websecure" ];
rule = "Host(`office.${domain}`)";
service = "onlyoffice";
middlewares = [ "crowdsec" "whitelist-geoblock" "onlyoffice-websocket" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
"onlyoffice-websocket"
];
tls.certResolver = "letsencrypt";
};
};

84
modules/nixos/user/default.nix
View File

@@ -8,6 +8,18 @@
with lib;
let
cfg = config.${namespace}.user;
isRoot = (cfg.name == "root");
# Common SSH keys used across systems
commonSshKeys = [
# MacBook
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
# Desktop Windows
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
# Desktop NixOS
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
];
in
{
options.${namespace}.user = with types; {
@@ -41,11 +53,58 @@ in
default = null;
description = "Path to the password file for this user account";
};
sshKeys = lib.mkOption {
type = listOf str;
default = [ ];
description = "List of SSH public keys for the user.";
};
enableCommonSshKeys = lib.mkOption {
type = bool;
default = true;
description = "Whether to include common SSH keys used across systems.";
};
uid = lib.mkOption {
type = int;
default = if isRoot then ids.uids.root else 1000;
description = "The user ID for the user account.";
};
packages = lib.mkOption {
type = listOf package;
default = [ ];
description = "List of packages to install for this user.";
};
linger = lib.mkOption {
type = bool;
default = false;
description = "Whether to enable systemd user service persistence.";
};
password = lib.mkOption {
type = nullOr str;
default = null;
description = "Plain text password for the user (development only).";
};
hashedPassword = lib.mkOption {
type = nullOr str;
default = null;
description = "Hashed password for the user.";
};
mutableUsers = lib.mkOption {
type = bool;
default = false;
description = "Whether users are mutable (can be modified after creation).";
};
};
config = {
users.mutableUsers = cfg.mutableUsers;
users.users.${cfg.name} = {
inherit (cfg) name;
inherit (cfg)
name
uid
linger
packages
;
extraGroups = [
"wheel"
@@ -64,14 +123,27 @@ in
"power"
"nix"
"i2c"
] ++ cfg.extraGroups;
]
++ cfg.extraGroups;
group = "users";
home = "/home/${cfg.name}";
isNormalUser = true;
isNormalUser = (!isRoot);
isSystemUser = isRoot;
shell = lib.mkForce pkgs.zsh;
uid = 1000;
hashedPasswordFile = cfg.passwordFile;
} // cfg.extraOptions;
# SSH keys - combine user-specific and common keys
openssh.authorizedKeys.keys = cfg.sshKeys ++ (lib.optionals cfg.enableCommonSshKeys commonSshKeys);
# Authentication - priority: passwordFile > hashedPassword > password
hashedPasswordFile = lib.mkIf (cfg.passwordFile != null) cfg.passwordFile;
hashedPassword = lib.mkIf (
cfg.passwordFile == null && cfg.hashedPassword != null
) cfg.hashedPassword;
password = lib.mkIf (
cfg.passwordFile == null && cfg.hashedPassword == null && cfg.password != null
) cfg.password;
}
// cfg.extraOptions;
};
}

7
modules/nixos/wyoming/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.wyoming;

4
overlays/jdk/default.nix
View File

@@ -1,5 +1,5 @@
{ inputs, ... }:
final: prev: {
{ ... }:
final: _prev: {
jdk = final.openjdk17;
openjdk8 = final.openjdk17;
}

2
overlays/waybar/default.nix
View File

@@ -1,5 +1,5 @@
{ ... }:
final: prev: {
_final: prev: {
waybar = prev.waybar.overrideAttrs (old: {
mesonFlags = (old.mesonFlags or [ ]) ++ [ "-Dexperimental=true" ];
});

7
packages/ha-anycubic/default.nix
View File

@@ -1,4 +1,9 @@
{ buildHomeAssistantComponent, pkgs, namespace, ... }:
{
buildHomeAssistantComponent,
pkgs,
namespace,
...
}:
buildHomeAssistantComponent rec {
owner = "adamoutler";
domain = "anycubic_wifi";

7
packages/ha-bambulab/default.nix
View File

@@ -1,4 +1,9 @@
{ buildHomeAssistantComponent, python3Packages, fetchFromGitHub, ... }:
{
buildHomeAssistantComponent,
python3Packages,
fetchFromGitHub,
...
}:
buildHomeAssistantComponent rec {
owner = "greghesp";
domain = "bambu_lab";

12
packages/ha-gehome/default.nix
View File

@@ -1,14 +1,20 @@
{ buildHomeAssistantComponent, fetchFromGitHub, python3Packages, namespace, ... }:
{
buildHomeAssistantComponent,
fetchFromGitHub,
python3Packages,
namespace,
...
}:
buildHomeAssistantComponent rec {
owner = "simbaja";
domain = "ge_home";
version = "v2025.5.0";
version = "v2025.7.0";
src = fetchFromGitHub {
owner = owner;
repo = "ha_gehome";
rev = version;
hash = "sha256-NlUkM70yvBeC5s7S5BkNxIC2GztfEq8xYrQZr4pkaGU=";
hash = "sha256-sCOXzrbUpbRb09QDpcm1Pbr2Xxsg0q3Ecc+tAQv2pXk=";
};
propagatedBuildInputs = with python3Packages; [

13
packages/ha-icloud3/default.nix
View File

@@ -1,14 +1,19 @@
{ buildHomeAssistantComponent, fetchFromGitHub, python3Packages, ... }:
{
buildHomeAssistantComponent,
fetchFromGitHub,
python3Packages,
...
}:
buildHomeAssistantComponent rec {
owner = "gcobb321";
domain = "icloud3";
version = "3.2.2.3";
version = "3.2.3";
src = fetchFromGitHub {
owner = owner;
repo = "icloud3";
rev = "v.${version}";
hash = "sha256-OjXioS73jE/U2YeKYf84QnStdQj3Seid4hJ2TH6z13M=";
rev = "v${version}";
hash = "sha256-RyH25elL/0+xnJcgAx9LzYpLy5JcWuMagJiJXKbgz/s=";
};
propagatedBuildInputs = with python3Packages; [

7
packages/ha-mail-and-packages/default.nix
View File

@@ -1,4 +1,9 @@
{ buildHomeAssistantComponent, fetchFromGitHub, python3Packages, ... }:
{
buildHomeAssistantComponent,
fetchFromGitHub,
python3Packages,
...
}:
buildHomeAssistantComponent rec {
owner = "moralmunky";
domain = "mail_and_packages";

8
packages/ha-nanokvm/default.nix
View File

@@ -1,4 +1,10 @@
{ buildHomeAssistantComponent, fetchFromGitHub, pkgs, namespace, ... }:
{
buildHomeAssistantComponent,
fetchFromGitHub,
pkgs,
namespace,
...
}:
buildHomeAssistantComponent rec {
owner = "Wouter0100";
domain = "nanokvm";

Some files were not shown because too many files have changed in this diff Show More