mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: mjallen:snowfall
Branches Tags
mjallen:main mjallen:stylix mjallen:bcfs mjallen:snowfall mjallen:macbook-hyprland
...
compare: mjallen:bcfs
Branches Tags
mjallen:main mjallen:stylix mjallen:bcfs mjallen:snowfall mjallen:macbook-hyprland

57 Commits
snowfall ... bcfs

Author SHA1 Message Date
mjallen18
33385d5275 testing done 2025-08-21 20:54:43 -05:00
mjallen18
19bf815be8 end test 2025-08-21 20:52:13 -05:00
mjallen18
0152438472 more cleanup 2025-08-21 20:05:58 -05:00
mjallen18
f9b07deb19 cleanup 2025-08-21 19:45:03 -05:00
mjallen18
6e55d375d2 user updates 2025-08-21 19:40:32 -05:00
mjallen18
0e066cb4d7 move some apps to namespace 2025-08-21 19:06:51 -05:00
mjallen18
bd64283f04 idk 2025-08-21 16:17:17 -05:00
mjallen18
6025b6c4f1 bcfs root? 2025-08-21 16:10:04 -05:00
mjallen18
92b04773b2 move python-steam 2025-08-21 14:26:50 -05:00
mjallen18
783a7a3390 README 2025-08-21 14:17:33 -05:00
mjallen18
0ef4354c1a aarch 2025-08-21 13:24:04 -05:00
mjallen18
192a978d46 fix proxies 2025-08-21 11:45:06 -05:00
mjallen18
a4519904b6 fix pi4 hostname 2025-08-21 11:45:06 -05:00
mjallen18
83a6e45bf4 test 2025-08-20 22:02:24 -05:00
mjallen18
2ba6f3466f clev 2025-08-20 21:30:18 -05:00
mjallen18
b3f5b4b406 more pi stuff 2025-08-20 21:30:18 -05:00
mjallen18
2e680f2519 fix lol 2025-08-20 21:30:18 -05:00
mjallen18
445183f826 pi stuff 2025-08-20 21:30:18 -05:00
mjallen18
aec980e6fe sops but idk 2025-08-20 21:30:18 -05:00
mjallen18
68f732ec4b cleanup 2025-08-20 21:30:18 -05:00
mjallen18
dc382dcfcc cache 2025-08-20 21:30:18 -05:00
mjallen18
b1a06034f1 disable gnome 2025-08-20 21:30:18 -05:00
mjallen18
aa3e8cc263 finally update traefik 2025-08-20 21:30:18 -05:00
mjallen18
b680255bc5 macos 2025-08-20 21:30:18 -05:00
mjallen18
a3f7af4e39 sops 2025-08-20 21:30:18 -05:00
mjallen18
cd5c8a0034 no splash 2025-08-20 21:30:18 -05:00
mjallen18
1f14f020ed ssh 2025-08-20 21:30:18 -05:00
mjallen18
05affb6b1f test 2025-08-18 20:54:03 -05:00
mjallen18
2623efc997 update hass addons 2025-08-18 19:52:09 -05:00
mjallen18
c053da2e30 bcachefs 2025-08-17 21:01:59 -05:00
mjallen18
533d6a4170 pi5 upd 2025-08-17 20:58:54 -05:00
mjallen18
5b3e01820b desktop omnissa 2025-08-12 21:25:07 -05:00
mjallen
5cef58ade0 fix 2025-08-12 17:04:25 +00:00
mjallen18
981b41f4c2 upd 2025-08-12 08:18:19 -05:00
mjallen18
ae8039dba0 weather 2025-08-07 22:30:20 -05:00
mjallen18
54f56c3f83 upd 2025-08-07 22:30:01 -05:00
mjallen18
ce142bb64a fix this package 2025-07-30 21:44:57 -05:00
mjallen18
fd3f61a0ac lsfg 2025-07-29 20:02:37 -05:00
mjallen18
d0ac22c211 bcachefs 2025-07-29 19:34:10 -05:00
mjallen18
caa326d496 test 2025-07-29 18:26:50 -05:00
mjallen18
04ef2a4b8c temp 2025-07-29 16:43:51 -05:00
mjallen18
7e35a27b2e lsfg-vk 2025-07-28 15:16:56 -05:00
mjallen18
48108e693a gnome home manager on steamdeck 2025-07-28 14:49:03 -05:00
mjallen18
8e3d3e4281 openhasp 2025-07-28 14:18:54 -05:00
mjallen18
c7c99b339b fix package 2025-07-28 11:27:06 -05:00
mjallen18
c8f5547727 openhasp 2025-07-28 11:27:00 -05:00
mjallen18
6f5e592d8c cleanup 2025-07-28 11:06:32 -05:00
mjallen18
5ae3f1a9ef desktop home sops 2025-07-28 09:33:54 -05:00
mjallen18
1a3b091588 desktop stuff 2025-07-28 09:32:31 -05:00
mjallen18
5b34456571 yamlfmt 2025-07-24 11:25:18 -05:00
mjallen18
5918611469 yamlfmt 2025-07-24 11:22:29 -05:00
mjallen18
f3aafffcaa deadnix 2025-07-24 11:19:19 -05:00
mjallen18
3d213c8769 nixfmt 2025-07-24 11:06:08 -05:00
mjallen18
f05972d6ae move commented file: 2025-07-24 10:38:13 -05:00
mjallen18
b77dda0e6f fix some stuff 2025-07-24 10:31:50 -05:00
mjallen18
3c1a956c81 cleanup 2025-07-24 10:19:32 -05:00
mjallen18
5dc1a96f6d cleanup 2025-07-23 19:36:06 -05:00
239 changed files with 4561 additions and 12348 deletions
Expand all files Collapse all files

122
.sops.yaml
View File

@@ -10,81 +10,81 @@ keys:
- &pi5 age1t2d5scrukk0guva5sr97a8tge5j8kd865adezrcru7p269pzwvpsamkgje
- &deck age1c8qw59ffcq9l77gfmtyc3djtvt3md0u6dwhrjcgsm98ntyf72ufqugj7cg
- &steamdeck age1er5qucsc2mugrzrr7n3xhzv7kemkrqrw4m84r544fkk7nkg5g5eswxkqj0
- &matt_macbook-pro age1xg6mvj3x6s3t8058c6rsk3q4kskvm6nsffwckxkkjzhyn7r6tczqgkj23p
- &macbook-pro age1rdn39ywgzmc8wlsl5lrfe77e652wzjmjx58gx4k2ydghd35kdqvqscrf3h
- &matt_macbook-pro age19daqsncuzeh3j6cwk8uxp6yfj8h0qtz02jxlwwy4v8j0mfgznsvq30440g
- &macbook-pro age19w4zafpwnq9yhzuf8r5te2yhq7xlqj76rcgzcz935hllyrz4yvws4jn6ca
- &nuc age1wurzgc20e6ye79wsg85vvqk4aj3mmc0llxshcy9532ex8f4c6dqql76c78
- &admin_nuc age1luyejgmqjj0esydlr2jxqkg48vexmx57gdz7cy5gq7rz8kf5cups2rnfa9
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *matt
- *matt_pi4
- *matt_pi5
- *desktop
- *admin
- *jallen-nas
- *pi4
- *pi5
- *deck
- *steamdeck
- *matt_macbook-pro
- *macbook-pro
- *admin_nuc
- *nuc
- age:
- *matt
- *matt_pi4
- *matt_pi5
- *desktop
- *admin
- *jallen-nas
- *pi4
- *pi5
- *deck
- *steamdeck
- *matt_macbook-pro
- *macbook-pro
- *admin_nuc
- *nuc
- path_regex: nas-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *matt
- *desktop
- *admin
- *jallen-nas
- age:
- *matt
- *desktop
- *admin
- *jallen-nas
- path_regex: desktop-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *matt
- *desktop
- *admin
- *jallen-nas
- age:
- *matt
- *desktop
- *admin
- *jallen-nas
- path_regex: steamdeck-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *matt
- *desktop
- *deck
- *steamdeck
- *admin
- *jallen-nas
- age:
- *matt
- *desktop
- *deck
- *steamdeck
- *admin
- *jallen-nas
- path_regex: pi4-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *matt
- *matt_pi4
- *matt_pi5
- *desktop
- *pi4
- *pi5
- *admin
- *jallen-nas
- age:
- *matt
- *matt_pi4
- *matt_pi5
- *desktop
- *pi4
- *pi5
- *admin
- *jallen-nas
- path_regex: pi5-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *matt
- *matt_pi4
- *matt_pi5
- *desktop
- *pi4
- *pi5
- *admin
- *jallen-nas
- age:
- *matt
- *matt_pi4
- *matt_pi5
- *desktop
- *pi4
- *pi5
- *admin
- *jallen-nas
- path_regex: mac-secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *matt
- *matt_pi5
- *desktop
- *pi5
- *admin
- *jallen-nas
- *matt_macbook-pro
- *macbook-pro
- age:
- *matt
- *matt_pi5
- *desktop
- *pi5
- *admin
- *jallen-nas
- *matt_macbook-pro
- *macbook-pro

156
README.md
View File

@@ -1,50 +1,118 @@
# nixOS Config
# NixOS Configuration Repository
### Common Files
* [flake.nix](./flake.nix)
* [impermenance.nix](./share/impermanence/default.nix)
* [share](./share)
* [overlays](./overlays)
This repository contains my personal NixOS configurations for multiple systems, managed using [Snowfall Lib](https://github.com/snowfallorg/lib) and the Nix Flakes system.
## Overview
This repository provides a centralized, declarative configuration for all my systems, including:
- Desktop PC (AMD)
- NAS server
- Steam Deck
- Intel NUC
- Raspberry Pi 4
- Raspberry Pi 5
- MacBook Pro (NixOS on Apple Silicon)
- MacBook Pro (Darwin/macOS)
## Repository Structure
```
.
├── checks/ # Pre-commit hooks and other checks
├── flake.nix # Main flake configuration
├── homes/ # Home-manager configurations for users
│ ├── aarch64-darwin/ # macOS home configurations
│ ├── aarch64-linux/ # ARM Linux home configurations
│ └── x86_64-linux/ # x86 Linux home configurations
├── modules/ # Reusable configuration modules
│ ├── home/ # Home-manager modules
│ └── nixos/ # NixOS system modules
├── overlays/ # Nixpkgs overlays
├── packages/ # Custom package definitions
├── secrets/ # Encrypted secrets (managed with sops-nix)
└── systems/ # System-specific configurations
├── aarch64-darwin/ # macOS system configurations
├── aarch64-linux/ # ARM Linux system configurations
└── x86_64-linux/ # x86 Linux system configurations
```
## Key Features
- **Modular Design**: Reusable modules for various system components
- **Multi-System Support**: Configurations for different hardware platforms
- **Home Manager Integration**: User environment management
- **Secret Management**: Encrypted secrets with sops-nix
- **Disk Management**: Declarative disk partitioning with disko
- **State Management**: Persistent state management with impermanence
- **Desktop Environments**: Support for GNOME, Hyprland, and COSMIC
- **Hardware-Specific Optimizations**: Tailored configurations for different hardware
## Key Technologies
- [Nix](https://nixos.org/) and [NixOS](https://nixos.org/)
- [Nix Flakes](https://nixos.wiki/wiki/Flakes)
- [Snowfall Lib](https://github.com/snowfallorg/lib)
- [Home Manager](https://github.com/nix-community/home-manager)
- [sops-nix](https://github.com/Mic92/sops-nix)
- [disko](https://github.com/nix-community/disko)
- [impermanence](https://github.com/nix-community/impermanence)
- [lanzaboote](https://github.com/nix-community/lanzaboote) (Secure Boot)
## Notable System Configurations
### Desktop
* [boot.nix](./hosts/desktop/boot.nix)
* [configuration.nix](./hosts/desktop/configuration.nix)
* [hardware-configuration.nix](./hosts/desktop/hardware-configuration.nix)
* [filesystems.nix](./hosts/desktop/filesystems.nix)
* [home.nix](./hosts/desktop/home.nix)
* [sops.nix](./hosts/desktop/sops.nix)
* [specialisations.hyprland](./hosts/desktop/hyprland)
* [specialisations.gnome](./hosts/desktop/gnome)
* [specialisations.cosmic](./hosts/desktop/cosmic)
A powerful AMD-based desktop with gaming capabilities, featuring:
- AMD CPU and GPU optimizations
- Multiple desktop environment options (GNOME, Hyprland, COSMIC)
- Gaming setup with Steam and related tools
### NAS
* [boot.nix](./hosts/nas/boot.nix)
* [configuration.nix](./hosts/nas/configuration.nix)
* [hardware-configuration.nix](./hosts/nas/hardware-configuration.nix)
* [impermenance.nix](./hosts/nas/impermenance.nix)
* [apps.nix](./hosts/desktop/apps.nix)
* [home.nix](./hosts/desktop/home.nix)
* [networking.nix](./hosts/desktop/networking.nix)
* [services.nix](./hosts/desktop/services.nix)
* [sops.nix](./hosts/desktop/sops.nix)
* [ups.nix](./hosts/desktop/ups.nix)
* [samba](./modules/samba)
* nas-apps
* [arrs](./hosts/nas/apps/arrs/default.nix)
* [free-games-claimer](./modules/apps/free-games-claimer)
* [jackett](./modules/apps/jackett)
* [jellyfin](./hosts/nas/apps/jellyfin/default.nix)
* [jellyseerr](./hosts/nas/apps/jellyseerr/default.nix)
* [jackett](./modules/apps/manyfold)
* [mariadb](./modules/apps/mariadb)
* [mealie](./modules/apps/mealie)
* [nextcloud+onlyoffice](./hosts/nas/apps/nextcloud/default.nix)
* [ollama](./hosts/nas/apps/ollama/default.nix)
* [paperless](./hosts/nas/apps/paperless/default.nix)
* [tdarr](./modules/apps/tdarr)
* [traefik](./hosts/nas/apps/traefik/default.nix)
* [wireguard](./modules/apps/your-spotify)
### Raspberry Pi 4
* [configuration.nix](./hosts/pi4/configuration.nix)
* [hardware-configuration.nix](./hosts/pi4/hardware-configuration.nix)
A home server with various self-hosted services:
- Media management (Jellyfin, Jellyseerr)
- Download automation (Sonarr, Radarr, etc.)
- Document management (Paperless)
- File sharing (Samba, Nextcloud)
- AI services (Ollama)
### Raspberry Pi
Configurations for both Pi 4 and Pi 5:
- Hardware-specific optimizations
- Disk partitioning suitable for ARM devices
- Bluetooth and wireless support
### Steam Deck
Custom NixOS configuration for the Steam Deck:
- Integration with Jovian for Steam Deck compatibility
- Gaming optimizations
- Steam ROM Manager
### MacBook Pro
Configurations for both:
- NixOS on Apple Silicon
- nix-darwin for macOS
## Usage
### Building a System Configuration
```bash
# Build and activate a system configuration
sudo nixos-rebuild switch --flake .#hostname
```
### Building a Home Configuration
```bash
# Build and activate a home configuration
home-manager switch --flake .#username@hostname
```
## License
This project is licensed under the MIT License - see the LICENSE file for details.

13
checks/pre-commit-hooks/default.nix
View File

@@ -1,19 +1,22 @@
{
inputs,
pkgs,
lib,
...
}:
let
inherit (inputs) git-hooks-nix;
inherit (inputs) pre-commit-hooks-nix;
in
git-hooks-nix.lib.${pkgs.system}.run {
pre-commit-hooks-nix.lib.${pkgs.system}.run {
src = ../..;
hooks = {
pre-commit-hook-ensure-sops.enable = true;
treefmt = {
enable = true;
settings.fail-on-change = false;
packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs ../../treefmt.nix;
enable = lib.mkForce true;
settings.fail-on-change = lib.mkForce false;
packageOverrides.treefmt = inputs.treefmt-nix.lib.mkWrapper pkgs (
lib.snowfall.fs.get-file "treefmt.nix"
);
};
};
}

249
flake.lock generated
View File

@@ -30,11 +30,11 @@
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1751033152,
"narHash": "sha256-0ANu9OLQJszcEyvnfDB7G957uqskZwCrTzRXz/yfAmE=",
"lastModified": 1753369162,
"narHash": "sha256-pSAsUVueht3WyyFJ3K+QJKWqFZNbyvsXijHOAHApeLk=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "1a4d6a5dd6fef39b99eb7ea4db79c5d5c7d7f1bf",
"rev": "1361d269fe10c527528264185567a053252e22b0",
"type": "github"
},
"original": {
@@ -46,16 +46,16 @@
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1751031262,
"narHash": "sha256-SNgRMQUjL3DTlWkMyRMan+pY1FfIV+DMeq5BiTM0N0k=",
"lastModified": 1753187012,
"narHash": "sha256-bs/ThY3YixwBObahcS7BrOWj0gsaUXI664ldUQlJul8=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "b34665fabd8d938d81ce871a4e86ca528c5f253b",
"rev": "23ffad1c6be80bea223caf5f1cf265b984b76328",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2025.4.3",
"ref": "version/2025.6.4",
"repo": "authentik",
"type": "github"
}
@@ -63,16 +63,16 @@
"brew-src": {
"flake": false,
"locked": {
"lastModified": 1751910772,
"narHash": "sha256-jQNdIkq2iRDNWskd5f8kX6q9BO/CBSXhMH41WNRft8E=",
"lastModified": 1753461463,
"narHash": "sha256-kGc7pRH0diLzKmOHsEFA8sZ9NJpgT+tqxAMsuqNd5Po=",
"owner": "Homebrew",
"repo": "brew",
"rev": "700d67a85e0129ab8a893ff69246943479e33df1",
"rev": "4d14be89e99a45181c18e96a5f19a5b43343cc0f",
"type": "github"
},
"original": {
"owner": "Homebrew",
"ref": "4.5.9",
"ref": "4.5.13",
"repo": "brew",
"type": "github"
}
@@ -86,11 +86,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1753146705,
"narHash": "sha256-WzmXODUzg8jeEsAhpmp55zk5I2fmv3kv+RofZ/+FYlg=",
"lastModified": 1755444192,
"narHash": "sha256-9eVUtk3ces32aJpHnsrO49UJNvMKNMxlV7NeNSAADLo=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "02b3c2a45f6ddbd704f797c5730bc2d161f10ce0",
"rev": "958ba486ee73019e3820b9ebd97a38660f736f40",
"type": "github"
},
"original": {
@@ -160,11 +160,11 @@
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1751313918,
"narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=",
"lastModified": 1755275010,
"narHash": "sha256-lEApCoWUEWh0Ifc3k1JdVjpMtFFXeL2gG1qvBnoRc2I=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf",
"rev": "7220b01d679e93ede8d7b25d6f392855b81dd475",
"type": "github"
},
"original": {
@@ -180,16 +180,15 @@
]
},
"locked": {
"lastModified": 1742690494,
"narHash": "sha256-SFacEbSRMoTyWG5VXh4ieofJGge+cLq9lH8ifB+zjBg=",
"owner": "nvmd",
"lastModified": 1755519972,
"narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=",
"owner": "nix-community",
"repo": "disko",
"rev": "9dc58d4d49c9f74623a06e2fc20cdfd8bb3cbe8b",
"rev": "4073ff2f481f9ef3501678ff479ed81402caae6d",
"type": "github"
},
"original": {
"owner": "nvmd",
"ref": "gpt-attrs",
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
@@ -244,11 +243,11 @@
},
"flake-compat_4": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
"lastModified": 1746162366,
"narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
"rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b",
"type": "github"
},
"original": {
@@ -260,11 +259,11 @@
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
@@ -504,11 +503,11 @@
]
},
"locked": {
"lastModified": 1753132348,
"narHash": "sha256-0i3jU9AHuNXb0wYGzImnVwaw+miE0yW13qfjC0F+fIE=",
"lastModified": 1755313937,
"narHash": "sha256-pQb7bNcolxYGRiylUCrTddiF+qW2wsUiM9+eRIDUrVU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e4bf85da687027cfc4a8853ca11b6b86ce41d732",
"rev": "2a749f4790a14f7168be67cdf6e548ef1c944e10",
"type": "github"
},
"original": {
@@ -524,11 +523,11 @@
]
},
"locked": {
"lastModified": 1753180535,
"narHash": "sha256-KEtlzMs2O7FDvciFtjk9W4hyau013Pj9qZNK9a0PxEc=",
"lastModified": 1755442500,
"narHash": "sha256-RHK4H6SWzkAtW/5WBHsyugaXJX25yr5y7FAZznxcBJs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "847711c7ffa9944b0c5c39a8342ac8eb6a9f9abc",
"rev": "d2ffdedfc39c591367b1ddf22b4ce107f029dcc3",
"type": "github"
},
"original": {
@@ -540,11 +539,11 @@
"homebrew-cask": {
"flake": false,
"locked": {
"lastModified": 1753192390,
"narHash": "sha256-B/MI7F4IliXNY6QEKCmIEsO4A0Qt9jUZXfMfrX9/5hE=",
"lastModified": 1755480455,
"narHash": "sha256-cIMlCE5M5Zq1DjfS9mV4AepUv/hn9nrFj0klK7C784c=",
"owner": "homebrew",
"repo": "homebrew-cask",
"rev": "4f64bf7953d412b473d1f459208c725861646a6d",
"rev": "e1e54f7a14ae909bfefc1f0928c1f70fbfb31c84",
"type": "github"
},
"original": {
@@ -556,11 +555,11 @@
"homebrew-core": {
"flake": false,
"locked": {
"lastModified": 1753194897,
"narHash": "sha256-jo7SLfGCgQbLKK9kbHXgLJY8bbzESn1K6Sr2x7EFzKY=",
"lastModified": 1755480844,
"narHash": "sha256-4Uz2TZckTG5dh2CPCj577BsmrGIEV8Ji3o/B8nv1tVE=",
"owner": "homebrew",
"repo": "homebrew-core",
"rev": "a427a5a802b98591899d4bda471a7a14ed5ff2fd",
"rev": "be6e3ae8531ba128ec039d057f76078b1a1513be",
"type": "github"
},
"original": {
@@ -593,11 +592,11 @@
]
},
"locked": {
"lastModified": 1752755091,
"narHash": "sha256-H/k35QJLyQxkFnXR5ckMv/Z+ElNa5f22qNKdyGBMAn4=",
"lastModified": 1755151620,
"narHash": "sha256-fVMalQZ+tRXR8oue2SdWu4CdlsS2NII+++rI40XQ8rU=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "0d09755fe1df1886e5f07dbb16f7ed373080f86a",
"rev": "16e12d22754d97064867006acae6e16da7a142a6",
"type": "github"
},
"original": {
@@ -612,11 +611,11 @@
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1752755091,
"narHash": "sha256-H/k35QJLyQxkFnXR5ckMv/Z+ElNa5f22qNKdyGBMAn4=",
"lastModified": 1755151620,
"narHash": "sha256-fVMalQZ+tRXR8oue2SdWu4CdlsS2NII+++rI40XQ8rU=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "0d09755fe1df1886e5f07dbb16f7ed373080f86a",
"rev": "16e12d22754d97064867006acae6e16da7a142a6",
"type": "github"
},
"original": {
@@ -649,6 +648,27 @@
"type": "github"
}
},
"lsfg-vk": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1753837013,
"narHash": "sha256-+kBJhOSS5S6gPp/pbTk1B3EL9Xr08yFuQoGGQ+SoQwQ=",
"owner": "mjallen18",
"repo": "lsfg-vk-flake",
"rev": "f7fc5f9d421d64d3cf24c8d0955a80718ef70bac",
"type": "github"
},
"original": {
"owner": "mjallen18",
"ref": "main",
"repo": "lsfg-vk-flake",
"type": "github"
}
},
"napalm": {
"inputs": {
"flake-utils": [
@@ -725,11 +745,11 @@
"brew-src": "brew-src"
},
"locked": {
"lastModified": 1752160973,
"narHash": "sha256-BCC8KB7TEtwv7vZN1WDu870tRbXtzUcmF9xNr6ws5Wc=",
"lastModified": 1754250993,
"narHash": "sha256-MEin+qoQKtFC1b0f4tnQ+Z82BQWSCgh6Ef7rpmH9gig=",
"owner": "zhaofengli",
"repo": "nix-homebrew",
"rev": "69c1aa2f136f3c3326d9b6770e0eb54f12832971",
"rev": "314d057294e79bc2596972126b84c6f9f144499a",
"type": "github"
},
"original": {
@@ -745,11 +765,11 @@
]
},
"locked": {
"lastModified": 1752985182,
"narHash": "sha256-sX8Neff8lp3TCHai6QmgLr5AD8MdsQQX3b52C1DVXR8=",
"lastModified": 1755404379,
"narHash": "sha256-Q6ZxZDBmD/B988Jjbx7/NchxOKIpOKBBrx9Yb0zMzpQ=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "fafdcb505ba605157ff7a7eeea452bc6d6cbc23c",
"rev": "ebbc1c05f786ae39bb5e04e57bf2c10c44a649e3",
"type": "github"
},
"original": {
@@ -764,11 +784,11 @@
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1753150460,
"narHash": "sha256-q2dkvuIfEb5fWBF6TJePJbcP1hqxARAUddfPGVGvD38=",
"lastModified": 1755396877,
"narHash": "sha256-92gZRDz3zEsodraI0ZxPzZrpjSqc2qjxTW9HOflzKFw=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "d13827556415f4050b510e9cfb9873c1ce9aaec4",
"rev": "0cf076c0bafbe7cbd33a3b7377ed24827674e8be",
"type": "github"
},
"original": {
@@ -783,11 +803,11 @@
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1751669768,
"narHash": "sha256-/WSZcdPwng24i8Z3LgrpZTBt94fvDknidtLQjohAnHg=",
"lastModified": 1755154580,
"narHash": "sha256-ADGapM7FrEgA3tDSYADtfy2EPeAmBzbL3pFvXNhD0D0=",
"owner": "olafkfreund",
"repo": "nix-ai-help",
"rev": "b79e8cc14623d7ba5f6beea64cec32512997cd5a",
"rev": "e71204cb39358ad1dc4c09202c3a17ede541c2d9",
"type": "github"
},
"original": {
@@ -799,14 +819,15 @@
"nixos-apple-silicon": {
"inputs": {
"flake-compat": "flake-compat_4",
"nixpkgs": "nixpkgs_10"
"nixpkgs": "nixpkgs_10",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1753175937,
"narHash": "sha256-DtDt87Gld0RCI2qHb7uUb1eWB16FFC4aNDfxZpic/Nw=",
"lastModified": 1755124568,
"narHash": "sha256-8fXTYruAwE6OiIz/99P5qknQYag7ZX985pNT+jhIIrU=",
"owner": "nix-community",
"repo": "nixos-apple-silicon",
"rev": "5ddfff8387edf7c92ce36effb06fb2c52624fece",
"rev": "2f873fc3ef373e59cd3a7dad4087685fc8ce02ca",
"type": "github"
},
"original": {
@@ -817,11 +838,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1753122741,
"narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=",
"lastModified": 1755330281,
"narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22",
"rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0",
"type": "github"
},
"original": {
@@ -864,11 +885,11 @@
"nixpkgs": "nixpkgs_11"
},
"locked": {
"lastModified": 1753141210,
"narHash": "sha256-yV7+cv0q5XL7uv9gvSG7R0jktgXgB+forv3c7TfY2T8=",
"lastModified": 1755008580,
"narHash": "sha256-rh4OhOutko9W9COhhxQnqt9J22ZPj7gSZN7wrX0cYEs=",
"owner": "mjallen18",
"repo": "nixos-raspberrypi",
"rev": "e0f487998cb4409408f03e019c71c21011edb84c",
"rev": "7b5cf1ef3cf48ac1b43730eb366225f3dd0791cb",
"type": "github"
},
"original": {
@@ -942,11 +963,11 @@
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1753115646,
"narHash": "sha256-yLuz5cz5Z+sn8DRAfNkrd2Z1cV6DaYO9JMrEz4KZo/c=",
"lastModified": 1755274400,
"narHash": "sha256-rTInmnp/xYrfcMZyFMH3kc8oko5zYfxsowaLv1LVobY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "92c2e04a475523e723c67ef872d8037379073681",
"rev": "ad7196ae55c295f53a7d1ec39e4a06d922f3b899",
"type": "github"
},
"original": {
@@ -958,11 +979,11 @@
},
"nixpkgs_10": {
"locked": {
"lastModified": 1748460289,
"narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=",
"lastModified": 1754725699,
"narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102",
"rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054",
"type": "github"
},
"original": {
@@ -974,11 +995,11 @@
},
"nixpkgs_11": {
"locked": {
"lastModified": 1752372066,
"narHash": "sha256-d1oy2MNitnWBkIX/WedzG/WB8jCaqGjtIebQuVIlqSg=",
"lastModified": 1754432582,
"narHash": "sha256-oebayZREKV/4Fgy6drsj4M7URut4kQVics78DxL2imk=",
"owner": "nvmd",
"repo": "nixpkgs",
"rev": "3699bec87ab236af2c45aa6d4539140a6342a77a",
"rev": "81f9846bc3c9edbd2d4c92783e7bfb4b55db14c4",
"type": "github"
},
"original": {
@@ -990,11 +1011,11 @@
},
"nixpkgs_12": {
"locked": {
"lastModified": 1752427638,
"narHash": "sha256-ANNyaXW/cnZLszjXB4LXGxaWZ2cRz7Ar06WjYoawgFo=",
"lastModified": 1755186698,
"narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b2e5044b3e79793df83d01c9983c054cae5ea6ff",
"rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"type": "github"
},
"original": {
@@ -1006,11 +1027,11 @@
},
"nixpkgs_13": {
"locked": {
"lastModified": 1730768919,
"narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=",
"lastModified": 1754340878,
"narHash": "sha256-lgmUyVQL9tSnvvIvBp7x1euhkkCho7n3TMzgjdvgPoU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc",
"rev": "cab778239e705082fe97bb4990e0d24c50924c04",
"type": "github"
},
"original": {
@@ -1038,11 +1059,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1752950548,
"narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=",
"lastModified": 1755186698,
"narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c87b95e25065c028d31a94f06a62927d18763fdf",
"rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"type": "github"
},
"original": {
@@ -1101,11 +1122,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1751984180,
"narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
"lastModified": 1755027561,
"narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
"rev": "005433b926e16227259a1843015b5b2b7f7d1fc3",
"type": "github"
},
"original": {
@@ -1197,11 +1218,11 @@
"nixpkgs": "nixpkgs_13"
},
"locked": {
"lastModified": 1750779888,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
"lastModified": 1755446520,
"narHash": "sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW+7uSsOUM=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
"rev": "4b04db83821b819bbbe32ed0a025b31e7971f22e",
"type": "github"
},
"original": {
@@ -1274,6 +1295,7 @@
"impermanence": "impermanence",
"jovian": "jovian_2",
"lanzaboote": "lanzaboote",
"lsfg-vk": "lsfg-vk",
"nix-homebrew": "nix-homebrew",
"nix-index-database": "nix-index-database",
"nix-vscode-extensions": "nix-vscode-extensions",
@@ -1287,7 +1309,7 @@
"snowfall-lib": "snowfall-lib",
"sops-nix": "sops-nix",
"steam-rom-manager": "steam-rom-manager",
"treefmt-nix": "treefmt-nix"
"treefmt-nix": "treefmt-nix_2"
}
},
"rust-overlay": {
@@ -1298,11 +1320,11 @@
]
},
"locked": {
"lastModified": 1753066249,
"narHash": "sha256-j2UBrfDRIePGx3532Bbb9UeosNX2F73hfOAHtmACfnM=",
"lastModified": 1755311859,
"narHash": "sha256-NspGtm0ZpihxlFD628pvh5ZEhL/Q6/Z9XBpe3n6ZtEw=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "0751b65633a1785743ca44fd7c14a633c54c1f91",
"rev": "07619500e5937cc4669f24fec355d18a8fec0165",
"type": "github"
},
"original": {
@@ -1380,11 +1402,11 @@
"nixpkgs": "nixpkgs_14"
},
"locked": {
"lastModified": 1752544651,
"narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=",
"lastModified": 1754988908,
"narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "2c8def626f54708a9c38a5861866660395bb3461",
"rev": "3223c7a92724b5d804e9988c6b447a0d09017d48",
"type": "github"
},
"original": {
@@ -1494,15 +1516,36 @@
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixos-apple-silicon",
"nixpkgs"
]
},
"locked": {
"lastModified": 1753006367,
"narHash": "sha256-tzbhc4XttkyEhswByk5R38l+ztN9UDbnj0cTcP6Hp9A=",
"lastModified": 1754847726,
"narHash": "sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl+V/PsmIiJREG4rE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "421b56313c65a0815a52b424777f55acf0b56ddf",
"rev": "7d81f6fb2e19bf84f1c65135d1060d829fae2408",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1754847726,
"narHash": "sha256-2vX8QjO5lRsDbNYvN9hVHXLU6oMl+V/PsmIiJREG4rE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "7d81f6fb2e19bf84f1c65135d1060d829fae2408",
"type": "github"
},
"original": {

38
flake.nix
View File

@@ -6,8 +6,8 @@
# The name "snowfall-lib" is required due to how Snowfall Lib processes your
# flake's inputs.
snowfall-lib = {
url = "github:snowfallorg/lib";
inputs.nixpkgs.follows = "nixpkgs";
url = "github:snowfallorg/lib";
inputs.nixpkgs.follows = "nixpkgs";
};
chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
@@ -43,8 +43,8 @@
disko = {
# the fork is needed for partition attributes support
url = "github:nvmd/disko/gpt-attrs";
# url = "github:nix-community/disko";
# url = "github:nvmd/disko/gpt-attrs";
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
@@ -81,12 +81,17 @@
nixpkgs.follows = "nixpkgs";
};
};
lsfg-vk = {
url = "github:mjallen18/lsfg-vk-flake/main";
inputs.nixpkgs.follows = "nixpkgs";
};
};
# We will handle this in the next section.
outputs = inputs:
let
snowfall = inputs.snowfall-lib.mkFlake {
outputs =
inputs:
inputs.snowfall-lib.mkFlake {
# You must provide our flake inputs to Snowfall Lib.
inherit inputs;
@@ -129,6 +134,7 @@
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-hidpi
nixos-hardware.nixosModules.common-pc
lsfg-vk.nixosModules.default
];
};
@@ -150,7 +156,7 @@
# ######################################################
# Steamdeck #
# ######################################################
deck = {
steamdeck = {
modules = with inputs; [
disko.nixosModules.disko
jovian.nixosModules.jovian
@@ -160,6 +166,7 @@
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-hidpi
nixos-hardware.nixosModules.common-pc
lsfg-vk.nixosModules.default
];
};
@@ -209,6 +216,7 @@
macbook-pro-nixos = {
modules = with inputs; [
nixos-apple-silicon.nixosModules.default
lsfg-vk.nixosModules.default
];
};
};
@@ -231,7 +239,7 @@
# sops-nix.homeManagerModules.sops
# ];
# };
"deck@deck" = {
"deck@steamdeck" = {
modules = with inputs; [
steam-rom-manager.homeManagerModules.default
];
@@ -248,11 +256,11 @@
# Add flake metadata that can be processed by tools like Snowfall Frost.
meta = {
# A slug to use in documentation when displaying things like file paths.
name = "mjallen";
# A slug to use in documentation when displaying things like file paths.
name = "mjallen";
# A title to show for your flake, typically the name.
title = "mjallen Flake";
# A title to show for your flake, typically the name.
title = "mjallen Flake";
};
};
@@ -260,8 +268,4 @@
formatter = inputs.treefmt-nix.lib.mkWrapper channels.nixpkgs ./treefmt.nix;
};
};
in
snowfall // {
nixosConfigurations = snowfall.nixosConfigurations;
};
}

13
homes/aarch64-darwin/mattjallen@macbook-pro/default.nix
View File

@@ -1,4 +1,9 @@
{ lib, pkgs, home, ... }:
{
lib,
pkgs,
home,
...
}:
let
shellAliases = {
update-switch = "darwin-rebuild switch --flake ~/nix-config";
@@ -17,12 +22,6 @@ let
];
in
{
# imports = [
# ../../modules/home/defaults.nix
# ../../modules/home/git.nix
# ../../modules/home/shell.nix
# ../../modules/home/vscode.nix
# ];
# Home Manager needs a bit of information about you and the
# paths it should manage.
home = {

6
homes/aarch64-linux/matt@macbook-pro-nixos/default.nix
View File

@@ -41,7 +41,6 @@ in
"name:steam, monitor:${display.input}, default:false, special, class:(.*[Ss]team.*)"
];
windowRule = [
"size 2160 3356, tag:horizonrdp"
];
@@ -76,7 +75,6 @@ in
layer = "bottom";
modules-right = [
"tray"
"temperature"
"temperature#gpu"
"keyboard-state#capslock"
@@ -95,7 +93,7 @@ in
tooltip = false;
exec = "waybar-hass --get_light light.living_room_lights";
interval = "once";
format = "{text}";#"󱉓";
format = "{text}"; # "󱉓";
on-click = "waybar-hass --toggle_light light.living_room_lights";
return-type = "json";
};
@@ -113,6 +111,8 @@ in
background: ${theme.polarNight.nord3};
}
'';
windowOffset = 75;
};
wlogout.enable = true;
wofi.enable = true;

103
homes/aarch64-linux/matt@pi4/default.nix
View File

@@ -1,65 +1,66 @@
{ lib, ... }:
let
shellAliases = {
ll = "ls -alh";
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
update-flake = "nix flake update pi4-nixpkgs pi4-home-manager pi4-impermanence pi4-sops-nix pi4-nixos-hardware pi4-nixos-raspberrypi pi4-disko --flake /etc/nixos";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
nas-ssh = "kitten ssh admin@10.0.1.3";
ducks = "du -cksh * | sort -hr | head -n 15";
};
in
{ lib, ... }:
{
imports = [
../../../modules/home/home
../../../modules/home/programs/git
../../../modules/home/programs/zsh
];
home.username = "matt";
sops = {
age.keyFile = "/home/matt/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/pi4" = {
path = "/home/matt/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/pi4" = {
path = "/home/matt/.ssh/id_ed25519";
mode = "0600";
};
# "ssh-keys-public/desktop-nixos" = {
# path = "/home/matt/.ssh/authorized_keys";
# mode = "0600";
# };
mjallen = {
shell-aliases = {
enable = true;
flakeInputs = [
"pi4-nixpkgs"
"pi4-home-manager"
"pi4-impermanence"
"pi4-sops-nix"
"pi4-nixos-hardware"
"pi4-nixos-raspberrypi"
"pi4-disko"
];
};
};
# "ssh-keys-public/desktop-nixos-root" = {
# path = "/home/matt/.ssh/authorized_keys2";
# mode = "0600";
# };
sops = {
age.keyFile = "/home/matt/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
validateSopsFiles = false;
secrets = {
"ssh-keys-public/pi4" = {
path = "/home/matt/.ssh/id_ed25519.pub";
mode = "0644";
};
"ssh-keys-private/pi4" = {
path = "/home/matt/.ssh/id_ed25519";
mode = "0600";
};
# "ssh-keys-public/desktop-nixos" = {
# path = "/home/matt/.ssh/authorized_keys";
# mode = "0600";
# };
# "ssh-keys-public/desktop-windows" = {
# path = "/home/matt/.ssh/authorized_keys3";
# mode = "0600";
# };
# "ssh-keys-public/desktop-nixos-root" = {
# path = "/home/matt/.ssh/authorized_keys2";
# mode = "0600";
# };
# "ssh-keys-public/macbook-macos" = {
# path = "/home/matt/.ssh/authorized_keys4";
# mode = "0600";
# };
};
};
# "ssh-keys-public/desktop-windows" = {
# path = "/home/matt/.ssh/authorized_keys3";
# mode = "0600";
# };
# "ssh-keys-public/macbook-macos" = {
# path = "/home/matt/.ssh/authorized_keys4";
# mode = "0600";
# };
};
};
programs = {
mangohud.enable = lib.mkForce true;
zsh.shellAliases = shellAliases;
};
services = {
nextcloud-client.enable = lib.mkForce true;
nextcloud-client.enable = lib.mkForce false;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

13
homes/aarch64-linux/matt@pi5/default.nix
View File

@@ -1,4 +1,7 @@
{ pkgs, lib, config, namespace, ... }:
{
config,
...
}:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
@@ -54,4 +57,12 @@ in
programs = {
zsh.shellAliases = shellAliases;
};
services = {
nextcloud-client.enable = false;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

8
homes/aarch64-linux/root@pi4/default.nix
View File

@@ -15,4 +15,12 @@ in
programs = {
zsh.shellAliases = shellAliases;
};
services = {
nextcloud-client.enable = lib.mkForce false;
kdeconnect = {
enable = false;
indicator = false;
};
};
}

27
homes/x86_64-linux/admin@nas/default.nix
View File

@@ -1,16 +1,27 @@
{ pkgs, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10";
update-switch = "sudo nixos-rebuild switch --max-jobs 10";
update-flake = "nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix --flake /etc/nixos";
};
in
{
home.username = "admin";
# mjallen.home.enable = true;
mjallen = {
shell-aliases = {
enable = true;
buildHost = ""; # NAS builds locally
flakeInputs = [
"nas-nixpkgs"
"nas-authentik-nix"
"nas-cosmic"
"nas-crowdsec"
"nas-home-manager"
"nas-impermanence"
"nas-lanzaboote"
"nas-nixos-hardware"
"nas-sops-nix"
];
};
};
sops = {
age.keyFile = "/home/admin/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
@@ -60,8 +71,6 @@ in
}
];
};
zsh.shellAliases = shellAliases;
};
# services.nixai = {

2
homes/x86_64-linux/admin@nuc/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs,... }:
{ ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10";

14
homes/x86_64-linux/deck@deck/default.nix → homes/x86_64-linux/deck@steamdeck/default.nix
View File

@@ -10,6 +10,8 @@ in
{
home.username = "deck";
mjallen.desktop.gnome.enable = true;
sops = {
age.keyFile = "/home/deck/.config/sops/age/keys.txt";
defaultSopsFile = "/etc/nixos/secrets/secrets.yaml";
@@ -44,7 +46,15 @@ in
enable = true;
package = pkgs.dolphin-emu;
romFolder = "gc";
fileTypes = [ ".iso" ".ISO" ".gcm" ".GCM" ".ciso" ".CISO" "rvz" ];
fileTypes = [
".iso"
".ISO"
".gcm"
".GCM"
".ciso"
".CISO"
"rvz"
];
extraArgs = "-b -e \"\${filePath}\"";
};
@@ -68,6 +78,6 @@ in
mgba
prismlauncher
ryujinx-greemdev
vmware-horizon-client
omnissa-horizon-client
];
}

34
homes/x86_64-linux/matt@desktop/default.nix
View File

@@ -1,15 +1,26 @@
{ pkgs, namespace, ... }:
let
shellAliases = {
update-boot = "sudo nixos-rebuild boot --max-jobs 10 --build-host admin@10.0.1.3";
update-switch = "sudo nixos-rebuild switch --max-jobs 10 --build-host admin@10.0.1.3";
update-flake = "nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager --flake /etc/nixos";
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
};
in
{ pkgs, ... }:
{
home.username = "matt";
mjallen = {
sops = {
enable = true;
};
shell-aliases = {
enable = true;
flakeInputs = [
"desktop-nixpkgs"
"desktop-chaotic"
"desktop-home-manager"
"desktop-impermanence"
"desktop-lanzaboote"
"desktop-nixos-hardware"
"desktop-sops-nix"
"desktop-steam-rom-manager"
];
};
};
services = {
remmina = {
enable = true;
@@ -19,8 +30,6 @@ in
programs = {
password-store.enable = true;
zsh.shellAliases = shellAliases;
};
home.packages = with pkgs; [
@@ -29,7 +38,7 @@ in
discord
distrobox
heroic
stable.vmware-horizon-client
omnissa-horizon-client
jq
lutris
lzip
@@ -40,6 +49,7 @@ in
protontricks
protonvpn-gui
python3
runelite
smile
unigine-heaven
via

7
modules/home/desktop/gnome/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.mjallen.desktop.gnome;
in

19
modules/home/desktop/hyprland/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.mjallen.desktop.hyprland;
@@ -265,7 +270,7 @@ in
# this tag will set the below options to the vdi window
# this will have it auto open as a 2160x7680 window
# and makes multi-monitor work
"tag +horizonrdp, class:(.*[Vv][Mm]ware-view),title:(USPS Next VDI)"
"tag +horizonrdp, class:(.*[Hh]orizon-client),title:(USPS Next VDI)"
"noanim, tag:horizonrdp"
"noblur, tag:horizonrdp"
@@ -282,12 +287,13 @@ in
# "size 2160 7680, tag:horizonrdp"
# "move onscreen 0 0, tag:horizonrdp"
# float the vmware window cause its annoying to use in fullscreen
"float, class:(.*[Vv][Mm]ware-view),title:([Vv][Mm]ware [Hh]orizon [Cc]lient)"
"float, class:(.*[Hh]orizon-client),title:([Oo]mnissa [Hh]orizon [Cc]lient)"
"tag +waydroid, class:([Ww]aydroid.*)"
"float, tag:waydroid"
"pin, tag:waydroid"
] ++ cfg.windowRule;
]
++ cfg.windowRule;
plugin = {
touch_gestures = {
@@ -345,7 +351,7 @@ in
", swipe:3:ld, exec, foot"
# tap with 3 fingers
", tap:3, exec, foot"
", tap:3, exec, foot"
# longpress can trigger mouse binds:
", longpress:2, movewindow"
@@ -397,7 +403,8 @@ in
exec-once = xhost +SI:localuser:root
exec-once = nwg-look -a
exec-once = nwg-dock-hyprland -d
'' + cfg.extraConfig or '''';
''
+ cfg.extraConfig or '''';
};
};
}

56
modules/home/desktop/hyprland/options.nix
View File

@@ -45,31 +45,31 @@ with lib;
wallpaper = mkOption {
type = with types; listOf str;
default = [];
default = [ ];
description = "list of hyprland wallpaper configs";
};
monitor = mkOption {
type = with types; listOf str;
default = [];
default = [ ];
description = "list of hyprland monitor configs";
};
monitorv2 = mkOption {
type = with types; listOf str;
default = [];
default = [ ];
description = "list of hyprland monitorv2 configs";
};
workspace = mkOption {
type = with types; listOf str;
default = [];
default = [ ];
description = "list of hyprland workspace definitions";
};
windowRule = mkOption {
type = with types; listOf str;
default = [];
default = [ ];
description = "list of hyprland window rules";
};
@@ -92,14 +92,38 @@ with lib;
defaultApps = mkOption {
type = types.submodule {
options = {
browser = mkOption { type = types.package; default = pkgs.firefox; };
editor = mkOption { type = types.package; default = pkgs.micro; };
fileExplorer = mkOption { type = types.package; default = pkgs.nemo; };
visual = mkOption { type = types.package; default = pkgs.vscodium; };
terminal = mkOption { type = types.package; default = pkgs.kitty; };
office = mkOption { type = types.package; default = pkgs.onlyoffice-bin_latest; };
video = mkOption { type = types.package; default = pkgs.vlc; };
imageViewer = mkOption { type = types.package; default = pkgs.nomacs; };
browser = mkOption {
type = types.package;
default = pkgs.firefox;
};
editor = mkOption {
type = types.package;
default = pkgs.micro;
};
fileExplorer = mkOption {
type = types.package;
default = pkgs.nemo;
};
visual = mkOption {
type = types.package;
default = pkgs.vscodium;
};
terminal = mkOption {
type = types.package;
default = pkgs.kitty;
};
office = mkOption {
type = types.package;
default = pkgs.onlyoffice-bin_latest;
};
video = mkOption {
type = types.package;
default = pkgs.vlc;
};
imageViewer = mkOption {
type = types.package;
default = pkgs.nomacs;
};
};
};
description = "Default applications used across the system.";
@@ -108,15 +132,15 @@ with lib;
hyprIdle = {
lockScreenTimer = mkOption {
type = with types; int;
default = 5;
default = 300;
};
screenOffTimer = mkOption {
type = with types; int;
default = 15;
default = 900;
};
suspendTimer = mkOption {
type = with types; int;
default = 30;
default = 1800;
};
};
};

9
modules/home/desktop/hyprland/packages.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.mjallen.desktop.hyprland;
@@ -62,6 +67,8 @@ in
xorg.xhost
xsettingsd
xwayland
pkgs.mjallen.pipewire-python
];
};
}

9
modules/home/desktop/hyprland/services/hypridle/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.hyprland;
in
@@ -7,7 +12,7 @@ in
config = lib.mkIf cfg.enable {
services.hypridle = {
enable = false;
enable = true;
settings = {
general = {
before_sleep_cmd = "loginctl lock-session"; # lock before suspend.

75
modules/home/desktop/hyprland/services/hyprlock/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.hyprland;
in
@@ -7,41 +12,41 @@ in
config = lib.mkIf cfg.enable {
programs.hyprlock = {
enable = true;
settings = {
background = [
{
monitor = "";
path = cfg.wallpaper; # supports png, jpg, webp (no animations, though)
color = "rgba(25, 20, 20, 1.0)";
enable = true;
settings = {
background = [
{
monitor = "";
path = cfg.wallpaper; # supports png, jpg, webp (no animations, though)
color = "rgba(25, 20, 20, 1.0)";
# all these options are taken from hyprland, see https://wiki.hyprland.org/Configuring/Variables/#blur for explanations
blur_passes = "3"; # 0 disables blurring
blur_size = "7";
noise = "0.0117";
contrast = "0.8916";
brightness = "0.8172";
vibrancy = "0.1696";
vibrancy_darkness = "0.0";
}
];
input-field = [
{
size = "200, 50";
position = "0, -80";
monitor = cfg.primaryDisplay;
dots_center = true;
fade_on_empty = true;
font_color = "rgb(202, 211, 245)";
inner_color = "rgb(91, 96, 120)";
outer_color = "rgb(24, 25, 38)";
bothlock_color = -1;
outline_thickness = 5;
placeholder_text = ''<span foreground="##cad3f5">Password...</span>'';
shadow_passes = 2;
}
];
};
# all these options are taken from hyprland, see https://wiki.hyprland.org/Configuring/Variables/#blur for explanations
blur_passes = "3"; # 0 disables blurring
blur_size = "7";
noise = "0.0117";
contrast = "0.8916";
brightness = "0.8172";
vibrancy = "0.1696";
vibrancy_darkness = "0.0";
}
];
input-field = [
{
size = "200, 50";
position = "0, -80";
monitor = cfg.primaryDisplay;
dots_center = true;
fade_on_empty = true;
font_color = "rgb(202, 211, 245)";
inner_color = "rgb(91, 96, 120)";
outer_color = "rgb(24, 25, 38)";
bothlock_color = -1;
outline_thickness = 5;
placeholder_text = ''<span foreground="##cad3f5">Password...</span>'';
shadow_passes = 2;
}
];
};
};
};
}

7
modules/home/desktop/hyprland/services/hyprpaper/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.hyprland;
in

15
modules/home/desktop/hyprland/theme.nix
View File

@@ -1,12 +1,17 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.mjallen.desktop.hyprland;
themeSize = "compact"; # [ "standard" "compact" ]
themeAccent = "all"; # [ "default" "purple" "pink" "red" "orange" "yellow" "green" "teal" "grey" "all" ]
themeVariant = "nord"; # [ "nord" "dracula" "gruvbox" "everforest" "catppuccin" "all" "black" "rimless" "normal" "float" ]
themeColor = "dark"; # [ "standard" "light" "dark" ]
themeSize = "compact"; # [ "standard" "compact" ]
themeAccent = "all"; # [ "default" "purple" "pink" "red" "orange" "yellow" "green" "teal" "grey" "all" ]
themeVariant = "nord"; # [ "nord" "dracula" "gruvbox" "everforest" "catppuccin" "all" "black" "rimless" "normal" "float" ]
themeColor = "dark"; # [ "standard" "light" "dark" ]
iconThemeVariant = "all"; # [ "default" "purple" "pink" "red" "orange" "yellow" "green" "teal" "grey" "all" ]
iconScheme = "nord"; # [ "default" "nord" "dracula" "gruvbox" "everforest" "catppuccin" "all" ]

54
modules/home/desktop/hyprland/variables.nix
View File

@@ -6,34 +6,34 @@ in
{
config = mkIf cfg.enable {
home.sessionVariables = {
BROWSER = "${cfg.defaultApps.browser.pname}";
CLUTTER_BACKEND = "wayland";
EDITOR = "${cfg.defaultApps.editor.pname}";
VISUAL = "${cfg.defaultApps.visual.pname}";
ICON_THEME = cfg.iconThemeName;
GTK_CSD = "0";
GTK_THEME = cfg.gtkThemeName;
GTK_USE_PORTAL = "1";
HYPRCURSOR_THEME = config.home.pointerCursor.name;
HYPRCURSOR_SIZE = config.home.pointerCursor.size;
MOZ_ENABLE_WAYLAND = "1";
NIXOS_OZONE_WL = "1";
NIXOS_XDG_OPEN_USE_PORTAL = "1";
QT_AUTO_SCREEN_SCALE_FACTOR = "1";
QT_QPA_PLATFORM = "wayland-egl";
QT_QPA_PLATFORMTHEME = "gtk3";
QT_SCALE_FACTOR = "1";
BROWSER = "${cfg.defaultApps.browser.pname}";
CLUTTER_BACKEND = "wayland";
EDITOR = "${cfg.defaultApps.editor.pname}";
VISUAL = "${cfg.defaultApps.visual.pname}";
ICON_THEME = cfg.iconThemeName;
GTK_CSD = "0";
GTK_THEME = cfg.gtkThemeName;
GTK_USE_PORTAL = "1";
HYPRCURSOR_THEME = config.home.pointerCursor.name;
HYPRCURSOR_SIZE = config.home.pointerCursor.size;
MOZ_ENABLE_WAYLAND = "1";
NIXOS_OZONE_WL = "1";
NIXOS_XDG_OPEN_USE_PORTAL = "1";
QT_AUTO_SCREEN_SCALE_FACTOR = "1";
QT_QPA_PLATFORM = "wayland-egl";
QT_QPA_PLATFORMTHEME = "gtk3";
QT_SCALE_FACTOR = "1";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
SDL_VIDEODRIVER = "wayland";
TERMINAL = "${cfg.defaultApps.terminal.pname}";
XCURSOR_THEME = config.home.pointerCursor.name;
XCURSOR_SIZE = config.home.pointerCursor.size;
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_CURRENT_DESKTOP = "Hyprland";
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_SESSION_DESKTOP = "Hyprland";
XDG_SESSION_TYPE = "wayland";
SDL_VIDEODRIVER = "wayland";
TERMINAL = "${cfg.defaultApps.terminal.pname}";
XCURSOR_THEME = config.home.pointerCursor.name;
XCURSOR_SIZE = config.home.pointerCursor.size;
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_CURRENT_DESKTOP = "Hyprland";
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_SESSION_DESKTOP = "Hyprland";
XDG_SESSION_TYPE = "wayland";
};
};
}

19
modules/home/home/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
home = {
enableNixpkgsReleaseCheck = lib.mkDefault false;
@@ -47,10 +52,14 @@
nh = {
enable = true;
flake = "/etc/nixos";
clean = {
enable = true;
extraArgs = "--keep 5";
};
};
micro = {
enable = true;
enable = lib.mkDefault true;
settings = {
autoindent = true;
autosu = true;
@@ -61,7 +70,7 @@
};
tmux = {
enable = true;
enable = lib.mkDefault true;
terminal = "screen-256color";
sensibleOnTop = true;
focusEvents = true;
@@ -104,8 +113,8 @@
nextcloud-client.enable = lib.mkDefault true;
pass-secret-service.enable = lib.mkDefault true;
kdeconnect = {
enable = true;
indicator = true;
enable = lib.mkDefault true;
indicator = lib.mkDefault true;
};
};
}

2
modules/home/programs/btop/default.nix
View File

@@ -2,7 +2,7 @@
with lib;
let
cfg = config.mjallen.programs.btop;
nord = import ../../desktop/theme/nord.nix;
nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in
{
imports = [ ./options.nix ];

107
modules/home/programs/code/default.nix
View File

@@ -1,21 +1,16 @@
{ config, lib, pkgs, system, ... }:
{
config,
pkgs,
system,
namespace,
...
}:
let
isArm = "aarch64-linux" == system;
open-remote-ssh = pkgs.vscode-utils.buildVscodeExtension {
pname = "open-remote-ssh";
version = "0.0.49";
vscodeExtPublisher = "jeanp413";
vscodeExtName = "open-remote-ssh";
vscodeExtUniqueId = "jeanp413.open-remote-ssh";
src = pkgs.fetchurl {
url = "https://open-vsx.org/api/jeanp413/open-remote-ssh/0.0.49/file/jeanp413.open-remote-ssh-0.0.49.vsix";
sha256 = "sha256-QfJnAAx+kO2iJ1EzWoO5HLogJKg3RiC3hg1/u2Jm6t4";
name = "open-remote-ssh.zip";
};
};
x86_only = with pkgs; [
vscode-extensions.redhat.vscode-xml
];
open-remote-ssh = pkgs.${namespace}.open-remote-ssh;
in
{
programs = {
@@ -27,44 +22,48 @@ in
default = {
enableUpdateCheck = false;
enableExtensionUpdateCheck = false;
extensions = with pkgs; [
vscode-extensions.arrterian.nix-env-selector
vscode-extensions.bbenoist.nix
vscode-extensions.brettm12345.nixfmt-vscode
vscode-extensions.cweijan.vscode-database-client2
vscode-extensions.dendron.dendron-markdown-preview-enhanced
vscode-extensions.jnoortheen.nix-ide
vscode-extensions.mkhl.direnv
vscode-extensions.ms-python.debugpy
vscode-extensions.ms-python.pylint
vscode-extensions.ms-python.python
# vscode-extensions.ms-python.vscode-pylance
vscode-extensions.redhat.vscode-yaml
vscode-extensions.yy0931.vscode-sqlite3-editor
extensions =
with pkgs;
[
vscode-extensions.arrterian.nix-env-selector
vscode-extensions.bbenoist.nix
vscode-extensions.brettm12345.nixfmt-vscode
vscode-extensions.cweijan.vscode-database-client2
vscode-extensions.dendron.dendron-markdown-preview-enhanced
vscode-extensions.jnoortheen.nix-ide
vscode-extensions.mkhl.direnv
vscode-extensions.ms-python.debugpy
vscode-extensions.ms-python.pylint
vscode-extensions.ms-python.python
# vscode-extensions.ms-python.vscode-pylance
vscode-extensions.redhat.vscode-yaml
vscode-extensions.yy0931.vscode-sqlite3-editor
# open-remote-ssh
# nix-vscode-extensions.open-vsx.jeanp413.open-remote-ssh
# open-vsx.jeanp413.open-remote-ssh
] ++ ( if !isArm then x86_only else [ ] ) ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
{
name = "copilot-mcp";
publisher = "automatalabs";
version = "0.0.49";
sha256 = "sha256-+G2OQl5SCN7bh7MzGdYiRclIZefBE7lWnGg1kNpCvnA=";
}
{
name = "mcp-server-runner";
publisher = "zebradev";
version = "0.1.0";
sha256 = "sha256-StydVt3VzQUSS/pYp76jnIwtZlEj8gWAGzOARs93J+E=";
}
{
name = "claude-dev";
publisher = "saoudrizwan";
version = "3.17.9";
sha256 = "sha256-y3bFtMe5vZrO3DFb31KDvkzjD2jM76wK89mKhgJXC70=";
}
];
# open-remote-ssh
# nix-vscode-extensions.open-vsx.jeanp413.open-remote-ssh
open-remote-ssh
]
++ (if !isArm then x86_only else [ ])
++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
{
name = "copilot-mcp";
publisher = "automatalabs";
version = "0.0.49";
sha256 = "sha256-+G2OQl5SCN7bh7MzGdYiRclIZefBE7lWnGg1kNpCvnA=";
}
{
name = "mcp-server-runner";
publisher = "zebradev";
version = "0.1.0";
sha256 = "sha256-StydVt3VzQUSS/pYp76jnIwtZlEj8gWAGzOARs93J+E=";
}
{
name = "claude-dev";
publisher = "saoudrizwan";
version = "3.17.9";
sha256 = "sha256-y3bFtMe5vZrO3DFb31KDvkzjD2jM76wK89mKhgJXC70=";
}
];
userSettings = {
@@ -110,10 +109,12 @@ in
# You can write arbitary Nix expressions here, to produce valid "options" declaration result.
# Tip: for flake-based configuration, utilize `builtins.getFlake`
"nixos" = {
"expr" = "(builtins.getFlake \"${config.home.homeDirectory}/nix-config\").nixosConfigurations.<name>.options";
"expr" =
"(builtins.getFlake \"${config.home.homeDirectory}/nix-config\").nixosConfigurations.<name>.options";
};
"home-manager" = {
"expr" = "(builtins.getFlake \"${config.home.homeDirectory}/nix-config\").homeConfigurations.<name>.options";
"expr" =
"(builtins.getFlake \"${config.home.homeDirectory}/nix-config\").homeConfigurations.<name>.options";
};
# # Tip: use ${workspaceFolder} variable to define path
# "nix-darwin" = {
@@ -139,6 +140,8 @@ in
"*.db" = "default";
};
};
"enable-proposed-api" = [ "jeanp413.open-remote-ssh" ];
};
};
};

34
modules/home/programs/kitty/default.nix
View File

@@ -2,7 +2,7 @@
with lib;
let
cfg = config.mjallen.programs.kitty;
nord = import ../../desktop/theme/nord.nix;
nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in
{
imports = [ ./options.nix ];
@@ -29,33 +29,33 @@ in
background_opacity = "0.85";
# The basic colors
foreground = nord.snowStorm.nord6;
background = nord.polarNight.nord0;
selection_foreground = nord.polarNight.nord0;
selection_background = nord.aurora.nord15;
foreground = nord.snowStorm.nord6;
background = nord.polarNight.nord0;
selection_foreground = nord.polarNight.nord0;
selection_background = nord.aurora.nord15;
# Cursor colors
cursor = nord.aurora.nord15;
cursor_text_color = nord.polarNight.nord0;
cursor = nord.aurora.nord15;
cursor_text_color = nord.polarNight.nord0;
# URL underline color when hovering with mouse
url_color = nord.aurora.nord15;
# Kitty window border colors
active_border_color = nord.frost.nord10;
active_border_color = nord.frost.nord10;
inactive_border_color = nord.polarNight.nord1;
bell_border_color = nord.aurora.nord13;
bell_border_color = nord.aurora.nord13;
# OS Window titlebar colors
wayland_titlebar_color = nord.polarNight.nord0;
macos_titlebar_color = nord.polarNight.nord0;
wayland_titlebar_color = nord.polarNight.nord0;
macos_titlebar_color = nord.polarNight.nord0;
# Tab bar colors
active_tab_foreground = nord.polarNight.nord3;
active_tab_background = nord.aurora.nord15;
active_tab_foreground = nord.polarNight.nord3;
active_tab_background = nord.aurora.nord15;
inactive_tab_foreground = nord.snowStorm.nord6;
inactive_tab_background = nord.polarNight.nord1;
tab_bar_background = nord.polarNight.nord3;
tab_bar_background = nord.polarNight.nord3;
# Colors for marks (marked text in the terminal)
mark1_foreground = nord.polarNight.nord0;
@@ -86,11 +86,11 @@ in
color11 = nord.aurora.nord13;
# blue
color4 = nord.frost.nord10;
color4 = nord.frost.nord10;
color12 = nord.frost.nord10;
# magenta
color5 = nord.aurora.nord15;
color5 = nord.aurora.nord15;
color13 = nord.aurora.nord15;
# cyan
@@ -98,7 +98,7 @@ in
color14 = nord.frost.nord8;
# white
color7 = nord.snowStorm.nord5;
color7 = nord.snowStorm.nord5;
color15 = nord.snowStorm.nord4;
};
};

4
modules/home/programs/kitty/options.nix
View File

@@ -15,13 +15,13 @@ with lib;
};
size = mkOption {
type = with types; int;
default = 8;
default = 12;
};
};
theme = mkOption {
type = types.attrs;
default = import ../../desktop/theme/nord.nix;
default = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
};
};
}

3
modules/home/programs/librewolf/default.nix
View File

@@ -36,7 +36,8 @@
"browser.newtabpage.activity-stream.topSitesRows" = 3; # Set number of rows for top sites on new tab page
"layout.css.light-dark.enabled" = true; # Enable light/dark theme support
"extensions.activeThemeID" = "default-theme@mozilla.org"; # Set active theme
"extensions.webextensions.uuids" = "{\"formautofill@mozilla.org\" =\"851c83b7-26d5-449c-8cc9-d8951a0ce78d\",\"pictureinpicture@mozilla.org\" =\"42fa2650-5134-4bef-bafa-b73f9ae51bad\",\"screenshots@mozilla.org\" =\"efd2b692-43c4-433a-aea5-0cb79f8312d4\",\"webcompat-reporter@mozilla.org\" =\"c43a6be2-fb56-4253-b384-ce8e09a89999\",\"webcompat@mozilla.org\" =\"e25fd1bb-7c53-413f-9528-bb922c322a56\",\"default-theme@mozilla.org\" =\"610b67c3-9145-46f7-814f-d8ee2cc8edff\",\"addons-search-detection@mozilla.com\:\"caedb3ca-5cf5-4e23-a251-d742f23e6fc8\",\"uBlock0@raymondhill.net\" =\"7e7d9fd9-12bf-42d3-9c7c-9ffd05420ec7\",\"78272b6fa58f4a1abaac99321d503a20@proton.me\" =\"7242a067-06d8-430b-94a3-00d264cdd57b\",\"addon@darkreader.org\" =\"2f02b112-6acd-4bdc-af2c-1432eb527339\",\"jid1-xUfzOsOFlzSOXg@jetpack\" =\"d0c72046-9903-4118-8160-a028840bf928\",\"chrome-gnome-shell@gnome.org\" =\"a1ab53e6-b765-4f25-8349-383cc04682a0\",\"user-agent-switcher@ninetailed.ninja\" =\"259d07cc-bb32-4ed5-b90f-6d73abdeb7bb\",\"firefoxdav@icloud.com\" =\"110e6e2c-18f8-461d-9f26-b8f04482b6f1\",\"ciscowebexstart1@cisco.com\" =\"a4062240-e73a-4353-bddb-d608d84881f7\",\"{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}\" =\"9164e437-812b-4a07-8dfd-2fd73b39329b\",\"{036a55b4-5e72-4d05-a06c-cba2dfcc134a}\" =\"648fc678-a6fb-47cd-9792-fb9520678c17\",\"{446900e4-71c2-419f-a6a7-df9c091e268b}\" =\"f0b43422-070e-466e-85c9-6543f209f075\",\"jid1-MnnxcxisBPnSXQ@jetpack\" =\"4c448202-c843-4cae-b5c3-d11f2da58fa3\",\"soundfixer@unrelenting.technology\" =\"59b35eb8-1c85-4919-a905-80d120993ddc\",\"floccus@handmadeideas.org\" =\"8ad2956c-8091-41af-a689-7d2108f5958d\",\"{79b9dbcf-cc5a-4cda-89ef-c4ab097eb074}\" =\"c2a223a7-32e0-4726-9f20-17236702b1f5\",\"linkgopher@oooninja.com\" =\"a257858c-0dce-415b-b123-6222876cf843\"}";
"extensions.webextensions.uuids" =
"{\"formautofill@mozilla.org\" =\"851c83b7-26d5-449c-8cc9-d8951a0ce78d\",\"pictureinpicture@mozilla.org\" =\"42fa2650-5134-4bef-bafa-b73f9ae51bad\",\"screenshots@mozilla.org\" =\"efd2b692-43c4-433a-aea5-0cb79f8312d4\",\"webcompat-reporter@mozilla.org\" =\"c43a6be2-fb56-4253-b384-ce8e09a89999\",\"webcompat@mozilla.org\" =\"e25fd1bb-7c53-413f-9528-bb922c322a56\",\"default-theme@mozilla.org\" =\"610b67c3-9145-46f7-814f-d8ee2cc8edff\",\"addons-search-detection@mozilla.com\:\"caedb3ca-5cf5-4e23-a251-d742f23e6fc8\",\"uBlock0@raymondhill.net\" =\"7e7d9fd9-12bf-42d3-9c7c-9ffd05420ec7\",\"78272b6fa58f4a1abaac99321d503a20@proton.me\" =\"7242a067-06d8-430b-94a3-00d264cdd57b\",\"addon@darkreader.org\" =\"2f02b112-6acd-4bdc-af2c-1432eb527339\",\"jid1-xUfzOsOFlzSOXg@jetpack\" =\"d0c72046-9903-4118-8160-a028840bf928\",\"chrome-gnome-shell@gnome.org\" =\"a1ab53e6-b765-4f25-8349-383cc04682a0\",\"user-agent-switcher@ninetailed.ninja\" =\"259d07cc-bb32-4ed5-b90f-6d73abdeb7bb\",\"firefoxdav@icloud.com\" =\"110e6e2c-18f8-461d-9f26-b8f04482b6f1\",\"ciscowebexstart1@cisco.com\" =\"a4062240-e73a-4353-bddb-d608d84881f7\",\"{a6c4a591-f1b2-4f03-b3ff-767e5bedf4e7}\" =\"9164e437-812b-4a07-8dfd-2fd73b39329b\",\"{036a55b4-5e72-4d05-a06c-cba2dfcc134a}\" =\"648fc678-a6fb-47cd-9792-fb9520678c17\",\"{446900e4-71c2-419f-a6a7-df9c091e268b}\" =\"f0b43422-070e-466e-85c9-6543f209f075\",\"jid1-MnnxcxisBPnSXQ@jetpack\" =\"4c448202-c843-4cae-b5c3-d11f2da58fa3\",\"soundfixer@unrelenting.technology\" =\"59b35eb8-1c85-4919-a905-80d120993ddc\",\"floccus@handmadeideas.org\" =\"8ad2956c-8091-41af-a689-7d2108f5958d\",\"{79b9dbcf-cc5a-4cda-89ef-c4ab097eb074}\" =\"c2a223a7-32e0-4726-9f20-17236702b1f5\",\"linkgopher@oooninja.com\" =\"a257858c-0dce-415b-b123-6222876cf843\"}";
};
};
}

2
modules/home/programs/mako/default.nix
View File

@@ -2,7 +2,7 @@
with lib;
let
cfg = config.mjallen.programs.mako;
nord = import ../../desktop/theme/nord.nix;
nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in
{
imports = [ ./options.nix ];

9
modules/home/programs/nwg-dock/default.nix
View File

@@ -1,8 +1,13 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.mjallen.programs.nwg-dock;
nord = import ../../desktop/theme/nord.nix;
nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in
{
imports = [ ./options.nix ];

69
modules/home/programs/nwg-drawer/default.nix
View File

@@ -1,8 +1,13 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.mjallen.programs.nwg-drawer;
nord = import ../../desktop/theme/nord.nix;
nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in
{
imports = [ ./options.nix ];
@@ -11,42 +16,42 @@ in
home.packages = with pkgs; [ nwg-drawer ];
home.file = {
".config/nwg-drawer/drawer.css".text = ''
window {
background-color: ${nord.polarNight.nord0}bf;
color: ${nord.snowStorm.nord5}00
}
".config/nwg-drawer/drawer.css".text = ''
window {
background-color: ${nord.polarNight.nord0}bf;
color: ${nord.snowStorm.nord5}00
}
/* search entry */
entry {
background-color: ${nord.polarNight.nord1}0f
}
/* search entry */
entry {
background-color: ${nord.polarNight.nord1}0f
}
button, image {
background: none;
border: none
}
button, image {
background: none;
border: none
}
button:hover {
background-color: ${nord.frost.nord10}1a
}
button:hover {
background-color: ${nord.frost.nord10}1a
}
/* in case you wanted to give category buttons a different look */
#category-button {
margin: 0 10px 0 10px
}
/* in case you wanted to give category buttons a different look */
#category-button {
margin: 0 10px 0 10px
}
#pinned-box {
padding-bottom: 5px;
border-bottom: 1px dotted ${nord.polarNight.nord3}
}
#pinned-box {
padding-bottom: 5px;
border-bottom: 1px dotted ${nord.polarNight.nord3}
}
#files-box {
padding: 5px;
border: 1px dotted ${nord.polarNight.nord3};
border-radius: 15px
}
'';
#files-box {
padding: 5px;
border: 1px dotted ${nord.polarNight.nord3};
border-radius: 15px
}
'';
};
};
}

18
modules/home/programs/nwg-panel/default.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, ... }:
{ config, lib, ... }:
with lib;
let
cfg = config.mjallen.programs.nwg-panel;
@@ -12,14 +12,14 @@ in
'';
".config/nwg-panel/preferred-apps.json".text = ''
{
"\\.pdf$": "${cfg.defaultApps.browser.pname}",
"\\.svg$": "inkscape",
"\\.(jpg|png|tiff|gif)$": "${cfg.defaultApps.imageViewer.pname}",
"\\.(mp3|ogg|flac|wav|wma)$": "audacious",
"\\.(avi|mp4|mkv|mov|wav)$": "${cfg.defaultApps.video.pname}",
"\\.(doc|docx|xls|xlsx)$": "${cfg.defaultApps.office.pname}"
}
{
"\\.pdf$": "${cfg.defaultApps.browser.pname}",
"\\.svg$": "inkscape",
"\\.(jpg|png|tiff|gif)$": "${cfg.defaultApps.imageViewer.pname}",
"\\.(mp3|ogg|flac|wav|wma)$": "audacious",
"\\.(avi|mp4|mkv|mov|wav)$": "${cfg.defaultApps.video.pname}",
"\\.(doc|docx|xls|xlsx)$": "${cfg.defaultApps.office.pname}"
}
'';
};
};

40
modules/home/programs/nwg-panel/options.nix
View File

@@ -7,14 +7,38 @@ with lib;
defaultApps = mkOption {
type = types.submodule {
options = {
browser = mkOption { type = types.package; default = pkgs.firefox; };
editor = mkOption { type = types.package; default = pkgs.micro; };
fileExplorer = mkOption { type = types.package; default = pkgs.nemo; };
visual = mkOption { type = types.package; default = pkgs.vscodium; };
terminal = mkOption { type = types.package; default = pkgs.kitty; };
office = mkOption { type = types.package; default = pkgs.onlyoffice-bin_latest; };
video = mkOption { type = types.package; default = pkgs.vlc; };
imageViewer = mkOption { type = types.package; default = pkgs.gnome-photos; };
browser = mkOption {
type = types.package;
default = pkgs.firefox;
};
editor = mkOption {
type = types.package;
default = pkgs.micro;
};
fileExplorer = mkOption {
type = types.package;
default = pkgs.nemo;
};
visual = mkOption {
type = types.package;
default = pkgs.vscodium;
};
terminal = mkOption {
type = types.package;
default = pkgs.kitty;
};
office = mkOption {
type = types.package;
default = pkgs.onlyoffice-bin_latest;
};
video = mkOption {
type = types.package;
default = pkgs.vlc;
};
imageViewer = mkOption {
type = types.package;
default = pkgs.gnome-photos;
};
};
};
description = "Default applications used across the system.";

78
modules/home/programs/waybar/default.nix
View File

@@ -2,7 +2,7 @@
with lib;
let
cfg = config.mjallen.programs.waybar;
nord = import ../../desktop/theme/nord.nix;
nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
defaultOpacity = "opacity: 0.85;";
defaultBorderRadius = "border-radius: 1rem;";
@@ -61,7 +61,30 @@ in
modules-center = [ "hyprland/window" ];
modules-right = cfg.modules-right;
modules-right = [
"tray"
"custom/left-end"
"temperature"
"temperature#gpu"
"keyboard-state#capslock"
"keyboard-state#numlock"
"wireplumber#sink"
"bluetooth"
"network"
"idle_inhibitor"
"custom/right-end"
"custom/left-end"
"clock"
"battery"
"custom/weather"
"custom/right-end"
];
# modules-right = [
# "tray"
# "custom/left-end" ] ++
# cfg.modules-right ++
# [ "custom/right-end" ];
# Module Definitions
# Left
@@ -234,10 +257,10 @@ in
calendar = {
mode = "month";
format = {
months = "<span color='${nord.frost.nord9}'><b>{}</b></span>";
days = "<span color='${nord.frost.nord10}'><b>{}</b></span>";
weekdays = "<span color='${nord.frost.nord8}'><b>{}</b></span>";
today = "<span color='${nord.aurora.nord14}'><b><u>{}</u></b></span>";
months = "<span color='${nord.frost.nord9}'><b>{}</b></span>";
days = "<span color='${nord.frost.nord10}'><b>{}</b></span>";
weekdays = "<span color='${nord.frost.nord8}'><b>{}</b></span>";
today = "<span color='${nord.aurora.nord14}'><b><u>{}</u></b></span>";
};
};
};
@@ -247,8 +270,8 @@ in
interval = 60;
# statuses: 'Charging', 'Discharging'
states = {
warning = 30;
critical = 15;
warning = 30;
critical = 15;
};
format = "{capacity}% {icon}";
format-icons = {
@@ -290,7 +313,18 @@ in
return-type = "json";
markup = "pango";
};
} // cfg.extraModules;
"custom/left-end" = {
format = "&nbsp";
tooltip = false;
};
"custom/right-end" = {
format = "&nbsp";
tooltip = false;
};
}
// cfg.extraModules;
};
# * { font-size: 13px; }
@@ -372,7 +406,7 @@ in
${defaultBorderRadius}
${defaultCenterOptions}
margin-left: 4rem;
margin-right: 4rem;
margin-right: ${toString cfg.windowOffset}rem;
}
/* make window module transparent when no windows present */
@@ -384,7 +418,8 @@ in
color: ${nord.frost.nord10};
background-color: ${nord.polarNight.nord0};
${defaultOpacity}
${borderRight}
${defaultCenterOptions}
border-radius: 0;
}
#battery {
@@ -400,7 +435,8 @@ in
color: ${nord.frost.nord9};
background-color: ${nord.polarNight.nord0};
${defaultOpacity}
${borderLeft}
${defaultCenterOptions}
border-radius: 0;
}
/* ------------- */
@@ -409,7 +445,8 @@ in
color: ${nord.frost.nord10};
background-color: ${nord.polarNight.nord0};
${defaultOpacity}
${borderRight}
${defaultCenterOptions}
border-radius: 0;
padding-right: 1rem;
}
@@ -528,7 +565,20 @@ in
}
/* ------------- */
'' + cfg.extraModulesStyle or '''';
#custom-left-end {
background-color: ${nord.polarNight.nord0};
${defaultOpacity}
${borderLeft}
}
#custom-right-end {
background-color: ${nord.polarNight.nord0};
${defaultOpacity}
${borderRight}
}
''
+ cfg.extraModulesStyle or '''';
};
};
}

39
modules/home/programs/waybar/options.nix
View File

@@ -11,7 +11,7 @@ with lib;
modules-right = mkOption {
type = with types; listOf str;
default = [];
default = [ ];
};
networkInterface = mkOption {
@@ -28,5 +28,42 @@ with lib;
type = types.str;
default = "";
};
windowOffset = mkOption {
type = types.int;
default = 4;
};
# Waybar modules config
# modules = mkOption {
# type = types.submodule {
# options = {
# # Modules
# window = mkOption {
# type = types.submodule {
# options = {
# # Waybar Module CSS
# margin-right = mkOption {
# type = types.str;
# default = "4";
# };
# };
# };
# };
# temperature = mkOption {
# type = types.submodule {
# options = {
# # Waybar Module CSS
# margin-right = mkOption {
# type = types.str;
# default = "4";
# };
# };
# };
# };
# };
# };
# default = { };
# };
};
}

10
modules/home/programs/waybar/scripts/hass.nix
View File

@@ -1,8 +1,14 @@
{ config, lib, namespace, pkgs, ... }:
{
config,
lib,
namespace,
pkgs,
...
}:
let
cfg = config.mjallen.programs.waybar;
pythonEnv = pkgs.python3.withPackages (ps: [
pythonEnv = pkgs.python3.withPackages (_ps: [
pkgs.${namespace}.homeassistant-api
]);

34
modules/home/programs/waybar/scripts/weather.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.mjallen.programs.waybar;
@@ -7,7 +12,6 @@ let
#! nix-shell -i python3 --pure
#! nix-shell -p python3 python3Packages.requests
"""get waybar weather"""
import os
import json
import shutil
@@ -93,12 +97,16 @@ let
WIND_DIRECTION = {
"S": "",
"SW": "",
"SSW": "",
"W": "",
"NW": "",
"NNW": "",
"N": "",
"NE": "",
"NNE": "",
"E": "",
"SE": "",
"SSE": "",
}
MOON_PHASES = (
@@ -334,11 +342,13 @@ let
moon_phase = astronomy['moon_phase']
wego = WEATHER_CODES_WEGO[current_condition['weatherCode']]
tooltip = f"{wego[0]}{weather_description} {temp_f}°\n"
tooltip += f"{wego[1]}Feels like: {feels_like_f}°\n"
tooltip += f"{wego[2]}Wind: {wind_speed}mph {WIND_DIRECTION[wind_dir]}\n"
tooltip += f"{wego[3]}Humidity: {humidity}%\n"
tooltip += f"{wego[4]}Moon phase: {moon_phase} " + moon_icon + "\n"
current = f"{wego[0]}{weather_description} {temp_f}°\n"
feels = f"{wego[1]}Feels like: {feels_like_f}°\n"
wind = f"{wego[2]}Wind: {wind_speed}mph {WIND_DIRECTION[wind_dir]}\n"
humidityl = f"{wego[3]}Humidity: {humidity}%\n"
moon = f"{wego[4]}Moon phase: {moon_phase} " + moon_icon + "\n"
tooltip = current + feels + wind + humidityl + moon
return tooltip
@@ -414,9 +424,12 @@ let
current_condition = weather["current_condition"][0]
astronomy = weather["weather"][0]['astronomy'][0]
data["text"] = build_text(current_condition)
data["tooltip"] = build_tooltip(current_condition, astronomy, moon_icon)
data["tooltip"] += build_forecast(weather["weather"])
text = build_text(current_condition)
tooltip = build_tooltip(current_condition, astronomy, moon_icon) + build_forecast(weather["weather"])
data["text"] = text
data["tooltip"] = tooltip
return json.dumps(data)
@@ -425,6 +438,7 @@ let
try:
print(get_wttr_json())
except Exception as e:
print("error")
print(e)
main()

4
modules/home/programs/wlogout/default.nix
View File

@@ -2,10 +2,10 @@
with lib;
let
cfg = config.mjallen.programs.wlogout;
nord = import ../../desktop/theme/nord.nix;
nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
programs.wlogout = {
enable = false;

2
modules/home/programs/wofi/default.nix
View File

@@ -2,7 +2,7 @@
with lib;
let
cfg = config.mjallen.programs.wofi;
nord = import ../../desktop/theme/nord.nix;
nord = import (lib.snowfall.fs.get-file "modules/home/desktop/theme/nord.nix");
in
{
imports = [ ./options.nix ];

57
modules/home/shell-aliases/default.nix Normal file
View File

@@ -0,0 +1,57 @@
{
config,
lib,
...
}:
let
cfg = config.mjallen.shell-aliases;
in
{
options.mjallen.shell-aliases = {
enable = lib.mkEnableOption "Common shell aliases";
buildHost = lib.mkOption {
type = lib.types.str;
default = "admin@10.0.1.3";
description = "Build host for nixos-rebuild commands";
};
flakeInputs = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "List of flake inputs to update";
};
extraAliases = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = { };
description = "Additional host-specific aliases";
};
};
config = lib.mkIf cfg.enable {
programs.zsh.shellAliases = {
# Common file operations
ll = "ls -alh";
ducks = "du -cksh * | sort -hr | head -n 15";
# NixOS rebuild commands
update-boot =
"sudo nixos-rebuild boot --max-jobs 10"
+ lib.optionalString (cfg.buildHost != "") " --build-host ${cfg.buildHost}";
update-switch =
"sudo nixos-rebuild switch --max-jobs 10"
+ lib.optionalString (cfg.buildHost != "") " --build-host ${cfg.buildHost}";
# Flake update command
update-flake = lib.mkIf (
cfg.flakeInputs != [ ]
) "nix flake update ${lib.concatStringsSep " " cfg.flakeInputs} --flake /etc/nixos";
# NAS management
update-nas = "nixos-rebuild switch --use-remote-sudo --target-host admin@10.0.1.3 --build-host admin@10.0.1.3 --flake ~/nix-config#jallen-nas";
nas-ssh = "kitten ssh admin@10.0.1.3";
}
// cfg.extraAliases;
};
}

8
modules/home/sops/default.nix
View File

@@ -1,9 +1,13 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
let
cfg = config.mjallen.sops;
user = config.${namespace}.user.name;
hostname = config.${namespace}.network.hostname;
in
{
imports = [ ./options.nix ];

27
modules/home/user/default.nix
View File

@@ -65,20 +65,19 @@ in
];
home = {
file =
{
"Desktop/.keep".text = "";
"Documents/.keep".text = "";
"Downloads/.keep".text = "";
"Music/.keep".text = "";
"Pictures/.keep".text = "";
"Videos/.keep".text = "";
}
// lib.optionalAttrs (cfg.icon != null) {
".face".source = cfg.icon;
".face.icon".source = cfg.icon;
"Pictures/${cfg.icon.fileName or (builtins.baseNameOf cfg.icon)}".source = cfg.icon;
};
file = {
"Desktop/.keep".text = "";
"Documents/.keep".text = "";
"Downloads/.keep".text = "";
"Music/.keep".text = "";
"Pictures/.keep".text = "";
"Videos/.keep".text = "";
}
// lib.optionalAttrs (cfg.icon != null) {
".face".source = cfg.icon;
".face.icon".source = cfg.icon;
"Pictures/${cfg.icon.fileName or (builtins.baseNameOf cfg.icon)}".source = cfg.icon;
};
homeDirectory = mkDefault cfg.home;

15
modules/nixos/actual/default.nix
View File

@@ -1,7 +1,13 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.actual;
cfg = config.${namespace}.services.actual;
dataDir = "/data";
hostAddress = "10.0.1.3";
actualUserId = config.users.users.nix-apps.uid;
@@ -24,7 +30,8 @@ in
};
};
config = { lib, ... }:
config =
{ lib, ... }:
{
services.actual = {
enable = true;
@@ -69,7 +76,7 @@ in
ExecStart = lib.mkForce "${pkgs.actual-server}/bin/actual-server --config ${dataDir}/config.json";
WorkingDirectory = lib.mkForce dataDir;
StateDirectory = lib.mkForce dataDir;
StateDirectoryMode = lib.mkForce 0700;
StateDirectoryMode = lib.mkForce 700;
DynamicUser = lib.mkForce false;
ProtectSystem = lib.mkForce null;
};

4
modules/nixos/actual/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.actual = {
options.${namespace}.services.actual = {
enable = mkEnableOption "actual service";
port = mkOption {

2
modules/nixos/amd/default.nix
View File

@@ -6,7 +6,7 @@
}:
let
cfg = config.share.hardware.amd;
pkgsVersion = pkgs;#.unstable;
pkgsVersion = pkgs; # .unstable;
in
{
imports = [ ./options.nix ];

9
modules/nixos/apps/free-games-claimer/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, ... }:
{
lib,
config,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.free-games-claimer;
cfg = config.${namespace}.services.free-games-claimer;
in
{
imports = [ ./options.nix ];

6
modules/nixos/apps/free-games-claimer/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.free-games-claimer = {
options.${namespace}.services.free-games-claimer = {
enable = mkEnableOption "free-games-claimer docker service";
autoStart = mkOption {
@@ -26,7 +26,7 @@ with lib;
dataPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/free-games-claimer";
default = "/media/nas/main/nix-app-data/free-games-claimer";
};
puid = mkOption {

9
modules/nixos/apps/manyfold/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, ... }:
{
lib,
config,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.manyfold;
cfg = config.${namespace}.services.manyfold;
in
{
imports = [ ./options.nix ];

6
modules/nixos/apps/manyfold/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.manyfold = {
options.${namespace}.services.manyfold = {
enable = mkEnableOption "manyfold docker service";
autoStart = mkOption {
@@ -26,7 +26,7 @@ with lib;
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/manyfold";
default = "/media/nas/main/nix-app-data/manyfold";
};
dataPath = mkOption {

9
modules/nixos/apps/mongodb/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, ... }:
{
lib,
config,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.mongodb;
cfg = config.${namespace}.services.mongodb;
in
{
imports = [ ./options.nix ];

6
modules/nixos/apps/mongodb/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.mongodb = {
options.${namespace}.services.mongodb = {
enable = mkEnableOption "mongodb docker service";
autoStart = mkOption {
@@ -26,7 +26,7 @@ with lib;
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/mongodb";
default = "/media/nas/main/mongodb";
};
puid = mkOption {

9
modules/nixos/apps/tdarr/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, ... }:
{
lib,
config,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.tdarr;
cfg = config.${namespace}.services.tdarr;
in
{
imports = [ ./options.nix ];

12
modules/nixos/apps/tdarr/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.tdarr = {
options.${namespace}.services.tdarr = {
enable = mkEnableOption "tdarr docker service";
autoStart = mkOption {
@@ -31,22 +31,22 @@ with lib;
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/tdarr/config";
default = "/media/nas/main/nix-app-data/tdarr/config";
};
serverPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/tdarr/server";
default = "/media/nas/main/nix-app-data/tdarr/server";
};
logPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/tdarr/logs";
default = "/media/nas/main/nix-app-data/tdarr/logs";
};
transcodePath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/tdarr/transcode";
default = "/media/nas/main/nix-app-data/tdarr/transcode";
};
moviesPath = mkOption {

9
modules/nixos/apps/your-spotify/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, ... }:
{
lib,
config,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.your_spotify;
cfg = config.${namespace}.services.your_spotify;
in
{
imports = [ ./options.nix ];

6
modules/nixos/apps/your-spotify/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.your_spotify = {
options.${namespace}.services.your_spotify = {
enable = mkEnableOption "your_spotify docker service";
autoStart = mkOption {
@@ -36,7 +36,7 @@ with lib;
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/your_spotify";
default = "/media/nas/main/nix-app-data/your_spotify";
};
puid = mkOption {

31
modules/nixos/arrs/default.nix
View File

@@ -2,11 +2,12 @@
config,
pkgs,
lib,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.arrs;
cfg = config.${namespace}.services.arrs;
radarrDataDir = "/var/lib/radarr";
downloadDir = "/downloads";
incompleteDir = "/downloads-incomplete";
@@ -40,9 +41,11 @@ in
{
nixpkgs.config = {
allowUnfree = lib.mkForce true;
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"unrar"
];
allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"unrar"
];
};
# Enable radarr service
@@ -207,7 +210,7 @@ in
};
networking = {
nat = {
nat = {
forwardPorts = [
{
destination = "${cfg.localAddress}:${toString cfg.radarr.port}";
@@ -232,8 +235,22 @@ in
];
};
firewall = {
allowedTCPPorts = [ cfg.radarr.port cfg.sonarr.port cfg.sabnzbd.port 8080 cfg.deluge.port cfg.jackett.port ];
allowedUDPPorts = [ cfg.radarr.port cfg.sonarr.port cfg.sabnzbd.port 8080 cfg.deluge.port cfg.jackett.port ];
allowedTCPPorts = [
cfg.radarr.port
cfg.sonarr.port
cfg.sabnzbd.port
8080
cfg.deluge.port
cfg.jackett.port
];
allowedUDPPorts = [
cfg.radarr.port
cfg.sonarr.port
cfg.sabnzbd.port
8080
cfg.deluge.port
cfg.jackett.port
];
};
};
};

4
modules/nixos/arrs/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.arrs = {
options.${namespace}.services.arrs = {
enable = mkEnableOption "arrs services";
radarr = {

24
modules/nixos/boot/default.nix
View File

@@ -1,9 +1,31 @@
{ ... }:
{
pkgs,
system,
lib,
...
}:
let
isArm = ("aarch64-linux" == system);
in
{
boot = {
kernelParams = [
"quiet"
];
binfmt = lib.mkIf isArm {
registrations."x86_64-linux" = {
magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x3e\x00'';
mask = ''\xff\xff\xff\xff\xff\xfe\xfe\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff'';
openBinary = true;
interpreter = "${pkgs.box64}/bin/box64";
preserveArgvZero = true;
matchCredentials = true;
fixBinary = false;
};
};
supportedFilesystems = [ "bcachefs" ];
};
zramSwap.enable = true;

7
modules/nixos/boot/lanzaboote/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, inputs, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.bootloader.lanzaboote;

64
modules/nixos/crowdsec/default.nix
View File

@@ -1,29 +1,37 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.crowdsec;
cfg = config.${namespace}.services.crowdsec;
in
{
imports = [ ./options.nix ];
config = lib.mkIf cfg.enable {
services = {
crowdsec = let
yaml = (pkgs.formats.yaml {}).generate;
acquisitions_file = yaml "acquisitions.yaml" {
source = "journalctl";
journalctl_filter = ["_SYSTEMD_UNIT=sshd.service"];
labels.type = "syslog";
};
in {
enable = true;
enrollKeyFile = "${cfg.dataDir}/enroll.key";
settings = {
crowdsec_service.acquisition_path = acquisitions_file;
api.server = {
listen_uri = "0.0.0.0:${toString cfg.port}";
crowdsec =
let
yaml = (pkgs.formats.yaml { }).generate;
acquisitions_file = yaml "acquisitions.yaml" {
source = "journalctl";
journalctl_filter = [ "_SYSTEMD_UNIT=sshd.service" ];
labels.type = "syslog";
};
in
{
enable = true;
enrollKeyFile = "${cfg.dataDir}/enroll.key";
settings = {
crowdsec_service.acquisition_path = acquisitions_file;
api.server = {
listen_uri = "0.0.0.0:${toString cfg.port}";
};
};
};
};
crowdsec-firewall-bouncer = {
enable = true;
@@ -35,17 +43,19 @@ in
};
systemd.services.crowdsec.serviceConfig = {
ExecStartPre = let
script = pkgs.writeScriptBin "register-bouncer" ''
#!${pkgs.runtimeShell}
set -eu
set -o pipefail
ExecStartPre =
let
script = pkgs.writeScriptBin "register-bouncer" ''
#!${pkgs.runtimeShell}
set -eu
set -o pipefail
if ! cscli bouncers list | grep -q "nas-bouncer"; then
cscli bouncers add "nas-bouncer" --key "${cfg.apiKey}"
fi
'';
in ["${script}/bin/register-bouncer"];
if ! cscli bouncers list | grep -q "nas-bouncer"; then
cscli bouncers add "nas-bouncer" --key "${cfg.apiKey}"
fi
'';
in
[ "${script}/bin/register-bouncer" ];
};
networking = {

4
modules/nixos/crowdsec/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.crowdsec = {
options.${namespace}.services.crowdsec = {
enable = mkEnableOption "crowdsec service";
port = mkOption {

7
modules/nixos/desktop/cosmic/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.cosmic;
in

10
modules/nixos/desktop/gnome/default.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, pkgs, namespace, ... }:
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.gnome;
in
@@ -22,7 +28,7 @@ in
programs = {
kdeconnect = {
enable = true;
enable = lib.mkDefault true;
package = pkgs.gnomeExtensions.gsconnect;
};
};

20
modules/nixos/desktop/hyprland/default.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, lib, namespace, ... }:
{
config,
pkgs,
lib,
namespace,
...
}:
let
cfg = config.${namespace}.desktop.hyprland;
@@ -26,7 +32,10 @@ in
imports = [ ../../../home/desktop/hyprland/options.nix ];
config = lib.mkIf cfg.enable {
environment.systemPackages = [ bing-wallpaper pkgs.jq ];
environment.systemPackages = [
bing-wallpaper
pkgs.jq
];
services = {
displayManager = {
@@ -124,16 +133,13 @@ in
# Timer configuration
timerConfig = {
OnCalendar = "daily"; # Check every day
Persistent = true; # Run immediately if last run was missed
OnCalendar = "daily"; # Check every day
Persistent = true; # Run immediately if last run was missed
Unit = "reload-bing-wallpaper.service";
};
};
};
};
extraConfig = ''
DefaultTimeoutStopSec=10s
'';
};
security = {

8
modules/nixos/desktop/hyprland/settings.nix
View File

@@ -1,10 +1,10 @@
{ pkgs, ... }:
let
nord = import ./theme.nix;
themeSize = "compact"; # [ "standard" "compact" ]
themeAccent = "all"; # [ "default" "purple" "pink" "red" "orange" "yellow" "green" "teal" "grey" "all" ]
themeVariant = "nord"; # [ "nord" "dracula" "gruvbox" "everforest" "catppuccin" "all" "black" "rimless" "normal" "float" ]
themeColor = "dark"; # [ "standard" "light" "dark" ]
themeSize = "compact"; # [ "standard" "compact" ]
themeAccent = "all"; # [ "default" "purple" "pink" "red" "orange" "yellow" "green" "teal" "grey" "all" ]
themeVariant = "nord"; # [ "nord" "dracula" "gruvbox" "everforest" "catppuccin" "all" "black" "rimless" "normal" "float" ]
themeColor = "dark"; # [ "standard" "light" "dark" ]
iconThemeVariant = "all"; # [ "default" "purple" "pink" "red" "orange" "yellow" "green" "teal" "grey" "all" ]
iconScheme = "nord"; # [ "default" "nord" "dracula" "gruvbox" "everforest" "catppuccin" "all" ]

92
modules/nixos/development/default.nix Normal file
View File

@@ -0,0 +1,92 @@
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.development;
in
{
options.${namespace}.development = {
enable = lib.mkEnableOption "Common development tools and packages";
includeLanguages = lib.mkOption {
type = lib.types.listOf (
lib.types.enum [
"python"
"c"
"rust"
"nodejs"
]
);
default = [
"python"
"c"
];
description = "Programming languages to include tools for";
};
includeContainers = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Include container development tools";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages =
with pkgs;
[
# Version control
git
# Build tools
cmake
ninja
binutils
# System utilities
jq
# Text processing
]
++ lib.optionals (builtins.elem "python" cfg.includeLanguages) [
python3
python3Packages.pip
]
++ lib.optionals (builtins.elem "c" cfg.includeLanguages) [
gcc
gdb
]
++ lib.optionals (builtins.elem "rust" cfg.includeLanguages) [
rustc
cargo
]
++ lib.optionals (builtins.elem "nodejs" cfg.includeLanguages) [
nodejs
npm
]
++ lib.optionals cfg.includeContainers [
docker-compose
podman-compose
];
# Enable container support if requested
virtualisation.podman = lib.mkIf cfg.includeContainers {
enable = true;
dockerCompat = true;
autoPrune.enable = true;
defaultNetwork.settings = {
dns_enabled = true;
};
};
# Common development programs
programs = {
nix-ld.enable = lib.mkDefault true;
};
};
}

155
modules/nixos/disko/aarch64-linux/default.nix
View File

@@ -1,19 +1,79 @@
{ config, lib, system, ... }:
{
config,
lib,
system,
namespace,
...
}:
let
cfg = config.${namespace}.hardware.disko;
isArm = builtins.match "aarch64*" system != null;
rootDisk = "/dev/nvme0n1";
# BTRFS root partition configuration
btrfsRoot = {
name = "btrfs-root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
"home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"root" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/root";
};
"nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"etc" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/etc";
};
"log" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/var/log";
};
};
};
};
# BCacheFS root partition configuration
bcachefsRoot = {
size = "100%";
content = {
type = "bcachefs";
# This refers to a filesystem in the `bcachefs_filesystems` attrset below.
filesystem = "mounted_subvolumes_in_multi";
label = "ssd.ssd1";
extraFormatArgs = [
"--discard"
];
};
};
in
{
config = lib.mkIf isArm {
imports = [ ../options.nix ];
config = lib.mkIf (isArm && cfg.enable) {
disko.devices = {
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"mode=755"
"defaults"
"size=2G"
];
};
# root disk setup
disk.main = {
type = "disk";
@@ -53,58 +113,33 @@ in
};
};
root = {
name = "btrfs-root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
"home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"root" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/root";
};
"nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"etc" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/etc";
};
"tmp" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/tmp";
};
"log" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/var/log";
};
};
};
root = if cfg.filesystem == "btrfs" then btrfsRoot else bcachefsRoot;
};
};
};
bcachefs_filesystems = lib.mkIf (cfg.filesystem == "bcachefs") {
mounted_subvolumes_in_multi = {
type = "bcachefs_filesystem";
# passwordFile = "/etc/nixos/pool.jwe";
extraFormatArgs = [
"--compression=zstd"
];
subvolumes = {
"/root" = {
mountpoint = "/";
};
"/persistent" = {
mountpoint = "/persistent";
};
"/nix" = {
mountOptions = [
"noatime"
];
mountpoint = "/nix";
};
};
mountpoint = "/partition-root";
};
};
};

8
modules/nixos/disko/options.nix
View File

@@ -3,5 +3,13 @@ with lib;
{
options.${namespace}.hardware.disko = {
enable = mkEnableOption "enable disko";
filesystem = mkOption {
type = types.enum [
"bcachefs"
"btrfs"
];
default = "btrfs";
description = "Filesystem to use for the root partition";
};
};
}

215
modules/nixos/disko/x86_64-linux/default.nix
View File

@@ -1,93 +1,142 @@
{ config, lib, system, namespace, ... }:
{
config,
lib,
system,
namespace,
...
}:
let
cfg = config.${namespace}.hardware.disko;
isArm = builtins.match "aarch64*" system != null;
rootDisk = "/dev/nvme0n1";
in
{
imports = [ ../options.nix ];
config = lib.mkIf (cfg.enable && !isArm) {
disko.devices = {
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"mode=755"
"defaults"
"size=25%"
];
};
# root disk setup
disk.main = {
type = "disk";
device = rootDisk;
imageSize = "32G";
content = {
type = "gpt";
# specify partitions
partitions = {
# /boot
ESP = {
priority = 1;
name = "ESP";
start = "1M";
end = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
name = "btrfs-root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
"home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"root" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/root";
};
"nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"etc" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/etc";
};
"log" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/var/log";
};
};
};
};
};
# BTRFS root partition configuration
btrfsRoot = {
name = "btrfs-root";
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
# Subvolumes must set a mountpoint in order to be mounted,
# unless their parent is mounted
subvolumes = {
"home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"root" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/root";
};
"nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"etc" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/etc";
};
"log" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/var/log";
};
};
};
};
# BCacheFS root partition configuration
bcachefsRoot = {
size = "100%";
content = {
type = "bcachefs";
# This refers to a filesystem in the `bcachefs_filesystems` attrset below.
filesystem = "mounted_subvolumes_in_multi";
label = "ssd.ssd1";
extraFormatArgs = [
"--discard"
];
};
};
in
{
imports = [ ../options.nix ];
config = lib.mkIf (!isArm && cfg.enable) {
disko.devices = lib.mkMerge [
{
disk = {
main = {
device = rootDisk;
type = "disk";
imageSize = "32G";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "100M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = if cfg.filesystem == "btrfs" then btrfsRoot else bcachefsRoot;
};
};
};
};
bcachefs_filesystems = lib.mkIf (cfg.filesystem == "bcachefs") {
mounted_subvolumes_in_multi = {
type = "bcachefs_filesystem";
# passwordFile = "/etc/nixos/pool.jwe";
extraFormatArgs = [
"--compression=zstd"
];
subvolumes = {
"subvolumes/root" = {
mountpoint = "/";
mountOptions = [
"verbose"
];
};
"subvolumes/persistent" = {
mountpoint = "/persistent";
};
"subvolumes/nix" = {
mountOptions = [
"noatime"
];
mountpoint = "/nix";
};
};
};
};
}
(lib.mkIf (cfg.filesystem == "btrfs") {
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"mode=755"
"defaults"
"size=25%"
];
};
})
];
};
}

15
modules/nixos/fonts/default.nix
View File

@@ -1,11 +1,14 @@
{ lib, pkgs, ... }:
{
fonts.packages = with pkgs; [
font-awesome
noto-fonts
noto-fonts-color-emoji
meslo-lgs-nf
] ++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
fonts.packages =
with pkgs;
[
font-awesome
noto-fonts
noto-fonts-color-emoji
meslo-lgs-nf
]
++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
fonts.fontconfig.defaultFonts = {
emoji = [

13
modules/nixos/gaming/default.nix
View File

@@ -1,7 +1,12 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.share.gaming;
pkgsVersion = pkgs; #.unstable;
pkgsVersion = pkgs; # .unstable;
in
{
imports = [ ./options.nix ];
@@ -17,7 +22,7 @@ in
remotePlay.openFirewall = true;
# Open ports in the firewall for Source Dedicated Server
dedicatedServer.openFirewall = true;
extraCompatPackages = with pkgsVersion; [ proton-ge-bin];
extraCompatPackages = with pkgsVersion; [ proton-ge-bin ];
gamescopeSession = {
enable = true;
args = [
@@ -57,7 +62,7 @@ in
nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {
extraPkgs =
pkgs: with pkgsVersion; [
_pkgs: with pkgsVersion; [
xorg.libXcursor
xorg.libXi
xorg.libXinerama

29
modules/nixos/gitea/default.nix
View File

@@ -1,13 +1,18 @@
{ config, lib, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.gitea;
cfg = config.${namespace}.services.gitea;
hostAddress = "10.0.1.3";
# localAddress = "10.0.4.18";
# httpPort = 3000;
# sshPort = 2222;
rootUrl = "https://gitea.mjallen.dev/";
# stateDir = "/media/nas/ssd/nix-app-data/gitea";
# stateDir = "/media/nas/main/nix-app-data/gitea";
dataDir = "/var/lib/gitea";
secretsDir = "/run/secrets/jallen-nas/gitea";
mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path;
@@ -34,7 +39,8 @@ in
};
};
config = { lib, ... }:
config =
{ lib, ... }:
{
services.gitea = {
enable = true;
@@ -71,7 +77,10 @@ in
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ cfg.httpPort cfg.sshPort ];
allowedTCPPorts = [
cfg.httpPort
cfg.sshPort
];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
@@ -122,8 +131,14 @@ in
];
};
firewall = {
allowedTCPPorts = [ cfg.httpPort cfg.sshPort ];
allowedUDPPorts = [ cfg.httpPort cfg.sshPort ];
allowedTCPPorts = [
cfg.httpPort
cfg.sshPort
];
allowedUDPPorts = [
cfg.httpPort
cfg.sshPort
];
};
};
};

4
modules/nixos/gitea/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.gitea = {
options.${namespace}.services.gitea = {
enable = mkEnableOption "gitea service";
httpPort = mkOption {

2
modules/nixos/hardware/default.nix
View File

@@ -1,6 +1,6 @@
{ lib, system, ... }:
let
isArm = "aarch64-linux" == system;
isArm = "aarch64-linux" == system;
in
{
hardware = {

22
modules/nixos/home/default.nix
View File

@@ -4,8 +4,12 @@
options,
namespace,
inputs,
system,
...
}:
let
isArm = ("aarch64-linux" == system);
in
{
options.${namespace}.home = with lib.types; {
@@ -41,19 +45,23 @@
useGlobalPkgs = true;
useUserPackages = true;
# Pass inputs so external modules can access them
# Pass inputs so external modules can access them
extraSpecialArgs = {
inherit inputs;
};
# Make ALL external HM modules available globally
sharedModules = with inputs; [
sops-nix.homeManagerModules.sops
steam-rom-manager.homeManagerModules.default
# Add any other external HM modules here
];
sharedModules =
with inputs;
[
sops-nix.homeManagerModules.sops
# Add any other external HM modules here
]
++ (if (!isArm) then with inputs; [ steam-rom-manager.homeManagerModules.default ] else [ ]);
users.${config.${namespace}.user.name} = lib.mkAliasDefinitions options.${namespace}.home.extraOptions;
users.${config.${namespace}.user.name} =
lib.mkAliasDefinitions
options.${namespace}.home.extraOptions;
# users.admin = lib.mkAliasDefinitions options.${namespace}.home.extraOptions;
verbose = true;

257
modules/nixos/homeassistant/default.nix
View File

@@ -1,23 +1,14 @@
{ config, lib, pkgs, namespace, ... }:
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.services.home-assistant;
mosquittoPort = 1883;
zigbee2mqttPort = 8080;
# In configuration.nix or a separate file
python-steam = pkgs.python3Packages.buildPythonPackage rec {
pname = "steam";
version = "1.4.4";
pyproject = false;
src = pkgs.fetchPypi {
inherit pname version;
sha256 = "sha256-K1vWkRwNSnMS9EG40WK52NR8i+u478bIhnOTsDI/pS4=";
};
buildInputs = with pkgs.python3Packages; [ setuptools ];
doCheck = false; # no tests in the PyPI tarball
};
in
{
imports = [ ./options.nix ];
@@ -60,6 +51,7 @@ in
"nws"
"ollama"
"onedrive"
"open_router"
"ping"
"radio_browser"
"samsungtv"
@@ -87,6 +79,7 @@ in
pkgs.${namespace}.ha-icloud3
pkgs.${namespace}.ha-mail-and-packages
pkgs.${namespace}.ha-nanokvm
pkgs.${namespace}.ha-openhasp
pkgs.${namespace}.ha-overseerr
pkgs.${namespace}.ha-petlibro
pkgs.${namespace}.ha-wyzeapi
@@ -106,110 +99,111 @@ in
zigbee2mqtt-networkmap
];
# use postgresql instead of sqlite
extraPackages = ps: with ps; [
# Core functionality
aiohttp
aiodns
paho-mqtt
pillow
pytz
pyyaml
sqlalchemy
extraPackages =
ps: with ps; [
# Core functionality
aiohttp
aiodns
paho-mqtt
pillow
pytz
pyyaml
sqlalchemy
# Discovery & networking
zeroconf
netdisco
ifaddr
ssdp
# Discovery & networking
zeroconf
netdisco
ifaddr
ssdp
# Device protocols
pyserial # Serial communications
bluepy # Bluetooth LE
# Device protocols
pyserial # Serial communications
bluepy # Bluetooth LE
# Smart home ecosystems
mutagen # Media file metadata
pysonos # Sonos
pywemo # Belkin WeMo
python-miio # Xiaomi devices
python-kasa # TP-Link
# Smart home ecosystems
mutagen # Media file metadata
pysonos # Sonos
pywemo # Belkin WeMo
python-miio # Xiaomi devices
python-kasa # TP-Link
# Sensors & monitoring
meteocalc # Weather calculations
speedtest-cli # Internet speed
# Sensors & monitoring
meteocalc # Weather calculations
speedtest-cli # Internet speed
# Visualization & UI
matplotlib # Graphing
# Visualization & UI
matplotlib # Graphing
# Security
bcrypt
cryptography
pyjwt
# Security
bcrypt
cryptography
pyjwt
# Media
ha-ffmpeg # Camera streams
# Media
ha-ffmpeg # Camera streams
# Specialized integrations
python-matter-server # Matter protocol
# Specialized integrations
python-matter-server # Matter protocol
# System integrations
psutil # System monitoring
# System integrations
psutil # System monitoring
psycopg2
numpy
hassil
pyturbojpeg
paho-mqtt
pychromecast
pyatv
python-otbr-api
brother
pyipp
govee-ble
adguardhome
nextcord
aiogithubapi
jellyfin-apiclient-python
pylitterbot
dateparser
aionut
nextcloudmonitor
ollama
pynecil
aiopyarr
pysabnzbd
getmac
zigpy
bellows # For Zigbee EmberZNet-based adapters
zigpy-xbee # For XBee adapters
zigpy-deconz # For ConBee/RaspBee adapters
pyicloud # iCloud
pyatv # Apple TV
opencv-python
face-recognition
ibeacon-ble
gehomesdk
onedrive-personal-sdk
python-roborock
python-steam
apple-weatherkit
psycopg2
numpy
hassil
pyturbojpeg
paho-mqtt
pychromecast
pyatv
python-otbr-api
brother
pyipp
govee-ble
adguardhome
nextcord
aiogithubapi
jellyfin-apiclient-python
pylitterbot
dateparser
aionut
nextcloudmonitor
ollama
pynecil
aiopyarr
pysabnzbd
getmac
zigpy
bellows # For Zigbee EmberZNet-based adapters
zigpy-xbee # For XBee adapters
zigpy-deconz # For ConBee/RaspBee adapters
pyicloud # iCloud
pyatv # Apple TV
opencv-python
face-recognition
ibeacon-ble
gehomesdk
onedrive-personal-sdk
python-roborock
pkgs.${namespace}.python-steam
apple-weatherkit
samsungctl
samsungtvws
samsungctl
samsungtvws
aiohomekit
aiohomekit
icmplib
aioelectricitymaps
wyoming
pysmartthings
wakeonlan
ephem
];
icmplib
aioelectricitymaps
wyoming
pysmartthings
wakeonlan
ephem
];
config = {
# Includes dependencies for a basic setup
# https://www.home-assistant.io/integrations/default_config/
default_config = {};
default_config = { };
cloud = false;
@@ -226,7 +220,7 @@ in
trusted_proxies = [
"172.30.33.0/24"
"10.0.1.4"
"10.0.4.2"
"10.0.1.3"
"10.0.1.18"
"10.0.1.0/24"
];
@@ -244,6 +238,43 @@ in
# https://www.home-assistant.io/integrations/ota_updater/
zha.zigpy_config.ota.z2m_remote_index = "https://raw.githubusercontent.com/Koenkk/zigbee-OTA/master/index.json";
openhasp = {
plate = {
objects = [
{
obj = "p0b1"; # temperature label on all pages
properties = {
"text" = ''{{ states("sensor.thermostat_current_temperature") }}°F'';
};
}
{
obj = "p1b2"; # light-switch toggle button
properties = {
"val" = ''{{ 1 if states("light.living_room_lights") == "on" else 0 }}'';
"text" = ''{{ "\uE6E8" if is_state("light.living_room_lights", "on") else "\uE335" | e }}'';
};
event = {
"up" = {
service = "homeassistant.toggle";
entity_id = "light.living_room_lights";
};
};
}
{
obj = "p1b3"; # dropdown
event = {
"changed" = {
service = "persistent_notification.create";
data = {
message = "I like {{ text }}";
};
};
};
}
];
};
};
};
};
@@ -262,10 +293,12 @@ in
postgresql = {
enable = true;
ensureDatabases = [ "hass" ];
ensureUsers = [{
name = "hass";
ensureDBOwnership = true;
}];
ensureUsers = [
{
name = "hass";
ensureDBOwnership = true;
}
];
};
# Enable and configure Mosquitto MQTT broker
@@ -303,7 +336,7 @@ in
permit_join = true;
# Web interface
frontend = {
port = zigbee2mqttPort; # Choose an available port
port = zigbee2mqttPort; # Choose an available port
};
# MQTT configuration
mqtt = {
@@ -380,7 +413,7 @@ in
};
# Enable required hardware support for the Zigbee adapter
hardware.bluetooth.enable = true; # Some adapters use Bluetooth
hardware.bluetooth.enable = true; # Some adapters use Bluetooth
# Ensure proper permissions for Zigbee USB devices
# services.udev.extraRules = ''
@@ -396,8 +429,8 @@ in
# '';
environment.systemPackages = with pkgs; [
mosquitto # MQTT command-line tools
usbutils # For lsusb to help identify your adapter
mosquitto # MQTT command-line tools
usbutils # For lsusb to help identify your adapter
];
networking.firewall.allowedTCPPorts = [

9
modules/nixos/immich/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.immich;
@@ -8,7 +13,7 @@ let
dbPassword = config.sops.secrets."jallen-nas/immich/db-password".path;
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
# Enable immich service

251
modules/nixos/impermanence/default.nix
View File

@@ -1,73 +1,196 @@
{ ... }:
{
# Set up impernance configuration for things like bluetooth
# In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.impermanence;
in
{
imports = [ ./options.nix ];
environment.persistence."/nix/persist/system" = {
hideMounts = true;
directories = [
"/var/lib/bluetooth"
"/var/lib/iwd"
"/var/lib/nixos"
"/var/lib/libvirt"
"/var/lib/waydroid"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
"/var/lib/tailscale"
"/var/lib/homeassistant"
"/var/lib/mosquitto"
"/var/lib/music-assistant"
"/var/lib/postgresql"
"/var/lib/zigbee2mqtt"
config = mkIf cfg.enable {
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
system.activationScripts = {
"var-lib-private-permissions" = {
deps = [ "createPersistentStorageDirs" ];
text = ''
mkdir -p /var/lib/private
chmod 0700 /var/lib/private
'';
};
};
boot.initrd.systemd.services.rootfs-cleanup = {
description = "Clean file system root";
wantedBy = [
"initrd.target"
];
after = [
"initrd-root-device.target"
];
before = [
"sysroot.mount"
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script =
if (hasAttr "/" config.fileSystems) && (config.fileSystems."/".fsType == "btrfs") then
''
# workaround for machines without working rtc battery
# The time may not yet be correctly set, so wait until it is
if [[ $(date '+%s') -lt 1730469314 ]]; then
sleep 30 # this should hopefully be enough
fi
mkdir /btrfs_tmp
mount ${config.fileSystems."/".device} -t btrfs /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %X /btrfs_tmp/root)" "+%Y-%m-%d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1" || rm -rf "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -atime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
''
else if (hasAttr "/" config.fileSystems) && (config.fileSystems."/".fsType == "bcachefs") then
''
# workaround for machines without working rtc battery
# The time may not yet be correctly set, so wait until it is
if [[ $(date '+%s') -lt 1730469314 ]]; then
sleep 30 # this should hopefully be enough
fi
if [[ -e /root_tmp/root ]]; then
mkdir -p /root_tmp/old_roots
timestamp=$(date --date="@$(stat -c %X /root_tmp/root)" "+%Y-%m-%d_%H:%M:%S")
mv /root_tmp/root "/root_tmp/old_roots/$timestamp"
fi
for i in $(find /root_tmp/old_roots/ -maxdepth 1 -atime +30); do
bcachefs subvolume delete $i
done
bcachefs subvolume create /root_tmp/root
''
else
# For tmpfs or other filesystems, do nothing
"";
};
assertions = [
{
directory = "/var/lib/colord";
user = "colord";
group = "colord";
mode = "u=rwx,g=rx,o=";
assertion = hasAttr "/" config.fileSystems;
message = "To use impermanence, you need to define a root volume";
}
{
assertion =
if hasAttr "/" config.fileSystems then
config.fileSystems."/".fsType == "btrfs"
|| config.fileSystems."/".fsType == "bcachefs"
|| config.fileSystems."/".fsType == "tmpfs"
else
false;
message = "rootfs must be btrfs, bcachefs, or tmpfs; not " + config.fileSystems."/".fsType;
}
{
assertion =
if
hasAttr "/" config.fileSystems
&& (config.fileSystems."/".fsType == "btrfs" || config.fileSystems."/".fsType == "bcachefs")
then
any (
t: t == "subvol=root" || t == "subvol=/root" || t == "X-mount.subdir=subvolumes/root"
) config.fileSystems."/".options
else
true;
message = "btrfs or bcachefs rootfs must mount subvolume root";
}
{
directory = "/etc/nix";
user = "root";
group = "root";
mode = "u=rwx,g=rx,o=rx";
}
{
directory = "/var/lib/private/authentik/media";
user = "authentik";
group = "authentik";
mode = "u=rwx,g=,o=";
}
{
directory = "/var/lib/private";
mode = "u=rwx,g=rx,o=";
}
{
directory = "/media/nas";
user = "nas-apps";
group = "jallen-nas";
mode = "u=rwx,g=rx,o=rx";
}
{
directory = "/var/lib/crowdsec";
user = "crowdsec";
group = "crowdsec";
mode = "u=rwx,g=rwx,o=rx";
}
{
directory = "/plugins-storage";
user = "traefik";
group = "traefik";
mode = "u=rwx,g=rwx,o=rx";
assertion = !config.boot.isContainer;
message = "impermanence is not supported in containers";
}
];
files = [
"/etc/machine-id"
];
environment.persistence.${cfg.persistencePath} = {
hideMounts = true;
directories = [
"/var/lib/bluetooth"
"/var/lib/iwd"
"/var/lib/nixos"
"/var/lib/libvirt"
"/var/lib/waydroid"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
"/var/lib/tailscale"
"/var/lib/homeassistant"
"/var/lib/mosquitto"
"/var/lib/music-assistant"
"/var/lib/postgresql"
"/var/lib/zigbee2mqtt"
{
directory = "/var/lib/colord";
user = "colord";
group = "colord";
mode = "u=rwx,g=rx,o=";
}
{
directory = "/etc/nix";
user = "root";
group = "root";
mode = "u=rwx,g=rx,o=rx";
}
{
directory = "/var/lib/private/authentik/media";
user = "authentik";
group = "authentik";
mode = "u=rwx,g=,o=";
}
{
directory = "/var/lib/private";
mode = "u=rwx,g=rx,o=";
}
{
directory = "/media/nas";
user = "nas-apps";
group = "jallen-nas";
mode = "u=rwx,g=rx,o=rx";
}
{
directory = "/var/lib/crowdsec";
user = "crowdsec";
group = "crowdsec";
mode = "u=rwx,g=rwx,o=rx";
}
{
directory = "/plugins-storage";
user = "traefik";
group = "traefik";
mode = "u=rwx,g=rwx,o=rx";
}
];
files = [
"/etc/machine-id"
];
};
};
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
}

12
modules/nixos/impermanence/options.nix Normal file
View File

@@ -0,0 +1,12 @@
{ lib, namespace, ... }:
with lib;
{
options.${namespace}.impermanence = {
enable = mkEnableOption "enable impermanence";
persistencePath = mkOption {
type = types.str;
default = "/nix/persist/system";
description = "Path to the persistence directory";
};
};
}

11
modules/nixos/jellyfin/default.nix
View File

@@ -1,10 +1,15 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.jellyfin;
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
services.jellyfin = {
@@ -12,7 +17,7 @@ in
openFirewall = true;
user = "nix-apps";
group = "jallen-nas";
dataDir = "/media/nas/ssd/nix-app-data/jellyfin";
dataDir = "/media/nas/main/nix-app-data/jellyfin";
# cacheDir = "/cache";
};
};

11
modules/nixos/jellyseerr/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.jellyseerr;
@@ -7,7 +12,7 @@ let
dataDir = "/var/lib/private/jellyseerr";
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
containers.jellyseerr = {
@@ -20,7 +25,7 @@ in
bindMounts = {
${dataDir} = {
hostPath = "/media/nas/ssd/nix-app-data/jellyseerr";
hostPath = "/media/nas/main/nix-app-data/jellyseerr";
isReadOnly = false;
};
};

15
modules/nixos/lubelogger/default.nix
View File

@@ -1,10 +1,15 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.lubelogger;
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
virtualisation.oci-containers.containers.lubelogger = {
@@ -12,11 +17,11 @@ in
image = "ghcr.io/hargata/lubelogger";
ports = [ "6754:8080" ];
volumes = [
"/media/nas/ssd/nix-app-data/lubelogger:/App/data"
"/media/nas/ssd/nix-app-data/lubelogger/keys:/root/.aspnet/DataProtection-Keys"
"/media/nas/main/nix-app-data/lubelogger:/App/data"
"/media/nas/main/nix-app-data/lubelogger/keys:/root/.aspnet/DataProtection-Keys"
];
environmentFiles = [
"/media/nas/ssd/nix-app-data/lubelogger/lubelogger.env"
"/media/nas/main/nix-app-data/lubelogger/lubelogger.env"
];
environment = {
PUID = toString config.users.users.nix-apps.uid;

53
modules/nixos/monitoring/default.nix Normal file
View File

@@ -0,0 +1,53 @@
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.monitoring;
in
{
options.${namespace}.monitoring = {
enable = lib.mkEnableOption "Common monitoring and system tools";
includeNetworkTools = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Include network monitoring tools";
};
includePerformanceTools = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Include performance monitoring tools";
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages =
with pkgs;
[
# Basic system monitoring
htop
]
++ lib.optionals cfg.includePerformanceTools [
glances
nmon
iotop
]
++ lib.optionals cfg.includeNetworkTools [
speedtest-cli
iftop
nethogs
tcpdump
wireshark-cli
];
# Enable common system services for monitoring
programs.screen.enable = lib.mkDefault true;
};
}

193
modules/nixos/network/default.nix
View File

@@ -9,113 +9,45 @@ let
cfg = config.${namespace}.network;
in
{
options.${namespace}.network = with types; {
hostName = lib.mkOption {
type = str;
default = "nixos";
description = "The hostname of the system.";
};
ipv4 = {
method = mkOption {
type = types.str;
default = "auto";
};
address = lib.mkOption {
type = types.str;
default = "10.0.1.1";
};
gateway = lib.mkOption {
type = types.str;
default = "10.0.1.1";
};
dns = lib.mkOption {
type = types.str;
default = "10.0.1.1";
};
};
};
imports = [
./options.nix
];
config = {
networking = {
hostName = lib.mkForce cfg.hostName;
# Enable Network Manager
networkmanager = {
enable = true;
wifi.powersave = lib.mkDefault false;
settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
ensureProfiles = {
environmentFiles = [
config.sops.secrets.wifi.path
];
# Use networkd if enabled
useNetworkd = lib.mkIf cfg.useNetworkd true;
profiles = {
"Joey's Jungle 6G" = {
connection = {
id = "Joey's Jungle 6G";
type = "wifi";
};
ipv4 = if (cfg.ipv4.method == "auto")
then
{
method = "auto";
}
else
{
address1 = cfg.ipv4.address;
dns = cfg.ipv4.dns;
gateway = cfg.ipv4.gateway;
method = "manual";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 6G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
"Joey's Jungle 5G" = {
connection = {
id = "Joey's Jungle 5G";
type = "wifi";
};
ipv4 = if (cfg.ipv4.method == "auto")
then
{
method = "auto";
}
else
{
address1 = cfg.ipv4.address;
dns = cfg.ipv4.dns;
gateway = cfg.ipv4.gateway;
method = "manual";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = "Joey's Jungle 5G";
};
wifi-security = {
key-mgmt = "sae";
psk = "$PSK";
};
};
};
};
# Set default gateway and nameservers if in manual mode
defaultGateway = lib.mkIf (cfg.ipv4.method == "manual") {
address = cfg.ipv4.gateway;
interface = lib.mkIf (cfg.ipv4.interface != "") cfg.ipv4.interface;
};
nameservers = lib.mkIf (cfg.ipv4.method == "manual") [ cfg.ipv4.dns ];
# Set hostId if provided
hostId = lib.mkIf (cfg.hostId != "") cfg.hostId;
# Configure NAT if enabled
nat = lib.mkIf cfg.nat.enable {
enable = true;
internalInterfaces = cfg.nat.internalInterfaces;
externalInterface = cfg.nat.externalInterface;
enableIPv6 = cfg.nat.enableIPv6;
};
# Configure firewall
firewall = {
enable = cfg.firewall.enable;
allowPing = cfg.firewall.allowPing;
allowedTCPPorts = cfg.firewall.allowedTCPPorts;
allowedUDPPorts = cfg.firewall.allowedUDPPorts;
trustedInterfaces = cfg.firewall.trustedInterfaces;
# Default port ranges for KDE Connect
allowedTCPPortRanges = [
{
from = 1714;
@@ -123,7 +55,70 @@ in
}
];
allowedUDPPortRanges = config.networking.firewall.allowedTCPPortRanges;
# Extra firewall commands
extraCommands = lib.mkIf (cfg.extraFirewallCommands != "") cfg.extraFirewallCommands;
};
# Configure iwd if enabled
wireless.iwd = lib.mkIf cfg.iwd.enable {
enable = true;
settings = cfg.iwd.settings;
};
# Configure NetworkManager
networkmanager = mkMerge [
# Disable NetworkManager when iwd is enabled
(mkIf cfg.iwd.enable {
enable = mkForce false;
wifi.backend = mkForce "iwd";
})
# Enable NetworkManager when wifi is enabled and iwd is disabled
(mkIf (cfg.wifi.enable && !cfg.iwd.enable) {
enable = true;
wifi.powersave = cfg.wifi.powersave;
settings.connectivity.uri = mkDefault "http://nmcheck.gnome.org/check_network_status.txt";
# Configure WiFi profiles if any are defined
ensureProfiles = mkIf (cfg.wifi.profiles != { }) {
environmentFiles = [
config.sops.secrets.wifi.path
];
profiles = mapAttrs (name: profile: {
connection = {
id = name;
type = "wifi";
};
ipv4 =
if (cfg.ipv4.method == "auto") then
{
method = "auto";
}
else
{
address1 = cfg.ipv4.address;
dns = cfg.ipv4.dns;
gateway = cfg.ipv4.gateway;
method = "manual";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
wifi = {
mode = "infrastructure";
ssid = profile.ssid;
};
wifi-security = {
key-mgmt = profile.keyMgmt;
psk = profile.psk;
};
}) cfg.wifi.profiles;
};
})
];
};
};
}

162
modules/nixos/network/options.nix Normal file
View File

@@ -0,0 +1,162 @@
{
lib,
namespace,
...
}:
with lib;
{
options.${namespace}.network = with types; {
hostName = lib.mkOption {
type = str;
default = "nixos";
description = "The hostname of the system.";
};
ipv4 = {
method = mkOption {
type = types.str;
default = "auto";
description = "Method for IPv4 configuration (auto or manual).";
};
address = lib.mkOption {
type = types.str;
default = "10.0.1.1/24";
description = "IPv4 address with subnet mask (e.g., 10.0.1.1/24).";
};
gateway = lib.mkOption {
type = types.str;
default = "10.0.1.1";
description = "IPv4 default gateway.";
};
interface = lib.mkOption {
type = types.str;
default = "";
description = "Interface for the default gateway (required when using networkd).";
};
dns = lib.mkOption {
type = types.str;
default = "10.0.1.1";
description = "IPv4 DNS server.";
};
};
useNetworkd = mkOption {
type = types.bool;
default = false;
description = "Whether to use systemd-networkd for networking.";
};
nat = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable NAT.";
};
internalInterfaces = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of internal interfaces for NAT.";
};
externalInterface = mkOption {
type = types.str;
default = "";
description = "External interface for NAT.";
};
enableIPv6 = mkOption {
type = types.bool;
default = false;
description = "Whether to enable IPv6 NAT.";
};
};
firewall = {
enable = mkOption {
type = types.bool;
default = true;
description = "Whether to enable the firewall.";
};
allowPing = mkOption {
type = types.bool;
default = true;
description = "Whether to allow ICMP ping.";
};
allowedTCPPorts = mkOption {
type = types.listOf types.port;
default = [ ];
description = "List of allowed TCP ports.";
};
allowedUDPPorts = mkOption {
type = types.listOf types.port;
default = [ ];
description = "List of allowed UDP ports.";
};
trustedInterfaces = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of trusted interfaces.";
};
};
wifi = {
enable = mkOption {
type = types.bool;
default = true;
description = "Whether to enable WiFi configuration.";
};
powersave = mkOption {
type = types.bool;
default = false;
description = "Whether to enable WiFi power saving.";
};
profiles = mkOption {
type = types.attrsOf (
types.submodule {
options = {
ssid = mkOption {
type = types.str;
description = "SSID of the WiFi network.";
};
psk = mkOption {
type = types.str;
default = "$PSK";
description = "PSK environment variable for the WiFi password.";
};
keyMgmt = mkOption {
type = types.str;
default = "sae";
description = "Key management type (e.g., sae, wpa-psk).";
};
};
}
);
default = { };
description = "WiFi network profiles.";
};
};
hostId = mkOption {
type = types.str;
default = "";
description = "Host ID for ZFS and other services.";
};
iwd = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable iwd for wireless networking.";
};
settings = mkOption {
type = types.attrs;
default = { };
description = "Settings for iwd.";
};
};
extraFirewallCommands = mkOption {
type = types.str;
default = "";
description = "Extra commands for the firewall.";
};
};
}

27
modules/nixos/nextcloud/default.nix
View File

@@ -1,11 +1,16 @@
{ config, lib, pkgs, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.nextcloud;
adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path;
jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
secretsFile = config.sops.secrets."jallen-nas/nextcloud/smtp_settings".path;
jwtSecretFile = config.sops.secrets."jallen-nas/onlyoffice-key".path;
nextcloudUserId = config.users.users.nix-apps.uid;
nextcloudGroupId = config.users.groups.jallen-nas.gid;
hostAddress = "10.0.1.3";
@@ -15,7 +20,7 @@ let
onlyofficePortExt = 9943;
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
containers.nextcloud = {
@@ -47,25 +52,29 @@ in
};
"/var/lib/nextcloud" = {
hostPath = "/media/nas/ssd/nix-app-data/nextcloud";
hostPath = "/media/nas/main/nix-app-data/nextcloud";
isReadOnly = false;
mountPoint = "/var/lib/nextcloud";
};
"/var/lib/onlyoffice" = {
hostPath = "/media/nas/ssd/nix-app-data/onlyoffice";
hostPath = "/media/nas/main/nix-app-data/onlyoffice";
isReadOnly = false;
mountPoint = "/var/lib/onlyoffice";
};
};
config =
{ pkgs, lib, namespace, ... }:
{
pkgs,
lib,
...
}:
{
nixpkgs.config.allowUnfree = true;
networking.extraHosts = ''
${hostAddress} host.containers protonmail-bridge
'';
${hostAddress} host.containers protonmail-bridge
'';
services = {
nextcloud = {

4
modules/nixos/nix/default.nix
View File

@@ -3,10 +3,12 @@
nix = {
settings = {
substituters = [
"https://nixos-raspberrypi.cachix.org"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
warn-dirty = lib.mkForce false;
@@ -30,6 +32,8 @@
allowUnsupportedSystem = true;
permittedInsecurePackages = [
# ...
"libsoup-2.74.3"
"libxml2-2.13.8"
];
};
};

10
modules/nixos/nvidia/default.nix
View File

@@ -15,11 +15,11 @@ in
hardware = {
# Nvidia
nvidia = {
package =
if cfg.enableBeta then
config.boot.kernelPackages.nvidiaPackages.beta
else
config.boot.kernelPackages.nvidiaPackages.latest;
package =
if cfg.enableBeta then
config.boot.kernelPackages.nvidiaPackages.beta
else
config.boot.kernelPackages.nvidiaPackages.latest;
# Modesetting is required.
modesetting.enable = true;

32
modules/nixos/ollama/default.nix
View File

@@ -1,22 +1,16 @@
{ config, lib, pkgs, namespace, ... }:
{
config,
lib,
pkgs,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.ollama;
llamaPackage = pkgs.llama-cpp.overrideAttrs (old: {
src = pkgs.fetchFromGitHub {
owner = "ggml-org";
repo = "llama.cpp";
rev = "b4920";
sha256 = "sha256-SnQIeY74JpAPRMxWcpklDH5D4CQvAgi0GYx5+ECk2J4=";
};
# Optionally override other attributes if you need to
# version = "my-fork-version";
# pname = "llama-cpp-custom";
});
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
services.ollama = {
@@ -27,18 +21,18 @@ in
group = "jallen-nas";
openFirewall = true;
acceleration = "cuda";
home = "/media/nas/ssd/nix-app-data/ollama";
home = "/media/nas/main/nix-app-data/ollama";
};
environment.systemPackages = [ llamaPackage ];
environment.systemPackages = [ pkgs.stable.llama-cpp ];
services.llama-cpp = {
enable = true;
port = 8127;
host = "0.0.0.0";
openFirewall = true;
model = "/media/nas/ssd/nix-app-data/llama-cpp/models/functionary-small-v3.2-GGUF/functionary-small-v3.2.Q4_0.gguf";
package = llamaPackage; # pkgs.unstable.llama-cpp;
model = "/media/nas/main/nix-app-data/llama-cpp/models/functionary-small-v3.2-GGUF/functionary-small-v3.2.Q4_0.gguf";
package = pkgs.stable.llama-cpp;
extraFlags = [
"--n_gpu-layers"
"500"
@@ -55,7 +49,7 @@ in
host = "0.0.0.0";
port = 8888;
openFirewall = true;
# stateDir = "/media/nas/ssd/nix-app-data/open-webui";
# stateDir = "/media/nas/main/nix-app-data/open-webui";
environmentFile = config.sops.secrets."jallen-nas/open-webui".path;
environment = {
OPENID_PROVIDER_URL = "https://authentik.mjallen.dev/application/o/chat/.well-known/openid-configuration";

4
modules/nixos/orca/default.nix
View File

@@ -1,12 +1,12 @@
{
lib,
pkgs,
config,
namespace,
...
}:
with lib;
let
cfg = config.nas-apps.orca-slicer;
cfg = config.${namespace}.services.orca-slicer;
in
{
imports = [ ./options.nix ];

6
modules/nixos/orca/options.nix
View File

@@ -1,7 +1,7 @@
{ lib, ... }:
{ lib, namespace, ... }:
with lib;
{
options.nas-apps.orca-slicer = {
options.${namespace}.services.orca-slicer = {
enable = mkEnableOption "orca slicer docker service";
autoStart = mkOption {
@@ -31,7 +31,7 @@ with lib;
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/ssd_app_data/orca-slicer";
default = "/media/nas/main/ssd_app_data/orca-slicer";
};
dataPath = mkOption {

12
modules/nixos/paperless/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.paperless;
@@ -6,11 +11,10 @@ let
paperlessPort = 28981;
paperlessUserId = config.users.users.nix-apps.uid;
paperlessGroupId = config.users.groups.jallen-nas.gid;
paperlessEnv = config.sops.templates."paperless.env".path;
paperlessPkg = pkgs.paperless-ngx;
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
containers.paperless = {
@@ -78,7 +82,7 @@ in
# Bind mount directories from host
bindMounts = {
"/var/lib/paperless" = {
hostPath = "/media/nas/ssd/nix-app-data/paperless";
hostPath = "/media/nas/main/nix-app-data/paperless";
isReadOnly = false;
};
secrets = {

92
modules/nixos/raspberry-pi/default.nix Normal file
View File

@@ -0,0 +1,92 @@
{
config,
lib,
pkgs,
namespace,
...
}:
let
cfg = config.${namespace}.hardware.raspberry-pi;
in
{
options.${namespace}.hardware.raspberry-pi = {
enable = lib.mkEnableOption "Raspberry Pi common configuration";
variant = lib.mkOption {
type = lib.types.enum [
"4"
"5"
];
description = "Raspberry Pi variant (4 or 5)";
};
};
config = lib.mkIf cfg.enable {
# Common Raspberry Pi packages
environment.systemPackages =
with pkgs;
[
libraspberrypi
raspberrypi-eeprom
raspberrypifw
raspberrypiWirelessFirmware
raspberrypi-armstubs
]
++ lib.optionals (cfg.variant == "4") [
i2c-tools
]
++ lib.optionals (cfg.variant == "5") [
erofs-utils
fex
squashfuse
squashfsTools
];
# Common nixpkgs overlays for Raspberry Pi
nixpkgs.overlays = lib.mkAfter [
(_self: super: {
# This is used in (modulesPath + "/hardware/all-firmware.nix") when at least
# enableRedistributableFirmware is enabled
inherit (super) raspberrypiWirelessFirmware;
# Some derivations want to use it as an input,
# e.g. raspberrypi-dtbs, omxplayer, sd-image-* modules
inherit (super) raspberrypifw;
})
];
# Common Bluetooth configuration
systemd.services.btattach = {
before = [ "bluetooth.service" ];
after = [ "dev-ttyAMA0.device" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
};
};
# Common hardware settings
hardware.i2c.enable = lib.mkIf (cfg.variant == "4") true;
# Pi 5 specific settings
hardware.graphics.enable32Bit = lib.mkIf (cfg.variant == "5") (lib.mkForce false);
zramSwap.enable = lib.mkIf (cfg.variant == "5") true;
# Pi 5 specific system tags
system.nixos.tags = lib.mkIf (cfg.variant == "5") (
let
bootCfg = config.boot.loader.raspberry-pi;
in
[
"raspberry-pi-${bootCfg.variant}"
bootCfg.bootloader
config.boot.kernelPackages.kernel.version
]
);
# Common programs
programs.kdeconnect.enable = lib.mkDefault false;
# Root user shell configuration
users.users.root.shell = pkgs.zsh;
};
}

2
modules/nixos/services/default.nix
View File

@@ -30,7 +30,7 @@
# Enable Avahi for .local hostname resolution
avahi = {
enable = lib.mkDefault true;
nssmdns4 = lib.mkDefault true; # For modern systems, use nssmdns4 instead of nssmdns
nssmdns4 = lib.mkDefault true; # For modern systems, use nssmdns4 instead of nssmdns
openFirewall = lib.mkDefault true;
publish = {
enable = lib.mkDefault true;

19
systems/aarch64-linux/macbook-pro-nixos/sops.nix → modules/nixos/sops/default.nix
View File

@@ -1,6 +1,7 @@
{ config, ... }:
{ lib, ... }:
let
user = "matt";
# defaultSops = (lib.snowfall.fs.get-file "secrets/pi4-secrets.yaml");
defaultSops = (lib.snowfall.fs.get-file "secrets/secrets.yaml");
in
{
# Permission modes are in octal representation (same as chmod),
@@ -18,42 +19,40 @@ in
# Either the group id or group name representation of the secret group
# It is recommended to get the group name from `config.users.users.<?name>.group` to avoid misconfiguration
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFile = defaultSops;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# ------------------------------
# Secrets
# ------------------------------
secrets = {
"wifi" = {
sopsFile = ../../secrets/secrets.yaml;
};
"wifi" = { };
# ------------------------------
# SSH keys
# ------------------------------
# "ssh-keys-public/desktop-nixos" = {
# sopsFile = ../../secrets/secrets.yaml;
# sopsFile = sharedSops;
# mode = "0644";
# owner = config.users.users."${user}".name;
# group = config.users.users."${user}".group;
# restartUnits = [ "sshd.service" ];
# };
# "ssh-keys-private/desktop-nixos" = {
# sopsFile = ../../secrets/secrets.yaml;
# sopsFile = sharedSops;
# mode = "0600";
# owner = config.users.users."${user}".name;
# group = config.users.users."${user}".group;
# restartUnits = [ "sshd.service" ];
# };
# "ssh-keys-public/desktop-nixos-root" = {
# sopsFile = ../../secrets/secrets.yaml;
# sopsFile = sharedSops;
# path = "/root/.ssh/id_ed25519.pub";
# mode = "0600";
# restartUnits = [ "sshd.service" ];
# };
# "ssh-keys-private/desktop-nixos-root" = {
# sopsFile = ../../secrets/secrets.yaml;
# sopsFile = sharedSops;
# path = "/root/.ssh/id_ed25519";
# mode = "0600";
# restartUnits = [ "sshd.service" ];

99
modules/nixos/traefik/default.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.traefik;
@@ -14,7 +19,7 @@ let
cacheUrl = "http://${serverIp}:9012";
cloudUrl = "http://${config.containers.nextcloud.localAddress}:80";
giteaUrl = "http://${config.containers.gitea.localAddress}:${toString config.containers.gitea.config.services.gitea.settings.server.HTTP_PORT}";
hassUrl = "http://homeassistant.local:8123";
hassUrl = "http://nuc-nixos.local:8123";
immichUrl = "http://${serverIp}:${toString config.services.immich.port}";
jellyfinUrl = "http://${serverIp}:8096";
jellyseerrUrl = "http://${config.containers.jellyseerr.localAddress}:${toString config.containers.jellyseerr.config.services.jellyseerr.port}";
@@ -45,19 +50,19 @@ let
metricsPort = 8082;
forwardPorts = [
httpPort
httpsPort
traefikPort
metricsPort
httpPort
httpsPort
traefikPort
metricsPort
];
# misc
letsEncryptEmail = "jalle008@proton.me";
dataDir = "/media/nas/ssd/nix-app-data/traefik";
dataDir = "/media/nas/main/nix-app-data/traefik";
authentikAddress = "http://${serverIp}:9000/outpost.goauthentik.io/auth/traefik";
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
sops = {
@@ -76,7 +81,9 @@ in
"traefik.env" = {
content = ''
CLOUDFLARE_DNS_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-dns-api-token"}
CLOUDFLARE_ZONE_API_TOKEN = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"}
CLOUDFLARE_ZONE_API_TOKEN = ${
config.sops.placeholder."jallen-nas/traefik/cloudflare-zone-api-token"
}
CLOUDFLARE_API_KEY = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"}
CLOUDFLARE_EMAIL = ${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"}
'';
@@ -95,7 +102,7 @@ in
services.traefik = {
enable = true;
dataDir = dataDir;
group = "jallen-nas";#group;
group = "jallen-nas"; # group;
environmentFiles = [ "${config.services.traefik.dataDir}/traefik.env" ]; # todo: sops
staticConfigOptions = {
@@ -129,7 +136,12 @@ in
entryPoint = "metrics";
addEntryPointsLabels = true;
addServicesLabels = true;
buckets = [0.1 0.3 1.2 5.0]; # Response time buckets
buckets = [
0.1
0.3
1.2
5.0
]; # Response time buckets
};
};
@@ -215,8 +227,7 @@ in
};
};
};
internal-ipallowlist =
{
internal-ipallowlist = {
ipAllowList = {
sourceRange = [
"127.0.0.1/32"
@@ -305,7 +316,10 @@ in
entryPoints = [ "websecure" ];
rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
priority = 15;
tls.certResolver = "letsencrypt";
};
@@ -314,21 +328,30 @@ in
entryPoints = [ "websecure" ];
rule = "Host(`actual.${domain}`)";
service = "actual";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
authentik = {
entryPoints = [ "websecure" ];
rule = "Host(`authentik.${domain}`)";
service = "authentik";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
cache = {
entryPoints = [ "websecure" ];
rule = "Host(`cache.${domain}`)";
service = "cache";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
priority = 10;
tls.certResolver = "letsencrypt";
};
@@ -336,21 +359,31 @@ in
entryPoints = [ "websecure" ];
rule = "Host(`cloud.${domain}`)";
service = "cloud";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
gitea = {
entryPoints = [ "websecure" ];
rule = "Host(`gitea.${domain}`)";
service = "gitea";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
hass = {
entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)";
service = "hass";
middlewares = [ "crowdsec" "whitelist-geoblock" "authentik" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
"authentik"
];
priority = 10;
tls.certResolver = "letsencrypt";
};
@@ -358,35 +391,51 @@ in
entryPoints = [ "websecure" ];
rule = "Host(`immich.${domain}`)";
service = "immich";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
jellyfin = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.${domain}`)";
service = "jellyfin";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
jellyseerr = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyseerr.${domain}`)";
service = "jellyseerr";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
lubelogger = {
entryPoints = [ "websecure" ];
rule = "Host(`lubelogger.${domain}`)";
service = "lubelogger";
middlewares = [ "crowdsec" "whitelist-geoblock" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
];
tls.certResolver = "letsencrypt";
};
onlyoffice = {
entryPoints = [ "websecure" ];
rule = "Host(`office.${domain}`)";
service = "onlyoffice";
middlewares = [ "crowdsec" "whitelist-geoblock" "onlyoffice-websocket" ];
middlewares = [
"crowdsec"
"whitelist-geoblock"
"onlyoffice-websocket"
];
tls.certResolver = "letsencrypt";
};
};

84
modules/nixos/user/default.nix
View File

@@ -8,6 +8,18 @@
with lib;
let
cfg = config.${namespace}.user;
isRoot = (cfg.name == "root");
# Common SSH keys used across systems
commonSshKeys = [
# MacBook
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
# Desktop Windows
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
# Desktop NixOS
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
];
in
{
options.${namespace}.user = with types; {
@@ -41,11 +53,58 @@ in
default = null;
description = "Path to the password file for this user account";
};
sshKeys = lib.mkOption {
type = listOf str;
default = [ ];
description = "List of SSH public keys for the user.";
};
enableCommonSshKeys = lib.mkOption {
type = bool;
default = true;
description = "Whether to include common SSH keys used across systems.";
};
uid = lib.mkOption {
type = int;
default = if isRoot then ids.uids.root else 1000;
description = "The user ID for the user account.";
};
packages = lib.mkOption {
type = listOf package;
default = [ ];
description = "List of packages to install for this user.";
};
linger = lib.mkOption {
type = bool;
default = false;
description = "Whether to enable systemd user service persistence.";
};
password = lib.mkOption {
type = nullOr str;
default = null;
description = "Plain text password for the user (development only).";
};
hashedPassword = lib.mkOption {
type = nullOr str;
default = null;
description = "Hashed password for the user.";
};
mutableUsers = lib.mkOption {
type = bool;
default = false;
description = "Whether users are mutable (can be modified after creation).";
};
};
config = {
users.mutableUsers = cfg.mutableUsers;
users.users.${cfg.name} = {
inherit (cfg) name;
inherit (cfg)
name
uid
linger
packages
;
extraGroups = [
"wheel"
@@ -64,14 +123,27 @@ in
"power"
"nix"
"i2c"
] ++ cfg.extraGroups;
]
++ cfg.extraGroups;
group = "users";
home = "/home/${cfg.name}";
isNormalUser = true;
isNormalUser = (!isRoot);
isSystemUser = isRoot;
shell = lib.mkForce pkgs.zsh;
uid = 1000;
hashedPasswordFile = cfg.passwordFile;
} // cfg.extraOptions;
# SSH keys - combine user-specific and common keys
openssh.authorizedKeys.keys = cfg.sshKeys ++ (lib.optionals cfg.enableCommonSshKeys commonSshKeys);
# Authentication - priority: passwordFile > hashedPassword > password
hashedPasswordFile = lib.mkIf (cfg.passwordFile != null) cfg.passwordFile;
hashedPassword = lib.mkIf (
cfg.passwordFile == null && cfg.hashedPassword != null
) cfg.hashedPassword;
password = lib.mkIf (
cfg.passwordFile == null && cfg.hashedPassword == null && cfg.password != null
) cfg.password;
}
// cfg.extraOptions;
};
}

9
modules/nixos/wyoming/default.nix
View File

@@ -1,10 +1,15 @@
{ config, lib, namespace, ... }:
{
config,
lib,
namespace,
...
}:
with lib;
let
cfg = config.${namespace}.services.wyoming;
in
{
imports = [ ./options.nix ];
imports = [ ./options.nix ];
config = mkIf cfg.enable {
services.wyoming = {

4
overlays/jdk/default.nix
View File

@@ -1,5 +1,5 @@
{ inputs, ... }:
final: prev: {
{ ... }:
final: _prev: {
jdk = final.openjdk17;
openjdk8 = final.openjdk17;
}

Some files were not shown because too many files have changed in this diff Show More