From 5859a7232bf16e3cd922ba6bf983427fc27c8b4a Mon Sep 17 00:00:00 2001 From: Chris Dombroski Date: Thu, 5 Sep 2024 19:08:29 -0400 Subject: [PATCH] new formatter? --- flake.nix | 211 ++++++++++-------- modules/common.nix | 11 +- modules/common/common.nix | 3 +- modules/common/msmtp.nix | 4 +- modules/common/nix.nix | 10 +- modules/common/sops.nix | 3 +- modules/common/sshd.nix | 12 +- modules/plymouth.nix | 6 +- modules/zwave-js-ui.nix | 27 ++- overlays/recyclarr.nix | 12 +- pkgs/zwave-js-ui.nix | 6 +- systems/orangepihole/configuration.nix | 84 +++++-- .../orangepihole/hardware-configuration.nix | 28 ++- systems/smolboi/configuration.nix | 59 +++-- systems/smolboi/hardware-configuration.nix | 27 ++- systems/smolboi/home.nix | 10 +- systems/zeus/configuration.nix | 187 ++++++++++++---- systems/zeus/hardware-configuration.nix | 24 +- 18 files changed, 495 insertions(+), 229 deletions(-) diff --git a/flake.nix b/flake.nix index b6b5eaa..9a49186 100644 --- a/flake.nix +++ b/flake.nix @@ -27,105 +27,120 @@ }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = inputs@{ flake-parts, ... }: - flake-parts.lib.mkFlake { inherit inputs; } ({ withSystem, self, ... }: { - imports = [ inputs.devshell.flakeModule ]; - systems = [ "x86_64-linux" "aarch64-linux" ]; - flake = { - deploy = { - sshUser = "root"; - fastConnection = true; - nodes = withSystem "x86_64-linux" ({ pkgs, ... }: { - smolboi = { - hostname = "smolboi"; - profiles.system.path = - pkgs.deploy-rs.lib.activate.nixos - self.nixosConfigurations.smolboi; - }; - zeus = { - hostname = "zeus"; - profiles.system.path = - pkgs.deploy-rs.lib.activate.nixos - self.nixosConfigurations.zeus; - }; - }) // withSystem "aarch64-linux" ({ pkgs, ... }: { - orangepihole = { - hostname = "orangepihole"; - profiles.system.path = - pkgs.deploy-rs.lib.activate.nixos - self.nixosConfigurations.orangepihole; - }; - }); - }; - nixosConfigurations = { - smolboi = inputs.nixpkgs.lib.nixosSystem { - specialArgs = { - inherit inputs; - pkgs-unstable = inputs.nixunstable; - }; - modules = [ - ./systems/smolboi/configuration.nix - inputs.stylix.nixosModules.stylix - inputs.impermanence.nixosModules.impermanence - inputs.nixos-hardware.nixosModules.common-cpu-amd - inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate - inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower - inputs.nixos-hardware.nixosModules.common-gpu-amd - inputs.nixos-hardware.nixosModules.common-pc - inputs.nixos-hardware.nixosModules.common-pc-ssd - inputs.nixos-hardware.nixosModules.gigabyte-b550 - inputs.home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.users.cdombroski = - import ./systems/smolboi/home.nix; - } - ]; + outputs = + inputs@{ flake-parts, ... }: + flake-parts.lib.mkFlake { inherit inputs; } ( + { withSystem, self, ... }: + { + imports = [ inputs.devshell.flakeModule ]; + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + flake = { + deploy = { + sshUser = "root"; + fastConnection = true; + nodes = + withSystem "x86_64-linux" ( + { pkgs, ... }: + { + smolboi = { + hostname = "smolboi"; + profiles.system.path = pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.smolboi; + }; + zeus = { + hostname = "zeus"; + profiles.system.path = pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.zeus; + }; + } + ) + // withSystem "aarch64-linux" ( + { pkgs, ... }: + { + orangepihole = { + hostname = "orangepihole"; + profiles.system.path = pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.orangepihole; + }; + } + ); }; - zeus = inputs.nixpkgs.lib.nixosSystem { - specialArgs = { - inherit inputs; - pkgs-unstable = inputs.nixunstable; - }; - modules = [ - ./systems/zeus/configuration.nix - inputs.impermanence.nixosModules.impermanence - inputs.nixos-hardware.nixosModules.supermicro - inputs.nixos-hardware.nixosModules.common-cpu-amd - inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate - inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower - inputs.nixos-hardware.nixosModules.common-pc - ]; - }; - orangepihole = inputs.nixpkgs.lib.nixosSystem { - specialArgs = { - inherit inputs; - pkgs-unstable = inputs.nixunstable; - }; - modules = [ - ./systems/orangepihole/configuration.nix - inputs.impermanence.nixosModules.impermanence - ]; - }; - }; - }; - perSystem = { pkgs, system, ... }: { - _module.args.pkgs = import inputs.nixpkgs { - inherit system; - overlays = [ - inputs.deploy-rs.overlay - (final: prev: { - deploy-rs = { - inherit (inputs.nixpkgs.legacyPackages.${system}) deploy-rs; - lib = prev.deploy-rs.lib; + nixosConfigurations = { + smolboi = inputs.nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs; + pkgs-unstable = inputs.nixunstable; }; - }) - ]; - config = { }; + modules = [ + ./systems/smolboi/configuration.nix + inputs.stylix.nixosModules.stylix + inputs.impermanence.nixosModules.impermanence + inputs.nixos-hardware.nixosModules.common-cpu-amd + inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate + inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower + inputs.nixos-hardware.nixosModules.common-gpu-amd + inputs.nixos-hardware.nixosModules.common-pc + inputs.nixos-hardware.nixosModules.common-pc-ssd + inputs.nixos-hardware.nixosModules.gigabyte-b550 + inputs.home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.users.cdombroski = import ./systems/smolboi/home.nix; + } + ]; + }; + zeus = inputs.nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs; + pkgs-unstable = inputs.nixunstable; + }; + modules = [ + ./systems/zeus/configuration.nix + inputs.impermanence.nixosModules.impermanence + inputs.nixos-hardware.nixosModules.supermicro + inputs.nixos-hardware.nixosModules.common-cpu-amd + inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate + inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower + inputs.nixos-hardware.nixosModules.common-pc + ]; + }; + orangepihole = inputs.nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs; + pkgs-unstable = inputs.nixunstable; + }; + modules = [ + ./systems/orangepihole/configuration.nix + inputs.impermanence.nixosModules.impermanence + ]; + }; + }; }; - devshells.default = { packages = with pkgs; [ deploy-rs.deploy-rs sops ]; }; - checks = inputs.deploy-rs.lib.${system}.deployChecks self.deploy; - formatter = pkgs.nixfmt; - }; - }); + perSystem = + { pkgs, system, ... }: + { + _module.args.pkgs = import inputs.nixpkgs { + inherit system; + overlays = [ + inputs.deploy-rs.overlay + (final: prev: { + deploy-rs = { + inherit (inputs.nixpkgs.legacyPackages.${system}) deploy-rs; + lib = prev.deploy-rs.lib; + }; + }) + ]; + config = { }; + }; + devshells.default = { + packages = with pkgs; [ + deploy-rs.deploy-rs + sops + ]; + }; + checks = inputs.deploy-rs.lib.${system}.deployChecks self.deploy; + formatter = pkgs.nixfmt-rfc-style; + }; + } + ); } diff --git a/modules/common.nix b/modules/common.nix index 360bbbc..938ce54 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -1,5 +1,8 @@ -{ lib, ... }: { - imports = builtins.map (n: ./common + "/${n}") (builtins.attrNames - (lib.filterAttrs (k: v: v == "regular" && lib.hasSuffix ".nix" k) - (builtins.readDir ./common))); +{ lib, ... }: +{ + imports = builtins.map (n: ./common + "/${n}") ( + builtins.attrNames ( + lib.filterAttrs (k: v: v == "regular" && lib.hasSuffix ".nix" k) (builtins.readDir ./common) + ) + ); } diff --git a/modules/common/common.nix b/modules/common/common.nix index 4a8c074..1345c9b 100644 --- a/modules/common/common.nix +++ b/modules/common/common.nix @@ -1,4 +1,5 @@ -{ ... }: { +{ ... }: +{ time.timeZone = "America/New_York"; i18n.defaultLocale = "en_US.UTF-8"; programs.vim.defaultEditor = true; diff --git a/modules/common/msmtp.nix b/modules/common/msmtp.nix index f0bddb9..eef8c26 100644 --- a/modules/common/msmtp.nix +++ b/modules/common/msmtp.nix @@ -1,4 +1,5 @@ -{ config, ... }: { +{ config, ... }: +{ sops.secrets."gmail/password" = { }; programs.msmtp = { enable = true; @@ -23,4 +24,3 @@ }; }; } - diff --git a/modules/common/nix.nix b/modules/common/nix.nix index c8e4e92..d8c3354 100644 --- a/modules/common/nix.nix +++ b/modules/common/nix.nix @@ -1,4 +1,5 @@ -{ ... }: { +{ ... }: +{ programs.git.enable = true; programs.nh = { enable = true; @@ -6,7 +7,12 @@ clean.extraArgs = "--keep-since 7d"; }; nix = { - settings = { experimental-features = [ "nix-command" "flakes" ]; }; + settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + }; optimise.automatic = true; }; nixpkgs.overlays = [ diff --git a/modules/common/sops.nix b/modules/common/sops.nix index 26743b9..06a5b92 100644 --- a/modules/common/sops.nix +++ b/modules/common/sops.nix @@ -1,4 +1,5 @@ -{ inputs, ... }: { +{ inputs, ... }: +{ imports = [ inputs.sops-nix.nixosModules.sops ]; sops.defaultSopsFile = ../../secrets/secret.yaml; sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ]; diff --git a/modules/common/sshd.nix b/modules/common/sshd.nix index 0b197e0..5e8f8be 100644 --- a/modules/common/sshd.nix +++ b/modules/common/sshd.nix @@ -1,5 +1,13 @@ -{ pkgs, sops, config, ... }: { - sops.secrets."root/password" = { neededForUsers = true; }; +{ + pkgs, + sops, + config, + ... +}: +{ + sops.secrets."root/password" = { + neededForUsers = true; + }; services.openssh.enable = true; users.mutableUsers = false; users.users.root = { diff --git a/modules/plymouth.nix b/modules/plymouth.nix index 8bc9c63..d719f57 100644 --- a/modules/plymouth.nix +++ b/modules/plymouth.nix @@ -1,8 +1,8 @@ -{ pkgs, lib, ... }: { +{ pkgs, lib, ... }: +{ boot.plymouth = { enable = true; - themePackages = with pkgs; - [ (adi1090x-plymouth-themes.override { selected_themes = [ "owl" ]; }) ]; + themePackages = with pkgs; [ (adi1090x-plymouth-themes.override { selected_themes = [ "owl" ]; }) ]; theme = lib.mkForce "owl"; }; } diff --git a/modules/zwave-js-ui.nix b/modules/zwave-js-ui.nix index 706e494..47979e9 100644 --- a/modules/zwave-js-ui.nix +++ b/modules/zwave-js-ui.nix @@ -1,8 +1,19 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let - inherit (lib) mkIf mkEnableOption mkOption types; + inherit (lib) + mkIf + mkEnableOption + mkOption + types + ; cfg = config.services.zwave-js-ui; -in { +in +{ options.services.zwave-js-ui = { enable = mkEnableOption "zwave-js-ui"; store = mkOption { @@ -14,10 +25,12 @@ in { }; }; config = mkIf cfg.enable { - assertions = [{ - assertion = !config.services.zwave-js.enable; - message = "zwave-js-ui conflicts with zwave-js"; - }]; + assertions = [ + { + assertion = !config.services.zwave-js.enable; + message = "zwave-js-ui conflicts with zwave-js"; + } + ]; systemd.services.zwave-js-ui = { environment = { STORE_DIR = cfg.store; diff --git a/overlays/recyclarr.nix b/overlays/recyclarr.nix index e288f00..8d0c60a 100644 --- a/overlays/recyclarr.nix +++ b/overlays/recyclarr.nix @@ -4,20 +4,24 @@ let arch = "x64"; hash = "sha256:04vg1s86krg7baifcpnqr5zg6jd6nfw0jhjsq09zzpxwg5skxlf7"; version = "7.2.1"; -in { +in +{ recyclarr = prev.recyclarr.overrideAttrs (old: { inherit version; name = "recyclarr-${version}"; src = prev.fetchurl { - url = - "https://github.com/recyclarr/recyclarr/releases/download/v${version}/recyclarr-${os}-${arch}.tar.xz"; + url = "https://github.com/recyclarr/recyclarr/releases/download/v${version}/recyclarr-${os}-${arch}.tar.xz"; inherit hash; }; postInstall = '' wrapProgram $out/bin/recyclarr \ --prefix PATH : ${prev.lib.makeBinPath [ prev.git ]} \ --prefix LD_LIBRARY_PATH : ${ - prev.lib.makeLibraryPath [ prev.icu prev.openssl prev.zlib ] + prev.lib.makeLibraryPath [ + prev.icu + prev.openssl + prev.zlib + ] } ''; }); diff --git a/pkgs/zwave-js-ui.nix b/pkgs/zwave-js-ui.nix index 5b5df8d..6629a25 100644 --- a/pkgs/zwave-js-ui.nix +++ b/pkgs/zwave-js-ui.nix @@ -1,4 +1,8 @@ -{ lib, buildNpmPackage, fetchFromGitHub }: +{ + lib, + buildNpmPackage, + fetchFromGitHub, +}: buildNpmPackage rec { pname = "zwave-js-ui"; diff --git a/systems/orangepihole/configuration.nix b/systems/orangepihole/configuration.nix index 5de1918..5ad4fe5 100644 --- a/systems/orangepihole/configuration.nix +++ b/systems/orangepihole/configuration.nix @@ -1,7 +1,8 @@ { config, pkgs, ... }: { - imports = [ # Include the results of the hardware scan. + imports = [ + # Include the results of the hardware scan. ./hardware-configuration.nix ../../modules/common.nix ../../modules/networkd-base.nix @@ -16,8 +17,14 @@ }; systemd.network.networks."40-end0" = { matchConfig.Name = "end0"; - address = [ "10.42.69.2/24" "fd72:3dd5:21ae:3c97::2/64" ]; - dns = [ "10.42.69.2" "fd72:3dd5:21ae:3c97::2" ]; + address = [ + "10.42.69.2/24" + "fd72:3dd5:21ae:3c97::2/64" + ]; + dns = [ + "10.42.69.2" + "fd72:3dd5:21ae:3c97::2" + ]; domains = [ "icanttype.org" ]; gateway = [ "10.42.69.1" ]; networkConfig.DHCPServer = true; @@ -27,18 +34,23 @@ DNS = "10.42.69.2"; EmitRouter = true; Router = "10.42.69.1"; - SendOption = [ "15:string:icanttype.org" "119:string:icanttype.org" ]; + SendOption = [ + "15:string:icanttype.org" + "119:string:icanttype.org" + ]; }; networkConfig.IPv6SendRA = true; ipv6SendRAConfig.RouterLifetimeSec = 0; ipv6SendRAConfig.EmitDNS = false; - ipv6Prefixes = [{ ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; }]; + ipv6Prefixes = [ { ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; } ]; }; zramSwap.enable = true; - swapDevices = [{ - device = "/persist/swapfile"; - size = 1024; - }]; + swapDevices = [ + { + device = "/persist/swapfile"; + size = 1024; + } + ]; services = { unbound = { enable = true; @@ -48,9 +60,15 @@ do-ip6 = "no"; qname-minimisation = "yes"; interface = [ "end0" ]; - access-control = [ "10.0.0.0/8 allow" "fc::/7 allow" ]; + access-control = [ + "10.0.0.0/8 allow" + "fc::/7 allow" + ]; }; - include = [ "/etc/unbound/ads.conf" "${./unbound-local.conf}" ]; + include = [ + "/etc/unbound/ads.conf" + "${./unbound-local.conf}" + ]; }; }; journald.storage = "volatile"; @@ -60,7 +78,10 @@ services.adblock = { startAt = "daily"; postStop = "systemctl try-reload-or-restart unbound"; - path = with pkgs; [ gawk wget ]; + path = with pkgs; [ + gawk + wget + ]; script = '' wget -nv -O - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/tif.blacklist.conf > /tmp/new.conf echo 'local-zone: "tiktok.com." always_nxdomain' >> /tmp/new.conf @@ -79,7 +100,11 @@ ]; persistence."/persist" = { hideMounts = true; - directories = [ "/var/lib/nixos" "/var/lib/systemd" "/tmp" ]; + directories = [ + "/var/lib/nixos" + "/var/lib/systemd" + "/tmp" + ]; files = [ "/etc/machine-id" "/etc/adjtime" @@ -93,20 +118,34 @@ }; networking.firewall = { - allowedUDPPorts = [ 53 67 68 ]; + allowedUDPPorts = [ + 53 + 67 + 68 + ]; allowedTCPPorts = [ 53 ]; }; system.stateVersion = "23.11"; # Did you read the comment? sops.secrets."nixremote/sshkey" = { }; - nix.buildMachines = [{ - hostName = "zeus"; - systems = [ "x86_64-linux" "aarch64-linux" ]; - protocol = "ssh-ng"; - sshKey = config.sops.secrets."nixremote/sshkey".path; - sshUser = "nixremote"; - supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; - }]; + nix.buildMachines = [ + { + hostName = "zeus"; + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + protocol = "ssh-ng"; + sshKey = config.sops.secrets."nixremote/sshkey".path; + sshUser = "nixremote"; + supportedFeatures = [ + "nixos-test" + "benchmark" + "big-parallel" + "kvm" + ]; + } + ]; programs.ssh.extraConfig = '' Host zeus User nixremote @@ -117,4 +156,3 @@ nix.distributedBuilds = false; #nix.settings.max-jobs = 0; } - diff --git a/systems/orangepihole/hardware-configuration.nix b/systems/orangepihole/hardware-configuration.nix index 6d28493..7b993e1 100644 --- a/systems/orangepihole/hardware-configuration.nix +++ b/systems/orangepihole/hardware-configuration.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; @@ -6,13 +12,21 @@ fileSystems."/" = { device = "none"; fsType = "tmpfs"; - options = [ "defaults" "mode=755" ]; + options = [ + "defaults" + "mode=755" + ]; }; fileSystems."/persist" = { device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b"; fsType = "btrfs"; neededForBoot = true; - options = [ "compress=lzo" "autodefrag" "defaults" "subvol=@nixos/root" ]; + options = [ + "compress=lzo" + "autodefrag" + "defaults" + "subvol=@nixos/root" + ]; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/a4d76da9-b8eb-4615-9d64-a36e1383da80"; @@ -22,11 +36,15 @@ fileSystems."/nix" = { device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b"; fsType = "btrfs"; - options = [ "compress=lzo" "autodefrag" "defaults" "subvol=@nixos/nix" ]; + options = [ + "compress=lzo" + "autodefrag" + "defaults" + "subvol=@nixos/nix" + ]; }; networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; } - diff --git a/systems/smolboi/configuration.nix b/systems/smolboi/configuration.nix index 2412dbf..6f7cabe 100644 --- a/systems/smolboi/configuration.nix +++ b/systems/smolboi/configuration.nix @@ -1,7 +1,8 @@ { config, pkgs, ... }: { - imports = [ # Include the results of the hardware scan. + imports = [ + # Include the results of the hardware scan. ./hardware-configuration.nix ../../modules/common.nix ../../modules/aarch64-emu.nix @@ -29,16 +30,17 @@ networking = { hostName = "smolboi"; # Define your hostname. - networkmanager.enable = - true; # Easiest to use and most distros use this by default. + networkmanager.enable = true; # Easiest to use and most distros use this by default. firewall.allowedTCPPorts = [ 22000 ]; }; nixpkgs.config = { allowUnfree = true; - permittedInsecurePackages = [ "electron-25.9.0" "nix-2.16.2" ]; + permittedInsecurePackages = [ + "electron-25.9.0" + "nix-2.16.2" + ]; packageOverrides = pkgs: { - steam = - pkgs.steam.override { extraPkgs = pkgs: with pkgs; [ winetricks ]; }; + steam = pkgs.steam.override { extraPkgs = pkgs: with pkgs; [ winetricks ]; }; }; }; @@ -77,7 +79,10 @@ resolved.enable = true; btrfs.autoScrub = { enable = true; - fileSystems = [ "/" "/home" ]; + fileSystems = [ + "/" + "/home" + ]; }; }; hardware = { @@ -175,24 +180,39 @@ }; zramSwap = { enable = true; - writebackDevice = - "/dev/disk/by-partuuid/e8f5eaf8-46ca-40de-854a-f6dfe964b92d"; + writebackDevice = "/dev/disk/by-partuuid/e8f5eaf8-46ca-40de-854a-f6dfe964b92d"; }; fileSystems = { - "/persist".options = - [ "compress=lzo" "autodefrag" "discard=async" "defaults" ]; - "/nix".options = - [ "compress=lzo" "autodefrag" "discard=async" "noatime" "defaults" ]; - "/steam-library".options = - [ "compress=lzo" "autodefrag" "discard=async" "defaults" ]; - "/home".options = - [ "compress=lzo" "autodefrag" "discard=async" "defaults" ]; + "/persist".options = [ + "compress=lzo" + "autodefrag" + "discard=async" + "defaults" + ]; + "/nix".options = [ + "compress=lzo" + "autodefrag" + "discard=async" + "noatime" + "defaults" + ]; + "/steam-library".options = [ + "compress=lzo" + "autodefrag" + "discard=async" + "defaults" + ]; + "/home".options = [ + "compress=lzo" + "autodefrag" + "discard=async" + "defaults" + ]; }; stylix = { - image = - "${pkgs.kdePackages.breeze}/share/wallpapers/Next/contents/images_dark/2560x1440.png"; + image = "${pkgs.kdePackages.breeze}/share/wallpapers/Next/contents/images_dark/2560x1440.png"; base16Scheme = "${pkgs.base16-schemes}/share/themes/solarflare.yaml"; fonts = { serif = { @@ -217,4 +237,3 @@ system.stateVersion = "23.11"; # Did you read the comment? } - diff --git a/systems/smolboi/hardware-configuration.nix b/systems/smolboi/hardware-configuration.nix index 1251e73..9de210c 100644 --- a/systems/smolboi/hardware-configuration.nix +++ b/systems/smolboi/hardware-configuration.nix @@ -1,13 +1,25 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = - [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usb_storage" + "usbhid" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; @@ -15,7 +27,11 @@ fileSystems."/" = { device = "none"; fsType = "tmpfs"; - options = [ "defaults" "size=2g" "mode=755" ]; + options = [ + "defaults" + "size=2g" + "mode=755" + ]; }; fileSystems."/persist" = { @@ -59,6 +75,5 @@ # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/systems/smolboi/home.nix b/systems/smolboi/home.nix index a83c731..64de1b2 100644 --- a/systems/smolboi/home.nix +++ b/systems/smolboi/home.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: { # Home Manager needs a bit of information about you and the paths it should @@ -97,8 +102,7 @@ allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "discord" ]; permittedInsecurePackages = [ "electron-25.9.0" ]; }; - xdg.configFile."autostart/yakuake.desktop".source = - "${pkgs.yakuake}/share/applications/org.kde.yakuake.desktop"; + xdg.configFile."autostart/yakuake.desktop".source = "${pkgs.yakuake}/share/applications/org.kde.yakuake.desktop"; # Home Manager is pretty good at managing dotfiles. The primary way to manage # plain files is through 'home.file'. diff --git a/systems/zeus/configuration.nix b/systems/zeus/configuration.nix index 039c951..0525471 100644 --- a/systems/zeus/configuration.nix +++ b/systems/zeus/configuration.nix @@ -1,7 +1,8 @@ { config, pkgs, ... }: { - imports = [ # Include the results of the hardware scan. + imports = [ + # Include the results of the hardware scan. ./hardware-configuration.nix ../../modules/common.nix ../../modules/aarch64-emu.nix @@ -54,7 +55,9 @@ Name = "bond0"; Kind = "bond"; }; - bondConfig = { Mode = "active-backup"; }; + bondConfig = { + Mode = "active-backup"; + }; }; lan-shim = { netdevConfig = { @@ -62,7 +65,9 @@ Kind = "macvlan"; MACAddress = "3e:53:37:25:08:ef"; }; - macvlanConfig = { Mode = "bridge"; }; + macvlanConfig = { + Mode = "bridge"; + }; }; }; systemd.network.networks = { @@ -76,8 +81,10 @@ }; lan-shim = { name = "lan-shim"; - address = - [ "10.42.69.100/24" "fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64" ]; + address = [ + "10.42.69.100/24" + "fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64" + ]; dns = [ "10.42.69.2" ]; domains = [ "icanttype.org" ]; gateway = [ "10.42.69.1" ]; @@ -100,7 +107,10 @@ CONTAINERS = "1"; POST = "0"; }; - extraOptions = [ "--pull=newer" "--network=www" ]; + extraOptions = [ + "--pull=newer" + "--network=www" + ]; }; swag = { image = "lscr.io/linuxserver/swag:2.9.0-ls292"; @@ -112,8 +122,7 @@ SUBDOMAINS = "wildcard"; DNSPLUGIN = "cloudflare"; DOCKER_HOST = "dockerproxy"; - DOCKER_MODS = - "linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-proxy|linuxserver/mods:universal-docker|linuxserver/mods:universal-cloudflared"; + DOCKER_MODS = "linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-proxy|linuxserver/mods:universal-docker|linuxserver/mods:universal-cloudflared"; CF_ZONE_ID = "4e68852334290a922718696a0986e75a"; CF_ACCOUNT_ID = "5c1c252b9d9a9af6ea3a5de8590f36fa"; CF_API_TOKEN = "mRfY8ubtFUxzVuehI6WFipSQFIcstCNds7RF5FTQ"; @@ -122,7 +131,10 @@ FILE__CF_TUNNEL_CONFIG = "/config/tunnelconfig.yml"; EMAIL = "cdombroski@gmail.com"; }; - ports = [ "80:80" "443:443" ]; + ports = [ + "80:80" + "443:443" + ]; extraOptions = [ "--pull=newer" "--network=www" @@ -148,8 +160,14 @@ }; environmentFiles = [ config.sops.templates."docker.env".path ]; labels.swag = "enable"; - ports = [ "1900:1900/udp" "7359:7359/udp" ]; - extraOptions = [ "--pull=newer" "--network=www" ]; + ports = [ + "1900:1900/udp" + "7359:7359/udp" + ]; + extraOptions = [ + "--pull=newer" + "--network=www" + ]; }; zwave-js-ui = { image = "my-zwave-js-ui:latest"; @@ -170,79 +188,133 @@ swag_url = "zwave.icanttype.org"; swag_port = "8091"; }; - extraOptions = [ "--network=www" "--device=/dev/ttyACM0:/dev/zwave" ]; + extraOptions = [ + "--network=www" + "--device=/dev/ttyACM0:/dev/zwave" + ]; }; homeassistant = { image = "lscr.io/linuxserver/homeassistant:latest"; volumes = [ "homeassistant-config:/config" ]; environment.TZ = "America/New_York"; labels.swag = "enable"; - extraOptions = [ "--pull=newer" "--network=www" "--network=lan" ]; + extraOptions = [ + "--pull=newer" + "--network=www" + "--network=lan" + ]; }; postgres = { image = "docker.io/library/postgres:15"; volumes = [ "postgres-15:/var/lib/postgresql/data" ]; - extraOptions = [ "--pull=newer" "--network=www" ]; + extraOptions = [ + "--pull=newer" + "--network=www" + ]; }; calibre = { image = "lscr.io/linuxserver/calibre:latest"; - volumes = [ "calibre-config:/config" "/video-data:/data" ]; + volumes = [ + "calibre-config:/config" + "/video-data:/data" + ]; environment.TZ = "America/New_York"; labels.swag = "enable"; - extraOptions = [ "--pull=newer" "--network=www" ]; + extraOptions = [ + "--pull=newer" + "--network=www" + ]; }; calibre-web = { image = "lscr.io/linuxserver/calibre-web:latest"; - volumes = [ "calibre-web-config:/config" "/video-data:/data" ]; + volumes = [ + "calibre-web-config:/config" + "/video-data:/data" + ]; environment.TZ = "America/New_York"; labels.swag = "enable"; - extraOptions = [ "--pull=newer" "--network=www" ]; + extraOptions = [ + "--pull=newer" + "--network=www" + ]; }; flaresolverr = { image = "ghcr.io/flaresolverr/flaresolverr:latest"; environment.LOG_LEVEL = "info"; - extraOptions = [ "--pull=newer" "--network=www" ]; + extraOptions = [ + "--pull=newer" + "--network=www" + ]; }; qbittorrent = { image = "lscr.io/linuxserver/qbittorrent:latest"; - volumes = - [ "qbittorrent-config:/config" "/video-data/torrent:/data/torrent" ]; + volumes = [ + "qbittorrent-config:/config" + "/video-data/torrent:/data/torrent" + ]; environment = { TZ = "America/New_York"; UMASK_SET = "000"; DELUGE_LOGLEVEL = "error"; }; labels.swag = "enable"; - ports = [ "34996:34996" "34996:34996/udp" ]; - extraOptions = [ "--pull=newer" "--network=www" ]; + ports = [ + "34996:34996" + "34996:34996/udp" + ]; + extraOptions = [ + "--pull=newer" + "--network=www" + ]; }; prowlarr = { image = "lscr.io/linuxserver/prowlarr:latest"; volumes = [ "prowlarr-config:/config" ]; environment.TZ = "America/New_York"; labels.swag = "enable"; - extraOptions = [ "--pull=newer" "--network=www" ]; + extraOptions = [ + "--pull=newer" + "--network=www" + ]; }; readarr = { image = "lscr.io/linuxserver/readarr:develop"; - volumes = [ "readarr-config:/config" "/video-data:/data" ]; + volumes = [ + "readarr-config:/config" + "/video-data:/data" + ]; environment.TZ = "America/New_York"; labels.swag = "enable"; - extraOptions = [ "--pull=newer" "--network=www" ]; + extraOptions = [ + "--pull=newer" + "--network=www" + ]; }; radarr = { image = "lscr.io/linuxserver/radarr:latest"; - volumes = [ "radarr-config:/config" "/video-data:/data" ]; + volumes = [ + "radarr-config:/config" + "/video-data:/data" + ]; environment.TZ = "America/New_York"; labels.swag = "enable"; - extraOptions = [ "--pull=newer" "--network=www" ]; + extraOptions = [ + "--pull=newer" + "--network=www" + ]; }; sonarr = { image = "lscr.io/linuxserver/sonarr:latest"; - volumes = [ "sonarr-config:/config" "/video-data:/data" ]; + volumes = [ + "sonarr-config:/config" + "/video-data:/data" + ]; environment.TZ = "America/New_York"; labels.swag = "enable"; - extraOptions = [ "--pull=newer" "--network=www" ]; + extraOptions = [ + "--pull=newer" + "--network=www" + ]; }; static = { image = "docker.io/library/nginx:alpine"; @@ -254,31 +326,55 @@ swag = "enable"; swag_url = "www.icanttype.org"; }; - extraOptions = [ "--pull=newer" "--network=www" ]; + extraOptions = [ + "--pull=newer" + "--network=www" + ]; }; forgejo = { image = "codeberg.org/forgejo/forgejo:8"; - volumes = [ "forgejo-data:/data" "/etc/localtime:/etc/localtime:ro" ]; + volumes = [ + "forgejo-data:/data" + "/etc/localtime:/etc/localtime:ro" + ]; labels = { swag = "enable"; swag_url = "git.icanttype.org"; swag_port = "3000"; }; ports = [ "10022:22" ]; - extraOptions = [ "--pull=newer" "--network=www" ]; + extraOptions = [ + "--pull=newer" + "--network=www" + ]; }; docker_dind = { image = "docker.io/library/docker:dind"; - cmd = [ "dockerd" "-H" "tcp://0.0.0.0:2375" "--tls=false" ]; - extraOptions = [ "--pull=newer" "--privileged" "--network=www" ]; + cmd = [ + "dockerd" + "-H" + "tcp://0.0.0.0:2375" + "--tls=false" + ]; + extraOptions = [ + "--pull=newer" + "--privileged" + "--network=www" + ]; }; runner = { image = "code.forgejo.org/forgejo/runner:3.4.1"; dependsOn = [ "docker_dind" ]; environment.DOCKER_HOST = "tcp://docker_dind:2375"; volumes = [ "forgejo-runner:/data" ]; - cmd = [ "forgejo-runner" "daemon" ]; - extraOptions = [ "--pull=newer" "--network=www" ]; + cmd = [ + "forgejo-runner" + "daemon" + ]; + extraOptions = [ + "--pull=newer" + "--network=www" + ]; }; }; }; @@ -287,8 +383,14 @@ allowedUDPPorts = [ 53 ]; allowedTCPPorts = [ 53 ]; }; - allowedUDPPorts = [ 137 138 ]; - allowedTCPPorts = [ 139 445 ]; + allowedUDPPorts = [ + 137 + 138 + ]; + allowedTCPPorts = [ + 139 + 445 + ]; }; users.users.nixremote = { @@ -312,7 +414,11 @@ persistence."/persist" = { enableWarnings = false; hideMounts = true; - directories = [ "/srv/docker" "/tmp" "/etc/containers/networks" ]; + directories = [ + "/srv/docker" + "/tmp" + "/etc/containers/networks" + ]; files = [ "/etc/machine-id" "/etc/adjtime" @@ -371,4 +477,3 @@ system.stateVersion = "23.11"; # Did you read the comment? zramSwap.enable = true; } - diff --git a/systems/zeus/hardware-configuration.nix b/systems/zeus/hardware-configuration.nix index 961dda8..b64c7bd 100644 --- a/systems/zeus/hardware-configuration.nix +++ b/systems/zeus/hardware-configuration.nix @@ -1,13 +1,23 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = - [ "ohci_pci" "ehci_pci" "sata_nv" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "ohci_pci" + "ehci_pci" + "sata_nv" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; @@ -15,7 +25,10 @@ fileSystems."/" = { device = "none"; fsType = "tmpfs"; - options = [ "defaults" "mode=755" ]; + options = [ + "defaults" + "mode=755" + ]; }; fileSystems."/persist" = { @@ -73,6 +86,5 @@ networking.useDHCP = lib.mkDefault false; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }