Compare commits

...

2 commits

Author SHA1 Message Date
5859a7232b new formatter? 2024-09-05 19:08:29 -04:00
ed44f28e07 reinstate deploy-rs overlay 2024-09-05 19:07:06 -04:00
18 changed files with 490 additions and 219 deletions

196
flake.nix
View file

@ -27,100 +27,120 @@
}; };
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
}; };
outputs = inputs@{ flake-parts, ... }: outputs =
flake-parts.lib.mkFlake { inherit inputs; } ({ self, ... }: { inputs@{ flake-parts, ... }:
imports = [ inputs.devshell.flakeModule ]; flake-parts.lib.mkFlake { inherit inputs; } (
systems = [ "x86_64-linux" "aarch64-linux" ]; { withSystem, self, ... }:
flake = { {
deploy = { imports = [ inputs.devshell.flakeModule ];
sshUser = "root"; systems = [
fastConnection = true; "x86_64-linux"
nodes = { "aarch64-linux"
smolboi = { ];
hostname = "smolboi"; flake = {
profiles.system.path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos deploy = {
self.nixosConfigurations.smolboi; sshUser = "root";
fastConnection = true;
nodes =
withSystem "x86_64-linux" (
{ pkgs, ... }:
{
smolboi = {
hostname = "smolboi";
profiles.system.path = pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.smolboi;
};
zeus = {
hostname = "zeus";
profiles.system.path = pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.zeus;
};
}
)
// withSystem "aarch64-linux" (
{ pkgs, ... }:
{
orangepihole = {
hostname = "orangepihole";
profiles.system.path = pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.orangepihole;
};
}
);
};
nixosConfigurations = {
smolboi = inputs.nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs;
pkgs-unstable = inputs.nixunstable;
};
modules = [
./systems/smolboi/configuration.nix
inputs.stylix.nixosModules.stylix
inputs.impermanence.nixosModules.impermanence
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower
inputs.nixos-hardware.nixosModules.common-gpu-amd
inputs.nixos-hardware.nixosModules.common-pc
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.nixos-hardware.nixosModules.gigabyte-b550
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.users.cdombroski = import ./systems/smolboi/home.nix;
}
];
}; };
zeus = { zeus = inputs.nixpkgs.lib.nixosSystem {
hostname = "zeus"; specialArgs = {
profiles.system.path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos inherit inputs;
self.nixosConfigurations.zeus; pkgs-unstable = inputs.nixunstable;
};
modules = [
./systems/zeus/configuration.nix
inputs.impermanence.nixosModules.impermanence
inputs.nixos-hardware.nixosModules.supermicro
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower
inputs.nixos-hardware.nixosModules.common-pc
];
}; };
orangepihole = { orangepihole = inputs.nixpkgs.lib.nixosSystem {
hostname = "orangepihole"; specialArgs = {
profiles.system.path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos inherit inputs;
self.nixosConfigurations.orangepihole; pkgs-unstable = inputs.nixunstable;
};
modules = [
./systems/orangepihole/configuration.nix
inputs.impermanence.nixosModules.impermanence
];
}; };
}; };
}; };
nixosConfigurations = { perSystem =
smolboi = inputs.nixpkgs.lib.nixosSystem { { pkgs, system, ... }:
specialArgs = { {
inherit inputs; _module.args.pkgs = import inputs.nixpkgs {
pkgs-unstable = inputs.nixunstable; inherit system;
overlays = [
inputs.deploy-rs.overlay
(final: prev: {
deploy-rs = {
inherit (inputs.nixpkgs.legacyPackages.${system}) deploy-rs;
lib = prev.deploy-rs.lib;
};
})
];
config = { };
}; };
modules = [ devshells.default = {
./systems/smolboi/configuration.nix packages = with pkgs; [
inputs.stylix.nixosModules.stylix deploy-rs.deploy-rs
inputs.impermanence.nixosModules.impermanence sops
inputs.nixos-hardware.nixosModules.common-cpu-amd ];
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower
inputs.nixos-hardware.nixosModules.common-gpu-amd
inputs.nixos-hardware.nixosModules.common-pc
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.nixos-hardware.nixosModules.gigabyte-b550
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.users.cdombroski =
import ./systems/smolboi/home.nix;
}
];
};
zeus = inputs.nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs;
pkgs-unstable = inputs.nixunstable;
}; };
modules = [ checks = inputs.deploy-rs.lib.${system}.deployChecks self.deploy;
./systems/zeus/configuration.nix formatter = pkgs.nixfmt-rfc-style;
inputs.impermanence.nixosModules.impermanence
inputs.nixos-hardware.nixosModules.supermicro
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower
inputs.nixos-hardware.nixosModules.common-pc
];
}; };
orangepihole = inputs.nixpkgs.lib.nixosSystem { }
specialArgs = { );
inherit inputs;
pkgs-unstable = inputs.nixunstable;
};
modules = [
./systems/orangepihole/configuration.nix
inputs.impermanence.nixosModules.impermanence
];
};
};
};
perSystem = { pkgs, inputs', system, ... }: {
# _module.args.pkgs = import inputs'.nixpkgs {
# inherit system;
# overlays = [
# inputs.deploy-rs.overlay
# (final: prev: {
# deploy-rs = {
# inherit (pkgs) deploy-rs;
# lib = prev.deploy-rs.lib;
# };
# })
# ];
# };
devshells.default = { packages = with pkgs; [ deploy-rs sops ]; };
checks = inputs.deploy-rs.lib.${system}.deployChecks self.deploy;
formatter = pkgs.nixfmt;
};
});
} }

View file

@ -1,5 +1,8 @@
{ lib, ... }: { { lib, ... }:
imports = builtins.map (n: ./common + "/${n}") (builtins.attrNames {
(lib.filterAttrs (k: v: v == "regular" && lib.hasSuffix ".nix" k) imports = builtins.map (n: ./common + "/${n}") (
(builtins.readDir ./common))); builtins.attrNames (
lib.filterAttrs (k: v: v == "regular" && lib.hasSuffix ".nix" k) (builtins.readDir ./common)
)
);
} }

View file

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
programs.vim.defaultEditor = true; programs.vim.defaultEditor = true;

View file

@ -1,4 +1,5 @@
{ config, ... }: { { config, ... }:
{
sops.secrets."gmail/password" = { }; sops.secrets."gmail/password" = { };
programs.msmtp = { programs.msmtp = {
enable = true; enable = true;
@ -23,4 +24,3 @@
}; };
}; };
} }

View file

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
programs.git.enable = true; programs.git.enable = true;
programs.nh = { programs.nh = {
enable = true; enable = true;
@ -6,7 +7,12 @@
clean.extraArgs = "--keep-since 7d"; clean.extraArgs = "--keep-since 7d";
}; };
nix = { nix = {
settings = { experimental-features = [ "nix-command" "flakes" ]; }; settings = {
experimental-features = [
"nix-command"
"flakes"
];
};
optimise.automatic = true; optimise.automatic = true;
}; };
nixpkgs.overlays = [ nixpkgs.overlays = [

View file

@ -1,4 +1,5 @@
{ inputs, ... }: { { inputs, ... }:
{
imports = [ inputs.sops-nix.nixosModules.sops ]; imports = [ inputs.sops-nix.nixosModules.sops ];
sops.defaultSopsFile = ../../secrets/secret.yaml; sops.defaultSopsFile = ../../secrets/secret.yaml;
sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];

View file

@ -1,5 +1,13 @@
{ pkgs, sops, config, ... }: { {
sops.secrets."root/password" = { neededForUsers = true; }; pkgs,
sops,
config,
...
}:
{
sops.secrets."root/password" = {
neededForUsers = true;
};
services.openssh.enable = true; services.openssh.enable = true;
users.mutableUsers = false; users.mutableUsers = false;
users.users.root = { users.users.root = {

View file

@ -1,8 +1,8 @@
{ pkgs, lib, ... }: { { pkgs, lib, ... }:
{
boot.plymouth = { boot.plymouth = {
enable = true; enable = true;
themePackages = with pkgs; themePackages = with pkgs; [ (adi1090x-plymouth-themes.override { selected_themes = [ "owl" ]; }) ];
[ (adi1090x-plymouth-themes.override { selected_themes = [ "owl" ]; }) ];
theme = lib.mkForce "owl"; theme = lib.mkForce "owl";
}; };
} }

View file

@ -1,8 +1,19 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
inherit (lib) mkIf mkEnableOption mkOption types; inherit (lib)
mkIf
mkEnableOption
mkOption
types
;
cfg = config.services.zwave-js-ui; cfg = config.services.zwave-js-ui;
in { in
{
options.services.zwave-js-ui = { options.services.zwave-js-ui = {
enable = mkEnableOption "zwave-js-ui"; enable = mkEnableOption "zwave-js-ui";
store = mkOption { store = mkOption {
@ -14,10 +25,12 @@ in {
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [{ assertions = [
assertion = !config.services.zwave-js.enable; {
message = "zwave-js-ui conflicts with zwave-js"; assertion = !config.services.zwave-js.enable;
}]; message = "zwave-js-ui conflicts with zwave-js";
}
];
systemd.services.zwave-js-ui = { systemd.services.zwave-js-ui = {
environment = { environment = {
STORE_DIR = cfg.store; STORE_DIR = cfg.store;

View file

@ -4,20 +4,24 @@ let
arch = "x64"; arch = "x64";
hash = "sha256:04vg1s86krg7baifcpnqr5zg6jd6nfw0jhjsq09zzpxwg5skxlf7"; hash = "sha256:04vg1s86krg7baifcpnqr5zg6jd6nfw0jhjsq09zzpxwg5skxlf7";
version = "7.2.1"; version = "7.2.1";
in { in
{
recyclarr = prev.recyclarr.overrideAttrs (old: { recyclarr = prev.recyclarr.overrideAttrs (old: {
inherit version; inherit version;
name = "recyclarr-${version}"; name = "recyclarr-${version}";
src = prev.fetchurl { src = prev.fetchurl {
url = url = "https://github.com/recyclarr/recyclarr/releases/download/v${version}/recyclarr-${os}-${arch}.tar.xz";
"https://github.com/recyclarr/recyclarr/releases/download/v${version}/recyclarr-${os}-${arch}.tar.xz";
inherit hash; inherit hash;
}; };
postInstall = '' postInstall = ''
wrapProgram $out/bin/recyclarr \ wrapProgram $out/bin/recyclarr \
--prefix PATH : ${prev.lib.makeBinPath [ prev.git ]} \ --prefix PATH : ${prev.lib.makeBinPath [ prev.git ]} \
--prefix LD_LIBRARY_PATH : ${ --prefix LD_LIBRARY_PATH : ${
prev.lib.makeLibraryPath [ prev.icu prev.openssl prev.zlib ] prev.lib.makeLibraryPath [
prev.icu
prev.openssl
prev.zlib
]
} }
''; '';
}); });

View file

@ -1,4 +1,8 @@
{ lib, buildNpmPackage, fetchFromGitHub }: {
lib,
buildNpmPackage,
fetchFromGitHub,
}:
buildNpmPackage rec { buildNpmPackage rec {
pname = "zwave-js-ui"; pname = "zwave-js-ui";

View file

@ -1,7 +1,8 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ # Include the results of the hardware scan. imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/common.nix ../../modules/common.nix
../../modules/networkd-base.nix ../../modules/networkd-base.nix
@ -16,8 +17,14 @@
}; };
systemd.network.networks."40-end0" = { systemd.network.networks."40-end0" = {
matchConfig.Name = "end0"; matchConfig.Name = "end0";
address = [ "10.42.69.2/24" "fd72:3dd5:21ae:3c97::2/64" ]; address = [
dns = [ "10.42.69.2" "fd72:3dd5:21ae:3c97::2" ]; "10.42.69.2/24"
"fd72:3dd5:21ae:3c97::2/64"
];
dns = [
"10.42.69.2"
"fd72:3dd5:21ae:3c97::2"
];
domains = [ "icanttype.org" ]; domains = [ "icanttype.org" ];
gateway = [ "10.42.69.1" ]; gateway = [ "10.42.69.1" ];
networkConfig.DHCPServer = true; networkConfig.DHCPServer = true;
@ -27,18 +34,23 @@
DNS = "10.42.69.2"; DNS = "10.42.69.2";
EmitRouter = true; EmitRouter = true;
Router = "10.42.69.1"; Router = "10.42.69.1";
SendOption = [ "15:string:icanttype.org" "119:string:icanttype.org" ]; SendOption = [
"15:string:icanttype.org"
"119:string:icanttype.org"
];
}; };
networkConfig.IPv6SendRA = true; networkConfig.IPv6SendRA = true;
ipv6SendRAConfig.RouterLifetimeSec = 0; ipv6SendRAConfig.RouterLifetimeSec = 0;
ipv6SendRAConfig.EmitDNS = false; ipv6SendRAConfig.EmitDNS = false;
ipv6Prefixes = [{ ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; }]; ipv6Prefixes = [ { ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; } ];
}; };
zramSwap.enable = true; zramSwap.enable = true;
swapDevices = [{ swapDevices = [
device = "/persist/swapfile"; {
size = 1024; device = "/persist/swapfile";
}]; size = 1024;
}
];
services = { services = {
unbound = { unbound = {
enable = true; enable = true;
@ -48,9 +60,15 @@
do-ip6 = "no"; do-ip6 = "no";
qname-minimisation = "yes"; qname-minimisation = "yes";
interface = [ "end0" ]; interface = [ "end0" ];
access-control = [ "10.0.0.0/8 allow" "fc::/7 allow" ]; access-control = [
"10.0.0.0/8 allow"
"fc::/7 allow"
];
}; };
include = [ "/etc/unbound/ads.conf" "${./unbound-local.conf}" ]; include = [
"/etc/unbound/ads.conf"
"${./unbound-local.conf}"
];
}; };
}; };
journald.storage = "volatile"; journald.storage = "volatile";
@ -60,7 +78,10 @@
services.adblock = { services.adblock = {
startAt = "daily"; startAt = "daily";
postStop = "systemctl try-reload-or-restart unbound"; postStop = "systemctl try-reload-or-restart unbound";
path = with pkgs; [ gawk wget ]; path = with pkgs; [
gawk
wget
];
script = '' script = ''
wget -nv -O - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/tif.blacklist.conf > /tmp/new.conf wget -nv -O - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/tif.blacklist.conf > /tmp/new.conf
echo 'local-zone: "tiktok.com." always_nxdomain' >> /tmp/new.conf echo 'local-zone: "tiktok.com." always_nxdomain' >> /tmp/new.conf
@ -79,7 +100,11 @@
]; ];
persistence."/persist" = { persistence."/persist" = {
hideMounts = true; hideMounts = true;
directories = [ "/var/lib/nixos" "/var/lib/systemd" "/tmp" ]; directories = [
"/var/lib/nixos"
"/var/lib/systemd"
"/tmp"
];
files = [ files = [
"/etc/machine-id" "/etc/machine-id"
"/etc/adjtime" "/etc/adjtime"
@ -93,20 +118,34 @@
}; };
networking.firewall = { networking.firewall = {
allowedUDPPorts = [ 53 67 68 ]; allowedUDPPorts = [
53
67
68
];
allowedTCPPorts = [ 53 ]; allowedTCPPorts = [ 53 ];
}; };
system.stateVersion = "23.11"; # Did you read the comment? system.stateVersion = "23.11"; # Did you read the comment?
sops.secrets."nixremote/sshkey" = { }; sops.secrets."nixremote/sshkey" = { };
nix.buildMachines = [{ nix.buildMachines = [
hostName = "zeus"; {
systems = [ "x86_64-linux" "aarch64-linux" ]; hostName = "zeus";
protocol = "ssh-ng"; systems = [
sshKey = config.sops.secrets."nixremote/sshkey".path; "x86_64-linux"
sshUser = "nixremote"; "aarch64-linux"
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; ];
}]; protocol = "ssh-ng";
sshKey = config.sops.secrets."nixremote/sshkey".path;
sshUser = "nixremote";
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
}
];
programs.ssh.extraConfig = '' programs.ssh.extraConfig = ''
Host zeus Host zeus
User nixremote User nixremote
@ -117,4 +156,3 @@
nix.distributedBuilds = false; nix.distributedBuilds = false;
#nix.settings.max-jobs = 0; #nix.settings.max-jobs = 0;
} }

View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
@ -6,13 +12,21 @@
fileSystems."/" = { fileSystems."/" = {
device = "none"; device = "none";
fsType = "tmpfs"; fsType = "tmpfs";
options = [ "defaults" "mode=755" ]; options = [
"defaults"
"mode=755"
];
}; };
fileSystems."/persist" = { fileSystems."/persist" = {
device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b"; device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b";
fsType = "btrfs"; fsType = "btrfs";
neededForBoot = true; neededForBoot = true;
options = [ "compress=lzo" "autodefrag" "defaults" "subvol=@nixos/root" ]; options = [
"compress=lzo"
"autodefrag"
"defaults"
"subvol=@nixos/root"
];
}; };
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/a4d76da9-b8eb-4615-9d64-a36e1383da80"; device = "/dev/disk/by-uuid/a4d76da9-b8eb-4615-9d64-a36e1383da80";
@ -22,11 +36,15 @@
fileSystems."/nix" = { fileSystems."/nix" = {
device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b"; device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=lzo" "autodefrag" "defaults" "subvol=@nixos/nix" ]; options = [
"compress=lzo"
"autodefrag"
"defaults"
"subvol=@nixos/nix"
];
}; };
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
} }

View file

@ -1,7 +1,8 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ # Include the results of the hardware scan. imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/common.nix ../../modules/common.nix
../../modules/aarch64-emu.nix ../../modules/aarch64-emu.nix
@ -29,16 +30,17 @@
networking = { networking = {
hostName = "smolboi"; # Define your hostname. hostName = "smolboi"; # Define your hostname.
networkmanager.enable = networkmanager.enable = true; # Easiest to use and most distros use this by default.
true; # Easiest to use and most distros use this by default.
firewall.allowedTCPPorts = [ 22000 ]; firewall.allowedTCPPorts = [ 22000 ];
}; };
nixpkgs.config = { nixpkgs.config = {
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = [ "electron-25.9.0" "nix-2.16.2" ]; permittedInsecurePackages = [
"electron-25.9.0"
"nix-2.16.2"
];
packageOverrides = pkgs: { packageOverrides = pkgs: {
steam = steam = pkgs.steam.override { extraPkgs = pkgs: with pkgs; [ winetricks ]; };
pkgs.steam.override { extraPkgs = pkgs: with pkgs; [ winetricks ]; };
}; };
}; };
@ -77,7 +79,10 @@
resolved.enable = true; resolved.enable = true;
btrfs.autoScrub = { btrfs.autoScrub = {
enable = true; enable = true;
fileSystems = [ "/" "/home" ]; fileSystems = [
"/"
"/home"
];
}; };
}; };
hardware = { hardware = {
@ -175,24 +180,39 @@
}; };
zramSwap = { zramSwap = {
enable = true; enable = true;
writebackDevice = writebackDevice = "/dev/disk/by-partuuid/e8f5eaf8-46ca-40de-854a-f6dfe964b92d";
"/dev/disk/by-partuuid/e8f5eaf8-46ca-40de-854a-f6dfe964b92d";
}; };
fileSystems = { fileSystems = {
"/persist".options = "/persist".options = [
[ "compress=lzo" "autodefrag" "discard=async" "defaults" ]; "compress=lzo"
"/nix".options = "autodefrag"
[ "compress=lzo" "autodefrag" "discard=async" "noatime" "defaults" ]; "discard=async"
"/steam-library".options = "defaults"
[ "compress=lzo" "autodefrag" "discard=async" "defaults" ]; ];
"/home".options = "/nix".options = [
[ "compress=lzo" "autodefrag" "discard=async" "defaults" ]; "compress=lzo"
"autodefrag"
"discard=async"
"noatime"
"defaults"
];
"/steam-library".options = [
"compress=lzo"
"autodefrag"
"discard=async"
"defaults"
];
"/home".options = [
"compress=lzo"
"autodefrag"
"discard=async"
"defaults"
];
}; };
stylix = { stylix = {
image = image = "${pkgs.kdePackages.breeze}/share/wallpapers/Next/contents/images_dark/2560x1440.png";
"${pkgs.kdePackages.breeze}/share/wallpapers/Next/contents/images_dark/2560x1440.png";
base16Scheme = "${pkgs.base16-schemes}/share/themes/solarflare.yaml"; base16Scheme = "${pkgs.base16-schemes}/share/themes/solarflare.yaml";
fonts = { fonts = {
serif = { serif = {
@ -217,4 +237,3 @@
system.stateVersion = "23.11"; # Did you read the comment? system.stateVersion = "23.11"; # Did you read the comment?
} }

View file

@ -1,13 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = boot.initrd.availableKernelModules = [
[ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; "nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@ -15,7 +27,11 @@
fileSystems."/" = { fileSystems."/" = {
device = "none"; device = "none";
fsType = "tmpfs"; fsType = "tmpfs";
options = [ "defaults" "size=2g" "mode=755" ]; options = [
"defaults"
"size=2g"
"mode=755"
];
}; };
fileSystems."/persist" = { fileSystems."/persist" = {
@ -59,6 +75,5 @@
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
# Home Manager needs a bit of information about you and the paths it should # Home Manager needs a bit of information about you and the paths it should
@ -97,8 +102,7 @@
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "discord" ]; allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "discord" ];
permittedInsecurePackages = [ "electron-25.9.0" ]; permittedInsecurePackages = [ "electron-25.9.0" ];
}; };
xdg.configFile."autostart/yakuake.desktop".source = xdg.configFile."autostart/yakuake.desktop".source = "${pkgs.yakuake}/share/applications/org.kde.yakuake.desktop";
"${pkgs.yakuake}/share/applications/org.kde.yakuake.desktop";
# Home Manager is pretty good at managing dotfiles. The primary way to manage # Home Manager is pretty good at managing dotfiles. The primary way to manage
# plain files is through 'home.file'. # plain files is through 'home.file'.

View file

@ -1,7 +1,8 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ # Include the results of the hardware scan. imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/common.nix ../../modules/common.nix
../../modules/aarch64-emu.nix ../../modules/aarch64-emu.nix
@ -54,7 +55,9 @@
Name = "bond0"; Name = "bond0";
Kind = "bond"; Kind = "bond";
}; };
bondConfig = { Mode = "active-backup"; }; bondConfig = {
Mode = "active-backup";
};
}; };
lan-shim = { lan-shim = {
netdevConfig = { netdevConfig = {
@ -62,7 +65,9 @@
Kind = "macvlan"; Kind = "macvlan";
MACAddress = "3e:53:37:25:08:ef"; MACAddress = "3e:53:37:25:08:ef";
}; };
macvlanConfig = { Mode = "bridge"; }; macvlanConfig = {
Mode = "bridge";
};
}; };
}; };
systemd.network.networks = { systemd.network.networks = {
@ -76,8 +81,10 @@
}; };
lan-shim = { lan-shim = {
name = "lan-shim"; name = "lan-shim";
address = address = [
[ "10.42.69.100/24" "fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64" ]; "10.42.69.100/24"
"fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64"
];
dns = [ "10.42.69.2" ]; dns = [ "10.42.69.2" ];
domains = [ "icanttype.org" ]; domains = [ "icanttype.org" ];
gateway = [ "10.42.69.1" ]; gateway = [ "10.42.69.1" ];
@ -100,7 +107,10 @@
CONTAINERS = "1"; CONTAINERS = "1";
POST = "0"; POST = "0";
}; };
extraOptions = [ "--pull=newer" "--network=www" ]; extraOptions = [
"--pull=newer"
"--network=www"
];
}; };
swag = { swag = {
image = "lscr.io/linuxserver/swag:2.9.0-ls292"; image = "lscr.io/linuxserver/swag:2.9.0-ls292";
@ -112,8 +122,7 @@
SUBDOMAINS = "wildcard"; SUBDOMAINS = "wildcard";
DNSPLUGIN = "cloudflare"; DNSPLUGIN = "cloudflare";
DOCKER_HOST = "dockerproxy"; DOCKER_HOST = "dockerproxy";
DOCKER_MODS = DOCKER_MODS = "linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-proxy|linuxserver/mods:universal-docker|linuxserver/mods:universal-cloudflared";
"linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-proxy|linuxserver/mods:universal-docker|linuxserver/mods:universal-cloudflared";
CF_ZONE_ID = "4e68852334290a922718696a0986e75a"; CF_ZONE_ID = "4e68852334290a922718696a0986e75a";
CF_ACCOUNT_ID = "5c1c252b9d9a9af6ea3a5de8590f36fa"; CF_ACCOUNT_ID = "5c1c252b9d9a9af6ea3a5de8590f36fa";
CF_API_TOKEN = "mRfY8ubtFUxzVuehI6WFipSQFIcstCNds7RF5FTQ"; CF_API_TOKEN = "mRfY8ubtFUxzVuehI6WFipSQFIcstCNds7RF5FTQ";
@ -122,7 +131,10 @@
FILE__CF_TUNNEL_CONFIG = "/config/tunnelconfig.yml"; FILE__CF_TUNNEL_CONFIG = "/config/tunnelconfig.yml";
EMAIL = "cdombroski@gmail.com"; EMAIL = "cdombroski@gmail.com";
}; };
ports = [ "80:80" "443:443" ]; ports = [
"80:80"
"443:443"
];
extraOptions = [ extraOptions = [
"--pull=newer" "--pull=newer"
"--network=www" "--network=www"
@ -148,8 +160,14 @@
}; };
environmentFiles = [ config.sops.templates."docker.env".path ]; environmentFiles = [ config.sops.templates."docker.env".path ];
labels.swag = "enable"; labels.swag = "enable";
ports = [ "1900:1900/udp" "7359:7359/udp" ]; ports = [
extraOptions = [ "--pull=newer" "--network=www" ]; "1900:1900/udp"
"7359:7359/udp"
];
extraOptions = [
"--pull=newer"
"--network=www"
];
}; };
zwave-js-ui = { zwave-js-ui = {
image = "my-zwave-js-ui:latest"; image = "my-zwave-js-ui:latest";
@ -170,79 +188,133 @@
swag_url = "zwave.icanttype.org"; swag_url = "zwave.icanttype.org";
swag_port = "8091"; swag_port = "8091";
}; };
extraOptions = [ "--network=www" "--device=/dev/ttyACM0:/dev/zwave" ]; extraOptions = [
"--network=www"
"--device=/dev/ttyACM0:/dev/zwave"
];
}; };
homeassistant = { homeassistant = {
image = "lscr.io/linuxserver/homeassistant:latest"; image = "lscr.io/linuxserver/homeassistant:latest";
volumes = [ "homeassistant-config:/config" ]; volumes = [ "homeassistant-config:/config" ];
environment.TZ = "America/New_York"; environment.TZ = "America/New_York";
labels.swag = "enable"; labels.swag = "enable";
extraOptions = [ "--pull=newer" "--network=www" "--network=lan" ]; extraOptions = [
"--pull=newer"
"--network=www"
"--network=lan"
];
}; };
postgres = { postgres = {
image = "docker.io/library/postgres:15"; image = "docker.io/library/postgres:15";
volumes = [ "postgres-15:/var/lib/postgresql/data" ]; volumes = [ "postgres-15:/var/lib/postgresql/data" ];
extraOptions = [ "--pull=newer" "--network=www" ]; extraOptions = [
"--pull=newer"
"--network=www"
];
}; };
calibre = { calibre = {
image = "lscr.io/linuxserver/calibre:latest"; image = "lscr.io/linuxserver/calibre:latest";
volumes = [ "calibre-config:/config" "/video-data:/data" ]; volumes = [
"calibre-config:/config"
"/video-data:/data"
];
environment.TZ = "America/New_York"; environment.TZ = "America/New_York";
labels.swag = "enable"; labels.swag = "enable";
extraOptions = [ "--pull=newer" "--network=www" ]; extraOptions = [
"--pull=newer"
"--network=www"
];
}; };
calibre-web = { calibre-web = {
image = "lscr.io/linuxserver/calibre-web:latest"; image = "lscr.io/linuxserver/calibre-web:latest";
volumes = [ "calibre-web-config:/config" "/video-data:/data" ]; volumes = [
"calibre-web-config:/config"
"/video-data:/data"
];
environment.TZ = "America/New_York"; environment.TZ = "America/New_York";
labels.swag = "enable"; labels.swag = "enable";
extraOptions = [ "--pull=newer" "--network=www" ]; extraOptions = [
"--pull=newer"
"--network=www"
];
}; };
flaresolverr = { flaresolverr = {
image = "ghcr.io/flaresolverr/flaresolverr:latest"; image = "ghcr.io/flaresolverr/flaresolverr:latest";
environment.LOG_LEVEL = "info"; environment.LOG_LEVEL = "info";
extraOptions = [ "--pull=newer" "--network=www" ]; extraOptions = [
"--pull=newer"
"--network=www"
];
}; };
qbittorrent = { qbittorrent = {
image = "lscr.io/linuxserver/qbittorrent:latest"; image = "lscr.io/linuxserver/qbittorrent:latest";
volumes = volumes = [
[ "qbittorrent-config:/config" "/video-data/torrent:/data/torrent" ]; "qbittorrent-config:/config"
"/video-data/torrent:/data/torrent"
];
environment = { environment = {
TZ = "America/New_York"; TZ = "America/New_York";
UMASK_SET = "000"; UMASK_SET = "000";
DELUGE_LOGLEVEL = "error"; DELUGE_LOGLEVEL = "error";
}; };
labels.swag = "enable"; labels.swag = "enable";
ports = [ "34996:34996" "34996:34996/udp" ]; ports = [
extraOptions = [ "--pull=newer" "--network=www" ]; "34996:34996"
"34996:34996/udp"
];
extraOptions = [
"--pull=newer"
"--network=www"
];
}; };
prowlarr = { prowlarr = {
image = "lscr.io/linuxserver/prowlarr:latest"; image = "lscr.io/linuxserver/prowlarr:latest";
volumes = [ "prowlarr-config:/config" ]; volumes = [ "prowlarr-config:/config" ];
environment.TZ = "America/New_York"; environment.TZ = "America/New_York";
labels.swag = "enable"; labels.swag = "enable";
extraOptions = [ "--pull=newer" "--network=www" ]; extraOptions = [
"--pull=newer"
"--network=www"
];
}; };
readarr = { readarr = {
image = "lscr.io/linuxserver/readarr:develop"; image = "lscr.io/linuxserver/readarr:develop";
volumes = [ "readarr-config:/config" "/video-data:/data" ]; volumes = [
"readarr-config:/config"
"/video-data:/data"
];
environment.TZ = "America/New_York"; environment.TZ = "America/New_York";
labels.swag = "enable"; labels.swag = "enable";
extraOptions = [ "--pull=newer" "--network=www" ]; extraOptions = [
"--pull=newer"
"--network=www"
];
}; };
radarr = { radarr = {
image = "lscr.io/linuxserver/radarr:latest"; image = "lscr.io/linuxserver/radarr:latest";
volumes = [ "radarr-config:/config" "/video-data:/data" ]; volumes = [
"radarr-config:/config"
"/video-data:/data"
];
environment.TZ = "America/New_York"; environment.TZ = "America/New_York";
labels.swag = "enable"; labels.swag = "enable";
extraOptions = [ "--pull=newer" "--network=www" ]; extraOptions = [
"--pull=newer"
"--network=www"
];
}; };
sonarr = { sonarr = {
image = "lscr.io/linuxserver/sonarr:latest"; image = "lscr.io/linuxserver/sonarr:latest";
volumes = [ "sonarr-config:/config" "/video-data:/data" ]; volumes = [
"sonarr-config:/config"
"/video-data:/data"
];
environment.TZ = "America/New_York"; environment.TZ = "America/New_York";
labels.swag = "enable"; labels.swag = "enable";
extraOptions = [ "--pull=newer" "--network=www" ]; extraOptions = [
"--pull=newer"
"--network=www"
];
}; };
static = { static = {
image = "docker.io/library/nginx:alpine"; image = "docker.io/library/nginx:alpine";
@ -254,31 +326,55 @@
swag = "enable"; swag = "enable";
swag_url = "www.icanttype.org"; swag_url = "www.icanttype.org";
}; };
extraOptions = [ "--pull=newer" "--network=www" ]; extraOptions = [
"--pull=newer"
"--network=www"
];
}; };
forgejo = { forgejo = {
image = "codeberg.org/forgejo/forgejo:8"; image = "codeberg.org/forgejo/forgejo:8";
volumes = [ "forgejo-data:/data" "/etc/localtime:/etc/localtime:ro" ]; volumes = [
"forgejo-data:/data"
"/etc/localtime:/etc/localtime:ro"
];
labels = { labels = {
swag = "enable"; swag = "enable";
swag_url = "git.icanttype.org"; swag_url = "git.icanttype.org";
swag_port = "3000"; swag_port = "3000";
}; };
ports = [ "10022:22" ]; ports = [ "10022:22" ];
extraOptions = [ "--pull=newer" "--network=www" ]; extraOptions = [
"--pull=newer"
"--network=www"
];
}; };
docker_dind = { docker_dind = {
image = "docker.io/library/docker:dind"; image = "docker.io/library/docker:dind";
cmd = [ "dockerd" "-H" "tcp://0.0.0.0:2375" "--tls=false" ]; cmd = [
extraOptions = [ "--pull=newer" "--privileged" "--network=www" ]; "dockerd"
"-H"
"tcp://0.0.0.0:2375"
"--tls=false"
];
extraOptions = [
"--pull=newer"
"--privileged"
"--network=www"
];
}; };
runner = { runner = {
image = "code.forgejo.org/forgejo/runner:3.4.1"; image = "code.forgejo.org/forgejo/runner:3.4.1";
dependsOn = [ "docker_dind" ]; dependsOn = [ "docker_dind" ];
environment.DOCKER_HOST = "tcp://docker_dind:2375"; environment.DOCKER_HOST = "tcp://docker_dind:2375";
volumes = [ "forgejo-runner:/data" ]; volumes = [ "forgejo-runner:/data" ];
cmd = [ "forgejo-runner" "daemon" ]; cmd = [
extraOptions = [ "--pull=newer" "--network=www" ]; "forgejo-runner"
"daemon"
];
extraOptions = [
"--pull=newer"
"--network=www"
];
}; };
}; };
}; };
@ -287,8 +383,14 @@
allowedUDPPorts = [ 53 ]; allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ]; allowedTCPPorts = [ 53 ];
}; };
allowedUDPPorts = [ 137 138 ]; allowedUDPPorts = [
allowedTCPPorts = [ 139 445 ]; 137
138
];
allowedTCPPorts = [
139
445
];
}; };
users.users.nixremote = { users.users.nixremote = {
@ -312,7 +414,11 @@
persistence."/persist" = { persistence."/persist" = {
enableWarnings = false; enableWarnings = false;
hideMounts = true; hideMounts = true;
directories = [ "/srv/docker" "/tmp" "/etc/containers/networks" ]; directories = [
"/srv/docker"
"/tmp"
"/etc/containers/networks"
];
files = [ files = [
"/etc/machine-id" "/etc/machine-id"
"/etc/adjtime" "/etc/adjtime"
@ -371,4 +477,3 @@
system.stateVersion = "23.11"; # Did you read the comment? system.stateVersion = "23.11"; # Did you read the comment?
zramSwap.enable = true; zramSwap.enable = true;
} }

View file

@ -1,13 +1,23 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = boot.initrd.availableKernelModules = [
[ "ohci_pci" "ehci_pci" "sata_nv" "sd_mod" ]; "ohci_pci"
"ehci_pci"
"sata_nv"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@ -15,7 +25,10 @@
fileSystems."/" = { fileSystems."/" = {
device = "none"; device = "none";
fsType = "tmpfs"; fsType = "tmpfs";
options = [ "defaults" "mode=755" ]; options = [
"defaults"
"mode=755"
];
}; };
fileSystems."/persist" = { fileSystems."/persist" = {
@ -73,6 +86,5 @@
networking.useDHCP = lib.mkDefault false; networking.useDHCP = lib.mkDefault false;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
lib.mkDefault config.hardware.enableRedistributableFirmware;
} }