jahanson/mochi
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

reformat
All checks were successful
Build / nix-build (native-x86_64, telperion) (push) Successful in 2m13s
Details
Build / nix-build (native-x86_64, gandalf) (push) Successful in 3m23s
Details
Build / nix-build (native-x86_64, shadowfax) (push) Successful in 4m38s
Details

Browse source
This commit is contained in:
Joseph Hanson 2024-12-27 21:30:25 -06:00
parent ada913b9c0
commit 2b6d062d16
86 changed files with 1280 additions and 837 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.archive/home/modules/programs/de/default.nix
View file

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
imports = [ imports = [
./gnome ./gnome
]; ];

46
.archive/home/modules/programs/de/gnome/default.nix
View file

@ -1,10 +1,16 @@
# Adjusted manually from generated output of dconf2nix # Adjusted manually from generated output of dconf2nix
# https://github.com/gvolpe/dconf2nix # https://github.com/gvolpe/dconf2nix
{ lib, pkgs, osConfig, ... }: {
with lib.hm.gvariant; { lib,
pkgs,
osConfig,
...
}:
with lib.hm.gvariant;
{
config = lib.mkIf osConfig.mySystem.de.gnome.enable { config = lib.mkIf osConfig.mySystem.de.gnome.enable {
# add user packages # add user packages
home.packages = with pkgs; [ home.packages = with pkgs; [
dconf2nix dconf2nix
]; ];
@ -20,13 +26,39 @@ with lib.hm.gvariant; {
home = [ "<Super>e" ]; home = [ "<Super>e" ];
}; };
"org/gnome/desktop/wm/preferences" = { "org/gnome/desktop/wm/preferences" = {
workspace-names = [ "sys" "talk" "web" "edit" "run" ]; workspace-names = [
"sys"
"talk"
"web"
"edit"
"run"
];
button-layout = "appmenu:minimize,close"; button-layout = "appmenu:minimize,close";
}; };
"org/gnome/shell" = { "org/gnome/shell" = {
disabled-extensions = [ "apps-menu@gnome-shell-extensions.gcampax.github.com" "light-style@gnome-shell-extensions.gcampax.github.com" "places-menu@gnome-shell-extensions.gcampax.github.com" "drive-menu@gnome-shell-extensions.gcampax.github.com" "window-list@gnome-shell-extensions.gcampax.github.com" "workspace-indicator@gnome-shell-extensions.gcampax.github.com" ]; disabled-extensions = [
enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" "caffeine@patapon.info" "dash-to-dock@micxgx.gmail.com" "gsconnect@andyholmes.github.io" "Vitals@CoreCoding.com" "sp-tray@sp-tray.esenliyim.github.com" ]; "apps-menu@gnome-shell-extensions.gcampax.github.com"
favorite-apps = [ "com.mitchellh.ghostty.desktop" "vivaldi-stable.desktop" "obsidian.desktop" "code.desktop" "vesktop.desktop" ]; "light-style@gnome-shell-extensions.gcampax.github.com"
"places-menu@gnome-shell-extensions.gcampax.github.com"
"drive-menu@gnome-shell-extensions.gcampax.github.com"
"window-list@gnome-shell-extensions.gcampax.github.com"
"workspace-indicator@gnome-shell-extensions.gcampax.github.com"
];
enabled-extensions = [
"appindicatorsupport@rgcjonas.gmail.com"
"caffeine@patapon.info"
"dash-to-dock@micxgx.gmail.com"
"gsconnect@andyholmes.github.io"
"Vitals@CoreCoding.com"
"sp-tray@sp-tray.esenliyim.github.com"
];
favorite-apps = [
"com.mitchellh.ghostty.desktop"
"vivaldi-stable.desktop"
"obsidian.desktop"
"code.desktop"
"vesktop.desktop"
];
}; };
"org/gnome/nautilus/preferences" = { "org/gnome/nautilus/preferences" = {
default-folder-viewer = "list-view"; default-folder-viewer = "list-view";

47
.archive/hosts/durincore/default.nix
View file

@ -1,11 +1,17 @@
{ ... }: { { ... }:
{
config = { config = {
networking.hostId = "ad4380db"; networking.hostId = "ad4380db";
networking.hostName = "durincore"; networking.hostName = "durincore";
# Kernel mods # Kernel mods
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"sd_mod"
];
kernelModules = [ ]; kernelModules = [ ];
}; };
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
@ -13,31 +19,34 @@
}; };
fileSystems = { fileSystems = {
"/" = "/" = {
{ device = "rpool/root";
device = "rpool/root"; fsType = "zfs";
fsType = "zfs"; };
};
"/home" = "/home" = {
{ device = "rpool/home";
device = "rpool/home"; fsType = "zfs";
fsType = "zfs"; };
};
"/boot" = "/boot" = {
{ device = "/dev/disk/by-uuid/F1B9-CA7C";
device = "/dev/disk/by-uuid/F1B9-CA7C"; fsType = "vfat";
fsType = "vfat"; options = [
options = [ "fmask=0077" "dmask=0077" ]; "fmask=0077"
}; "dmask=0077"
];
};
}; };
swapDevices = [ ]; swapDevices = [ ];
# System settings and services. # System settings and services.
mySystem = { mySystem = {
system.motd.networkInterfaces = [ "enp0s31f6" "wlp4s0" ]; system.motd.networkInterfaces = [
"enp0s31f6"
"wlp4s0"
];
}; };
}; };

73
.archive/hosts/legiondary/default.nix
View file

@ -1,50 +1,56 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/installer/scan/not-detected.nix") ];
];
networking.hostId = "2132e3bf"; networking.hostId = "2132e3bf";
networking.hostName = "legiondary"; networking.hostName = "legiondary";
boot = { boot = {
initrd.availableKernelModules = [ "xhci_pci" "nvme" "ahci" "usb_storage" "usbhid" "sd_mod" ]; initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
initrd.kernelModules = [ ]; initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ]; extraModulePackages = [ ];
}; };
fileSystems = fileSystems = {
{ "/" = {
"/" = device = "zroot/root";
{ fsType = "zfs";
device = "zroot/root";
fsType = "zfs";
};
"/nix" =
{
device = "zroot/nix";
fsType = "zfs";
};
"/var" =
{
device = "zroot/var";
fsType = "zfs";
};
"/home" =
{
device = "zroot/home";
fsType = "zfs";
};
}; };
"/nix" = {
device = "zroot/nix";
fsType = "zfs";
};
"/var" = {
device = "zroot/var";
fsType = "zfs";
};
"/home" = {
device = "zroot/home";
fsType = "zfs";
};
};
# fileSystems."/boot" = # fileSystems."/boot" =
# { device = "/dev/disk/by-uuid/E532-B74A"; # { device = "/dev/disk/by-uuid/E532-B74A";
# fsType = "vfat"; # fsType = "vfat";
@ -58,6 +64,9 @@
# System settings and services. # System settings and services.
mySystem = { mySystem = {
purpose = "Development"; purpose = "Development";
system.motd.networkInterfaces = [ "eno1" "wlp4s0" ]; system.motd.networkInterfaces = [
"eno1"
"wlp4s0"
];
}; };
} }

28
.archive/modules/nixos/containers/lego-auto/default.nix
View file

@ -3,9 +3,9 @@ with lib;
let let
app = "lego-auto"; app = "lego-auto";
image = "ghcr.io/bjw-s/lego-auto:v0.3.0"; image = "ghcr.io/bjw-s/lego-auto:v0.3.0";
user = "999"; #string user = "999"; # string
group = "102"; #string group = "102"; # string
port = 9898; #int port = 9898; # int
cfg = config.mySystem.services.${app}; cfg = config.mySystem.services.${app};
appFolder = "/eru/containers/volumes/${app}"; appFolder = "/eru/containers/volumes/${app}";
in in
@ -43,16 +43,18 @@ in
extraOptions = [ extraOptions = [
"--dns=1.1.1.1" "--dns=1.1.1.1"
]; ];
environment = { environment =
TZ = "America/Chicago"; {
LA_DATADIR = "/cert"; TZ = "America/Chicago";
LA_CACHEDIR = "/cert/.cache"; LA_DATADIR = "/cert";
LA_EMAIL = cfg.email; LA_CACHEDIR = "/cert/.cache";
LA_DOMAINS = cfg.domains; LA_EMAIL = cfg.email;
LA_PROVIDER = cfg.provider; LA_DOMAINS = cfg.domains;
} // lib.optionalAttrs (cfg.provider == "dnsimple") { LA_PROVIDER = cfg.provider;
DNSIMPLE_OAUTH_TOKEN_FILE = "/config/dnsimple-token"; }
}; // lib.optionalAttrs (cfg.provider == "dnsimple") {
DNSIMPLE_OAUTH_TOKEN_FILE = "/config/dnsimple-token";
};
volumes = [ volumes = [
"${appFolder}/cert:/cert" "${appFolder}/cert:/cert"

9
.archive/modules/nixos/containers/unifi/default.nix
View file

@ -6,8 +6,8 @@ let
version = "8.4.62"; version = "8.4.62";
cfg = config.mySystem.services.${app}; cfg = config.mySystem.services.${app};
appFolder = "/eru/containers/volumes/${app}"; appFolder = "/eru/containers/volumes/${app}";
# persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
in in
# persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
{ {
options.mySystem.services.${app} = { options.mySystem.services.${app} = {
enable = mkEnableOption "${app}"; enable = mkEnableOption "${app}";
@ -19,7 +19,12 @@ in
allowedTCPPorts = [ 8443 ]; allowedTCPPorts = [ 8443 ];
}; };
podman0 = { podman0 = {
allowedTCPPorts = [ 8080 8443 8880 8843 ]; allowedTCPPorts = [
8080
8443
8880
8843
];
allowedUDPPorts = [ 3478 ]; allowedUDPPorts = [ 3478 ];
}; };
}; };

13
.archive/modules/nixos/de/kde.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.mySystem.de.kde; cfg = config.mySystem.de.kde;
flameshotOverride = pkgs.unstable.flameshot.override { enableWlrSupport = true; }; flameshotOverride = pkgs.unstable.flameshot.override { enableWlrSupport = true; };
@ -6,14 +11,15 @@ in
{ {
options = { options = {
mySystem.de.kde = { mySystem.de.kde = {
enable = lib.mkEnableOption "KDE" // { default = false; }; enable = lib.mkEnableOption "KDE" // {
default = false;
};
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# Ref: https://wiki.nixos.org/wiki/KDE # Ref: https://wiki.nixos.org/wiki/KDE
# KDE # KDE
services = { services = {
displayManager = { displayManager = {
@ -43,7 +49,6 @@ in
jack.enable = true; jack.enable = true;
}; };
# extra pkgs and extensions # extra pkgs and extensions
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [

7
.archive/modules/nixos/services/cockpit/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mySystem.services.cockpit; cfg = config.mySystem.services.cockpit;

7
.archive/modules/nixos/services/vault/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.mySystem.services.vault; cfg = config.mySystem.services.vault;
in in

5
.archive/profiles/disko-telchar.nix
View file

@ -40,7 +40,10 @@
"/home/user" = { }; "/home/user" = { };
# Parent is not mounted so the mountpoint must be set # Parent is not mounted so the mountpoint must be set
"/nix" = { "/nix" = {
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix"; mountpoint = "/nix";
}; };
}; };

9
.archive/profiles/hw-framework-16-7840hs.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
mySystem = { mySystem = {
security.wheelNeedsSudoPassword = false; security.wheelNeedsSudoPassword = false;
@ -16,7 +21,7 @@
}; };
}; };
# For updating firmware on the Framework. # For updating firmware on the Framework.
services.fwupd.enable = true; services.fwupd.enable = true;
networking = { networking = {

10
.archive/profiles/hw-legion-15arh05h.nix
View file

@ -10,7 +10,10 @@
boot = { boot = {
# for managing/mounting ntfs # for managing/mounting ntfs
supportedFilesystems = [ "ntfs" "nfs" ]; supportedFilesystems = [
"ntfs"
"nfs"
];
loader = { loader = {
grub = { grub = {
@ -18,7 +21,10 @@
zfsSupport = true; zfsSupport = true;
device = "nodev"; device = "nodev";
mirroredBoots = [ mirroredBoots = [
{ devices = [ "nodev" ]; path = "/boot"; } {
devices = [ "nodev" ];
path = "/boot";
}
]; ];
}; };
}; };

7
.archive/profiles/role-workstation.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
# Role for workstations # Role for workstations
# Covers desktops/laptops, expected to have a GUI and do workloads # Covers desktops/laptops, expected to have a GUI and do workloads
# Will have home-manager installs # Will have home-manager installs

93
flake.lock
View file

@ -237,24 +237,6 @@
"inputs": { "inputs": {
"systems": "systems_4" "systems": "systems_4"
}, },
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_5"
},
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
@ -269,9 +251,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_5": { "flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_6" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
@ -287,9 +269,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_6": { "flake-utils_5": {
"inputs": { "inputs": {
"systems": "systems_7" "systems": "systems_6"
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1681202837,
@ -670,25 +652,6 @@
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz" "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-2.tar.gz"
} }
}, },
"mise": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1735325928,
"narHash": "sha256-MfOIDwb6pMakn9eCulGrPwAMuL5qFOhwaEoFFeuv8cY=",
"owner": "jdx",
"repo": "mise",
"rev": "323a85b6f7632b906cb113a428519f2ba89197e7",
"type": "github"
},
"original": {
"owner": "jdx",
"repo": "mise",
"type": "github"
}
},
"mk-naked-shell": { "mk-naked-shell": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -757,7 +720,7 @@
"nix-minecraft": { "nix-minecraft": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-unstable"
] ]
@ -779,7 +742,7 @@
"nix-vscode-extensions": { "nix-vscode-extensions": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_4",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@ -891,22 +854,6 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1729980323,
"narHash": "sha256-eWPRZAlhf446bKSmzw6x7RWEE4IuZgAp8NW3eXZwRAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "86e78d3d2084ff87688da662cf78c2af085d8e73",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1735141468, "lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=", "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
@ -922,7 +869,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1734649271, "lastModified": 1734649271,
"narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=",
@ -938,7 +885,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1682134069, "lastModified": 1682134069,
"narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",
@ -977,7 +924,7 @@
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_3",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
@ -1111,12 +1058,11 @@
"hyprland-plugins": "hyprland-plugins", "hyprland-plugins": "hyprland-plugins",
"krewfile": "krewfile", "krewfile": "krewfile",
"lix-module": "lix-module", "lix-module": "lix-module",
"mise": "mise",
"nix-inspect": "nix-inspect", "nix-inspect": "nix-inspect",
"nix-minecraft": "nix-minecraft", "nix-minecraft": "nix-minecraft",
"nix-vscode-extensions": "nix-vscode-extensions", "nix-vscode-extensions": "nix-vscode-extensions",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nixvirt-git": "nixvirt-git", "nixvirt-git": "nixvirt-git",
"nur": "nur", "nur": "nur",
@ -1281,21 +1227,6 @@
"type": "github" "type": "github"
} }
}, },
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"talhelper": { "talhelper": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
@ -1362,8 +1293,8 @@
}, },
"vscode-server": { "vscode-server": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_6", "flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1729422940, "lastModified": 1729422940,

4
flake.nix
View file

@ -92,9 +92,6 @@
url = "github:hyprwm/hyprland-plugins"; url = "github:hyprwm/hyprland-plugins";
inputs.hyprland.follows = "hyprland"; inputs.hyprland.follows = "hyprland";
}; };
# Mise
mise.url = "github:jdx/mise";
}; };
outputs = outputs =
@ -110,7 +107,6 @@
lix-module, lix-module,
vscode-server, vscode-server,
krewfile, krewfile,
mise,
... ...
}@inputs: }@inputs:
let let

8
nixos/home/jahanson/global.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, inputs, ... }: {
pkgs,
config,
inputs,
...
}:
with config; with config;
{ {
imports = [ imports = [
@ -76,7 +81,6 @@ with config;
# filesystem tools # filesystem tools
gptfdisk # sgdisk gptfdisk # sgdisk
# system call monitoring # system call monitoring
strace # system call monitoring strace # system call monitoring
ltrace # library call monitoring ltrace # library call monitoring

3
nixos/home/modules/default.nix
View file

@ -1,4 +1,5 @@
{ lib, ... }: { { lib, ... }:
{
imports = [ imports = [
./shell ./shell

3
nixos/home/modules/programs/browsers/default.nix
View file

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
imports = [ imports = [
./firefox ./firefox
]; ];

47
nixos/home/modules/programs/browsers/firefox/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.myHome.programs.firefox; cfg = config.myHome.programs.firefox;
@ -6,27 +11,25 @@ in
{ {
options.myHome.programs.firefox.enable = mkEnableOption "Firefox"; options.myHome.programs.firefox.enable = mkEnableOption "Firefox";
config = mkIf cfg.enable config = mkIf cfg.enable {
{ programs.firefox = {
programs.firefox = { enable = true;
enable = true; package = pkgs.firefox.override {
package = pkgs.firefox.override extraPolicies = {
{ DontCheckDefaultBrowser = true;
extraPolicies = { DisablePocket = true;
DontCheckDefaultBrowser = true; # See nixpkgs' firefox/wrapper.nix to check which options you can use
DisablePocket = true; nativeMessagingHosts = [
# See nixpkgs' firefox/wrapper.nix to check which options you can use # Gnome shell native connector
nativeMessagingHosts = [ pkgs.gnome-browser-connector
# Gnome shell native connector # plasma connector
pkgs.gnome-browser-connector # plasma5Packages.plasma-browser-integration
# plasma connector ];
# plasma5Packages.plasma-browser-integration };
];
};
};
policies = import ./policies.nix;
profiles.default = import ./profile-default.nix { inherit pkgs; };
}; };
policies = import ./policies.nix;
profiles.default = import ./profile-default.nix { inherit pkgs; };
}; };
};
} }

3
nixos/home/modules/programs/default.nix
View file

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
imports = [ imports = [
./browsers ./browsers
./thunderbird ./thunderbird

7
nixos/home/modules/programs/thunderbird/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.myHome.programs.thunderbird; cfg = config.myHome.programs.thunderbird;

3
nixos/home/modules/security/default.nix
View file

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
imports = [ imports = [
./ssh ./ssh
]; ];

3
nixos/home/modules/security/ssh/default.nix
View file

@ -1,5 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
with lib; let with lib;
let
cfg = config.myHome.security.ssh; cfg = config.myHome.security.ssh;
in in
{ {

39
nixos/home/modules/shell/atuind/default.nix
View file

@ -1,5 +1,11 @@
{ config, pkgs, lib, ... }: {
with lib; let config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.myHome.shell.atuind; cfg = config.myHome.shell.atuind;
in in
{ {
@ -9,22 +15,21 @@ in
config = mkMerge [ config = mkMerge [
(mkIf cfg.enable { (mkIf cfg.enable {
systemd.user.services.atuind = systemd.user.services.atuind = {
{ Install = {
Install = { WantedBy = [ "default.target" ];
WantedBy = [ "default.target" ];
};
Unit = {
After = [ "network.target" ];
};
Service = {
Environment = "ATUIN_LOG=info";
ExecStart = "${pkgs.unstable.atuin}/bin/atuin daemon";
# Remove the socket file if the daemon is not running.
# Unexpected shutdowns may have left this file here.
ExecStartPre="/run/current-system/sw/bin/bash -c '! pgrep atuin && /run/current-system/sw/bin/rm -f ~/.local/share/atuin/atuin.sock'";
};
}; };
Unit = {
After = [ "network.target" ];
};
Service = {
Environment = "ATUIN_LOG=info";
ExecStart = "${pkgs.unstable.atuin}/bin/atuin daemon";
# Remove the socket file if the daemon is not running.
# Unexpected shutdowns may have left this file here.
ExecStartPre = "/run/current-system/sw/bin/bash -c '! pgrep atuin && /run/current-system/sw/bin/rm -f ~/.local/share/atuin/atuin.sock'";
};
};
}) })
]; ];
} }

3
nixos/home/modules/shell/default.nix
View file

@ -1,4 +1,5 @@
{ ... }: { { ... }:
{
imports = [ imports = [
./atuind ./atuind
./fish ./fish

3
nixos/home/modules/shell/fish/default.nix
View file

@ -96,6 +96,9 @@ in
set -gx SSH_ASKPASS_REQUIRE "prefer" # This is for git to use the ssh-askpass set -gx SSH_ASKPASS_REQUIRE "prefer" # This is for git to use the ssh-askpass
set -gx ATUIN_SYNC_ADDRESS "https://sh.hsn.dev" set -gx ATUIN_SYNC_ADDRESS "https://sh.hsn.dev"
# Mise https://mise.jdx.dev
mise activate fish | source
# One Password cli # One Password cli
if test -e ~/.config/op/plugins.sh if test -e ~/.config/op/plugins.sh
source ~/.config/op/plugins.sh source ~/.config/op/plugins.sh

7
nixos/home/modules/shell/git/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
let let
cfg = config.myHome.shell.git; cfg = config.myHome.shell.git;
in in

14
nixos/home/modules/shell/starship/default.nix
View file

@ -1,12 +1,16 @@
{ lib {
, config lib,
, ... config,
...
}: }:
with lib; let with lib;
let
cfg = config.myHome.shell.starship; cfg = config.myHome.shell.starship;
in in
{ {
options.myHome.shell.starship = { enable = mkEnableOption "starship"; }; options.myHome.shell.starship = {
enable = mkEnableOption "starship";
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.starship = { programs.starship = {

10
nixos/home/modules/shell/wezterm/default.nix
View file

@ -1,5 +1,11 @@
{ config, pkgs, lib, ... }: {
with lib; let config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.myHome.shell.wezterm; cfg = config.myHome.shell.wezterm;
in in
{ {

12
nixos/hosts/gandalf/config/sanoid.nix
View file

@ -14,22 +14,22 @@
}; };
datasets = { datasets = {
"eru/xen-backups" = { "eru/xen-backups" = {
useTemplate = ["production"]; useTemplate = [ "production" ];
}; };
"eru/hansonhive" = { "eru/hansonhive" = {
useTemplate = ["production"]; useTemplate = [ "production" ];
}; };
"eru/tm_joe" = { "eru/tm_joe" = {
useTemplate = ["production"]; useTemplate = [ "production" ];
}; };
"eru/tm_elisia" = { "eru/tm_elisia" = {
useTemplate = ["production"]; useTemplate = [ "production" ];
}; };
"eru/containers/volumes/xo-data" = { "eru/containers/volumes/xo-data" = {
useTemplate = ["production"]; useTemplate = [ "production" ];
}; };
"eru/containers/volumes/xo-redis-data" = { "eru/containers/volumes/xo-redis-data" = {
useTemplate = ["production"]; useTemplate = [ "production" ];
}; };
}; };
}; };

6
nixos/hosts/gandalf/default.nix
View file

@ -9,9 +9,9 @@
... ...
}: }:
# let # let
# sanoidConfig = import ./config/sanoid.nix { }; # sanoidConfig = import ./config/sanoid.nix { };
# disks = import ./config/disks.nix; # disks = import ./config/disks.nix;
# smartdDevices = map (device: { inherit device; }) disks; # smartdDevices = map (device: { inherit device; }) disks;
# in # in
{ {
imports = [ imports = [

9
nixos/hosts/shadowfax/config/disks.nix
View file

@ -1,15 +1,13 @@
[ [
# zroot # zroot
"/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E" "/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E"
"/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH314200DT2P0C"
"/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH3142017H2P0C"
"/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH314201AD2P0C"
"/dev/disk/by-id/nvme-SOLIDIGM_SSDPFKNU020TZ_PHEH314201E72P0C"
# nahar # nahar
"/dev/nvme0" # These are required to fix a smartctl bug I have yet to upgrade to a version that fixes it. "/dev/nvme0"
"/dev/nvme1" "/dev/nvme1"
"/dev/nvme2" "/dev/nvme2"
"/dev/nvme3" "/dev/nvme3"
"/dev/nvme4"
"/dev/nvme5"
# moria # moria
"/dev/disk/by-id/scsi-35000cca23bc8a504" "/dev/disk/by-id/scsi-35000cca23bc8a504"
"/dev/disk/by-id/scsi-35000cca23bd29918" "/dev/disk/by-id/scsi-35000cca23bd29918"
@ -31,5 +29,4 @@
"/dev/disk/by-id/scsi-35000cca0461810f8" "/dev/disk/by-id/scsi-35000cca0461810f8"
"/dev/disk/by-id/scsi-35000cca04618b930" "/dev/disk/by-id/scsi-35000cca04618b930"
"/dev/disk/by-id/scsi-35000cca04618cec4" "/dev/disk/by-id/scsi-35000cca04618cec4"
] ]

10
nixos/hosts/shadowfax/config/sanoid.nix
View file

@ -14,19 +14,19 @@
}; };
datasets = { datasets = {
"nahar/scrypted" = { "nahar/scrypted" = {
useTemplate = ["production"]; useTemplate = [ "production" ];
}; };
"nahar/containers/volumes/plex" = { "nahar/containers/volumes/plex" = {
useTemplate = ["production"]; useTemplate = [ "production" ];
}; };
"nahar/containers/volumes/scrypted" = { "nahar/containers/volumes/scrypted" = {
useTemplate = ["production"]; useTemplate = [ "production" ];
}; };
"nahar/containers/volumes/jellyfin" = { "nahar/containers/volumes/jellyfin" = {
useTemplate = ["production"]; useTemplate = [ "production" ];
}; };
"nahar/containers/volumes/scrutiny" = { "nahar/containers/volumes/scrutiny" = {
useTemplate = ["production"]; useTemplate = [ "production" ];
}; };
}; };
}; };

10
nixos/hosts/shadowfax/default.nix
View file

@ -47,10 +47,7 @@ in
nvidia-container-toolkit.enable = true; nvidia-container-toolkit.enable = true;
}; };
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [ ];
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
];
# Network settings # Network settings
networking = { networking = {
@ -187,7 +184,10 @@ in
scrutiny = { scrutiny = {
enable = true; enable = true;
devices = disks; devices = disks;
extraCapabilities = [ "SYS_RAWIO" ]; extraCapabilities = [
"SYS_RAWIO"
"SYS_ADMIN"
];
containerVolumeLocation = "/nahar/containers/volumes/scrutiny"; containerVolumeLocation = "/nahar/containers/volumes/scrutiny";
port = 8585; port = 8585;
}; };

46
nixos/hosts/telperion/config/bind.nix
View file

@ -1,27 +1,27 @@
{config, ...}: { config, ... }:
'' ''
include "${config.sops.secrets."bind/rndc-keys/externaldns".path}"; include "${config.sops.secrets."bind/rndc-keys/externaldns".path}";
acl trusted { acl trusted {
10.33.44.0/24; # LAN 10.33.44.0/24; # LAN
10.1.1.0/24; # Servers 10.1.1.0/24; # Servers
10.1.2.0/24; # Trusted 10.1.2.0/24; # Trusted
10.1.3.0/24; # IoT 10.1.3.0/24; # IoT
10.1.4.0/24; # Video 10.1.4.0/24; # Video
}; };
zone "jahanson.tech." { zone "jahanson.tech." {
type master; type master;
file "${config.sops.secrets."bind/zones/jahanson.tech".path}"; file "${config.sops.secrets."bind/zones/jahanson.tech".path}";
journal "${config.services.bind.directory}/db.jahanson.tech.jnl"; journal "${config.services.bind.directory}/db.jahanson.tech.jnl";
allow-transfer { allow-transfer {
key "externaldns"; key "externaldns";
};
update-policy {
grant externaldns zonesub ANY;
};
allow-query {
trusted;
};
}; };
update-policy { ''
grant externaldns zonesub ANY;
};
allow-query {
trusted;
};
};
''

90
nixos/hosts/telperion/config/haproxy.nix
View file

@ -1,53 +1,53 @@
{ ... }: { ... }:
'' ''
global global
log /dev/log local0 log /dev/log local0
log /dev/log local1 notice log /dev/log local1 notice
daemon daemon
defaults defaults
mode http mode http
log global log global
option httplog option httplog
option dontlognull option dontlognull
option http-server-close option http-server-close
option redispatch option redispatch
retries 3 retries 3
timeout http-request 10s timeout http-request 10s
timeout queue 20s timeout queue 20s
timeout connect 10s timeout connect 10s
timeout client 1h timeout client 1h
timeout server 1h timeout server 1h
timeout http-keep-alive 10s timeout http-keep-alive 10s
timeout check 10s timeout check 10s
frontend k8s_homelab_apiserver frontend k8s_homelab_apiserver
bind *:6443 bind *:6443
mode tcp mode tcp
option tcplog option tcplog
default_backend k8s_homelab_controlplane default_backend k8s_homelab_controlplane
frontend k8s_theshire_apiserver frontend k8s_theshire_apiserver
bind *:6444 bind *:6444
mode tcp mode tcp
option tcplog option tcplog
default_backend k8s_theshire_controlplane default_backend k8s_theshire_controlplane
backend k8s_homelab_controlplane backend k8s_homelab_controlplane
option httpchk GET /healthz option httpchk GET /healthz
http-check expect status 200 http-check expect status 200
mode tcp mode tcp
option ssl-hello-chk option ssl-hello-chk
balance roundrobin balance roundrobin
server shadowfax 10.1.1.61:6443 check server shadowfax 10.1.1.61:6443 check
backend k8s_theshire_controlplane backend k8s_theshire_controlplane
option httpchk GET /healthz option httpchk GET /healthz
http-check expect status 200 http-check expect status 200
mode tcp mode tcp
option ssl-hello-chk option ssl-hello-chk
balance roundrobin balance roundrobin
server bilbo 10.1.1.62:6443 check server bilbo 10.1.1.62:6443 check
server frodo 10.1.1.63:6443 check server frodo 10.1.1.63:6443 check
server sam 10.1.1.64:6443 check server sam 10.1.1.64:6443 check
'' ''

34
nixos/hosts/telperion/default.nix
View file

@ -1,18 +1,29 @@
# Do not modify this file! It was generated by `nixos-generate-config` # Do not modify this file! It was generated by `nixos-generate-config`
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/installer/scan/not-detected.nix") ];
];
networking.hostId = "ce196a02"; networking.hostId = "ce196a02";
networking.hostName = "telperion"; networking.hostName = "telperion";
boot = { boot = {
initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
initrd.kernelModules = [ ]; initrd.kernelModules = [ ];
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ]; extraModulePackages = [ ];
@ -69,7 +80,10 @@
mySystem = { mySystem = {
purpose = "Production"; purpose = "Production";
system = { system = {
motd.networkInterfaces = [ "enp2s0" "wlp3s0" ]; motd.networkInterfaces = [
"enp2s0"
"wlp3s0"
];
}; };
services = { services = {
@ -88,7 +102,11 @@
haproxy = { haproxy = {
enable = true; enable = true;
config = import ./config/haproxy.nix { inherit config; }; config = import ./config/haproxy.nix { inherit config; };
tcpPorts = [ 6443 6444 50000 ]; tcpPorts = [
6443
6444
50000
];
}; };
matchbox = { matchbox = {

4
nixos/hosts/varda/default.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }:
{
imports = [ ./resources/prune-backup.nix ]; imports = [ ./resources/prune-backup.nix ];
networking.hostId = "cdab8473"; networking.hostId = "cdab8473";
@ -22,7 +23,6 @@
swapDevices = [ ]; swapDevices = [ ];
# System settings and services. # System settings and services.
mySystem = { mySystem = {
purpose = "Production"; purpose = "Production";

4
nixos/hosts/varda/resources/prune-backup.nix
View file

@ -1,7 +1,9 @@
{ pkgs, ... }: { pkgs, ... }:
let let
cleanupScript = pkgs.writeShellScriptBin "cleanup-backups.sh" (builtins.readFile ./prune-backups.sh); cleanupScript = pkgs.writeShellScriptBin "cleanup-backups.sh" (
builtins.readFile ./prune-backups.sh
);
in in
{ {
systemd.timers.cleanup-backups = { systemd.timers.cleanup-backups = {

84
nixos/lib/default.nix
View file

@ -4,40 +4,60 @@ with lib;
rec { rec {
firstOrDefault = first: default: if first != null then first else default; firstOrDefault = first: default: if first != null then first else default;
existsOrDefault = x: set: default: if builtins.hasAttr x set then builtins.getAttr x set else default; existsOrDefault =
x: set: default:
if builtins.hasAttr x set then builtins.getAttr x set else default;
# main service builder # main service builder
mkService = options: ( mkService =
let options:
user = existsOrDefault "user" options "568"; (
group = existsOrDefault "group" options "568"; let
user = existsOrDefault "user" options "568";
group = existsOrDefault "group" options "568";
enableBackups = (lib.attrsets.hasAttrByPath [ "persistence" "folder" ] options) enableBackups =
&& (lib.attrsets.attrByPath [ "persistence" "enable" ] true options); (lib.attrsets.hasAttrByPath [ "persistence" "folder" ] options)
&& (lib.attrsets.attrByPath [ "persistence" "enable" ] true options);
# Security options for containers # Security options for containers
containerExtraOptions = lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "privileged" ] false options) [ "--privileged" ] containerExtraOptions =
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "readOnly" ] false options) [ "--read-only" ] lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "privileged" ] false options) [
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "tmpfs" ] false options) [ (map (folders: "--tmpfs=${folders}") tmpfsFolders) ] "--privileged"
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "noNewPrivileges" ] false options) [ "--security-opt=no-new-privileges" ] ]
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "dropAll" ] false options) [ "--cap-drop=ALL" ] ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "readOnly" ] false options) [
; "--read-only"
in ]
{ ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "tmpfs" ] false options) [
virtualisation.oci-containers.containers.${options.app} = mkIf options.container.enable { (map (folders: "--tmpfs=${folders}") tmpfsFolders)
image = "${options.container.image}"; ]
user = "${user}:${group}"; ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "noNewPrivileges" ] false options) [
environment = { "--security-opt=no-new-privileges"
TZ = options.timeZone; ]
} // options.container.env; ++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "dropAll" ] false options) [
environmentFiles = lib.attrsets.attrByPath [ "container" "envFiles" ] [ ] options; "--cap-drop=ALL"
volumes = [ "/etc/localtime:/etc/localtime:ro" ] ++ ];
lib.optionals (lib.attrsets.hasAttrByPath [ "container" "persistentFolderMount" ] options) [ in
"${options.persistence.folder}:${options.container.persistentFolderMount}:rw" {
] ++ lib.attrsets.attrByPath [ "container" "volumes" ] [ ] options; virtualisation.oci-containers.containers.${options.app} = mkIf options.container.enable {
extraOptions = containerExtraOptions; image = "${options.container.image}";
}; user = "${user}:${group}";
systemd.tmpfiles.rules = lib.optionals (lib.attrsets.hasAttrByPath [ "persistence" "folder" ] options) [ "d ${options.persistence.folder} 0750 ${user} ${group} -" ]; environment = {
} TZ = options.timeZone;
); } // options.container.env;
environmentFiles = lib.attrsets.attrByPath [ "container" "envFiles" ] [ ] options;
volumes =
[ "/etc/localtime:/etc/localtime:ro" ]
++ lib.optionals (lib.attrsets.hasAttrByPath [ "container" "persistentFolderMount" ] options) [
"${options.persistence.folder}:${options.container.persistentFolderMount}:rw"
]
++ lib.attrsets.attrByPath [ "container" "volumes" ] [ ] options;
extraOptions = containerExtraOptions;
};
systemd.tmpfiles.rules = lib.optionals (lib.attrsets.hasAttrByPath [
"persistence"
"folder"
] options) [ "d ${options.persistence.folder} 0750 ${user} ${group} -" ];
}
);
} }

4
nixos/modules/nixos/containers/jellyfin/default.nix
View file

@ -45,7 +45,9 @@ in
${pkgs.podman}/bin/podman run \ ${pkgs.podman}/bin/podman run \
--rm \ --rm \
--name=${app} \ --name=${app} \
--user="${toString config.users.users."${user}".uid}:${toString config.users.groups."${group}".gid}" \ --user="${toString config.users.users."${user}".uid}:${
toString config.users.groups."${group}".gid
}" \
--device='nvidia.com/gpu=all' \ --device='nvidia.com/gpu=all' \
--log-driver=journald \ --log-driver=journald \
--cidfile=/run/${app}.ctr-id \ --cidfile=/run/${app}.ctr-id \

7
nixos/modules/nixos/containers/plex/default.nix
View file

@ -51,7 +51,9 @@ in
--cidfile=/run/${app}.ctr-id \ --cidfile=/run/${app}.ctr-id \
--cgroups=no-conmon \ --cgroups=no-conmon \
--sdnotify=conmon \ --sdnotify=conmon \
--user="${toString config.users.users."${user}".uid}:${toString config.users.groups."${group}".gid}" \ --user="${toString config.users.users."${user}".uid}:${
toString config.users.groups."${group}".gid
}" \
--volume="${volumeLocation}:/config:rw" \ --volume="${volumeLocation}:/config:rw" \
--volume="/moria/media:/media:rw" \ --volume="/moria/media:/media:rw" \
--volume="tmpfs:/config/Library/Application Support/Plex Media Server/Logs:rw" \ --volume="tmpfs:/config/Library/Application Support/Plex Media Server/Logs:rw" \
@ -78,7 +80,7 @@ in
]; ];
}; };
sops.secrets ={ sops.secrets = {
"restic/plex/env" = { "restic/plex/env" = {
sopsFile = ./secrets.sops.yaml; sopsFile = ./secrets.sops.yaml;
owner = user; owner = user;
@ -155,6 +157,5 @@ in
# } # }
# ]; # ];
}; };
} }

3
nixos/modules/nixos/containers/scrutiny/default.nix
View file

@ -85,8 +85,7 @@ in
# using the --device and --cap-add flags # using the --device and --cap-add flags
extraOptions = extraOptions =
(map (disk: "--device=${toString disk}") cfg.devices) (map (disk: "--device=${toString disk}") cfg.devices)
++ ++ (map (cap: "--cap-add=${cap}") cfg.extraCapabilities);
(map (cap: "--cap-add=${cap}") cfg.extraCapabilities);
}; };
}; };
} }

2
nixos/modules/nixos/default.nix
View file

@ -57,7 +57,7 @@ with lib;
config = { config = {
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d ${config.mySystem.persistentFolder} 777 - - -" #The - disables automatic cleanup, so the file wont be removed after a period "d ${config.mySystem.persistentFolder} 777 - - -" # The - disables automatic cleanup, so the file wont be removed after a period
]; ];
}; };
} }

24
nixos/modules/nixos/editor/vim.nix
View file

@ -14,13 +14,21 @@ in
programs.vim.defaultEditor = true; programs.vim.defaultEditor = true;
# Visual mode off and syntax highlighting on # Visual mode off and syntax highlighting on
home-manager.users = mapAttrs home-manager.users =
(user: _: { mapAttrs
home.file.".vimrc".text = '' (user: _: {
set mouse-=a home.file.".vimrc".text = ''
syntax on set mouse-=a
''; syntax on
}) '';
(listToAttrs (map (u: { name = u; value = { }; }) users)); })
(
listToAttrs (
map (u: {
name = u;
value = { };
}) users
)
);
}; };
} }

15
nixos/modules/nixos/editor/vscode.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mySystem.editor.vscode; cfg = config.mySystem.editor.vscode;
@ -74,8 +79,12 @@ let
} }
]; ];
# Extract extension strings and coerce them to a list of valid attribute paths. # Extract extension strings and coerce them to a list of valid attribute paths.
vscodeCommunityExtensionsPackages = map (ext: getAttrFromPath (splitString "." ext) pkgs.vscode-marketplace) vscodeCommunityExtensions; vscodeCommunityExtensionsPackages = map (
nixpkgsExtensionsPackages = map (ext: getAttrFromPath (splitString "." ext) pkgs.vscode-extensions) vscodeNixpkgsExtensions; ext: getAttrFromPath (splitString "." ext) pkgs.vscode-marketplace
) vscodeCommunityExtensions;
nixpkgsExtensionsPackages = map (
ext: getAttrFromPath (splitString "." ext) pkgs.vscode-extensions
) vscodeNixpkgsExtensions;
marketplaceExtensionsPackages = pkgs.vscode-utils.extensionsFromVscodeMarketplace marketplaceExtensions; marketplaceExtensionsPackages = pkgs.vscode-utils.extensionsFromVscodeMarketplace marketplaceExtensions;
in in
{ {

7
nixos/modules/nixos/games/steam/steam.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.mySystem.games.steam; cfg = config.mySystem.games.steam;
in in

7
nixos/modules/nixos/hardware/nvidia/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mySystem.hardware.nvidia; cfg = config.mySystem.hardware.nvidia;

13
nixos/modules/nixos/lib.nix
View file

@ -88,10 +88,7 @@
else else
null; null;
remoteResticTemplate = remoteResticTemplate =
if builtins.hasAttr "remoteResticTemplate" options then if builtins.hasAttr "remoteResticTemplate" options then options.remoteResticTemplate else null;
options.remoteResticTemplate
else
null;
# 2:05 daily backup with 3h random delay # 2:05 daily backup with 3h random delay
timerConfig = { timerConfig = {
OnCalendar = "02:05"; OnCalendar = "02:05";
@ -125,7 +122,9 @@
inherit (options) user passwordFile environmentFile; inherit (options) user passwordFile environmentFile;
# Move the path to the zfs snapshot path # Move the path to the zfs snapshot path
paths = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.paths; paths = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.paths;
exclude = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.excludePaths; exclude = map (
x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}"
) options.excludePaths;
repository = "${options.localResticTemplate}"; repository = "${options.localResticTemplate}";
}; };
@ -142,7 +141,9 @@
paths = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.paths; paths = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.paths;
repository = remoteResticTemplate; repository = remoteResticTemplate;
repositoryFile = remoteResticTemplateFile; repositoryFile = remoteResticTemplateFile;
exclude = map (x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}") options.excludePaths; exclude = map (
x: "${config.mySystem.services.zfs-nightly-snap.mountPath}/${x}"
) options.excludePaths;
}; };
}; };
} }

16
nixos/modules/nixos/programs/shell/fish.nix
View file

@ -4,16 +4,14 @@ let
cfg = config.mySystem.shell.fish; cfg = config.mySystem.shell.fish;
in in
{ {
options.mySystem.shell.fish = options.mySystem.shell.fish = {
{ enable = mkEnableOption "Fish";
enable = mkEnableOption "Fish"; enablePlugins = mkOption {
enablePlugins = mkOption type = lib.types.bool;
{ description = "If we want to add fish plugins";
type = lib.types.bool; default = true;
description = "If we want to add fish plugins";
default = true;
};
}; };
};
# Install fish systemwide # Install fish systemwide
config.programs.fish = mkIf cfg.enable { config.programs.fish = mkIf cfg.enable {

3
nixos/modules/nixos/security/1password/default.nix
View file

@ -1,5 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
with lib; let with lib;
let
cfg = config.mySystem.security._1password; cfg = config.mySystem.security._1password;
user = "jahanson"; user = "jahanson";
in in

7
nixos/modules/nixos/services/bind/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mySystem.services.bind; cfg = config.mySystem.services.bind;

13
nixos/modules/nixos/services/dnsmasq/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mySystem.services.dnsmasq; cfg = config.mySystem.services.dnsmasq;
@ -25,7 +30,11 @@ in
networking.firewall = { networking.firewall = {
# dhcp ports | tftp port # dhcp ports | tftp port
allowedUDPPorts = [ 67 68 69 ]; # server/client/tftp allowedUDPPorts = [
67
68
69
]; # server/client/tftp
}; };
# Proxy DHCP for PXE booting. This leaves DHCP address allocation alone and dhcp clients # Proxy DHCP for PXE booting. This leaves DHCP address allocation alone and dhcp clients

11
nixos/modules/nixos/services/haproxy/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mySystem.services.haproxy; cfg = config.mySystem.services.haproxy;
@ -6,7 +11,9 @@ let
in in
{ {
options.mySystem.services.haproxy = { options.mySystem.services.haproxy = {
enable = mkEnableOption "haproxy" // { default = false; }; enable = mkEnableOption "haproxy" // {
default = false;
};
package = mkPackageOption pkgs "haproxy" { }; package = mkPackageOption pkgs "haproxy" { };
config = mkOption { config = mkOption {
type = types.str; type = types.str;

13
nixos/modules/nixos/services/libvirt-qemu/default.nix
View file

@ -1,4 +1,10 @@
{ lib, config, pkgs, inputs, ... }: {
lib,
config,
pkgs,
inputs,
...
}:
with lib; with lib;
let let
cfg = config.mySystem.services.libvirt-qemu; cfg = config.mySystem.services.libvirt-qemu;
@ -11,7 +17,10 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 16509 16514 ]; allowedTCPPorts = [
16509
16514
];
}; };
# Enable bind with domain configuration # Enable bind with domain configuration

7
nixos/modules/nixos/services/matchbox/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mySystem.services.matchbox; cfg = config.mySystem.services.matchbox;

10
nixos/modules/nixos/services/nginx/default.nix
View file

@ -52,8 +52,14 @@ in
}; };
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ 80 443 ]; allowedTCPPorts = [
allowedUDPPorts = [ 80 443 ]; 80
443
];
allowedUDPPorts = [
80
443
];
}; };
# required for using acme certs # required for using acme certs

82
nixos/modules/nixos/services/podman/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mySystem.services.podman; cfg = config.mySystem.services.podman;
@ -6,47 +11,46 @@ in
{ {
options.mySystem.services.podman.enable = mkEnableOption "Podman"; options.mySystem.services.podman.enable = mkEnableOption "Podman";
config = mkIf cfg.enable config = mkIf cfg.enable {
{ virtualisation.podman = {
virtualisation.podman = { enable = true;
enable = true;
dockerCompat = true; dockerCompat = true;
extraPackages = [ pkgs.zfs ]; extraPackages = [ pkgs.zfs ];
# regular cleanup # regular cleanup
autoPrune.enable = true; autoPrune.enable = true;
autoPrune.dates = "weekly"; autoPrune.dates = "weekly";
# and add dns # and add dns
defaultNetwork.settings = { defaultNetwork.settings = {
dns_enabled = false; dns_enabled = false;
};
};
virtualisation.oci-containers = {
backend = "podman";
};
environment.systemPackages = with pkgs; [
podman-tui # status of containers in the terminal
unstable.lazydocker
];
programs.fish.shellAliases = {
# lazydocker --> lazypodman
lazypodman = "sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker";
};
networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
# extra user for containers
users.groups.kah = { };
users.users = {
kah = {
uid = 568;
group = "kah";
};
jahanson.extraGroups = [ "kah" ];
}; };
}; };
virtualisation.oci-containers = {
backend = "podman";
};
environment.systemPackages = with pkgs; [
podman-tui # status of containers in the terminal
unstable.lazydocker
];
programs.fish.shellAliases = {
# lazydocker --> lazypodman
lazypodman = "sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker";
};
networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
# extra user for containers
users.groups.kah = { };
users.users = {
kah = {
uid = 568;
group = "kah";
};
jahanson.extraGroups = [ "kah" ];
};
};
} }

7
nixos/modules/nixos/services/sanoid/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mySystem.services.sanoid; cfg = config.mySystem.services.sanoid;

7
nixos/modules/nixos/system/borg/pikabackup/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.mySystem.system.borg.pika-backup; cfg = config.mySystem.system.borg.pika-backup;
user = "jahanson"; user = "jahanson";

16
nixos/modules/nixos/system/fingerprint-reader-on-laptop-lid/default.nix
View file

@ -12,7 +12,12 @@
# On Framework 16 the USB is: # On Framework 16 the USB is:
# Bus 005 Device 007: ID 27c6:609c Shenzhen Goodix Technology Co.,Ltd # Bus 005 Device 007: ID 27c6:609c Shenzhen Goodix Technology Co.,Ltd
# Use `findfp.sh` to find the correct USB device. # Use `findfp.sh` to find the correct USB device.
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.mySystem.system.fingerprint-reader-on-laptop-lid; cfg = config.mySystem.system.fingerprint-reader-on-laptop-lid;
laptop-lid = pkgs.writeShellScript "laptop-lid" '' laptop-lid = pkgs.writeShellScript "laptop-lid" ''
@ -79,8 +84,13 @@ in
systemd.services.fingerprint-laptop-lid = { systemd.services.fingerprint-laptop-lid = {
enable = true; enable = true;
description = "Disable fingerprint reader when laptop lid closes"; description = "Disable fingerprint reader when laptop lid closes";
serviceConfig = { ExecStart = "${laptop-lid}"; }; serviceConfig = {
wantedBy = [ "multi-user.target" "suspend.target" ]; ExecStart = "${laptop-lid}";
};
wantedBy = [
"multi-user.target"
"suspend.target"
];
after = [ "suspend.target" ]; after = [ "suspend.target" ];
}; };
}; };

7
nixos/modules/nixos/system/incus/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
cfg = config.mySystem.system.incus; cfg = config.mySystem.system.incus;
user = "jahanson"; user = "jahanson";

143
nixos/modules/nixos/system/motd/default.nix
View file

@ -1,77 +1,86 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
motd = pkgs.writeShellScriptBin "motd" motd = pkgs.writeShellScriptBin "motd" ''
'' #! /usr/bin/env bash
#! /usr/bin/env bash source /etc/os-release
source /etc/os-release service_status=$(systemctl list-units 'podman-*.service' 'plex.service' 'scrutiny.service' 'jellyfin.service' 'ollama.service' 'scrypted.service' | grep '\.service')
service_status=$(systemctl list-units | grep podman-) RED="\e[31m"
RED="\e[31m" GREEN="\e[32m"
GREEN="\e[32m" BOLD="\e[1m"
BOLD="\e[1m" ENDCOLOR="\e[0m"
ENDCOLOR="\e[0m" LOAD1=`cat /proc/loadavg | awk {'print $1'}`
LOAD1=`cat /proc/loadavg | awk {'print $1'}` LOAD5=`cat /proc/loadavg | awk {'print $2'}`
LOAD5=`cat /proc/loadavg | awk {'print $2'}` LOAD15=`cat /proc/loadavg | awk {'print $3'}`
LOAD15=`cat /proc/loadavg | awk {'print $3'}`
MEMORY=`free -m | awk 'NR==2{printf "%s/%sMB (%.2f%%)\n", $3,$2,$3*100 / $2 }'` MEMORY=`free -m | awk 'NR==2{printf "%s/%sMB (%.2f%%)\n", $3,$2,$3*100 / $2 }'`
# time of day # time of day
HOUR=$(date +"%H") HOUR=$(date +"%H")
if [ $HOUR -lt 12 -a $HOUR -ge 0 ] if [ $HOUR -lt 12 -a $HOUR -ge 0 ]
then TIME="morning" then TIME="morning"
elif [ $HOUR -lt 17 -a $HOUR -ge 12 ] elif [ $HOUR -lt 17 -a $HOUR -ge 12 ]
then TIME="afternoon" then TIME="afternoon"
else else
TIME="evening" TIME="evening"
fi fi
uptime=`cat /proc/uptime | cut -f1 -d.` uptime=`cat /proc/uptime | cut -f1 -d.`
upDays=$((uptime/60/60/24)) upDays=$((uptime/60/60/24))
upHours=$((uptime/60/60%24)) upHours=$((uptime/60/60%24))
upMins=$((uptime/60%60)) upMins=$((uptime/60%60))
upSecs=$((uptime%60)) upSecs=$((uptime%60))
figlet "$(hostname)" | lolcat -f figlet "$(hostname)" | lolcat -f
printf "$BOLD %-20s$ENDCOLOR %s\n" "Role:" "${config.mySystem.purpose}" printf "$BOLD %-20s$ENDCOLOR %s\n" "Role:" "${config.mySystem.purpose}"
printf "\n" printf "\n"
${lib.strings.concatStrings (lib.lists.forEach cfg.networkInterfaces (x: "printf \"$BOLD * %-20s$ENDCOLOR %s\\n\" \"IPv4 ${x}\" \"$(ip -4 addr show ${x} | grep -oP '(?<=inet\\s)\\d+(\\.\\d+){3}')\"\n"))} ${lib.strings.concatStrings (
printf "$BOLD * %-20s$ENDCOLOR %s\n" "Release" "$PRETTY_NAME" lib.lists.forEach cfg.networkInterfaces (
printf "$BOLD * %-20s$ENDCOLOR %s\n" "Kernel" "$(uname -rs)" x:
[ -f /var/run/reboot-required ] && printf "$RED * %-20s$ENDCOLOR %s\n" "A reboot is required" "printf \"$BOLD * %-20s$ENDCOLOR %s\\n\" \"IPv4 ${x}\" \"$(ip -4 addr show ${x} | grep -oP '(?<=inet\\s)\\d+(\\.\\d+){3}')\"\n"
printf "\n" )
printf "$BOLD * %-20s$ENDCOLOR %s\n" "CPU usage" "$LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min)" )}
printf "$BOLD * %-20s$ENDCOLOR %s\n" "Memory" "$MEMORY" printf "$BOLD * %-20s$ENDCOLOR %s\n" "Release" "$PRETTY_NAME"
printf "$BOLD * %-20s$ENDCOLOR %s\n" "System uptime" "$upDays days $upHours hours $upMins minutes $upSecs seconds" printf "$BOLD * %-20s$ENDCOLOR %s\n" "Kernel" "$(uname -rs)"
printf "\n" [ -f /var/run/reboot-required ] && printf "$RED * %-20s$ENDCOLOR %s\n" "A reboot is required"
if ! type "$zpool" &> /dev/null; then printf "\n"
printf "$BOLD Zpool status: $ENDCOLOR\n" printf "$BOLD * %-20s$ENDCOLOR %s\n" "CPU usage" "$LOAD1, $LOAD5, $LOAD15 (1, 5, 15 min)"
zpool status -x | sed -e 's/^/ /' printf "$BOLD * %-20s$ENDCOLOR %s\n" "Memory" "$MEMORY"
fi printf "$BOLD * %-20s$ENDCOLOR %s\n" "System uptime" "$upDays days $upHours hours $upMins minutes $upSecs seconds"
if ! type "$zpool" &> /dev/null; then printf "\n"
printf "$BOLD Zpool usage: $ENDCOLOR\n" if ! type "$zpool" &> /dev/null; then
zpool list -Ho name,cap,size | awk '{ printf("%-10s%+3s used out of %+5s\n", $1, $2, $3); }' | sed -e 's/^/ /' printf "$BOLD Zpool status: $ENDCOLOR\n"
fi zpool status -x | sed -e 's/^/ /'
printf "\n" fi
if ! type "$zpool" &> /dev/null; then
printf "$BOLD Zpool usage: $ENDCOLOR\n"
zpool list -Ho name,cap,size | awk '{ printf("%-10s%+3s used out of %+5s\n", $1, $2, $3); }' | sed -e 's/^/ /'
fi
printf "\n"
if [[ -n "$service_status" ]]; then if [[ -n "$service_status" ]]; then
printf "$BOLDService status$ENDCOLOR\n" printf "$BOLDService status$ENDCOLOR\n"
while IFS= read -r line; do while IFS= read -r line; do
if [[ $line =~ ".scope" ]]; then if [[ $line =~ ".scope" ]]; then
continue continue
fi fi
if echo "$line" | grep -q 'failed'; then if echo "$line" | grep -q 'failed'; then
service_name=$(echo $line | awk '{print $2;}' | sed 's/podman-//g') service_name=$(echo $line | awk '{print $2;}' | sed 's/podman-//g')
printf "$RED $ENDCOLOR%-50s $RED[failed]$ENDCOLOR\n" "$service_name" printf "$RED $ENDCOLOR%-50s $RED[failed]$ENDCOLOR\n" "$service_name"
elif echo "$line" | grep -q 'running'; then elif echo "$line" | grep -q 'running'; then
service_name=$(echo $line | awk '{print $1;}' | sed 's/podman-//g') service_name=$(echo $line | awk '{print $1;}' | sed 's/podman-//g')
printf "$GREEN $ENDCOLOR%-50s $GREEN[active]$ENDCOLOR\n" "$service_name" printf "$GREEN $ENDCOLOR%-50s $GREEN[active]$ENDCOLOR\n" "$service_name"
else else
echo "service status unknown" echo "service status unknown"
fi fi
done <<< "$service_status" done <<< "$service_status"
fi fi
''; '';
cfg = config.mySystem.system.motd; cfg = config.mySystem.system.motd;
in in
{ {

22
nixos/modules/nixos/system/nix.nix
View file

@ -5,22 +5,20 @@ let
in in
{ {
options.mySystem.nix = { options.mySystem.nix = {
autoOptimiseStore = mkOption autoOptimiseStore = mkOption {
{ type = lib.types.bool;
type = lib.types.bool; description = "If we want to auto optimise store";
description = "If we want to auto optimise store"; default = true;
default = true; };
};
gc = { gc = {
enable = mkEnableOption "automatic garbage collection" // { enable = mkEnableOption "automatic garbage collection" // {
default = true; default = true;
}; };
persistent = mkOption persistent = mkOption {
{ type = lib.types.bool;
type = lib.types.bool; description = "Persistent timer for gc, runs at startup if timer missed";
description = "Persistent timer for gc, runs at startup if timer missed"; default = true;
default = true; };
};
}; };
}; };

32
nixos/modules/nixos/system/openssh.nix
View file

@ -5,19 +5,25 @@ let
in in
{ {
options.mySystem.services.openssh = { options.mySystem.services.openssh = {
enable = mkEnableOption "openssh" // { default = true; }; enable = mkEnableOption "openssh" // {
passwordAuthentication = mkOption default = true;
{ };
type = lib.types.bool; passwordAuthentication = mkOption {
description = "If password can be accepted for ssh (commonly disable for security hardening)"; type = lib.types.bool;
default = false; description = "If password can be accepted for ssh (commonly disable for security hardening)";
}; default = false;
permitRootLogin = mkOption };
{ permitRootLogin = mkOption {
type = types.enum [ "yes" "without-password" "prohibit-password" "forced-commands-only" "no" ]; type = types.enum [
description = "If root can login via ssh (commonly disable for security hardening)"; "yes"
default = "prohibit-password"; "without-password"
}; "prohibit-password"
"forced-commands-only"
"no"
];
description = "If root can login via ssh (commonly disable for security hardening)";
default = "prohibit-password";
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {

27
nixos/modules/nixos/system/pushover/default.nix
View file

@ -1,26 +1,33 @@
{ lib {
, config lib,
, pkgs config,
, ... pkgs,
...
}: }:
with lib; with lib;
let let
cfg = config.mySystem.system.systemd.pushover-alerts; cfg = config.mySystem.system.systemd.pushover-alerts;
in in
{ {
options.mySystem.system.systemd.pushover-alerts.enable = mkEnableOption "Pushover alerts for systemd failures" // { default = true; }; options.mySystem.system.systemd.pushover-alerts.enable =
mkEnableOption "Pushover alerts for systemd failures"
// {
default = true;
};
options.systemd.services = mkOption { options.systemd.services = mkOption {
type = with types; attrsOf ( type =
submodule { with types;
attrsOf (submodule {
config.onFailure = [ "notify-pushover@%n.service" ]; config.onFailure = [ "notify-pushover@%n.service" ];
} });
);
}; };
config = { config = {
# Warn if backups are disable and machine isnt a dev box # Warn if backups are disable and machine isnt a dev box
warnings = [ warnings = [
(mkIf (!cfg.enable && config.mySystem.purpose != "Development") "WARNING: Pushover SystemD notifications are disabled!") (mkIf (
!cfg.enable && config.mySystem.purpose != "Development"
) "WARNING: Pushover SystemD notifications are disabled!")
]; ];
systemd.services."notify-pushover@" = mkIf cfg.enable { systemd.services."notify-pushover@" = mkIf cfg.enable {

45
nixos/modules/nixos/system/security.nix
View file

@ -18,28 +18,27 @@ in
}; };
}; };
config = config = {
{ security = {
security = { sudo.wheelNeedsPassword = cfg.wheelNeedsSudoPassword;
sudo.wheelNeedsPassword = cfg.wheelNeedsSudoPassword; # Don't bother with the lecture or the need to keep state about who's been lectured
# Don't bother with the lecture or the need to keep state about who's been lectured sudo.extraConfig = "Defaults lecture=\"never\"";
sudo.extraConfig = "Defaults lecture=\"never\""; pam.sshAgentAuth.enable = cfg.sshAgentAuth.enable;
pam.sshAgentAuth.enable = cfg.sshAgentAuth.enable; # Increase open file limit for sudoers
# Increase open file limit for sudoers pam.loginLimits = mkIf cfg.increaseWheelLoginLimits [
pam.loginLimits = mkIf cfg.increaseWheelLoginLimits [ {
{ domain = "@wheel";
domain = "@wheel"; item = "nofile";
item = "nofile"; type = "soft";
type = "soft"; value = "524288";
value = "524288"; }
} {
{ domain = "@wheel";
domain = "@wheel"; item = "nofile";
item = "nofile"; type = "hard";
type = "hard"; value = "1048576";
value = "1048576"; }
} ];
];
};
}; };
};
} }

64
nixos/modules/nixos/system/wifi_swap/default.nix
View file

@ -1,39 +1,45 @@
# turns off the wifi when the usb device 0bda:8156 is connected. # turns off the wifi when the usb device 0bda:8156 is connected.
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
let let
cfg = config.mySystem.framework_wifi_swap; cfg = config.mySystem.framework_wifi_swap;
wifiSwap = pkgs.writeShellScriptBin "wifi_swap" wifiSwap = pkgs.writeShellScriptBin "wifi_swap" ''
'' #! /usr/bin/env bash
#! /usr/bin/env bash # This script turns off the wifi and on when the usb device 0bda:8156 is connected or removed.
# This script turns off the wifi and on when the usb device 0bda:8156 is connected or removed. # It is useful when you want to use a wired connection instead of wifi.
# It is useful when you want to use a wired connection instead of wifi. # The script is run by udev when the usb device is connected.
# The script is run by udev when the usb device is connected. # The script is located at /run/current-system/sw/bin/wifi_swap
# The script is located at /run/current-system/sw/bin/wifi_swap # The udev rule is located at <nix-store>-extra-udev-rules/etc/udev/rules.d/99-local.rules
# The udev rule is located at <nix-store>-extra-udev-rules/etc/udev/rules.d/99-local.rules # The udev rule is:
# The udev rule is: # ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="8156", RUN+="/run/current-system/sw/bin/wifi_swap"
# ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0bda", ATTR{idProduct}=="8156", RUN+="/run/current-system/sw/bin/wifi_swap" # ACTION=="remove", SUBSYSTEM=="net", ENV{ID_USB_VENDOR_ID}=="0bda", ENV{ID_USB_MODEL_ID}=="8156", RUN+="/run/current-system/sw/bin/wifi_swap"
# ACTION=="remove", SUBSYSTEM=="net", ENV{ID_USB_VENDOR_ID}=="0bda", ENV{ID_USB_MODEL_ID}=="8156", RUN+="/run/current-system/sw/bin/wifi_swap" echo "wifi_swap ACTION: $ACTION" | systemd-cat -t wifi_swap
echo "wifi_swap ACTION: $ACTION" | systemd-cat -t wifi_swap # Case or switch for $ACTION
# Case or switch for $ACTION case $ACTION in
case $ACTION in add)
add) echo "Plugged in USB device 0bda:8156 (Realtek 2.5gbe). Turning Wi-Fi off." | systemd-cat -t wifi_swap
echo "Plugged in USB device 0bda:8156 (Realtek 2.5gbe). Turning Wi-Fi off." | systemd-cat -t wifi_swap ${pkgs.networkmanager.outPath}/bin/nmcli radio wifi off
${pkgs.networkmanager.outPath}/bin/nmcli radio wifi off ;;
;; remove)
remove) echo "unplugged in USB device 0bda:8156 (Realtek 2.5gbe) Turning Wi-Fi on." | systemd-cat -t wifi_swap
echo "unplugged in USB device 0bda:8156 (Realtek 2.5gbe) Turning Wi-Fi on." | systemd-cat -t wifi_swap ${pkgs.networkmanager.outPath}/bin/nmcli radio wifi on
${pkgs.networkmanager.outPath}/bin/nmcli radio wifi on ;;
;; *)
*) echo "Uknown ACTION: $ACTION" | systemd-cat -t wifi_swap
echo "Uknown ACTION: $ACTION" | systemd-cat -t wifi_swap ;;
;; esac
esac '';
'';
in in
{ {
options.mySystem.framework_wifi_swap = { options.mySystem.framework_wifi_swap = {
enable = mkEnableOption "framework_wifi_swap" // { default = false; }; enable = mkEnableOption "framework_wifi_swap" // {
default = false;
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Create bash script and add it to nix store # Create bash script and add it to nix store

10
nixos/modules/nixos/system/zfs.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.mySystem.system.zfs; cfg = config.mySystem.system.zfs;
in in
@ -25,7 +30,6 @@ with lib;
services.zfs = { services.zfs = {
autoScrub.enable = true; autoScrub.enable = true;
# Defaults to weekly and is a bit too regular for my NAS
autoScrub.interval = "weekly"; autoScrub.interval = "weekly";
trim.enable = true; trim.enable = true;
}; };
@ -34,7 +38,7 @@ with lib;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
busybox busybox
]; ];
services.zfs.zed.settings = { services.zfs.zed.settings = {
ZED_PUSHOVER_TOKEN = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-api-key.path})"; ZED_PUSHOVER_TOKEN = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-api-key.path})";
ZED_PUSHOVER_USER = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-user-key.path})"; ZED_PUSHOVER_USER = "$(${pkgs.busybox}/bin/cat ${config.sops.secrets.pushover-user-key.path})";

5
nixos/overlays/charm-mods/default.nix
View file

@ -62,7 +62,10 @@ buildGoModule rec {
description = "AI on the command line"; description = "AI on the command line";
homepage = "https://github.com/charmbracelet/mods"; homepage = "https://github.com/charmbracelet/mods";
license = licenses.mit; license = licenses.mit;
maintainers = with maintainers; [ dit7ya caarlos0 ]; maintainers = with maintainers; [
dit7ya
caarlos0
];
mainProgram = "mods"; mainProgram = "mods";
}; };
} }

53
nixos/overlays/coder/default.nix
View file

@ -1,12 +1,13 @@
{ lib {
, channel ? "stable" lib,
, fetchurl channel ? "stable",
, installShellFiles fetchurl,
, makeBinaryWrapper installShellFiles,
, terraform makeBinaryWrapper,
, stdenvNoCC terraform,
, unzip stdenvNoCC,
, nixosTests unzip,
nixosTests,
}: }:
let let
@ -41,19 +42,23 @@ stdenvNoCC.mkDerivation (finalAttrs: {
url = url =
let let
systemName = { systemName =
x86_64-linux = "linux_amd64"; {
aarch64-linux = "linux_arm64"; x86_64-linux = "linux_amd64";
x86_64-darwin = "darwin_amd64"; aarch64-linux = "linux_arm64";
aarch64-darwin = "darwin_arm64"; x86_64-darwin = "darwin_amd64";
}.${system}; aarch64-darwin = "darwin_arm64";
}
.${system};
ext = { ext =
x86_64-linux = "tar.gz"; {
aarch64-linux = "tar.gz"; x86_64-linux = "tar.gz";
x86_64-darwin = "zip"; aarch64-linux = "tar.gz";
aarch64-darwin = "zip"; x86_64-darwin = "zip";
}.${system}; aarch64-darwin = "zip";
}
.${system};
in in
"https://github.com/coder/coder/releases/download/v${finalAttrs.version}/coder_${finalAttrs.version}_${systemName}.${ext}"; "https://github.com/coder/coder/releases/download/v${finalAttrs.version}/coder_${finalAttrs.version}_${systemName}.${ext}";
}; };
@ -96,7 +101,11 @@ stdenvNoCC.mkDerivation (finalAttrs: {
homepage = "https://coder.com"; homepage = "https://coder.com";
license = lib.licenses.agpl3Only; license = lib.licenses.agpl3Only;
mainProgram = "coder"; mainProgram = "coder";
maintainers = with lib.maintainers; [ ghuntley kylecarbs urandom ]; maintainers = with lib.maintainers; [
ghuntley
kylecarbs
urandom
];
}; };
passthru = { passthru = {

22
nixos/overlays/default.nix
View file

@ -19,16 +19,22 @@ in
# The unstable nixpkgs set (declared in the flake inputs) will # The unstable nixpkgs set (declared in the flake inputs) will
# be accessible through 'pkgs.unstable' # be accessible through 'pkgs.unstable'
unstable-packages = final: prev: { unstable-packages = final: prev: {
unstable = import inputs.nixpkgs-unstable unstable =
{ import inputs.nixpkgs-unstable {
inherit (final) system; inherit (final) system;
config.allowUnfree = true; config.allowUnfree = true;
} // { }
# Add talosctl to the unstable set // {
talosctl = final.unstable.callPackage ./talosctl { # Add talosctl to the unstable set
inherit (final.unstable) lib buildGoModule fetchFromGitHub installShellFiles; talosctl = final.unstable.callPackage ./talosctl {
inherit (final.unstable)
lib
buildGoModule
fetchFromGitHub
installShellFiles
;
};
xpipe = final.unstable.callPackage ./xpipe/ptb.nix { };
}; };
xpipe = final.unstable.callPackage ./xpipe/ptb.nix {};
};
}; };
} }

18
nixos/overlays/talosctl/default.nix
View file

@ -1,4 +1,10 @@
{ lib, buildGoModule, fetchFromGitHub, installShellFiles, git }: {
lib,
buildGoModule,
fetchFromGitHub,
installShellFiles,
git,
}:
buildGoModule rec { buildGoModule rec {
pname = "talosctl"; pname = "talosctl";
@ -13,7 +19,10 @@ buildGoModule rec {
vendorHash = "sha256-XvOMNyiHnemqnbOzWmzZXkr3+/ZgJDg8vjCtWFkCtLs="; vendorHash = "sha256-XvOMNyiHnemqnbOzWmzZXkr3+/ZgJDg8vjCtWFkCtLs=";
ldflags = [ "-s" "-w" ]; ldflags = [
"-s"
"-w"
];
subPackages = [ "cmd/talosctl" ]; subPackages = [ "cmd/talosctl" ];
@ -33,7 +42,10 @@ buildGoModule rec {
export GOFLAGS="-mod=vendor" export GOFLAGS="-mod=vendor"
''; '';
nativeBuildInputs = [ installShellFiles git ]; nativeBuildInputs = [
installShellFiles
git
];
postInstall = '' postInstall = ''
installShellCompletion --cmd talosctl \ installShellCompletion --cmd talosctl \

37
nixos/overlays/termius/default.nix
View file

@ -1,15 +1,16 @@
{ autoPatchelfHook {
, squashfsTools autoPatchelfHook,
, alsa-lib squashfsTools,
, fetchurl alsa-lib,
, makeDesktopItem fetchurl,
, makeWrapper makeDesktopItem,
, stdenv makeWrapper,
, lib stdenv,
, libsecret lib,
, mesa libsecret,
, udev mesa,
, wrapGAppsHook3 udev,
wrapGAppsHook3,
}: }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
@ -45,7 +46,12 @@ stdenv.mkDerivation rec {
dontWrapGApps = true; dontWrapGApps = true;
# TODO: migrate off autoPatchelfHook and use nixpkgs' electron # TODO: migrate off autoPatchelfHook and use nixpkgs' electron
nativeBuildInputs = [ autoPatchelfHook squashfsTools makeWrapper wrapGAppsHook3 ]; nativeBuildInputs = [
autoPatchelfHook
squashfsTools
makeWrapper
wrapGAppsHook3
];
buildInputs = [ buildInputs = [
alsa-lib alsa-lib
@ -89,7 +95,10 @@ stdenv.mkDerivation rec {
downloadPage = "https://termius.com/linux/"; downloadPage = "https://termius.com/linux/";
sourceProvenance = with sourceTypes; [ binaryNativeCode ]; sourceProvenance = with sourceTypes; [ binaryNativeCode ];
license = licenses.unfree; license = licenses.unfree;
maintainers = with maintainers; [ Br1ght0ne th0rgal ]; maintainers = with maintainers; [
Br1ght0ne
th0rgal
];
platforms = [ "x86_64-linux" ]; platforms = [ "x86_64-linux" ];
mainProgram = "termius-app"; mainProgram = "termius-app";
}; };

301
nixos/overlays/vivaldi/default.nix
View file

@ -1,42 +1,92 @@
{ lib, stdenv, fetchurl, zlib, libX11, libXext, libSM, libICE, libxkbcommon, libxshmfence {
, libXfixes, libXt, libXi, libXcursor, libXScrnSaver, libXcomposite, libXdamage, libXtst, libXrandr lib,
, alsa-lib, dbus, cups, libexif, ffmpeg, systemd, libva, libGL stdenv,
, freetype, fontconfig, libXft, libXrender, libxcb, expat fetchurl,
, libuuid zlib,
, libxml2 libX11,
, glib, gtk3, pango, gdk-pixbuf, cairo, atk, at-spi2-atk, at-spi2-core libXext,
, qt5 libSM,
, libdrm, mesa libICE,
, vulkan-loader libxkbcommon,
, nss, nspr libxshmfence,
, patchelf, makeWrapper libXfixes,
, wayland, pipewire libXt,
, isSnapshot ? false libXi,
, proprietaryCodecs ? false, vivaldi-ffmpeg-codecs ? null libXcursor,
, enableWidevine ? false, widevine-cdm ? null libXScrnSaver,
, commandLineArgs ? "" libXcomposite,
, pulseSupport ? stdenv.isLinux, libpulseaudio libXdamage,
, kerberosSupport ? true, libkrb5 libXtst,
libXrandr,
alsa-lib,
dbus,
cups,
libexif,
ffmpeg,
systemd,
libva,
libGL,
freetype,
fontconfig,
libXft,
libXrender,
libxcb,
expat,
libuuid,
libxml2,
glib,
gtk3,
pango,
gdk-pixbuf,
cairo,
atk,
at-spi2-atk,
at-spi2-core,
qt5,
libdrm,
mesa,
vulkan-loader,
nss,
nspr,
patchelf,
makeWrapper,
wayland,
pipewire,
isSnapshot ? false,
proprietaryCodecs ? false,
vivaldi-ffmpeg-codecs ? null,
enableWidevine ? false,
widevine-cdm ? null,
commandLineArgs ? "",
pulseSupport ? stdenv.isLinux,
libpulseaudio,
kerberosSupport ? true,
libkrb5,
}: }:
let let
branch = if isSnapshot then "snapshot" else "stable"; branch = if isSnapshot then "snapshot" else "stable";
vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi"; vivaldiName = if isSnapshot then "vivaldi-snapshot" else "vivaldi";
in stdenv.mkDerivation rec { in
stdenv.mkDerivation rec {
pname = "vivaldi"; pname = "vivaldi";
version = "6.9.3447.37"; version = "6.9.3447.37";
suffix = { suffix =
aarch64-linux = "arm64"; {
x86_64-linux = "amd64"; aarch64-linux = "arm64";
}.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); x86_64-linux = "amd64";
}
.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
src = fetchurl { src = fetchurl {
url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}-1_${suffix}.deb"; url = "https://downloads.vivaldi.com/${branch}/vivaldi-${branch}_${version}-1_${suffix}.deb";
hash = { hash =
aarch64-linux = "sha256-kYTnWad/jrJt9z+AhjXzHYxVSIwIIO3RKD7szuPEg2s="; {
x86_64-linux = "sha256-+h7SHci8gZ+epKFHD0PiXyME2xT+loD2KXpJGFCfIFg="; aarch64-linux = "sha256-kYTnWad/jrJt9z+AhjXzHYxVSIwIIO3RKD7szuPEg2s=";
}.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); x86_64-linux = "sha256-+h7SHci8gZ+epKFHD0PiXyME2xT+loD2KXpJGFCfIFg=";
}
.${stdenv.hostPlatform.system} or (throw "Unsupported system: ${stdenv.hostPlatform.system}");
}; };
unpackPhase = '' unpackPhase = ''
@ -44,92 +94,151 @@ in stdenv.mkDerivation rec {
tar -xvf data.tar.xz tar -xvf data.tar.xz
''; '';
nativeBuildInputs = [ patchelf makeWrapper ]; nativeBuildInputs = [
patchelf
makeWrapper
];
dontWrapQtApps = true; dontWrapQtApps = true;
buildInputs = [ buildInputs =
stdenv.cc.cc stdenv.cc.libc zlib libX11 libXt libXext libSM libICE libxcb libxkbcommon libxshmfence [
libXi libXft libXcursor libXfixes libXScrnSaver libXcomposite libXdamage libXtst libXrandr stdenv.cc.cc
atk at-spi2-atk at-spi2-core alsa-lib dbus cups gtk3 gdk-pixbuf libexif ffmpeg systemd libva stdenv.cc.libc
qt5.qtbase zlib
freetype fontconfig libXrender libuuid expat glib nss nspr libGL libX11
libxml2 pango cairo libXt
libdrm mesa vulkan-loader libXext
wayland pipewire libSM
] ++ lib.optional proprietaryCodecs vivaldi-ffmpeg-codecs libICE
libxcb
libxkbcommon
libxshmfence
libXi
libXft
libXcursor
libXfixes
libXScrnSaver
libXcomposite
libXdamage
libXtst
libXrandr
atk
at-spi2-atk
at-spi2-core
alsa-lib
dbus
cups
gtk3
gdk-pixbuf
libexif
ffmpeg
systemd
libva
qt5.qtbase
freetype
fontconfig
libXrender
libuuid
expat
glib
nss
nspr
libGL
libxml2
pango
cairo
libdrm
mesa
vulkan-loader
wayland
pipewire
]
++ lib.optional proprietaryCodecs vivaldi-ffmpeg-codecs
++ lib.optional pulseSupport libpulseaudio ++ lib.optional pulseSupport libpulseaudio
++ lib.optional kerberosSupport libkrb5; ++ lib.optional kerberosSupport libkrb5;
libPath = lib.makeLibraryPath buildInputs libPath =
+ lib.optionalString (stdenv.is64bit) lib.makeLibraryPath buildInputs
(":" + lib.makeSearchPathOutput "lib" "lib64" buildInputs) + lib.optionalString (stdenv.is64bit) (":" + lib.makeSearchPathOutput "lib" "lib64" buildInputs)
+ ":$out/opt/${vivaldiName}/lib"; + ":$out/opt/${vivaldiName}/lib";
buildPhase = '' buildPhase =
runHook preBuild ''
echo "Patching Vivaldi binaries" runHook preBuild
for f in chrome_crashpad_handler vivaldi-bin vivaldi-sandbox ; do echo "Patching Vivaldi binaries"
patchelf \ for f in chrome_crashpad_handler vivaldi-bin vivaldi-sandbox ; do
--set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \ patchelf \
--set-rpath "${libPath}" \ --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
opt/${vivaldiName}/$f --set-rpath "${libPath}" \
done opt/${vivaldiName}/$f
done
for f in libGLESv2.so libqt5_shim.so ; do for f in libGLESv2.so libqt5_shim.so ; do
patchelf --set-rpath "${libPath}" opt/${vivaldiName}/$f patchelf --set-rpath "${libPath}" opt/${vivaldiName}/$f
done done
'' + lib.optionalString proprietaryCodecs '' ''
ln -s ${vivaldi-ffmpeg-codecs}/lib/libffmpeg.so opt/${vivaldiName}/libffmpeg.so.''${version%\.*\.*} + lib.optionalString proprietaryCodecs ''
'' + '' ln -s ${vivaldi-ffmpeg-codecs}/lib/libffmpeg.so opt/${vivaldiName}/libffmpeg.so.''${version%\.*\.*}
echo "Finished patching Vivaldi binaries" ''
runHook postBuild + ''
''; echo "Finished patching Vivaldi binaries"
runHook postBuild
'';
dontPatchELF = true; dontPatchELF = true;
dontStrip = true; dontStrip = true;
installPhase = '' installPhase =
runHook preInstall ''
mkdir -p "$out" runHook preInstall
cp -r opt "$out" mkdir -p "$out"
mkdir "$out/bin" cp -r opt "$out"
ln -s "$out/opt/${vivaldiName}/${vivaldiName}" "$out/bin/vivaldi" mkdir "$out/bin"
mkdir -p "$out/share" ln -s "$out/opt/${vivaldiName}/${vivaldiName}" "$out/bin/vivaldi"
cp -r usr/share/{applications,xfce4} "$out"/share mkdir -p "$out/share"
substituteInPlace "$out"/share/applications/*.desktop \ cp -r usr/share/{applications,xfce4} "$out"/share
--replace /usr/bin/${vivaldiName} "$out"/bin/vivaldi substituteInPlace "$out"/share/applications/*.desktop \
substituteInPlace "$out"/share/applications/*.desktop \ --replace /usr/bin/${vivaldiName} "$out"/bin/vivaldi
--replace vivaldi-stable vivaldi substituteInPlace "$out"/share/applications/*.desktop \
local d --replace vivaldi-stable vivaldi
for d in 16 22 24 32 48 64 128 256; do local d
mkdir -p "$out"/share/icons/hicolor/''${d}x''${d}/apps for d in 16 22 24 32 48 64 128 256; do
ln -s \ mkdir -p "$out"/share/icons/hicolor/''${d}x''${d}/apps
"$out"/opt/${vivaldiName}/product_logo_''${d}.png \ ln -s \
"$out"/share/icons/hicolor/''${d}x''${d}/apps/vivaldi.png "$out"/opt/${vivaldiName}/product_logo_''${d}.png \
done "$out"/share/icons/hicolor/''${d}x''${d}/apps/vivaldi.png
wrapProgram "$out/bin/vivaldi" \ done
--add-flags ${lib.escapeShellArg commandLineArgs} \ wrapProgram "$out/bin/vivaldi" \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ --add-flags ${lib.escapeShellArg commandLineArgs} \
--set-default FONTCONFIG_FILE "${fontconfig.out}/etc/fonts/fonts.conf" \ --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
--set-default FONTCONFIG_PATH "${fontconfig.out}/etc/fonts" \ --set-default FONTCONFIG_FILE "${fontconfig.out}/etc/fonts/fonts.conf" \
--suffix XDG_DATA_DIRS : ${gtk3}/share/gsettings-schemas/${gtk3.name}/ \ --set-default FONTCONFIG_PATH "${fontconfig.out}/etc/fonts" \
${lib.optionalString enableWidevine "--suffix LD_LIBRARY_PATH : ${libPath}"} --suffix XDG_DATA_DIRS : ${gtk3}/share/gsettings-schemas/${gtk3.name}/ \
'' + lib.optionalString enableWidevine '' ${lib.optionalString enableWidevine "--suffix LD_LIBRARY_PATH : ${libPath}"}
ln -sf ${widevine-cdm}/share/google/chrome/WidevineCdm $out/opt/${vivaldiName}/WidevineCdm ''
'' + '' + lib.optionalString enableWidevine ''
runHook postInstall ln -sf ${widevine-cdm}/share/google/chrome/WidevineCdm $out/opt/${vivaldiName}/WidevineCdm
''; ''
+ ''
runHook postInstall
'';
passthru.updateScript = ./update-vivaldi.sh; passthru.updateScript = ./update-vivaldi.sh;
meta = with lib; { meta = with lib; {
description = "Browser for our Friends, powerful and personal"; description = "Browser for our Friends, powerful and personal";
homepage = "https://vivaldi.com"; homepage = "https://vivaldi.com";
license = licenses.unfree; license = licenses.unfree;
sourceProvenance = with sourceTypes; [ binaryNativeCode ]; sourceProvenance = with sourceTypes; [ binaryNativeCode ];
mainProgram = "vivaldi"; mainProgram = "vivaldi";
maintainers = with maintainers; [ otwieracz badmutex ]; maintainers = with maintainers; [
platforms = [ "x86_64-linux" "aarch64-linux" ]; otwieracz
badmutex
];
platforms = [
"x86_64-linux"
"aarch64-linux"
];
}; };
} }

19
nixos/overlays/vivaldi/ffmpeg-codecs.nix
View file

@ -1,4 +1,9 @@
{ squashfsTools, fetchurl, lib, stdenv }: {
squashfsTools,
fetchurl,
lib,
stdenv,
}:
# This derivation roughly follows the update-ffmpeg script that ships with the official Vivaldi # This derivation roughly follows the update-ffmpeg script that ships with the official Vivaldi
# downloads at https://vivaldi.com/download/ # downloads at https://vivaldi.com/download/
@ -23,10 +28,14 @@ stdenv.mkDerivation rec {
meta = with lib; { meta = with lib; {
description = "Additional support for proprietary codecs for Vivaldi"; description = "Additional support for proprietary codecs for Vivaldi";
homepage = "https://ffmpeg.org/"; homepage = "https://ffmpeg.org/";
sourceProvenance = with sourceTypes; [ binaryNativeCode ]; sourceProvenance = with sourceTypes; [ binaryNativeCode ];
license = licenses.lgpl21; license = licenses.lgpl21;
maintainers = with maintainers; [ betaboon cawilliamson fptje ]; maintainers = with maintainers; [
platforms = [ "x86_64-linux" ]; betaboon
cawilliamson
fptje
];
platforms = [ "x86_64-linux" ];
}; };
} }

140
nixos/overlays/xpipe/ptb.nix
View file

@ -1,48 +1,54 @@
{ stdenvNoCC {
, lib stdenvNoCC,
, fetchzip lib,
, makeDesktopItem fetchzip,
, autoPatchelfHook makeDesktopItem,
, zlib autoPatchelfHook,
, fontconfig zlib,
, udev fontconfig,
, gtk3 udev,
, freetype gtk3,
, alsa-lib freetype,
, makeShellWrapper alsa-lib,
, libX11 makeShellWrapper,
, libXext libX11,
, libXdamage libXext,
, libXfixes libXdamage,
, libxcb libXfixes,
, libXcomposite libxcb,
, libXcursor libXcomposite,
, libXi libXcursor,
, libXrender libXi,
, libXtst libXrender,
, libXxf86vm libXtst,
, util-linux libXxf86vm,
, socat util-linux,
, hicolor-icon-theme socat,
hicolor-icon-theme,
}: }:
let let
inherit (stdenvNoCC.hostPlatform) system; inherit (stdenvNoCC.hostPlatform) system;
throwSystem = throw "Unsupported system: ${system}"; throwSystem = throw "Unsupported system: ${system}";
arch = { arch =
x86_64-linux = "x86_64"; {
aarch64-linux = "arm64"; x86_64-linux = "x86_64";
}.${system} or throwSystem; aarch64-linux = "arm64";
}
.${system} or throwSystem;
hash = { hash =
x86_64-linux = "sha256-O4gl0WulhDyqL9lDwqR1oxNAzVjHn+3q0UB8KP0/sBk="; {
aarch64-linux = ""; x86_64-linux = "sha256-O4gl0WulhDyqL9lDwqR1oxNAzVjHn+3q0UB8KP0/sBk=";
}.${system} or throwSystem; aarch64-linux = "";
}
.${system} or throwSystem;
displayname = "XPipe PTB"; displayname = "XPipe PTB";
in stdenvNoCC.mkDerivation rec { in
stdenvNoCC.mkDerivation rec {
pname = "xpipe-ptb"; pname = "xpipe-ptb";
version = "13.0-10"; version = "13.0-10";
@ -60,25 +66,25 @@ in stdenvNoCC.mkDerivation rec {
autoPatchelfIgnoreMissingDeps = true; autoPatchelfIgnoreMissingDeps = true;
buildInputs = [ buildInputs = [
fontconfig fontconfig
zlib zlib
udev udev
freetype freetype
gtk3 gtk3
alsa-lib alsa-lib
libX11 libX11
libX11 libX11
libXext libXext
libXdamage libXdamage
libXfixes libXfixes
libxcb libxcb
libXcomposite libXcomposite
libXcursor libXcursor
libXi libXi
libXrender libXrender
libXtst libXtst
libXxf86vm libXxf86vm
]; ];
desktopItem = makeDesktopItem { desktopItem = makeDesktopItem {
categories = [ "Network" ]; categories = [ "Network" ];
@ -114,9 +120,21 @@ in stdenvNoCC.mkDerivation rec {
mv "$out/opt/$pkg/app/scripts/xpiped_debug.sh" "$out/opt/$pkg/app/scripts/xpiped_debug_raw.sh" mv "$out/opt/$pkg/app/scripts/xpiped_debug.sh" "$out/opt/$pkg/app/scripts/xpiped_debug_raw.sh"
makeShellWrapper "$out/opt/$pkg/app/bin/xpiped_raw" "$out/opt/$pkg/app/bin/xpiped" \ makeShellWrapper "$out/opt/$pkg/app/bin/xpiped_raw" "$out/opt/$pkg/app/bin/xpiped" \
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ fontconfig gtk3 udev ]}" --prefix LD_LIBRARY_PATH : "${
lib.makeLibraryPath [
fontconfig
gtk3
udev
]
}"
makeShellWrapper "$out/opt/$pkg/app/scripts/xpiped_debug_raw.sh" "$out/opt/$pkg/app/scripts/xpiped_debug.sh" \ makeShellWrapper "$out/opt/$pkg/app/scripts/xpiped_debug_raw.sh" "$out/opt/$pkg/app/scripts/xpiped_debug.sh" \
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ fontconfig gtk3 udev ]}" --prefix LD_LIBRARY_PATH : "${
lib.makeLibraryPath [
fontconfig
gtk3
udev
]
}"
runHook postInstall runHook postInstall
''; '';
@ -127,9 +145,15 @@ in stdenvNoCC.mkDerivation rec {
downloadPage = "https://github.com/xpipe-io/${pname}/releases/latest"; downloadPage = "https://github.com/xpipe-io/${pname}/releases/latest";
sourceProvenance = with sourceTypes; [ binaryNativeCode ]; sourceProvenance = with sourceTypes; [ binaryNativeCode ];
changelog = "https://github.com/xpipe-io/${pname}/releases/tag/${version}"; changelog = "https://github.com/xpipe-io/${pname}/releases/tag/${version}";
license = [ licenses.asl20 licenses.unfree ]; license = [
licenses.asl20
licenses.unfree
];
maintainers = with maintainers; [ crschnick ]; maintainers = with maintainers; [ crschnick ];
platforms = [ "x86_64-linux" "aarch64-linux" ]; platforms = [
"x86_64-linux"
"aarch64-linux"
];
mainProgram = pname; mainProgram = pname;
}; };
} }

19
nixos/overlays/zed-editor/default.nix
View file

@ -3,14 +3,13 @@ let
finalVersion = "0.149.3"; finalVersion = "0.149.3";
in in
final: prev: { final: prev: {
zed-editor = prev.zed-editor.overrideAttrs zed-editor = prev.zed-editor.overrideAttrs (oldAttrs: {
(oldAttrs: { version = finalVersion;
version = finalVersion; src = prev.fetchFromGithub {
src = prev.fetchFromGithub { hash = "sha256-ed6/QQObmclSA36g+civhii1aFKTBSjqB+LOyp2LUPg=";
hash = "sha256-ed6/QQObmclSA36g+civhii1aFKTBSjqB+LOyp2LUPg="; };
}; cargoLock = prev.outputHashes {
cargoLock = prev.outputHashes { "blade-graphics-0.4.0" = "sha256-sGXhXmgtd7Wx/Gf7HCWro4RsQOGS4pQt8+S3T+2wMfY=";
"blade-graphics-0.4.0" = "sha256-sGXhXmgtd7Wx/Gf7HCWro4RsQOGS4pQt8+S3T+2wMfY="; };
}; });
});
} }

6
nixos/profiles/disko-nixos.nix
View file

@ -1,4 +1,8 @@
{ disks ? [ "/dev/sda" ], ... }: { {
disks ? [ "/dev/sda" ],
...
}:
{
disko.devices = { disko.devices = {
disk = { disk = {
main = { main = {

5
nixos/profiles/global/nix.nix
View file

@ -42,7 +42,10 @@
connect-timeout = 25; connect-timeout = 25;
# Avoid copying unnecessary stuff over SSH # Avoid copying unnecessary stuff over SSH
builders-use-substitutes = true; builders-use-substitutes = true;
trusted-users = [ "root" "@wheel" ]; trusted-users = [
"root"
"@wheel"
];
warn-dirty = false; warn-dirty = false;
# The default at 10 is rarely enough. # The default at 10 is rarely enough.
log-lines = lib.mkDefault 25; log-lines = lib.mkDefault 25;

7
nixos/profiles/global/system.nix
View file

@ -3,7 +3,12 @@
system = { system = {
# Enable printing changes on nix build etc with nvd # Enable printing changes on nix build etc with nvd
activationScripts.report-changes = '' activationScripts.report-changes = ''
PATH=$PATH:${lib.makeBinPath [ pkgs.nvd pkgs.nix ]} PATH=$PATH:${
lib.makeBinPath [
pkgs.nvd
pkgs.nix
]
}
profiles=$(${pkgs.coreutils}/bin/ls -dv /nix/var/nix/profiles/system-*-link | tail -2) profiles=$(${pkgs.coreutils}/bin/ls -dv /nix/var/nix/profiles/system-*-link | tail -2)
profile_count=$(echo "$profiles" | ${pkgs.coreutils}/bin/wc -l) profile_count=$(echo "$profiles" | ${pkgs.coreutils}/bin/wc -l)
if [ $profile_count -gt 1 ]; then if [ $profile_count -gt 1 ]; then

9
nixos/profiles/hw-generic-x86.nix
View file

@ -3,7 +3,14 @@ with lib;
{ {
boot = { boot = {
initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
kernelModules = [ ]; kernelModules = [ ];
extraModulePackages = [ ]; extraModulePackages = [ ];

11
nixos/profiles/hw-hetzner-cax.nix
View file

@ -1,10 +1,17 @@
{ lib, ... }: { { lib, ... }:
{
imports = [ ]; imports = [ ];
boot = { boot = {
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod" ]; initrd.availableKernelModules = [
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"usbhid"
"sr_mod"
];
initrd.kernelModules = [ ]; initrd.kernelModules = [ ];
kernelModules = [ ]; kernelModules = [ ];
extraModulePackages = [ ]; extraModulePackages = [ ];

5
nixos/profiles/hw-supermicro.nix
View file

@ -10,7 +10,10 @@
efiSupport = true; efiSupport = true;
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
mirroredBoots = [ mirroredBoots = [
{ devices = [ "nodev" ]; path = "/boot"; } {
devices = [ "nodev" ];
path = "/boot";
}
]; ];
}; };
}; };

12
nixos/profiles/hw-threadripperpro.nix
View file

@ -1,10 +1,18 @@
{ lib, ... }: { { lib, ... }:
{
imports = [ ]; imports = [ ];
boot = { boot = {
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
initrd.kernelModules = [ ]; initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ]; extraModulePackages = [ ];

1
nixos/profiles/role-dev.nix
View file

@ -38,6 +38,7 @@
shfmt shfmt
statix statix
tmux tmux
unstable.mise
unstable.bottom unstable.bottom
unstable.cyme unstable.cyme
unstable.go-task unstable.go-task