From 6338821f64bd9a9e04a9223316cec7013ba38512 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Thu, 20 Jun 2024 13:03:44 -0500 Subject: [PATCH] Customizing and adding another host. --- flake.lock | 496 ++++++++++++++++++ flake.nix | 183 +++++++ nixos/home/jahanson/workstation.nix | 1 + .../modules/programs/de/gnome/default.nix | 2 +- nixos/home/modules/shell/wezterm/default.nix | 8 +- nixos/hosts/legiondary/default.nix | 33 ++ .../nixos/services/forgejo/default.nix | 4 +- .../nixos/services/radicale/default.nix | 11 - nixos/overlays/.gitkeep | 0 nixos/overlays/README.md | 9 + nixos/overlays/default.nix | 14 + nixos/profiles/hw-legion-15arh05h.nix | 30 ++ nixos/profiles/role-gaming.nix | 19 + nixos/profiles/role-server.nix | 11 +- nixos/profiles/role-workstation.nix | 11 - 15 files changed, 792 insertions(+), 40 deletions(-) create mode 100644 flake.lock create mode 100644 nixos/hosts/legiondary/default.nix create mode 100644 nixos/overlays/.gitkeep create mode 100644 nixos/overlays/README.md create mode 100644 nixos/overlays/default.nix create mode 100644 nixos/profiles/hw-legion-15arh05h.nix create mode 100644 nixos/profiles/role-gaming.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..c117034 --- /dev/null +++ b/flake.lock @@ -0,0 +1,496 @@ +{ + "nodes": { + "crane": { + "flake": false, + "locked": { + "lastModified": 1699217310, + "narHash": "sha256-xpW3VFUG7yE6UE6Wl0dhqencuENSkV7qpnpe9I8VbPw=", + "owner": "ipetkov", + "repo": "crane", + "rev": "d535642bbe6f377077f7c23f0febb78b1463f449", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "ref": "v0.15.0", + "repo": "crane", + "type": "github" + } + }, + "dream2nix": { + "inputs": { + "nixpkgs": [ + "nix-inspect", + "nci", + "nixpkgs" + ], + "purescript-overlay": "purescript-overlay", + "pyproject-nix": "pyproject-nix" + }, + "locked": { + "lastModified": 1709959559, + "narHash": "sha256-Gb+tUU+clGKVBwiznTQf0emZZ+heALqoVwUgI0O13L8=", + "owner": "nix-community", + "repo": "dream2nix", + "rev": "42838c590971da17a4b6483962707b7fb7b8b9a7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "dream2nix", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1718788307, + "narHash": "sha256-SqiOz0sljM0GjyQEVinPXQxaGcbOXw5OgpCWGPgh/vo=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "d7830d05421d0ced83a0f007900898bdcaf2a2ca", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "home-manager", + "type": "github" + } + }, + "impermanence": { + "locked": { + "lastModified": 1717932370, + "narHash": "sha256-7C5lCpiWiyPoIACOcu2mukn/1JRtz6HC/1aEMhUdcw0=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "27979f1c3a0d3b9617a3563e2839114ba7d48d3f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, + "mk-naked-shell": { + "flake": false, + "locked": { + "lastModified": 1681286841, + "narHash": "sha256-3XlJrwlR0nBiREnuogoa5i1b4+w/XPe0z8bbrJASw0g=", + "owner": "yusdacra", + "repo": "mk-naked-shell", + "rev": "7612f828dd6f22b7fb332cc69440e839d7ffe6bd", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "mk-naked-shell", + "type": "github" + } + }, + "nci": { + "inputs": { + "crane": "crane", + "dream2nix": "dream2nix", + "mk-naked-shell": "mk-naked-shell", + "nixpkgs": [ + "nix-inspect", + "nixpkgs" + ], + "parts": "parts", + "rust-overlay": "rust-overlay", + "treefmt": "treefmt" + }, + "locked": { + "lastModified": 1710137478, + "narHash": "sha256-+hbUWY1PEItyx3CBOGsHlJEDO2wRY2N1mpBhiLBblck=", + "owner": "yusdacra", + "repo": "nix-cargo-integration", + "rev": "f3cc8751427e16ec48c0467357b3f3979a53ae9c", + "type": "github" + }, + "original": { + "owner": "yusdacra", + "repo": "nix-cargo-integration", + "type": "github" + } + }, + "nix-index-database": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1718507237, + "narHash": "sha256-xBEWCxWeRpWQggFFp8ugJCDa63cOJsVvx71R9F0Eowg=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "6af2c5e58c20311276f59d247341cafeebfcb6f4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, + "nix-inspect": { + "inputs": { + "nci": "nci", + "nixpkgs": "nixpkgs", + "parts": "parts_2" + }, + "locked": { + "lastModified": 1717293583, + "narHash": "sha256-Upz+fnWJjzt5WokjO/iaiPbqiwSrqpWjrpcFOqQ4p0E=", + "owner": "bluskript", + "repo": "nix-inspect", + "rev": "c55921e1d1cf980ff6351273fde6cedd5d8fa320", + "type": "github" + }, + "original": { + "owner": "bluskript", + "repo": "nix-inspect", + "type": "github" + } + }, + "nix-vscode-extensions": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1718846729, + "narHash": "sha256-3I+g3oxXPfEb496qEkwTooJ0hI/PN0vsJQU8GxW/0UA=", + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "rev": "234ea51e28005f0ff2dc1a8b0e9331eb419a145b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-vscode-extensions", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1718894893, + "narHash": "sha256-hxQBUtDbFOCCW1CsFZTS9Q5Ov1ZKdJgbBZHSez1M6iA=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "083823b7904e43a4fc1c7229781417e875359a42", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1709961763, + "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1718478900, + "narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c884223af91820615a6146af1ae1fea25c107005", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1718714799, + "narHash": "sha256-FUZpz9rg3gL8NVPKbqU8ei1VkPLsTIfAJ2fdAf5qjak=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c00d587b1a1afbf200b1d8f0b0e4ba9deb1c7f0e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nur": { + "locked": { + "lastModified": 1718898304, + "narHash": "sha256-0bYagVoLe12JbB/JCTrSb0to41Y/odrqMIbKcszApNM=", + "owner": "nix-community", + "repo": "NUR", + "rev": "e45d69976a66cdee301f3145063033e540f0621e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "parts": { + "inputs": { + "nixpkgs-lib": [ + "nix-inspect", + "nci", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709336216, + "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "parts_2": { + "inputs": { + "nixpkgs-lib": [ + "nix-inspect", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709336216, + "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "purescript-overlay": { + "inputs": { + "nixpkgs": [ + "nix-inspect", + "nci", + "dream2nix", + "nixpkgs" + ], + "slimlock": "slimlock" + }, + "locked": { + "lastModified": 1696022621, + "narHash": "sha256-eMjFmsj2G1E0Q5XiibUNgFjTiSz0GxIeSSzzVdoN730=", + "owner": "thomashoneyman", + "repo": "purescript-overlay", + "rev": "047c7933abd6da8aa239904422e22d190ce55ead", + "type": "github" + }, + "original": { + "owner": "thomashoneyman", + "repo": "purescript-overlay", + "type": "github" + } + }, + "pyproject-nix": { + "flake": false, + "locked": { + "lastModified": 1702448246, + "narHash": "sha256-hFg5s/hoJFv7tDpiGvEvXP0UfFvFEDgTdyHIjDVHu1I=", + "owner": "davhau", + "repo": "pyproject.nix", + "rev": "5a06a2697b228c04dd2f35659b4b659ca74f7aeb", + "type": "github" + }, + "original": { + "owner": "davhau", + "ref": "dream2nix", + "repo": "pyproject.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "impermanence": "impermanence", + "nix-index-database": "nix-index-database", + "nix-inspect": "nix-inspect", + "nix-vscode-extensions": "nix-vscode-extensions", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs_2", + "nur": "nur", + "sops-nix": "sops-nix" + } + }, + "rust-overlay": { + "flake": false, + "locked": { + "lastModified": 1710123130, + "narHash": "sha256-EoGL/WSM1M2L099Q91mPKO/FRV2iu2ZLOEp3y5sLfiE=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "73aca260afe5d41d3ebce932c8d896399c9d5174", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "slimlock": { + "inputs": { + "nixpkgs": [ + "nix-inspect", + "nci", + "dream2nix", + "purescript-overlay", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688610262, + "narHash": "sha256-Wg0ViDotFWGWqKIQzyYCgayeH8s4U1OZcTiWTQYdAp4=", + "owner": "thomashoneyman", + "repo": "slimlock", + "rev": "b5c6cdcaf636ebbebd0a1f32520929394493f1a6", + "type": "github" + }, + "original": { + "owner": "thomashoneyman", + "repo": "slimlock", + "type": "github" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1718506969, + "narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt": { + "inputs": { + "nixpkgs": [ + "nix-inspect", + "nci", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1710088047, + "narHash": "sha256-eSqKs6ZCsX9xJyNYLeMDMrxzIDsYtaWClfZCOp0ok6Y=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "720322c5352d7b7bd2cb3601a9176b0e91d1de7d", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix index e69de29..2c2c8dd 100644 --- a/flake.nix +++ b/flake.nix @@ -0,0 +1,183 @@ +{ + description = "My NixOS flake"; + + inputs = { + # Nixpkgs and unstable + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + + # impermanence + # https://github.com/nix-community/impermanence + impermanence.url = "github:nix-community/impermanence"; + + # Nix User Repository: User contributed nix packages + nur.url = "github:nix-community/NUR"; + + # nix-community hardware quirks + # https://github.com/nix-community + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + + # home-manager - unstable + # https://github.com/nix-community/home-manager + home-manager = { + url = "github:nix-community/home-manager/master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # sops-nix - secrets with mozilla sops + # https://github.com/Mic92/sops-nix + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # VSCode community extensions + # https://github.com/nix-community/nix-vscode-extensions + nix-vscode-extensions = { + url = "github:nix-community/nix-vscode-extensions"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # nix-index database + # https://github.com/nix-community/nix-index-database + nix-index-database = { + url = "github:nix-community/nix-index-database"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + # nix-inspect - inspect nix derivations usingn a TUI interface + # https://github.com/bluskript/nix-inspect + nix-inspect = { + url = "github:bluskript/nix-inspect"; + }; + }; + + outputs = + { self, nixpkgs, sops-nix, home-manager, nix-vscode-extensions, impermanence, ... } @ inputs: + let + forAllSystems = nixpkgs.lib.genAttrs [ + "aarch64-linux" + "x86_64-linux" + ]; + in + rec { + # Use nixpkgs-fmt for 'nix fmt' + formatter = forAllSystems (system: nixpkgs.legacyPackages."${system}".nixpkgs-fmt); + + # setup devshells against shell.nix + # devShells = forAllSystems (pkgs: import ./shell.nix { inherit pkgs; }); + + # extend lib with my custom functions + lib = nixpkgs.lib.extend ( + final: prev: { + inherit inputs; + myLib = import ./nixos/lib { inherit inputs; lib = final; }; + } + ); + + nixosConfigurations = + let + inherit inputs; + # Import overlays for building nixosconfig with them. + overlays = import ./nixos/overlays { inherit inputs; }; + # generate a base nixos configuration with the specified overlays, hardware modules, and any extraModules applied + mkNixosConfig = + { hostname + , system ? "x86_64-linux" + , nixpkgs ? inputs.nixpkgs + , hardwareModules ? [ ] + # basemodules is the base of the entire machine building + # here we import all the modules and setup home-manager + , baseModules ? [ + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager + impermanence.nixosModules.impermanence + ./nixos/profiles/global.nix # all machines get a global profile + ./nixos/modules/nixos # all machines get nixos modules + ./nixos/hosts/${hostname} # load this host's config folder for machine-specific config + { + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + extraSpecialArgs = { + inherit inputs hostname system; + }; + }; + } + ] + , profileModules ? [ ] + }: + nixpkgs.lib.nixosSystem { + inherit system lib; + modules = baseModules ++ hardwareModules ++ profileModules; + specialArgs = { inherit self inputs nixpkgs; }; + # Add our overlays + pkgs = import nixpkgs { + inherit system; + overlays = builtins.attrValues overlays; + config = { + allowUnfree = true; + allowUnfreePredicate = _: true; + }; + }; + }; + in + { + "durincore" = mkNixosConfig { + # T470 Thinkpad + # Nix dev laptop + hostname = "durincore"; + system = "x86_64-linux"; + hardwareModules = [ + ./nixos/profiles/hw-thinkpad-t470.nix + inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t470s + ]; + profileModules = [ + ./nixos/profiles/role-workstation.nix + ./nixos/profiles/role-dev.nix + { home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; } + ]; + }; + + "legiondary" = mkNixosConfig { + # Legion 15arh05h AMD/Nvidia + # Nix gaming laptop + hostname = "legiondary"; + system = "x86_64-linux"; + hardwareModules = [ + ./nixos/profiles/hw-legion-15arh05h.nix + inputs.nixos-hardware.nixosModules.lenovo-legion-15arh05h + ]; + profileModules = [ + ./nixos/profiles/role-dev.nix + ./nixos/profiles/role-gaming.nix + ./nixos/profiles/role-workstation.nix + { home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; } + ]; + }; + + "varda" = mkNixosConfig { + # Arm64 cax21 @ Hetzner + # forgejo server + hostname = "varda"; + system = "aarch64-linux"; + hardwareModules = [ + ./nixos/profiles/hw-hetzner-cax.nix + ]; + profileModules = [ + ./nixos/profiles/role-server.nix + { home-manager.users.jahanson = ./nixos/home/jahanson/server.nix; } + ]; + }; + }; + + # Convenience output that aggregates the outputs for home, nixos. + # Also used in ci to build targets generally. + top = + let + nixtop = nixpkgs.lib.genAttrs + (builtins.attrNames inputs.self.nixosConfigurations) + (attr: inputs.self.nixosConfigurations.${attr}.config.system.build.toplevel); + in + nixtop; + }; +} diff --git a/nixos/home/jahanson/workstation.nix b/nixos/home/jahanson/workstation.nix index b7051c0..bfeeb94 100644 --- a/nixos/home/jahanson/workstation.nix +++ b/nixos/home/jahanson/workstation.nix @@ -10,6 +10,7 @@ with config; myHome.shell = { starship.enable = true; fish.enable = true; + wezterm.enable = true; git = { enable = true; diff --git a/nixos/home/modules/programs/de/gnome/default.nix b/nixos/home/modules/programs/de/gnome/default.nix index 42b1ce4..cda8961 100644 --- a/nixos/home/modules/programs/de/gnome/default.nix +++ b/nixos/home/modules/programs/de/gnome/default.nix @@ -22,7 +22,7 @@ with lib.hm.gvariant; { "org/gnome/shell" = { disabled-extensions = [ "apps-menu@gnome-shell-extensions.gcampax.github.com" "light-style@gnome-shell-extensions.gcampax.github.com" "places-menu@gnome-shell-extensions.gcampax.github.com" "drive-menu@gnome-shell-extensions.gcampax.github.com" "window-list@gnome-shell-extensions.gcampax.github.com" "workspace-indicator@gnome-shell-extensions.gcampax.github.com" ]; enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" "caffeine@patapon.info" "dash-to-dock@micxgx.gmail.com" "gsconnect@andyholmes.github.io" "Vitals@CoreCoding.com" "sp-tray@sp-tray.esenliyim.github.com" ]; - favorite-apps = [ "org.gnome.Nautilus.desktop" "firefox.desktop" "org.wezfurlong.wezterm.desktop" "PrusaGcodeviewer.desktop" "spotify.desktop" "org.gnome.Console.desktop" "codium.desktop" "discord.desktop" ]; + favorite-apps = [ "org.gnome.Nautilus.desktop" "vivaldi-stable.desktop" "org.wezfurlong.wezterm.desktop" "org.gnome.Console.desktop" "code.desktop" "discord.desktop" ]; }; "org/gnome/nautilus/preferences" = { default-folder-viewer = "list-view"; diff --git a/nixos/home/modules/shell/wezterm/default.nix b/nixos/home/modules/shell/wezterm/default.nix index 73b90d7..f9aef40 100644 --- a/nixos/home/modules/shell/wezterm/default.nix +++ b/nixos/home/modules/shell/wezterm/default.nix @@ -1,8 +1,4 @@ -{ config -, pkgs -, lib -, ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.myHome.shell.wezterm; in @@ -16,7 +12,7 @@ in config = mkIf cfg.enable { # xdg.configFile."wezterm/wezterm.lua".source = config.lib.file.mkOutOfStoreSymlink cfg.configPath; - programs.wezterm.package = pkgs.unstable.wezterm; + programs.wezterm.package = pkgs.wezterm; programs.wezterm = { enable = true; extraConfig = '' diff --git a/nixos/hosts/legiondary/default.nix b/nixos/hosts/legiondary/default.nix new file mode 100644 index 0000000..4c32474 --- /dev/null +++ b/nixos/hosts/legiondary/default.nix @@ -0,0 +1,33 @@ +{ ... }: { + config = { + + # hardware-configuration.nix - half of the hardware-configuration.nix file + + networking.hostId = "ad4380db"; + networking.hostName = "durincore"; + + fileSystems."/" = + { device = "rpool/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "rpool/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/F1B9-CA7C"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + # System settings and services. + mySystem = { + system.motd.networkInterfaces = [ "enp0s31f6" "wlp4s0" ]; + }; + + }; +} diff --git a/nixos/modules/nixos/services/forgejo/default.nix b/nixos/modules/nixos/services/forgejo/default.nix index d07b262..537f50d 100644 --- a/nixos/modules/nixos/services/forgejo/default.nix +++ b/nixos/modules/nixos/services/forgejo/default.nix @@ -76,7 +76,9 @@ in COOKIE_NAME = "session"; }; }; - mailerPasswordFile = config.sops.secrets."services/forgejo/smtp/password".path; + secrets = { + mailer.PASSWD = config.sops.secrets."services/forgejo/smtp/password".path; + }; }; # sops sops.secrets."services/forgejo/smtp/password" = { diff --git a/nixos/modules/nixos/services/radicale/default.nix b/nixos/modules/nixos/services/radicale/default.nix index 73695ab..3696ea5 100644 --- a/nixos/modules/nixos/services/radicale/default.nix +++ b/nixos/modules/nixos/services/radicale/default.nix @@ -67,17 +67,6 @@ in }; }; - ### gatus integration - mySystem.services.gatus.monitors = mkIf cfg.monitor [ - { - name = app; - group = "${category}"; - url = "https://${url}"; - interval = "1m"; - conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; - } - ]; - ### Ingress services.nginx.virtualHosts.${host} = { useACMEHost = config.networking.domain; diff --git a/nixos/overlays/.gitkeep b/nixos/overlays/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/nixos/overlays/README.md b/nixos/overlays/README.md new file mode 100644 index 0000000..e9be46b --- /dev/null +++ b/nixos/overlays/README.md @@ -0,0 +1,9 @@ +### Adding overlays + +Overlays should be added as individual nix files to `./nixos/overlays` with format + +```nix +final: prev: { + hello = (prev.hello.overrideAttrs (oldAttrs: { doCheck = false; })); +} +``` diff --git a/nixos/overlays/default.nix b/nixos/overlays/default.nix new file mode 100644 index 0000000..94d2178 --- /dev/null +++ b/nixos/overlays/default.nix @@ -0,0 +1,14 @@ +{ inputs +, ... +}: +{ + nur = inputs.nur.overlay; + # The unstable nixpkgs set (declared in the flake inputs) will + # be accessible through 'pkgs.unstable' + unstable-packages = final: _prev: { + unstable = import inputs.nixpkgs-unstable { + inherit (final) system; + config.allowUnfree = true; + }; + }; +} diff --git a/nixos/profiles/hw-legion-15arh05h.nix b/nixos/profiles/hw-legion-15arh05h.nix new file mode 100644 index 0000000..30f0001 --- /dev/null +++ b/nixos/profiles/hw-legion-15arh05h.nix @@ -0,0 +1,30 @@ +{ config, lib, ... }: +{ + boot = { + # Use the systemd-boot EFI boot loader. + loader = { + systemd-boot = { + enable = true; + }; + efi = { + canTouchEfiVariables = true; + }; + }; + # Kernel mods + initrd = { + availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; + + networking = { + useDHCP = lib.mkDefault true; + }; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/profiles/role-gaming.nix b/nixos/profiles/role-gaming.nix new file mode 100644 index 0000000..91c133b --- /dev/null +++ b/nixos/profiles/role-gaming.nix @@ -0,0 +1,19 @@ +{ ... }: +{ + # Enable module for NVIDIA graphics + mySystem.hardware.nvidia.enable = true; + + boot = { + # for managing/mounting ntfs + supportedFilesystems = [ "ntfs" ]; + + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + grub.memtest86.enable = true; + }; + }; + + # set xserver videodrivers for NVIDIA 4080 gpu + services.xserver.videoDrivers = [ "nvidia" ]; +} diff --git a/nixos/profiles/role-server.nix b/nixos/profiles/role-server.nix index c3f789e..8559cca 100644 --- a/nixos/profiles/role-server.nix +++ b/nixos/profiles/role-server.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ lib, pkgs, ... }: # Role for headless servers # covers raspi's, sbc, NUC etc, anything # that is headless and minimal for running services @@ -6,19 +6,10 @@ with lib; { config = { # Enable monitoring for remote scraiping - mySystem.services.promMonitoring.enable = true; mySystem.services.rebootRequiredCheck.enable = true; mySystem.security.wheelNeedsSudoPassword = false; mySystem.services.cockpit.enable = true; mySystem.system.motd.enable = true; - mySystem.services.gatus.monitors = [{ - name = config.networking.hostName; - group = "servers"; - url = "icmp://${config.networking.hostName}"; - interval = "1m"; - conditions = [ "[CONNECTED] == true" ]; - }]; - nix.settings = { # TODO factor out into mySystem # Avoid disk full issues diff --git a/nixos/profiles/role-workstation.nix b/nixos/profiles/role-workstation.nix index c103b1e..7024428 100644 --- a/nixos/profiles/role-workstation.nix +++ b/nixos/profiles/role-workstation.nix @@ -13,15 +13,8 @@ with config; # TODO decide if i drop to bash on pis? shell.fish.enable = true; - # TODO make nfs server configurable - # nfs.nas = { - # enable = true; - # lazy = true; - # }; - system.resticBackup.local.enable = false; system.resticBackup.remote.enable = false; - }; boot = { @@ -43,10 +36,6 @@ with config; fwupd.enable = config.boot.loader.systemd-boot.enable; # fwupd does not work in BIOS mode thermald.enable = true; smartd.enable = true; - - # required for yubikey - udev.packages = [ pkgs.yubikey-personalization ]; - pcscd.enable = true; }; hardware = {