jahanson/mochi
1
0
Fork 0
Code Issues 1 Pull requests 3 Projects Releases Packages Wiki Activity Actions

Customizing and adding another host.

Browse source
This commit is contained in:
Joseph Hanson 2024-06-20 13:03:44 -05:00
parent cc530d3d5f
commit 6338821f64
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
15 changed files with 792 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

496
flake.lock Normal file
View file

@ -0,0 +1,496 @@
{
"nodes": {
"crane": {
"flake": false,
"locked": {
"lastModified": 1699217310,
"narHash": "sha256-xpW3VFUG7yE6UE6Wl0dhqencuENSkV7qpnpe9I8VbPw=",
"owner": "ipetkov",
"repo": "crane",
"rev": "d535642bbe6f377077f7c23f0febb78b1463f449",
"type": "github"
},
"original": {
"owner": "ipetkov",
"ref": "v0.15.0",
"repo": "crane",
"type": "github"
}
},
"dream2nix": {
"inputs": {
"nixpkgs": [
"nix-inspect",
"nci",
"nixpkgs"
],
"purescript-overlay": "purescript-overlay",
"pyproject-nix": "pyproject-nix"
},
"locked": {
"lastModified": 1709959559,
"narHash": "sha256-Gb+tUU+clGKVBwiznTQf0emZZ+heALqoVwUgI0O13L8=",
"owner": "nix-community",
"repo": "dream2nix",
"rev": "42838c590971da17a4b6483962707b7fb7b8b9a7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "dream2nix",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1718788307,
"narHash": "sha256-SqiOz0sljM0GjyQEVinPXQxaGcbOXw5OgpCWGPgh/vo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d7830d05421d0ced83a0f007900898bdcaf2a2ca",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1717932370,
"narHash": "sha256-7C5lCpiWiyPoIACOcu2mukn/1JRtz6HC/1aEMhUdcw0=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "27979f1c3a0d3b9617a3563e2839114ba7d48d3f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"mk-naked-shell": {
"flake": false,
"locked": {
"lastModified": 1681286841,
"narHash": "sha256-3XlJrwlR0nBiREnuogoa5i1b4+w/XPe0z8bbrJASw0g=",
"owner": "yusdacra",
"repo": "mk-naked-shell",
"rev": "7612f828dd6f22b7fb332cc69440e839d7ffe6bd",
"type": "github"
},
"original": {
"owner": "yusdacra",
"repo": "mk-naked-shell",
"type": "github"
}
},
"nci": {
"inputs": {
"crane": "crane",
"dream2nix": "dream2nix",
"mk-naked-shell": "mk-naked-shell",
"nixpkgs": [
"nix-inspect",
"nixpkgs"
],
"parts": "parts",
"rust-overlay": "rust-overlay",
"treefmt": "treefmt"
},
"locked": {
"lastModified": 1710137478,
"narHash": "sha256-+hbUWY1PEItyx3CBOGsHlJEDO2wRY2N1mpBhiLBblck=",
"owner": "yusdacra",
"repo": "nix-cargo-integration",
"rev": "f3cc8751427e16ec48c0467357b3f3979a53ae9c",
"type": "github"
},
"original": {
"owner": "yusdacra",
"repo": "nix-cargo-integration",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1718507237,
"narHash": "sha256-xBEWCxWeRpWQggFFp8ugJCDa63cOJsVvx71R9F0Eowg=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "6af2c5e58c20311276f59d247341cafeebfcb6f4",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-index-database",
"type": "github"
}
},
"nix-inspect": {
"inputs": {
"nci": "nci",
"nixpkgs": "nixpkgs",
"parts": "parts_2"
},
"locked": {
"lastModified": 1717293583,
"narHash": "sha256-Upz+fnWJjzt5WokjO/iaiPbqiwSrqpWjrpcFOqQ4p0E=",
"owner": "bluskript",
"repo": "nix-inspect",
"rev": "c55921e1d1cf980ff6351273fde6cedd5d8fa320",
"type": "github"
},
"original": {
"owner": "bluskript",
"repo": "nix-inspect",
"type": "github"
}
},
"nix-vscode-extensions": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1718846729,
"narHash": "sha256-3I+g3oxXPfEb496qEkwTooJ0hI/PN0vsJQU8GxW/0UA=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "234ea51e28005f0ff2dc1a8b0e9331eb419a145b",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1718894893,
"narHash": "sha256-hxQBUtDbFOCCW1CsFZTS9Q5Ov1ZKdJgbBZHSez1M6iA=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "083823b7904e43a4fc1c7229781417e875359a42",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1709961763,
"narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1718478900,
"narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c884223af91820615a6146af1ae1fea25c107005",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1718714799,
"narHash": "sha256-FUZpz9rg3gL8NVPKbqU8ei1VkPLsTIfAJ2fdAf5qjak=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c00d587b1a1afbf200b1d8f0b0e4ba9deb1c7f0e",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1718898304,
"narHash": "sha256-0bYagVoLe12JbB/JCTrSb0to41Y/odrqMIbKcszApNM=",
"owner": "nix-community",
"repo": "NUR",
"rev": "e45d69976a66cdee301f3145063033e540f0621e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"parts": {
"inputs": {
"nixpkgs-lib": [
"nix-inspect",
"nci",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709336216,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"parts_2": {
"inputs": {
"nixpkgs-lib": [
"nix-inspect",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709336216,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"purescript-overlay": {
"inputs": {
"nixpkgs": [
"nix-inspect",
"nci",
"dream2nix",
"nixpkgs"
],
"slimlock": "slimlock"
},
"locked": {
"lastModified": 1696022621,
"narHash": "sha256-eMjFmsj2G1E0Q5XiibUNgFjTiSz0GxIeSSzzVdoN730=",
"owner": "thomashoneyman",
"repo": "purescript-overlay",
"rev": "047c7933abd6da8aa239904422e22d190ce55ead",
"type": "github"
},
"original": {
"owner": "thomashoneyman",
"repo": "purescript-overlay",
"type": "github"
}
},
"pyproject-nix": {
"flake": false,
"locked": {
"lastModified": 1702448246,
"narHash": "sha256-hFg5s/hoJFv7tDpiGvEvXP0UfFvFEDgTdyHIjDVHu1I=",
"owner": "davhau",
"repo": "pyproject.nix",
"rev": "5a06a2697b228c04dd2f35659b4b659ca74f7aeb",
"type": "github"
},
"original": {
"owner": "davhau",
"ref": "dream2nix",
"repo": "pyproject.nix",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"impermanence": "impermanence",
"nix-index-database": "nix-index-database",
"nix-inspect": "nix-inspect",
"nix-vscode-extensions": "nix-vscode-extensions",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nur": "nur",
"sops-nix": "sops-nix"
}
},
"rust-overlay": {
"flake": false,
"locked": {
"lastModified": 1710123130,
"narHash": "sha256-EoGL/WSM1M2L099Q91mPKO/FRV2iu2ZLOEp3y5sLfiE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "73aca260afe5d41d3ebce932c8d896399c9d5174",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"slimlock": {
"inputs": {
"nixpkgs": [
"nix-inspect",
"nci",
"dream2nix",
"purescript-overlay",
"nixpkgs"
]
},
"locked": {
"lastModified": 1688610262,
"narHash": "sha256-Wg0ViDotFWGWqKIQzyYCgayeH8s4U1OZcTiWTQYdAp4=",
"owner": "thomashoneyman",
"repo": "slimlock",
"rev": "b5c6cdcaf636ebbebd0a1f32520929394493f1a6",
"type": "github"
},
"original": {
"owner": "thomashoneyman",
"repo": "slimlock",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1718506969,
"narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt": {
"inputs": {
"nixpkgs": [
"nix-inspect",
"nci",
"nixpkgs"
]
},
"locked": {
"lastModified": 1710088047,
"narHash": "sha256-eSqKs6ZCsX9xJyNYLeMDMrxzIDsYtaWClfZCOp0ok6Y=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "720322c5352d7b7bd2cb3601a9176b0e91d1de7d",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

183
flake.nix
View file

@ -0,0 +1,183 @@
{
description = "My NixOS flake";
inputs = {
# Nixpkgs and unstable
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# impermanence
# https://github.com/nix-community/impermanence
impermanence.url = "github:nix-community/impermanence";
# Nix User Repository: User contributed nix packages
nur.url = "github:nix-community/NUR";
# nix-community hardware quirks
# https://github.com/nix-community
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
# home-manager - unstable
# https://github.com/nix-community/home-manager
home-manager = {
url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs";
};
# sops-nix - secrets with mozilla sops
# https://github.com/Mic92/sops-nix
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
# VSCode community extensions
# https://github.com/nix-community/nix-vscode-extensions
nix-vscode-extensions = {
url = "github:nix-community/nix-vscode-extensions";
inputs.nixpkgs.follows = "nixpkgs";
};
# nix-index database
# https://github.com/nix-community/nix-index-database
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
# nix-inspect - inspect nix derivations usingn a TUI interface
# https://github.com/bluskript/nix-inspect
nix-inspect = {
url = "github:bluskript/nix-inspect";
};
};
outputs =
{ self, nixpkgs, sops-nix, home-manager, nix-vscode-extensions, impermanence, ... } @ inputs:
let
forAllSystems = nixpkgs.lib.genAttrs [
"aarch64-linux"
"x86_64-linux"
];
in
rec {
# Use nixpkgs-fmt for 'nix fmt'
formatter = forAllSystems (system: nixpkgs.legacyPackages."${system}".nixpkgs-fmt);
# setup devshells against shell.nix
# devShells = forAllSystems (pkgs: import ./shell.nix { inherit pkgs; });
# extend lib with my custom functions
lib = nixpkgs.lib.extend (
final: prev: {
inherit inputs;
myLib = import ./nixos/lib { inherit inputs; lib = final; };
}
);
nixosConfigurations =
let
inherit inputs;
# Import overlays for building nixosconfig with them.
overlays = import ./nixos/overlays { inherit inputs; };
# generate a base nixos configuration with the specified overlays, hardware modules, and any extraModules applied
mkNixosConfig =
{ hostname
, system ? "x86_64-linux"
, nixpkgs ? inputs.nixpkgs
, hardwareModules ? [ ]
# basemodules is the base of the entire machine building
# here we import all the modules and setup home-manager
, baseModules ? [
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
impermanence.nixosModules.impermanence
./nixos/profiles/global.nix # all machines get a global profile
./nixos/modules/nixos # all machines get nixos modules
./nixos/hosts/${hostname} # load this host's config folder for machine-specific config
{
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
extraSpecialArgs = {
inherit inputs hostname system;
};
};
}
]
, profileModules ? [ ]
}:
nixpkgs.lib.nixosSystem {
inherit system lib;
modules = baseModules ++ hardwareModules ++ profileModules;
specialArgs = { inherit self inputs nixpkgs; };
# Add our overlays
pkgs = import nixpkgs {
inherit system;
overlays = builtins.attrValues overlays;
config = {
allowUnfree = true;
allowUnfreePredicate = _: true;
};
};
};
in
{
"durincore" = mkNixosConfig {
# T470 Thinkpad
# Nix dev laptop
hostname = "durincore";
system = "x86_64-linux";
hardwareModules = [
./nixos/profiles/hw-thinkpad-t470.nix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t470s
];
profileModules = [
./nixos/profiles/role-workstation.nix
./nixos/profiles/role-dev.nix
{ home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
];
};
"legiondary" = mkNixosConfig {
# Legion 15arh05h AMD/Nvidia
# Nix gaming laptop
hostname = "legiondary";
system = "x86_64-linux";
hardwareModules = [
./nixos/profiles/hw-legion-15arh05h.nix
inputs.nixos-hardware.nixosModules.lenovo-legion-15arh05h
];
profileModules = [
./nixos/profiles/role-dev.nix
./nixos/profiles/role-gaming.nix
./nixos/profiles/role-workstation.nix
{ home-manager.users.jahanson = ./nixos/home/jahanson/workstation.nix; }
];
};
"varda" = mkNixosConfig {
# Arm64 cax21 @ Hetzner
# forgejo server
hostname = "varda";
system = "aarch64-linux";
hardwareModules = [
./nixos/profiles/hw-hetzner-cax.nix
];
profileModules = [
./nixos/profiles/role-server.nix
{ home-manager.users.jahanson = ./nixos/home/jahanson/server.nix; }
];
};
};
# Convenience output that aggregates the outputs for home, nixos.
# Also used in ci to build targets generally.
top =
let
nixtop = nixpkgs.lib.genAttrs
(builtins.attrNames inputs.self.nixosConfigurations)
(attr: inputs.self.nixosConfigurations.${attr}.config.system.build.toplevel);
in
nixtop;
};
}

1
nixos/home/jahanson/workstation.nix
View file

@ -10,6 +10,7 @@ with config;
myHome.shell = { myHome.shell = {
starship.enable = true; starship.enable = true;
fish.enable = true; fish.enable = true;
wezterm.enable = true;
git = { git = {
enable = true; enable = true;

2
nixos/home/modules/programs/de/gnome/default.nix
View file

@ -22,7 +22,7 @@ with lib.hm.gvariant; {
"org/gnome/shell" = { "org/gnome/shell" = {
disabled-extensions = [ "apps-menu@gnome-shell-extensions.gcampax.github.com" "light-style@gnome-shell-extensions.gcampax.github.com" "places-menu@gnome-shell-extensions.gcampax.github.com" "drive-menu@gnome-shell-extensions.gcampax.github.com" "window-list@gnome-shell-extensions.gcampax.github.com" "workspace-indicator@gnome-shell-extensions.gcampax.github.com" ]; disabled-extensions = [ "apps-menu@gnome-shell-extensions.gcampax.github.com" "light-style@gnome-shell-extensions.gcampax.github.com" "places-menu@gnome-shell-extensions.gcampax.github.com" "drive-menu@gnome-shell-extensions.gcampax.github.com" "window-list@gnome-shell-extensions.gcampax.github.com" "workspace-indicator@gnome-shell-extensions.gcampax.github.com" ];
enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" "caffeine@patapon.info" "dash-to-dock@micxgx.gmail.com" "gsconnect@andyholmes.github.io" "Vitals@CoreCoding.com" "sp-tray@sp-tray.esenliyim.github.com" ]; enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" "caffeine@patapon.info" "dash-to-dock@micxgx.gmail.com" "gsconnect@andyholmes.github.io" "Vitals@CoreCoding.com" "sp-tray@sp-tray.esenliyim.github.com" ];
favorite-apps = [ "org.gnome.Nautilus.desktop" "firefox.desktop" "org.wezfurlong.wezterm.desktop" "PrusaGcodeviewer.desktop" "spotify.desktop" "org.gnome.Console.desktop" "codium.desktop" "discord.desktop" ]; favorite-apps = [ "org.gnome.Nautilus.desktop" "vivaldi-stable.desktop" "org.wezfurlong.wezterm.desktop" "org.gnome.Console.desktop" "code.desktop" "discord.desktop" ];
}; };
"org/gnome/nautilus/preferences" = { "org/gnome/nautilus/preferences" = {
default-folder-viewer = "list-view"; default-folder-viewer = "list-view";

8
nixos/home/modules/shell/wezterm/default.nix
View file

@ -1,8 +1,4 @@
{ config { config, pkgs, lib, ... }:
, pkgs
, lib
, ...
}:
with lib; let with lib; let
cfg = config.myHome.shell.wezterm; cfg = config.myHome.shell.wezterm;
in in
@ -16,7 +12,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
# xdg.configFile."wezterm/wezterm.lua".source = config.lib.file.mkOutOfStoreSymlink cfg.configPath; # xdg.configFile."wezterm/wezterm.lua".source = config.lib.file.mkOutOfStoreSymlink cfg.configPath;
programs.wezterm.package = pkgs.unstable.wezterm; programs.wezterm.package = pkgs.wezterm;
programs.wezterm = { programs.wezterm = {
enable = true; enable = true;
extraConfig = '' extraConfig = ''

33
nixos/hosts/legiondary/default.nix Normal file
View file

@ -0,0 +1,33 @@
{ ... }: {
config = {
# hardware-configuration.nix - half of the hardware-configuration.nix file
networking.hostId = "ad4380db";
networking.hostName = "durincore";
fileSystems."/" =
{ device = "rpool/root";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "rpool/home";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/F1B9-CA7C";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# System settings and services.
mySystem = {
system.motd.networkInterfaces = [ "enp0s31f6" "wlp4s0" ];
};
};
}

4
nixos/modules/nixos/services/forgejo/default.nix
View file

@ -76,7 +76,9 @@ in
COOKIE_NAME = "session"; COOKIE_NAME = "session";
}; };
}; };
mailerPasswordFile = config.sops.secrets."services/forgejo/smtp/password".path; secrets = {
mailer.PASSWD = config.sops.secrets."services/forgejo/smtp/password".path;
};
}; };
# sops # sops
sops.secrets."services/forgejo/smtp/password" = { sops.secrets."services/forgejo/smtp/password" = {

11
nixos/modules/nixos/services/radicale/default.nix
View file

@ -67,17 +67,6 @@ in
}; };
}; };
### gatus integration
mySystem.services.gatus.monitors = mkIf cfg.monitor [
{
name = app;
group = "${category}";
url = "https://${url}";
interval = "1m";
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}
];
### Ingress ### Ingress
services.nginx.virtualHosts.${host} = { services.nginx.virtualHosts.${host} = {
useACMEHost = config.networking.domain; useACMEHost = config.networking.domain;

0
nixos/overlays/.gitkeep Normal file
View file

9
nixos/overlays/README.md Normal file
View file

@ -0,0 +1,9 @@
### Adding overlays
Overlays should be added as individual nix files to `./nixos/overlays` with format
```nix
final: prev: {
hello = (prev.hello.overrideAttrs (oldAttrs: { doCheck = false; }));
}
```

14
nixos/overlays/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ inputs
, ...
}:
{
nur = inputs.nur.overlay;
# The unstable nixpkgs set (declared in the flake inputs) will
# be accessible through 'pkgs.unstable'
unstable-packages = final: _prev: {
unstable = import inputs.nixpkgs-unstable {
inherit (final) system;
config.allowUnfree = true;
};
};
}

30
nixos/profiles/hw-legion-15arh05h.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, lib, ... }:
{
boot = {
# Use the systemd-boot EFI boot loader.
loader = {
systemd-boot = {
enable = true;
};
efi = {
canTouchEfiVariables = true;
};
};
# Kernel mods
initrd = {
availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
networking = {
useDHCP = lib.mkDefault true;
};
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

19
nixos/profiles/role-gaming.nix Normal file
View file

@ -0,0 +1,19 @@
{ ... }:
{
# Enable module for NVIDIA graphics
mySystem.hardware.nvidia.enable = true;
boot = {
# for managing/mounting ntfs
supportedFilesystems = [ "ntfs" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
grub.memtest86.enable = true;
};
};
# set xserver videodrivers for NVIDIA 4080 gpu
services.xserver.videoDrivers = [ "nvidia" ];
}

11
nixos/profiles/role-server.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { lib, pkgs, ... }:
# Role for headless servers # Role for headless servers
# covers raspi's, sbc, NUC etc, anything # covers raspi's, sbc, NUC etc, anything
# that is headless and minimal for running services # that is headless and minimal for running services
@ -6,19 +6,10 @@ with lib;
{ {
config = { config = {
# Enable monitoring for remote scraiping # Enable monitoring for remote scraiping
mySystem.services.promMonitoring.enable = true;
mySystem.services.rebootRequiredCheck.enable = true; mySystem.services.rebootRequiredCheck.enable = true;
mySystem.security.wheelNeedsSudoPassword = false; mySystem.security.wheelNeedsSudoPassword = false;
mySystem.services.cockpit.enable = true; mySystem.services.cockpit.enable = true;
mySystem.system.motd.enable = true; mySystem.system.motd.enable = true;
mySystem.services.gatus.monitors = [{
name = config.networking.hostName;
group = "servers";
url = "icmp://${config.networking.hostName}";
interval = "1m";
conditions = [ "[CONNECTED] == true" ];
}];
nix.settings = { nix.settings = {
# TODO factor out into mySystem # TODO factor out into mySystem
# Avoid disk full issues # Avoid disk full issues

11
nixos/profiles/role-workstation.nix
View file

@ -13,15 +13,8 @@ with config;
# TODO decide if i drop to bash on pis? # TODO decide if i drop to bash on pis?
shell.fish.enable = true; shell.fish.enable = true;
# TODO make nfs server configurable
# nfs.nas = {
# enable = true;
# lazy = true;
# };
system.resticBackup.local.enable = false; system.resticBackup.local.enable = false;
system.resticBackup.remote.enable = false; system.resticBackup.remote.enable = false;
}; };
boot = { boot = {
@ -43,10 +36,6 @@ with config;
fwupd.enable = config.boot.loader.systemd-boot.enable; # fwupd does not work in BIOS mode fwupd.enable = config.boot.loader.systemd-boot.enable; # fwupd does not work in BIOS mode
thermald.enable = true; thermald.enable = true;
smartd.enable = true; smartd.enable = true;
# required for yubikey
udev.packages = [ pkgs.yubikey-personalization ];
pcscd.enable = true;
}; };
hardware = { hardware = {