jahanson/nix-config
Archived
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: jahanson:3549028f2898bdcd3d40608271665adc34e85215
Branches Tags
jahanson:main
jahanson:nixd-cve-fix
jahanson:nix-rewrite-v2
jahanson:nix-rewrite
..
compare: jahanson:2d91906997b70ebcf1c4b7464f4fe67580aa57f1
Branches Tags
jahanson:main
jahanson:nixd-cve-fix
jahanson:nix-rewrite-v2
jahanson:nix-rewrite

1 commit
3549028f28 ... 2d91906997

Author SHA1 Message Date
Smeagol
2d91906997 Lock file maintenance 2024-03-11 22:19:54 +00:00
10 changed files with 254 additions and 341 deletions
Show stats Expand all files Collapse all files

265
flake.lock
View file

@ -9,11 +9,11 @@
]
},
"locked": {
"lastModified": 1712328717,
"narHash": "sha256-JjyigEN2M6HTeeUBk6PcOkcSMqDaXoQhYAX7KYk6K24=",
"lastModified": 1710174970,
"narHash": "sha256-YEeNn5h9kIrkWPsraAqJ2fWh7YP1K8ngyMSA7bLDDVk=",
"owner": "atuinsh",
"repo": "atuin",
"rev": "28b0b490f93fe9f7964d0593b9ba600f4b24663e",
"rev": "04f2c95617d8d5f1f9143fe1d9b1f71279232445",
"type": "github"
},
"original": {
@ -22,6 +22,28 @@
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs-stable"
],
"utils": "utils"
},
"locked": {
"lastModified": 1708091384,
"narHash": "sha256-dTGGw2y8wvfjr+J9CjQbfdulOq72hUG17HXVNxpH1yE=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "0a0187794ac7f7a1e62cda3dabf8dc041f868790",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -38,10 +60,44 @@
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1698882062,
"narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1709336216,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
@ -61,11 +117,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
@ -81,11 +137,11 @@
]
},
"locked": {
"lastModified": 1710888565,
"narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=",
"lastModified": 1706981411,
"narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce",
"rev": "652fda4ca6dafeb090943422c34ae9145787af37",
"type": "github"
},
"original": {
@ -102,11 +158,11 @@
]
},
"locked": {
"lastModified": 1712317700,
"narHash": "sha256-rnkQ6qMhlxfjpCECkTMlFXHU/88QvC5KpdJWq5H6F1E=",
"lastModified": 1710164657,
"narHash": "sha256-l64+ZjaQAVkHDVaK0VHwtXBdjcBD6nLBD+p7IfyBp/w=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "782eed8bb64b27acaeb7c17be4a095c85e65717f",
"rev": "017b12de5b899ef9b64e2c035ce257bfe95b8ae2",
"type": "github"
},
"original": {
@ -140,7 +196,7 @@
"hyprland-protocols": "hyprland-protocols",
"hyprlang": "hyprlang",
"nixpkgs": "nixpkgs",
"systems": "systems_2",
"systems": "systems_3",
"wlroots": "wlroots",
"xdph": "xdph"
},
@ -164,7 +220,7 @@
"hyprland-protocols": "hyprland-protocols_2",
"hyprlang": "hyprlang_2",
"nixpkgs": "nixpkgs_2",
"systems": "systems_3",
"systems": "systems_4",
"wlroots": "wlroots_2",
"xdph": "xdph_2"
},
@ -265,7 +321,7 @@
"hyprland-protocols": "hyprland-protocols_3",
"hyprlang": "hyprlang_3",
"nixpkgs": "nixpkgs_3",
"systems": "systems_5"
"systems": "systems_6"
},
"locked": {
"lastModified": 1709299639,
@ -334,7 +390,7 @@
"hyprland-xdph-git",
"nixpkgs"
],
"systems": "systems_4"
"systems": "systems_5"
},
"locked": {
"lastModified": 1708681732,
@ -350,17 +406,39 @@
"type": "github"
}
},
"nixd-git": {
"nix-fast-build": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs-stable"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1709911523,
"narHash": "sha256-XNutwbRI6h57ybeKy0yYupfngWYcfcIqE0b0LgXnyxs=",
"owner": "Mic92",
"repo": "nix-fast-build",
"rev": "692fe3e98f36b60c678d637235271b57910a7f80",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "nix-fast-build",
"type": "github"
}
},
"nixd-git": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1711809944,
"narHash": "sha256-Z5FEXEn/5lAnGUSDIah0NRkP3RCE5sQQrms7ltvzH/8=",
"lastModified": 1710142672,
"narHash": "sha256-MRClVDHMGXglXpSR+RflwnrY/ngePqrxOwiwoh5/BtU=",
"owner": "nix-community",
"repo": "nixd",
"rev": "bcf0de61178c4dbf1488e8417cc7e28cc5390164",
"rev": "eb40e5b315fafa1086f69be84918bbd9235e0a10",
"type": "github"
},
"original": {
@ -386,6 +464,24 @@
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1698611440,
"narHash": "sha256-jPjHjrerhYDy3q9+s5EAsuhyhuknNfowY6yt6pjn9pc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0cbe9f69c234a7700596e943bfae7ef27a31b735",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"dir": "lib",
"lastModified": 1709237383,
@ -403,29 +499,13 @@
"type": "github"
}
},
"nixpkgs-ovmf": {
"locked": {
"lastModified": 1708984720,
"narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1712168706,
"narHash": "sha256-XP24tOobf6GGElMd0ux90FEBalUtw6NkBSVh/RlA6ik=",
"lastModified": 1710021367,
"narHash": "sha256-FuMVdWqXMT38u1lcySYyv93A7B8wU0EGzUr4t4jQu8g=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1487bdea619e4a7a53a4590c475deabb5a9d1bfb",
"rev": "b94a96839afcc56de3551aa7472b8d9a3e77e05d",
"type": "github"
},
"original": {
@ -437,11 +517,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1711819797,
"narHash": "sha256-tNeB6emxj74Y6ctwmsjtMlzUMn458sBmwnD35U5KIM4=",
"lastModified": 1710033658,
"narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2b4e3ca0091049c6fbb4908c66b05b77eaef9f0c",
"rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8",
"type": "github"
},
"original": {
@ -453,11 +533,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1712163089,
"narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
"lastModified": 1709961763,
"narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
"rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34",
"type": "github"
},
"original": {
@ -515,40 +595,19 @@
"type": "github"
}
},
"nixvirt-git": {
"inputs": {
"nixpkgs": [
"nixpkgs-stable"
],
"nixpkgs-ovmf": "nixpkgs-ovmf"
},
"locked": {
"lastModified": 1709064919,
"narHash": "sha256-uscnESRqfncrLg/gsEjDRP57u1tHk9+eGIBb5uhbf9g=",
"owner": "AshleyYakeley",
"repo": "NixVirt",
"rev": "a9cbedf52007b5d525837b0f736ad4fc8fe7f94c",
"type": "github"
},
"original": {
"owner": "AshleyYakeley",
"ref": "v0.3.0",
"repo": "NixVirt",
"type": "github"
}
},
"root": {
"inputs": {
"atuin": "atuin",
"deploy-rs": "deploy-rs",
"home-manager-stable": "home-manager-stable",
"home-manager-unstable": "home-manager-unstable",
"hy3": "hy3",
"hyprland-git": "hyprland-git",
"hyprland-xdph-git": "hyprland-xdph-git",
"nix-fast-build": "nix-fast-build",
"nixd-git": "nixd-git",
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable",
"nixvirt-git": "nixvirt-git",
"sops-nix": "sops-nix"
}
},
@ -560,11 +619,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1711855048,
"narHash": "sha256-HxegAPnQJSC4cbEbF4Iq3YTlFHZKLiNTk8147EbLdGg=",
"lastModified": 1710195194,
"narHash": "sha256-KFxCJp0T6TJOz1IOKlpRdpsCr9xsvlVuWY/VCiAFnTE=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "99b1e37f9fc0960d064a7862eb7adfb92e64fa10",
"rev": "e52d8117b330f690382f1d16d81ae43daeb4b880",
"type": "github"
},
"original": {
@ -590,16 +649,16 @@
},
"systems_2": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"repo": "default",
"type": "github"
}
},
@ -648,6 +707,60 @@
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nix-fast-build",
"nixpkgs"
]
},
"locked": {
"lastModified": 1698438538,
"narHash": "sha256-AWxaKTDL3MtxaVTVU5lYBvSnlspOS0Fjt8GxBgnU0Do=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "5deb8dc125a9f83b65ca86cf0c8167c46593e0b1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"wlroots": {
"flake": false,
"locked": {

19
flake.nix
View file

@ -25,12 +25,24 @@
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# nix-fast-build
nix-fast-build = {
url = "github:Mic92/nix-fast-build";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
# sops-nix
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
# deploy-rs
deploy-rs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
# atuin
atuin = {
url = "github:atuinsh/atuin";
@ -56,12 +68,6 @@
nixd-git = {
url = "github:nix-community/nixd";
};
# NixVirt for qemu & libvirt
nixvirt-git = {
url = "github:AshleyYakeley/NixVirt/v0.3.0";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
};
# The `@` syntax here is used to alias the attribute set of the
@ -75,7 +81,6 @@
];
in
{
hydraJobs = import ./hydra.nix { inherit inputs outputs; };
nixosConfigurations = {
"durincore" = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";

8
garnix.yaml
View file

@ -1,8 +0,0 @@
---
# Config for garnix.io builds & caching
builds:
include:
- homeConfigurations.*
- nixosConfigurations.*
- packages.x86_64-linux.*
- packages.aarch64-linux.*

2
home-manager/durincore.nix
View file

@ -15,8 +15,6 @@
"$menu" = "wofi --show drun";
bind =
[
# Disables middle mouse button paste.
", mouse:274, exec, ;"
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more

20
home-manager/gandalf.nix
View file

@ -7,13 +7,6 @@
home = {
username = "jahanson";
homeDirectory = "/home/jahanson";
stateVersion = "23.11";
packages = with pkgs; [
# it provides the command `nom` works just like `nix`
# with more details log output
nix-output-monitor
];
};
# basic configuration of git, please change to your own
@ -58,5 +51,18 @@
};
};
# Packages that should be installed to the user profile.
home.packages = with pkgs; [
# here is some command line tools I use frequently
# feel free to add your own or remove some of them
# nix related
#
# it provides the command `nom` works just like `nix`
# with more details log output
nix-output-monitor
];
home.stateVersion = "23.11";
programs.home-manager.enable = true;
}

18
hydra.nix
View file

@ -1,18 +0,0 @@
{ inputs, outputs }:
let
inherit (inputs.nixpkgs-stable.lib) filterAttrs mapAttrs elem;
notBroken = pkg: !(pkg.meta.broken or false);
isDistributable = pkg:
(pkg.meta.license or { redistributable = true; }).redistributable;
hasPlatform = sys: pkg: elem sys (pkg.meta.platforms or [ ]);
filterValidPkgs = sys: pkgs:
filterAttrs
(_: pkg: hasPlatform sys pkg && notBroken pkg && isDistributable pkg) pkgs;
getCfg = _: cfg: cfg.config.system.build.toplevel;
getHomeCfg = _: cfg: cfg.config.home.activationPackage;
in {
# pkgs = mapAttrs filterValidPkgs outputs.packages;
hosts = mapAttrs getCfg outputs.nixosConfigurations;
# homes = mapAttrs getHomeCfg outputs.homeConfigurations;
}

8
nixos/common.nix
View file

@ -20,12 +20,8 @@
options = [ "x-systemd.automount" "noauto" ];
};
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
trusted-users = [ "root" "jahanson" ];
extra-substituters = "https://cache.garnix.io";
extra-trusted-public-keys = "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.trusted-users = [ "root" "jahanson" ];
# Enable fish
programs.fish.enable = true;

13
nixos/durincore/configuration.nix
View file

@ -22,9 +22,6 @@
portalPackage = inputs.hyprland-xdph-git.packages.${pkgs.system}.xdg-desktop-portal-hyprland;
};
# VirtManager for gandalf QEMU/KVM
programs.virt-manager.enable = true;
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
};
@ -49,16 +46,6 @@
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable login prompt when booting.
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.greetd}/bin/agreety --cmd Hyprland";
};
};
};
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;

237
nixos/gandalf/configuration.nix
View file

@ -2,53 +2,33 @@
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, inputs, ... }:
let
upsPassword = "illgettoiteventually";
vendorid = "0764";
productid = "0501";
in
{ config, lib, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
inputs.nixvirt-git.nixosModules.default
];
# Use the systemd-boot EFI boot loader.
boot = {
supportedFilesystems = [ "zfs" ];
zfs.forceImportRoot = false;
kernelParams = [ "zfs.zfs_arc_max=107374182400" ]; # 100GB
kernelParams = [ "zfs.zfs_arc_max=107374182400" ];
zfs.extraPools = [ "eru" ];
};
# ZFS NFS Share settings for read/write. Allows root passthrough with no user permission squash. Multiple IPs.
# sudo zfs set sharenfs="rw=10.1.2.0/24:10.5.0.8/32,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/xen-backups
# Read Only
# sudo zfs set sharenfs="ro=10.1.2.0/24,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/borg
# Read Only and Read Write
# sudo zfs set sharenfs="ro=10.1.2.0/24,rw=10.1.1.55/32,no_root_squash,sec=sys,anonuid=548,anongid=548" eru/borg/nextcloud
# Disables NFS share for dataset.
# sudo zfs set sharenfs inherit eru/xen-backups
# Network settings
networking = {
hostName = "gandalf";
hostId = "e2fc95cd";
useDHCP = false; # needed for bridge
hostName = "gandalf"; # Define your hostname.
networkmanager.enable = true;
firewall.enable = false;
interfaces = {
"enp130s0f0".useDHCP = true;
"enp130s0f1".useDHCP = true;
};
bridges = {
"br0" = {
interfaces = [ "enp130s0f1" ];
};
};
hostId = "e2fc95cd";
};
environment.systemPackages = with pkgs; [
@ -56,103 +36,22 @@ in
lazydocker
];
# Services
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# OpenSSH daemon.
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
services.prometheus.exporters.zfs.enable = true;
services.prometheus.exporters.smartctl.enable = true;
# UPS & NUT
power.ups = {
enable = true;
ups.cyberpower = {
driver = "usbhid-ups";
port = "auto";
directives = [
"vendorid = ${vendorid}"
"productid = ${productid}"
"product = CP1500AVRLCDa"
"serial = CTHKY2013373"
"vendor = CPS"
"bus = 002"
];
};
};
users = {
users.nut = {
isSystemUser = true;
group = "nut";
# it does not seem to do anything with this directory
# but something errored without it, so whatever
home = "/var/lib/nut";
createHome = true;
};
groups.nut = { };
};
services.udev.extraRules = ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="${vendorid}", ATTRS{idProduct}=="${productid}", MODE="664", GROUP="nut", OWNER="nut"
'';
systemd.services.upsd.serviceConfig = {
User = "root";
Group = "nut";
};
systemd.services.upsdrv.serviceConfig = {
User = "root";
Group = "nut";
};
# reference: https://github.com/networkupstools/nut/tree/master/conf
environment.etc = {
# all this file needs to do is exist
upsdConf = {
text = "";
target = "nut/upsd.conf";
mode = "0440";
group = "nut";
user = "nut";
};
upsdUsers = {
# update upsmonConf MONITOR to match
text = ''
[upsmon]
password = ${upsPassword}
upsmon master
'';
target = "nut/upsd.users";
mode = "0440";
group = "nut";
user = "nut";
};
# RUN_AS_USER is not a default
# the rest are from the sample
# grep -v '#' /nix/store/8nciysgqi7kmbibd8v31jrdk93qdan3a-nut-2.7.4/etc/upsmon.conf.sample
upsmonConf = {
text = ''
RUN_AS_USER nut
MINSUPPLIES 1
SHUTDOWNCMD "shutdown -h 0"
POLLFREQ 5
POLLFREQALERT 5
HOSTSYNC 15
DEADTIME 15
RBWARNTIME 43200
NOCOMMWARNTIME 300
FINALDELAY 5
MONITOR cyberpower@localhost 1 upsmon ${upsPassword} master
'';
target = "nut/upsmon.conf";
mode = "0444";
};
};
# NFS
services.nfs.server.enable = true;
@ -187,38 +86,6 @@ in
"force user" = "apps";
"force group" = "apps";
};
hansonhive = {
path = "/eru/hansonhive";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "www-data";
"force group" = "www-data";
};
tm_joe = {
path = "/eru/tm_joe";
"valid users" = "jahanson";
public = "no";
writeable = "yes";
"guest ok" = "no";
"force user" = "jahanson";
"fruit:aapl" = "yes";
"fruit:time machine" = "yes";
"vfs objects" = "catia fruit streams_xattr";
};
tm_elisia = {
path = "/eru/tm_elisia";
"valid users" = "emhanson";
public = "no";
writeable = "yes";
"guest ok" = "no";
"force user" = "emhanson";
"fruit:aapl" = "yes";
"fruit:time machine" = "yes";
"vfs objects" = "catia fruit streams_xattr";
};
};
};
@ -234,11 +101,10 @@ in
};
# Podman Containers
# Xen-orchestra
virtualisation.oci-containers = {
backend = "podman";
containers ={
# Xen-orchestra container
xen-orchestra = {
image = "docker.io/ronivay/xen-orchestra:5.136.0";
ports = [ "80:80" ];
@ -274,57 +140,6 @@ in
daily = 7;
monthly = 12;
};
"eru/hansonhive" = {
recursive = true;
autoprune = true;
autosnap = true;
hourly = 24;
daily = 7;
monthly = 12;
};
"eru/tm_joe" = {
recursive = true;
autoprune = true;
autosnap = true;
hourly = 24;
daily = 7;
monthly = 12;
};
"eru/tm_elisia" = {
recursive = true;
autoprune = true;
autosnap = true;
hourly = 24;
daily = 7;
monthly = 12;
};
"eru/containers/volumes/xo-data" = {
recursive = true;
autoprune = true;
autosnap = true;
hourly = 24;
daily = 7;
monthly = 12;
};
"eru/containers/volumes/xo-redis-data" = {
recursive = true;
autoprune = true;
autosnap = true;
hourly = 24;
daily = 7;
monthly = 12;
};
};
};
# Enable QEMU/KVM/libvirt
virtualisation.libvirt.enable = true;
virtualisation.libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_kvm;
ovmf.enable = true;
ovmf.packages = [pkgs.OVMFFull.fd];
};
};
@ -332,8 +147,28 @@ in
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?

3
nixos/gandalf/hardware-configuration.nix
View file

@ -10,9 +10,8 @@
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "isci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [ "iommu=pt" "intel_iommu=on" ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/d5e03c8a-9488-47f7-b911-339bdae36009";