kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

format all

Browse Source
This commit is contained in:
Kopatz
2025-10-30 21:59:31 +01:00
parent b1dda4d037
commit 8a78e618bb
188 changed files with 3526 additions and 1825 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
modules/misc/backup.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, lib, inputs, ... }:
{
config,
pkgs,
lib,
inputs,
...
}:
with lib;
let
cfg = config.custom.misc.backup;
@@ -22,7 +28,15 @@ in
};
excludePaths = lib.mkOption {
type = types.listOf types.str;
default = [ "**/Cache" "**/.cache" "**/__pycache__" "**/node_modules" "**/venv" "*.o" "*.out" ];
default = [
"**/Cache"
"**/.cache"
"**/__pycache__"
"**/node_modules"
"**/venv"
"*.o"
"*.out"
];
description = "paths to exclude from the backup";
};
excludePathsRemote = lib.mkOption {
@@ -39,17 +53,29 @@ in
text = ''
# Check how much space is used by the backup paths
echo "Checking storage space (small) with excluded paths..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePaths)} ${builtins.concatStringsSep " " cfg.small}
du -sch ${
builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePaths)
} ${builtins.concatStringsSep " " cfg.small}
echo "Checking storage space (small) with excluded paths (remote)..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePathsRemote)} ${builtins.concatStringsSep " " cfg.small}
du -sch ${
builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePathsRemote)
} ${builtins.concatStringsSep " " cfg.small}
echo "Checking storage space (medium) with excluded paths..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePaths)} ${builtins.concatStringsSep " " cfg.medium}
du -sch ${
builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePaths)
} ${builtins.concatStringsSep " " cfg.medium}
echo "Checking storage space (medium) with excluded paths (remote)..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePathsRemote)} ${builtins.concatStringsSep " " cfg.medium}
du -sch ${
builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePathsRemote)
} ${builtins.concatStringsSep " " cfg.medium}
echo "Checking storage space (full) with excluded paths..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePaths)} ${builtins.concatStringsSep " " cfg.large}
du -sch ${
builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePaths)
} ${builtins.concatStringsSep " " cfg.large}
echo "Checking storage space (full) with excluded paths (remote)..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePathsRemote)} ${builtins.concatStringsSep " " cfg.large}
du -sch ${
builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePathsRemote)
} ${builtins.concatStringsSep " " cfg.large}
'';
};
cli = "${pkgs.internxt-cli}/bin/internxt";
@@ -94,7 +120,11 @@ in
};
in
mkIf cfg.enable {
environment.systemPackages = [ checkStorageSpace startInternxtWebdav stopInternxtWebdav ];
environment.systemPackages = [
checkStorageSpace
startInternxtWebdav
stopInternxtWebdav
];
age.secrets.restic-pw = {
file = ../../secrets/restic-pw.age;
};
@@ -126,7 +156,12 @@ in
OnCalendar = "04:00";
Persistent = true;
};
pruneOpts = [ "--keep-daily 7" "--keep-weekly 3" "--keep-monthly 3" "--keep-yearly 3" ];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 3"
"--keep-monthly 3"
"--keep-yearly 3"
];
repository = "/1tbssd/restic";
};
#localbackup-1tb = {
@@ -148,7 +183,12 @@ in
paths = cfg.medium;
rcloneConfigFile = config.age.secrets.restic-gdrive.path;
repository = "rclone:it-experts:backup";
pruneOpts = [ "--keep-daily 5" "--keep-weekly 3" "--keep-monthly 3" "--keep-yearly 3" ];
pruneOpts = [
"--keep-daily 5"
"--keep-weekly 3"
"--keep-monthly 3"
"--keep-yearly 3"
];
timerConfig = {
OnCalendar = "*-*-03,06,09,12,15,18,21,24,27,30 02:00:00";
Persistent = true;
@@ -160,37 +200,53 @@ in
environmentFile = config.age.secrets.restic-s3.path;
exclude = cfg.excludePathsRemote;
paths = cfg.small;
pruneOpts = [ "--keep-daily 5" "--keep-weekly 3" "--keep-monthly 3" "--keep-yearly 3" ];
pruneOpts = [
"--keep-daily 5"
"--keep-weekly 3"
"--keep-monthly 3"
"--keep-yearly 3"
];
timerConfig = {
OnCalendar = "*-*-03,06,09,12,15,18,21,24,27,30 02:00:00";
Persistent = true;
};
repository = "s3:s3.us-west-002.backblazeb2.com/kop-bucket";
};
remotebackup-large = let cli = "${pkgs.internxt-cli}/bin/internxt"; in {
initialize = true;
passwordFile = config.age.secrets.restic-pw.path;
environmentFile = config.age.secrets.restic-internxt.path;
exclude = cfg.excludePathsRemote;
paths = cfg.large;
backupPrepareCommand = ''
${startInternxtWebdav}
'';
backupCleanupCommand = ''
${stopInternxtWebdav}
'';
pruneOpts = [ "--keep-daily 5" "--keep-weekly 3" "--keep-monthly 3" "--keep-yearly 3" ];
timerConfig = {
OnCalendar = "*-*-03,06,09,12,15,18,21,24,27,30 02:00:00";
Persistent = true;
};
rcloneConfig = {
type = "webdav";
remotebackup-large =
let
cli = "${pkgs.internxt-cli}/bin/internxt";
in
{
initialize = true;
passwordFile = config.age.secrets.restic-pw.path;
environmentFile = config.age.secrets.restic-internxt.path;
exclude = cfg.excludePathsRemote;
paths = cfg.large;
backupPrepareCommand = ''
${startInternxtWebdav}
'';
backupCleanupCommand = ''
${stopInternxtWebdav}
'';
pruneOpts = [
"--keep-daily 5"
"--keep-weekly 3"
"--keep-monthly 3"
"--keep-yearly 3"
];
timerConfig = {
OnCalendar = "*-*-03,06,09,12,15,18,21,24,27,30 02:00:00";
Persistent = true;
};
rcloneConfig = {
type = "webdav";
url = "https://127.0.0.1:3005";
};
rcloneOptions = {
"no-check-certificate" = true;
};
repository = "rclone:internxt:backup";
};
rcloneOptions = { "no-check-certificate" = true; };
repository = "rclone:internxt:backup";
};
};
};
};

1
modules/misc/btrfs.nix
View File

@@ -12,4 +12,3 @@ in
services.btrfs.autoScrub.enable = true;
};
}

25
modules/misc/cli-tools.nix
View File

@@ -1,8 +1,18 @@
{ lib, config, pkgs, inputs, ... }:
{
lib,
config,
pkgs,
inputs,
...
}:
with lib;
let cfg = config.custom.cli-tools;
in {
options.custom.cli-tools = { enable = mkEnableOption "Enables cli-tools"; };
let
cfg = config.custom.cli-tools;
in
{
options.custom.cli-tools = {
enable = mkEnableOption "Enables cli-tools";
};
config =
let
@@ -28,7 +38,7 @@ in {
in
mkIf cfg.enable {
#Fuse filesystem that returns symlinks to executables based on the PATH of the requesting process.
#Fuse filesystem that returns symlinks to executables based on the PATH of the requesting process.
#This is useful to execute shebangs on NixOS that assume hard coded locations in locations like /bin or /usr/bin etc.
services.envfs.enable = true;
@@ -48,10 +58,7 @@ in {
environment.systemPackages = with pkgs; [
getTotalPowerUsed
watchCurrentPowerUsed
(if lib.versionOlder lib.version "25.05" then
wget
else
powerjoular) # monitor power usage
(if lib.versionOlder lib.version "25.05" then wget else powerjoular) # monitor power usage
bat # fancy cat
fd # nicer find
duf # nicer du

12
modules/misc/docker.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, lib, inputs, ... }:
{
config,
pkgs,
lib,
inputs,
...
}:
with lib;
let
cfg = config.custom.misc.docker;
@@ -9,7 +15,9 @@ in
};
config = lib.mkIf cfg.enable {
virtualisation.docker.enable = true;
virtualisation.docker.daemon.settings = { ip = "127.0.0.1"; };
virtualisation.docker.daemon.settings = {
ip = "127.0.0.1";
};
environment.systemPackages = with pkgs; [
docker-compose
];

18
modules/misc/faster-boot-time.nix
View File

@@ -1,11 +1,15 @@
{ lib, pkgs, config, ... }: {
# before: Startup finished in 18.830s (firmware) + 5.844s (loader) + 4.422s (kernel) + 7.616s (userspace) = 36.713s
# after: Startup finished in 14.115s (firmware) + 789ms (loader) + 4.312s (kernel) + 5.777s (userspace) = 24.995s
{
lib,
pkgs,
config,
...
}:
{
# before: Startup finished in 18.830s (firmware) + 5.844s (loader) + 4.422s (kernel) + 7.616s (userspace) = 36.713s
# after: Startup finished in 14.115s (firmware) + 789ms (loader) + 4.312s (kernel) + 5.777s (userspace) = 24.995s
systemd = {
targets.network-online.wantedBy =
lib.mkForce [ ]; # Normally ["multi-user.target"]
services.NetworkManager-wait-online.wantedBy =
lib.mkForce [ ]; # Normally ["network-online.target"]
targets.network-online.wantedBy = lib.mkForce [ ]; # Normally ["multi-user.target"]
services.NetworkManager-wait-online.wantedBy = lib.mkForce [ ]; # Normally ["network-online.target"]
};
# mash spacebar to still be able to select a different boot option
boot.loader.timeout = 1;

26
modules/misc/firejail.nix
View File

@@ -1,7 +1,14 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let cfg = config.custom.misc.firejail;
in {
let
cfg = config.custom.misc.firejail;
in
{
options.custom.misc.firejail = {
enable = lib.mkEnableOption "Enables firejail";
package = lib.mkOption {
@@ -13,12 +20,17 @@ in {
mk = lib.mkOption {
readOnly = true;
description = "Utility function to make a wrappedBinaries entry";
default = name:
{ pkg, profile ? name, bin ? name }: {
default =
name:
{
pkg,
profile ? name,
bin ? name,
}:
{
${bin} = {
executable = "${lib.getBin pkg}/bin/${bin}";
profile =
"${config.custom.misc.firejail.package}/etc/firejail/${profile}.profile";
profile = "${config.custom.misc.firejail.package}/etc/firejail/${profile}.profile";
};
};
};

37
modules/misc/kernel-testing.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
#amdgpu_module_pkg =
# { pkgs, lib, fetchurl, kernel ? pkgs.linuxPackages_latest.kernel, ... }:
@@ -46,22 +51,26 @@ let
# amdgpu_module = pkgs.callPackage amdgpu_module_pkg {
# kernel = config.boot.kernelPackages.kernel;
# };
amd_drm_next_pkg = { fetchurl, buildLinux, ... }@args:
amd_drm_next_pkg =
{ fetchurl, buildLinux, ... }@args:
buildLinux (args // rec {
version = "6.14.0-rc6";
modDirVersion = version;
buildLinux (
args
// rec {
version = "6.14.0-rc6";
modDirVersion = version;
src = fetchurl {
url =
"https://gitlab.freedesktop.org/agd5f/linux/-/archive/amd-drm-fixes-6.15-2025-04-09/linux-amd-drm-fixes-6.15-2025-04-09.tar.gz";
#"https://gitlab.freedesktop.org/agd5f/linux/-/archive/amd-drm-next-6.15-2025-03-21/linux-amd-drm-next-6.15-2025-03-21.tar.gz";
hash = "sha256-AhyDuV9KufqDJEJ+Fp+jnAta3OM/a9OcMNG9UV+OgR0=";
};
kernelPatches = [ ];
src = fetchurl {
url = "https://gitlab.freedesktop.org/agd5f/linux/-/archive/amd-drm-fixes-6.15-2025-04-09/linux-amd-drm-fixes-6.15-2025-04-09.tar.gz";
#"https://gitlab.freedesktop.org/agd5f/linux/-/archive/amd-drm-next-6.15-2025-03-21/linux-amd-drm-next-6.15-2025-03-21.tar.gz";
hash = "sha256-AhyDuV9KufqDJEJ+Fp+jnAta3OM/a9OcMNG9UV+OgR0=";
};
kernelPatches = [ ];
extraMeta.branch = "6.14.0-rc6";
} // (args.argsOverride or { }));
extraMeta.branch = "6.14.0-rc6";
}
// (args.argsOverride or { })
);
linux_amd_drm_next = pkgs.callPackage amd_drm_next_pkg { };
linux_6_14 = pkgs.buildLinux {

1
modules/misc/nftables.nix
View File

@@ -12,4 +12,3 @@ in
networking.nftables.enable = true;
};
}

14
modules/misc/nixvim.nix
View File

@@ -1,6 +1,14 @@
{ lib, config, pkgs, inputs, ... }:
{
lib,
config,
pkgs,
inputs,
...
}:
with lib;
let cfg = config.custom.nixvimPlugins;
in {
let
cfg = config.custom.nixvimPlugins;
in
{
options.custom.nixvimPlugins = mkEnableOption "Enables nixvim plugins";
}

6
modules/misc/packages-list.nix
View File

@@ -1,9 +1,9 @@
{ config, pkgs, ... }: {
{ config, pkgs, ... }:
{
environment.etc."current-system-packages".text =
let
packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
sortedUnique =
builtins.sort builtins.lessThan (pkgs.lib.lists.unique packages);
sortedUnique = builtins.sort builtins.lessThan (pkgs.lib.lists.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique;
in
formatted;

17
modules/misc/podman.nix
View File

@@ -1,8 +1,17 @@
{ pkgs, lib, config, ... }:
let cfg = config.custom.misc.podman;
in {
{
pkgs,
lib,
config,
...
}:
let
cfg = config.custom.misc.podman;
in
{
options = {
custom.misc.podman = { enable = lib.mkEnableOption "Enable podman service"; };
custom.misc.podman = {
enable = lib.mkEnableOption "Enable podman service";
};
};
config = lib.mkIf cfg.enable {
# Enable common container config files in /etc/containers

25
modules/misc/static-ip.nix
View File

@@ -1,7 +1,9 @@
{ config, lib, ... }:
with lib;
let cfg = config.custom.static-ip;
in {
let
cfg = config.custom.static-ip;
in
{
options.custom.static-ip = {
enable = mkEnableOption "Enables static-ip";
ip = lib.mkOption {
@@ -23,20 +25,23 @@ in {
};
};
config =
let fallback = "1.1.1.1";
in mkIf cfg.enable {
let
fallback = "1.1.1.1";
in
mkIf cfg.enable {
networking = {
defaultGateway = cfg.gateway;
useDHCP = false;
nameservers = [ cfg.dns ]
++ lib.lists.optionals (!config.services.resolved.enable) [ fallback ];
nameservers = [ cfg.dns ] ++ lib.lists.optionals (!config.services.resolved.enable) [ fallback ];
interfaces = {
${cfg.interface} = {
name = "eth0";
ipv4.addresses = [{
address = cfg.ip;
prefixLength = 24;
}];
ipv4.addresses = [
{
address = cfg.ip;
prefixLength = 24;
}
];
};
};
};

1
modules/misc/tmpfs.nix
View File

@@ -12,4 +12,3 @@ in
boot.tmp.useTmpfs = true;
};
}

44
modules/misc/virt-manager.nix
View File

@@ -1,14 +1,20 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
with lib;
let cfg = config.custom.virt-manager;
in {
let
cfg = config.custom.virt-manager;
in
{
options.custom.virt-manager = {
enable = mkEnableOption "Enables virt-manager";
};
config = mkIf cfg.enable {
programs.dconf.enable =
true; # virt-manager requires dconf to remember settings
programs.dconf.enable = true; # virt-manager requires dconf to remember settings
environment.systemPackages = with pkgs; [ virtiofsd ];
environment.sessionVariables.GSETTINGS_BACKEND = "keyfile";
boot.extraModprobeConfig = ''
@@ -25,19 +31,31 @@ in {
};
hooks.qemu = {
# doesnt work, screen just freezes. no error in libvirt logs though, so idk how to fix it
"passthrough" = lib.getExe (pkgs.writeShellApplication {
name = "qemu-hook";
excludeShellChecks = [ "SC2046" "SC2086" ];
"passthrough" = lib.getExe (
pkgs.writeShellApplication {
name = "qemu-hook";
excludeShellChecks = [
"SC2046"
"SC2086"
];
runtimeInputs = with pkgs; [ libvirt systemd kmod ];
text = builtins.readFile ./hook.sh;
});
runtimeInputs = with pkgs; [
libvirt
systemd
kmod
];
text = builtins.readFile ./hook.sh;
}
);
};
};
spiceUSBRedirection.enable = true;
};
services.spice-vdagentd.enable = true;
users.users.${config.mainUser.name}.extraGroups =
[ "libvirtd" "kvm" "input" ];
users.users.${config.mainUser.name}.extraGroups = [
"libvirtd"
"kvm"
"input"
];
};
}

8
modules/misc/wireshark.nix
View File

@@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
with lib;
let
cfg = config.custom.wireshark;
@@ -15,4 +20,3 @@ in
users.users.${config.mainUser.name}.extraGroups = [ "wireshark" ];
};
}

8
modules/misc/zram.nix
View File

@@ -1,4 +1,10 @@
{ pkgs, lib, config, ... }: {
{
pkgs,
lib,
config,
...
}:
{
zramSwap = {
enable = true;
};