kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

format

Browse Source
This commit is contained in:
Kopatz
2025-03-18 16:27:20 +01:00
parent 923ab37209
commit cc32af7b80
131 changed files with 2383 additions and 2224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
flake.nix
View File

@@ -63,9 +63,25 @@
# inputs.nixpkgs.follows = "nixpkgs-unstable"; # inputs.nixpkgs.follows = "nixpkgs-unstable";
#}; #};
}; };
outputs = { self, nur, nixpkgs, nixos-hardware, nixos-wsl, nixpkgs-unstable outputs =
, agenix, home-manager, home-manager-unstable, nix-colors, nixos-cosmic { self
, nixvim, nixos-generators, stylix, disko, flake-utils, ... }@inputs: , nur
, nixpkgs
, nixos-hardware
, nixos-wsl
, nixpkgs-unstable
, agenix
, home-manager
, home-manager-unstable
, nix-colors
, nixos-cosmic
, nixvim
, nixos-generators
, stylix
, disko
, flake-utils
, ...
}@inputs:
let let
inherit (self) outputs; inherit (self) outputs;
system = "x86_64-linux"; system = "x86_64-linux";
@@ -84,10 +100,16 @@
builtins.foldl' (acc: elem: nixpkgs.lib.recursiveUpdate acc elem) { } builtins.foldl' (acc: elem: nixpkgs.lib.recursiveUpdate acc elem) { }
list; list;
# helper function to create a machine # helper function to create a machine
mkHost = { modules, specialArgs ? { mkHost =
{ modules
, specialArgs ? {
pkgsVersion = nixpkgs-unstable; pkgsVersion = nixpkgs-unstable;
home-manager-version = home-manager-unstable; home-manager-version = home-manager-unstable;
}, system ? "x86_64-linux", minimal ? false, graphical ? true }: }
, system ? "x86_64-linux"
, minimal ? false
, graphical ? true
}:
let lib = specialArgs.pkgsVersion.lib; let lib = specialArgs.pkgsVersion.lib;
in specialArgs.pkgsVersion.lib.nixosSystem { in specialArgs.pkgsVersion.lib.nixosSystem {
inherit system; inherit system;
@@ -102,10 +124,15 @@
]; ];
specialArgs = specialArgs // { inherit inputs outputs; }; specialArgs = specialArgs // { inherit inputs outputs; };
}; };
mkStableServer = { modules, specialArgs ? { mkStableServer =
{ modules
, specialArgs ? {
pkgsVersion = nixpkgs; pkgsVersion = nixpkgs;
home-manager-version = home-manager; home-manager-version = home-manager;
}, system ? "x86_64-linux", minimal ? false }: }
, system ? "x86_64-linux"
, minimal ? false
}:
let lib = specialArgs.pkgsVersion.lib; let lib = specialArgs.pkgsVersion.lib;
in specialArgs.pkgsVersion.lib.nixosSystem { in specialArgs.pkgsVersion.lib.nixosSystem {
inherit system; inherit system;
@@ -141,7 +168,8 @@
}; };
}; };
}); });
in { in
{
overlays = import ./overlays.nix { inherit inputs; }; overlays = import ./overlays.nix { inherit inputs; };
nixosConfigurations = { nixosConfigurations = {

6
home-manager/code.nix
View File

@@ -1,6 +1,7 @@
{ osConfig, config, pkgs, inputs, lib, ... }: { { osConfig, config, pkgs, inputs, lib, ... }: {
config = lib.mkIf osConfig.custom.graphical.code.enable rec { config = lib.mkIf osConfig.custom.graphical.code.enable rec {
home.activation.makeVSCodeConfigWritable = let home.activation.makeVSCodeConfigWritable =
let
configDirName = { configDirName = {
"vscode" = "Code"; "vscode" = "Code";
"vscode-insiders" = "Code - Insiders"; "vscode-insiders" = "Code - Insiders";
@@ -8,7 +9,8 @@
}.${programs.vscode.package.pname}; }.${programs.vscode.package.pname};
configPath = configPath =
"${config.xdg.configHome}/${configDirName}/User/settings.json"; "${config.xdg.configHome}/${configDirName}/User/settings.json";
in { in
{
after = [ "writeBoundary" ]; after = [ "writeBoundary" ];
before = [ ]; before = [ ];
data = '' data = ''

2
home-manager/direnv.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, ...}: { config, pkgs, inputs, ... }:
{ {
programs.direnv = { programs.direnv = {
enable = true; enable = true;

3
home-manager/firefox/default.nix
View File

@@ -58,7 +58,8 @@ let
}; };
}; };
}; };
in { in
{
stylix = lib.mkIf osConfig.custom.graphical.stylix.enable { stylix = lib.mkIf osConfig.custom.graphical.stylix.enable {
targets.firefox = { targets.firefox = {
profileNames = [ "default" ]; profileNames = [ "default" ];

3
home-manager/floorp/default.nix
View File

@@ -58,7 +58,8 @@ let
}; };
}; };
}; };
in { in
{
programs.floorp = { programs.floorp = {
enable = true; enable = true;
policies = { policies = {

2
home-manager/gitconfig.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, ...}: { config, pkgs, inputs, ... }:
{ {
home.file.".gitconfig" = { home.file.".gitconfig" = {
enable = true; enable = true;

18
home-manager/hyprland/hyprland-settings.nix
View File

@@ -12,7 +12,8 @@ let
''; '';
monitor1 = if isPc then "DP-1" else if isLaptop then "eDP-1" else "eDP-1"; monitor1 = if isPc then "DP-1" else if isLaptop then "eDP-1" else "eDP-1";
monitor2 = "HDMI-A-1"; monitor2 = "HDMI-A-1";
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
home.file.".config/hypr/hyprshade.toml".source = home.file.".config/hypr/hyprshade.toml".source =
@@ -29,7 +30,8 @@ in {
# #
# See https://wiki.hyprland.org/Configuring/Monitors/ # See https://wiki.hyprland.org/Configuring/Monitors/
monitor = if isPc then [ monitor =
if isPc then [
"${monitor2},1920x1080@60,0x0,1" "${monitor2},1920x1080@60,0x0,1"
"${monitor1},2560x1440@144,1920x0,1" "${monitor1},2560x1440@144,1920x0,1"
"Unknown-1,disable" "Unknown-1,disable"
@@ -181,7 +183,8 @@ in {
"$mainMod" = "SUPER"; "$mainMod" = "SUPER";
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more # Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = let bind =
let
rofi = "${pkgs.rofi-wayland}/bin/rofi"; rofi = "${pkgs.rofi-wayland}/bin/rofi";
kitty = "${pkgs.kitty}/bin/kitty"; kitty = "${pkgs.kitty}/bin/kitty";
#dolphin = "${pkgs.dolphin}/bin/dolphin"; #dolphin = "${pkgs.dolphin}/bin/dolphin";
@@ -196,7 +199,8 @@ in {
#swaylock = "${pkgs.swaylock}/bin/swaylock"; #swaylock = "${pkgs.swaylock}/bin/swaylock";
hyprlock = "${pkgs.hyprlock}/bin/hyprlock"; hyprlock = "${pkgs.hyprlock}/bin/hyprlock";
playerctl = "${pkgs.playerctl}/bin/playerctl"; playerctl = "${pkgs.playerctl}/bin/playerctl";
in [ in
[
"$mainMod, Q, exec, ${kitty}" "$mainMod, Q, exec, ${kitty}"
"$mainMod, C, killactive" "$mainMod, C, killactive"
#"$mainMod, L, exec, ${swaylock} -f -c 000000" #"$mainMod, L, exec, ${swaylock} -f -c 000000"
@@ -318,14 +322,16 @@ in {
"xrandr --monitor ${monitor1} --primary" "xrandr --monitor ${monitor1} --primary"
]; ];
}; };
extraConfig = let extraConfig =
let
wl-copy = "${pkgs.wl-clipboard}/bin/wl-copy"; wl-copy = "${pkgs.wl-clipboard}/bin/wl-copy";
wl-paste = "${pkgs.wl-clipboard}/bin/wl-paste"; wl-paste = "${pkgs.wl-clipboard}/bin/wl-paste";
dunstify = "${pkgs.dunst}/bin/dunstify"; dunstify = "${pkgs.dunst}/bin/dunstify";
dunstctl = "${pkgs.dunst}/bin/dunstctl"; dunstctl = "${pkgs.dunst}/bin/dunstctl";
pdfgrep = "${pkgs.pdfgrep}/bin/pdfgrep --cache"; pdfgrep = "${pkgs.pdfgrep}/bin/pdfgrep --cache";
path = "/synced/fh/os-hardening/**/slides"; path = "/synced/fh/os-hardening/**/slides";
in '' in
''
bind = $mainMod, A, submap, notes bind = $mainMod, A, submap, notes
submap = notes submap = notes

2
home-manager/hyprland/hyprland-xwaylandvideobridge.nix
View File

@@ -16,7 +16,7 @@ in
systemd.user.services.xwaylandvideobridge = { systemd.user.services.xwaylandvideobridge = {
Unit.Description = "XWaylandVideoBridge"; Unit.Description = "XWaylandVideoBridge";
Service.ExecStart = lib.getExe pkgs.unstable.xwaylandvideobridge; Service.ExecStart = lib.getExe pkgs.unstable.xwaylandvideobridge;
Install.WantedBy = ["graphical-session.target"]; Install.WantedBy = [ "graphical-session.target" ];
}; };
}; };
} }

6
home-manager/hyprland/waybar.nix
View File

@@ -2,7 +2,8 @@
with lib; with lib;
let cfg = osConfig.custom.graphical.hyprland; let cfg = osConfig.custom.graphical.hyprland;
in { in {
config = let config =
let
# styles from https://github.com/khaneliman/khanelinix/blob/8375f8cfbe5bfd87565b4dc34c9d30630c17336d/modules/home/desktop/addons/waybar/default.nix # styles from https://github.com/khaneliman/khanelinix/blob/8375f8cfbe5bfd87565b4dc34c9d30630c17336d/modules/home/desktop/addons/waybar/default.nix
base16 = config.stylix.base16Scheme; base16 = config.stylix.base16Scheme;
readAndReplace = path: replace: builtins.readFile (pkgs.replaceVars path replace); readAndReplace = path: replace: builtins.readFile (pkgs.replaceVars path replace);
@@ -14,7 +15,8 @@ in {
powerStyle = builtins.readFile ./styles/power.css; powerStyle = builtins.readFile ./styles/power.css;
statsStyle = builtins.readFile ./styles/stats.css; statsStyle = builtins.readFile ./styles/stats.css;
workspacesStyle = builtins.readFile ./styles/workspaces.css; workspacesStyle = builtins.readFile ./styles/workspaces.css;
in lib.mkIf cfg.enable { in
lib.mkIf cfg.enable {
home.file.".config/waybar" = { home.file.".config/waybar" = {
recursive = true; recursive = true;

3
home-manager/i3.nix
View File

@@ -68,7 +68,8 @@ in {
# wm-restack = "i3"; # wm-restack = "i3";
# override-redirect = true; # override-redirect = true;
}; };
"module/i3" = let padding = 2; "module/i3" =
let padding = 2;
in { in {
type = "internal/i3"; type = "internal/i3";
pin-workspaces = true; pin-workspaces = true;

2
home-manager/kitty.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, lib, ...}: { config, pkgs, inputs, lib, ... }:
{ {
programs.kitty = { programs.kitty = {
enable = true; enable = true;

2
home-manager/lf.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, ...}: { config, pkgs, inputs, ... }:
{ {
programs.lf = { programs.lf = {
enable = true; enable = true;

2
home-manager/mpv.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, ...}: { config, pkgs, inputs, ... }:
{ {
programs.mpv = { programs.mpv = {
enable = true; enable = true;

2
home-manager/nixvim/config.nix
View File

@@ -1,4 +1,4 @@
{lib, pkgs, ...}: { lib, pkgs, ... }:
{ {
enable = true; enable = true;
viAlias = true; viAlias = true;

3
home-manager/nixvim/default.nix
View File

@@ -30,7 +30,8 @@ let
]; ];
merged = merged =
builtins.foldl' (acc: elem: lib.recursiveUpdate acc elem) { } configs; builtins.foldl' (acc: elem: lib.recursiveUpdate acc elem) { } configs;
in { in
{
home.sessionVariables = { EDITOR = "nvim"; }; home.sessionVariables = { EDITOR = "nvim"; };
programs.nixvim = merged; programs.nixvim = merged;
} }

2
home-manager/nixvim/images.nix
View File

@@ -1,4 +1,4 @@
{pkgs, ...}: { pkgs, ... }:
{ {
plugins = { plugins = {
image.enable = true; image.enable = true;

15
home-manager/nixvim/lsp.nix
View File

@@ -1,19 +1,28 @@
{pkgs, ...}: { pkgs, ... }:
{ {
plugins = { plugins = {
otter = { # provide lsp functionality for code embedded in other languages otter = {
# provide lsp functionality for code embedded in other languages
enable = true; enable = true;
settings.handle_leading_whitespace = true; settings.handle_leading_whitespace = true;
}; };
lsp = { lsp = {
enable = true; enable = true;
inlayHints = true;
servers = { servers = {
bashls.enable = true; bashls.enable = true;
#ccls.enable = true; #ccls.enable = true;
clangd.enable = true; clangd.enable = true;
cssls.enable = true; cssls.enable = true;
gopls.enable = true; gopls.enable = true;
nixd.enable = true; nixd = {
enable = true;
settings = {
nixpkgs.expr = ''import <nixpkgs> { }'';
formatting.command = [ "nixpkgs-fmt" ];
options.nixos.expr = ''(builtins.getFlake ("/home/kopatz/projects/github/nix-config")).nixosConfigurations.kop-pc.options'';
};
};
html.enable = true; html.enable = true;
dartls.enable = true; dartls.enable = true;
ts_ls.enable = true; ts_ls.enable = true;

2
home-manager/nixvim/none-ls.nix
View File

@@ -10,7 +10,7 @@
fantomas.enable = true; fantomas.enable = true;
gofmt.enable = true; gofmt.enable = true;
goimports.enable = true; goimports.enable = true;
nixfmt.enable = true; #nixfmt.enable = true;
markdownlint.enable = true; markdownlint.enable = true;
shellharden.enable = true; shellharden.enable = true;
shfmt.enable = true; shfmt.enable = true;

3
home-manager/nixvim/which_key.nix
View File

@@ -2,4 +2,5 @@
opts = { opts = {
timeoutlen = 500; timeoutlen = 500;
}; };
plugins.which-key = { enable = true; }; } plugins.which-key = { enable = true; };
}

2
home-manager/nvim.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, ...}: { config, pkgs, inputs, ... }:
{ {
home.file.".config/nvim" = { home.file.".config/nvim" = {
enable = true; enable = true;

6
home-manager/rofi/default.nix
View File

@@ -8,7 +8,8 @@ let
r = c."${color}-rgb-r"; r = c."${color}-rgb-r";
g = c."${color}-rgb-g"; g = c."${color}-rgb-g";
b = c."${color}-rgb-b"; b = c."${color}-rgb-b";
in "rgba ( ${r}, ${g}, ${b}, ${opacity} % )"; in
"rgba ( ${r}, ${g}, ${b}, ${opacity} % )";
mkRgb = mkRgba "100"; mkRgb = mkRgba "100";
rofiOpacity = rofiOpacity =
builtins.toString (builtins.ceil (config.stylix.opacity.popups * 100)); builtins.toString (builtins.ceil (config.stylix.opacity.popups * 100));
@@ -55,7 +56,8 @@ let
alternate-active-text = mkRgb "base0D"; alternate-active-text = mkRgb "base0D";
alternate-urgent-text = mkRgb "base08"; alternate-urgent-text = mkRgb "base08";
}; };
in { in
{
home.file.".config/rofi" = { home.file.".config/rofi" = {
enable = true; enable = true;
recursive = true; recursive = true;

8
home-manager/stylix.nix
View File

@@ -1,7 +1,9 @@
{ osConfig, pkgs, config, lib, ... }: { osConfig, pkgs, config, lib, ... }:
let cfg = osConfig.custom.graphical.stylix; let
cfg = osConfig.custom.graphical.stylix;
base16 = config.stylix.base16Scheme; base16 = config.stylix.base16Scheme;
in { in
{
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
stylix = { stylix = {
enable = true; enable = true;
@@ -17,7 +19,7 @@ in {
}; };
wayland.windowManager.hyprland.settings = lib.mkIf osConfig.custom.graphical.hyprland.enable { wayland.windowManager.hyprland.settings = lib.mkIf osConfig.custom.graphical.hyprland.enable {
env = ["GTK_THEME,adw-gtk3"]; env = [ "GTK_THEME,adw-gtk3" ];
general."col.active_border" = lib.mkForce "rgb(${base16.base07}) rgb(${base16.base04}) 45deg"; general."col.active_border" = lib.mkForce "rgb(${base16.base07}) rgb(${base16.base04}) 45deg";
}; };
}; };

2
home-manager/theme.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, ...}: { config, pkgs, inputs, ... }:
{ {
home = { home = {
pointerCursor = { pointerCursor = {

2
modules/cursed-ssh-conf-for-3neo.nix
View File

@@ -3,7 +3,7 @@
services.openssh.extraConfig = '' services.openssh.extraConfig = ''
HostKeyAlgorithms +ssh-rsa HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms +ssh-rsa
''; '';
services.openssh.settings.Macs = [ services.openssh.settings.Macs = [
"hmac-md5" "hmac-md5"

2
modules/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}: { pkgs, config, ... }:
{ {
imports = [ imports = [
./fh ./fh

4
modules/ecryptfs.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...}: { pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ecryptfs ecryptfs
@@ -6,5 +6,5 @@
security.pam.enableEcryptfs = true; security.pam.enableEcryptfs = true;
programs.ecryptfs.enable = true; programs.ecryptfs.enable = true;
boot.kernelModules = ["ecryptfs"]; boot.kernelModules = [ "ecryptfs" ];
} }

2
modules/fh/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}: { pkgs, config, ... }:
{ {
imports = [ imports = [

2
modules/fh/forensik.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...} : { pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
regripper regripper

2
modules/fh/scanning.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...} : { pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
nmap nmap

2
modules/fh/writing.nix
View File

@@ -1,4 +1,4 @@
{pkgs, ...}: { { pkgs, ... }: {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
typst typst
]; ];

2
modules/gpg.nix
View File

@@ -1,4 +1,4 @@
{pkgs, ...}: { pkgs, ... }:
{ {
#services.pcscd.enable = true; #services.pcscd.enable = true;

2
modules/graphical/audio.nix
View File

@@ -1,4 +1,4 @@
{config, lib, pkgs, ...} : { config, lib, pkgs, ... }:
with lib; with lib;
let let
cfg = config.custom.graphical.audio; cfg = config.custom.graphical.audio;

2
modules/graphical/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, lib, ...}: { pkgs, config, lib, ... }:
{ {
imports = [ imports = [

2
modules/graphical/emulators.nix
View File

@@ -1,4 +1,4 @@
{lib, config, pkgs, inputs, ... }: { lib, config, pkgs, inputs, ... }:
with lib; with lib;
let let
cfg = config.custom.graphical.emulators; cfg = config.custom.graphical.emulators;

3
modules/graphical/games.nix
View File

@@ -11,7 +11,8 @@ let
# hash = "sha256-aWpTUAm9FBuZI2KwEvhSnLB7Mfp5nYgUwvvLF47FIfM="; # hash = "sha256-aWpTUAm9FBuZI2KwEvhSnLB7Mfp5nYgUwvvLF47FIfM=";
# }; # };
#}); #});
in { in
{
options.custom.graphical.games = { options.custom.graphical.games = {
enable = mkEnableOption "Enables games"; enable = mkEnableOption "Enables games";
enablePreinstalled = mkEnableOption "Enables preinstalled games"; enablePreinstalled = mkEnableOption "Enables preinstalled games";

2
modules/graphical/lxqt.nix
View File

@@ -1,4 +1,4 @@
{lib, config, pkgs, ...}: { lib, config, pkgs, ... }:
with lib; with lib;
let let
cfg = config.custom.graphical.lxqt; cfg = config.custom.graphical.lxqt;

2
modules/graphical/noise-supression.nix
View File

@@ -1,4 +1,4 @@
{config, pkgs, lib, ...}: { config, pkgs, lib, ... }:
let let
cfg = config.custom.graphical.noise-supression; cfg = config.custom.graphical.noise-supression;
in in

2
modules/graphical/obs.nix
View File

@@ -1,4 +1,4 @@
{lib, config, pkgs, ...}: { lib, config, pkgs, ... }:
with lib; with lib;
let let
cfg = config.custom.graphical.obs; cfg = config.custom.graphical.obs;

2
modules/graphical/openrgb.nix
View File

@@ -1,4 +1,4 @@
{config, lib, pkgs, ...}: { config, lib, pkgs, ... }:
with lib; with lib;
let let
cfg = config.custom.graphical.openrgb; cfg = config.custom.graphical.openrgb;

6
modules/graphical/shared.nix
View File

@@ -6,11 +6,13 @@ in {
enable = mkEnableOption "Enables shared"; enable = mkEnableOption "Enables shared";
}; };
config = let config =
let
screenshot = pkgs.writeShellScriptBin "screenshot" '' screenshot = pkgs.writeShellScriptBin "screenshot" ''
${pkgs.scrot}/bin/scrot -fs - | ${pkgs.xclip}/bin/xclip -selection clipboard -t image/png -i ${pkgs.scrot}/bin/scrot -fs - | ${pkgs.xclip}/bin/xclip -selection clipboard -t image/png -i
''; '';
in mkIf cfg.enable { in
mkIf cfg.enable {
programs.dconf.enable = true; programs.dconf.enable = true;
fonts.fontDir.enable = true; fonts.fontDir.enable = true;

2
modules/graphical/xfce.nix
View File

@@ -1,4 +1,4 @@
{lib, config, pkgs, ...}: { lib, config, pkgs, ... }:
with lib; with lib;
let let
cfg = config.custom.graphical.xfce; cfg = config.custom.graphical.xfce;

2
modules/hardware/firmware.nix
View File

@@ -1,4 +1,4 @@
{config, lib, ...}: { config, lib, ... }:
with lib; with lib;
let let
cfg = config.custom.hardware.firmware; cfg = config.custom.hardware.firmware;

9
modules/hardware/nvidia.nix
View File

@@ -28,9 +28,11 @@ in {
}; };
}; };
config = let config =
let
# the option was renamed in unstable # the option was renamed in unstable
nvidiaOption = if (pkgsVersion == inputs.nixpkgs-unstable) then { nvidiaOption =
if (pkgsVersion == inputs.nixpkgs-unstable) then {
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;
@@ -44,7 +46,8 @@ in {
}; };
}; };
nvidia_oc = "${pkgs.nvidia_oc}/bin/nvidia_oc"; nvidia_oc = "${pkgs.nvidia_oc}/bin/nvidia_oc";
in lib.mkIf cfg.enable (lib.recursiveUpdate nvidiaOption { in
lib.mkIf cfg.enable (lib.recursiveUpdate nvidiaOption {
boot.kernelParams = boot.kernelParams =
[ "nvidia-drm.fbdev=1" "nvidia.NVreg_PreserveVideoMemoryAllocations=1" ]; [ "nvidia-drm.fbdev=1" "nvidia.NVreg_PreserveVideoMemoryAllocations=1" ];
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];

2
modules/hardware/scheduler.nix
View File

@@ -1,4 +1,4 @@
{config, lib, ...}: { config, lib, ... }:
with lib; with lib;
let let
cfg = config.custom.hardware.scheduler; cfg = config.custom.hardware.scheduler;

2
modules/hardware/ssd.nix
View File

@@ -1,4 +1,4 @@
{config, lib, ...}: { config, lib, ... }:
with lib; with lib;
let let
cfg = config.custom.hardware.ssd; cfg = config.custom.hardware.ssd;

8
modules/hardware/wooting.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, lib, ...}: { config, pkgs, lib, ... }:
with lib; with lib;
let let
cfg = config.custom.hardware.wooting; cfg = config.custom.hardware.wooting;
@@ -8,7 +8,8 @@ in
enable = mkEnableOption "Enable wooting hardware support"; enable = mkEnableOption "Enable wooting hardware support";
}; };
config = let config =
let
wooting-udev = pkgs.stdenv.mkDerivation rec { wooting-udev = pkgs.stdenv.mkDerivation rec {
pname = "wooting-udev-rules"; pname = "wooting-udev-rules";
version = "unstable-2023-03-31"; version = "unstable-2023-03-31";
@@ -30,7 +31,8 @@ in
maintainers = with maintainers; [ davidtwco ]; maintainers = with maintainers; [ davidtwco ];
}; };
}; };
in mkIf cfg.enable { in
mkIf cfg.enable {
services.udev.packages = [ wooting-udev ]; services.udev.packages = [ wooting-udev ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

2
modules/hdd-spindown.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...}: { pkgs, ... }:
{ {
powerManagement.powerUpCommands = '' powerManagement.powerUpCommands = ''
${pkgs.hdparm}/sbin/hdparm -B 127 /dev/sd[ab] ${pkgs.hdparm}/sbin/hdparm -B 127 /dev/sd[ab]

101
modules/kernel.nix
View File

@@ -1,53 +1,54 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
let let
#amdgpu_module_pkg = #amdgpu_module_pkg =
# { pkgs, lib, fetchurl, kernel ? pkgs.linuxPackages_latest.kernel, ... }: # { pkgs, lib, fetchurl, kernel ? pkgs.linuxPackages_latest.kernel, ... }:
# #
# pkgs.stdenv.mkDerivation { # pkgs.stdenv.mkDerivation {
# pname = "amdgpu-kernel-module"; # pname = "amdgpu-kernel-module";
# inherit (kernel) version postPatch nativeBuildInputs; # inherit (kernel) version postPatch nativeBuildInputs;
# src = fetchurl { # src = fetchurl {
# url = # url =
# "https://gitlab.freedesktop.org/agd5f/linux/-/archive/amd-drm-next-6.15-2025-03-14/linux-amd-drm-next-6.15-2025-03-14.tar.gz"; # "https://gitlab.freedesktop.org/agd5f/linux/-/archive/amd-drm-next-6.15-2025-03-14/linux-amd-drm-next-6.15-2025-03-14.tar.gz";
# # After the first build attempt, look for "hash mismatch" and then 2 lines below at the "got:" line. # # After the first build attempt, look for "hash mismatch" and then 2 lines below at the "got:" line.
# # Use "sha256-....." value here. # # Use "sha256-....." value here.
# hash = "sha256-/9EvJNBSKteXljrZzmaQkbZ7o4etCe0yFM3JJg/jD7o="; # hash = "sha256-/9EvJNBSKteXljrZzmaQkbZ7o4etCe0yFM3JJg/jD7o=";
# }; # };
# #
# kernel_dev = kernel.dev; # kernel_dev = kernel.dev;
# kernelVersion = kernel.modDirVersion; # kernelVersion = kernel.modDirVersion;
# #
# modulePath = "drivers/gpu/drm/amd/amdgpu"; # modulePath = "drivers/gpu/drm/amd/amdgpu";
# #
# buildPhase = '' # buildPhase = ''
# BUILT_KERNEL=$kernel_dev/lib/modules/$kernelVersion/build # BUILT_KERNEL=$kernel_dev/lib/modules/$kernelVersion/build
# #
# cp $BUILT_KERNEL/Module.symvers . # cp $BUILT_KERNEL/Module.symvers .
# cp $BUILT_KERNEL/.config . # cp $BUILT_KERNEL/.config .
# cp $kernel_dev/vmlinux . # cp $kernel_dev/vmlinux .
# #
# make "-j$NIX_BUILD_CORES" modules_prepare # make "-j$NIX_BUILD_CORES" modules_prepare
# make "-j$NIX_BUILD_CORES" M=$modulePath modules # make "-j$NIX_BUILD_CORES" M=$modulePath modules
# ''; # '';
# #
# installPhase = '' # installPhase = ''
# make \ # make \
# INSTALL_MOD_PATH="$out" \ # INSTALL_MOD_PATH="$out" \
# XZ="xz -T$NIX_BUILD_CORES" \ # XZ="xz -T$NIX_BUILD_CORES" \
# M="$modulePath" \ # M="$modulePath" \
# modules_install # modules_install
# ''; # '';
# #
# meta = { # meta = {
# description = "AMD GPU kernel module"; # description = "AMD GPU kernel module";
# license = lib.licenses.gpl3; # license = lib.licenses.gpl3;
# }; # };
# }; # };
# amdgpu_module = pkgs.callPackage amdgpu_module_pkg { # amdgpu_module = pkgs.callPackage amdgpu_module_pkg {
# kernel = config.boot.kernelPackages.kernel; # kernel = config.boot.kernelPackages.kernel;
# }; # };
in { in
{
#boot.extraModulePackages = [ amdgpu_module ]; #boot.extraModulePackages = [ amdgpu_module ];
#boot.kernelPackages = pkgs.linuxPackages_latest; #boot.kernelPackages = pkgs.linuxPackages_latest;
#boot.kernelPackages = pkgs.linuxPackages_testing; #boot.kernelPackages = pkgs.linuxPackages_testing;
@@ -62,7 +63,8 @@ in {
# }; # };
#}); #});
boot.kernelPackages = let boot.kernelPackages =
let
amd_drm_next_pkg = { fetchurl, buildLinux, ... }@args: amd_drm_next_pkg = { fetchurl, buildLinux, ... }@args:
buildLinux (args // rec { buildLinux (args // rec {
@@ -81,5 +83,6 @@ in {
extraMeta.branch = "6.14.0-rc4"; extraMeta.branch = "6.14.0-rc4";
} // (args.argsOverride or { })); } // (args.argsOverride or { }));
linux_amd_drm_next = pkgs.callPackage amd_drm_next_pkg { }; linux_amd_drm_next = pkgs.callPackage amd_drm_next_pkg { };
in pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_amd_drm_next); in
pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_amd_drm_next);
} }

10
modules/misc/backup.nix
View File

@@ -22,17 +22,18 @@ in
}; };
excludePaths = lib.mkOption { excludePaths = lib.mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ "**/Cache" "**/.cache" "**/__pycache__" "**/node_modules" "**/venv" "*.o" "*.out"]; default = [ "**/Cache" "**/.cache" "**/__pycache__" "**/node_modules" "**/venv" "*.o" "*.out" ];
description = "paths to exclude from the backup"; description = "paths to exclude from the backup";
}; };
excludePathsRemote = lib.mkOption { excludePathsRemote = lib.mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = cfg.excludePaths ++ [ "**/dont_remotebackup"]; default = cfg.excludePaths ++ [ "**/dont_remotebackup" ];
description = "paths to exclude from the remote backup"; description = "paths to exclude from the remote backup";
}; };
}; };
config = let config =
let
checkStorageSpace = pkgs.writeShellApplication { checkStorageSpace = pkgs.writeShellApplication {
name = "checkBackupStorageSpace"; name = "checkBackupStorageSpace";
text = '' text = ''
@@ -51,7 +52,8 @@ in
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePathsRemote)} ${builtins.concatStringsSep " " cfg.large} du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePathsRemote)} ${builtins.concatStringsSep " " cfg.large}
''; '';
}; };
in mkIf cfg.enable { in
mkIf cfg.enable {
environment.systemPackages = with pkgs; [ checkStorageSpace ]; environment.systemPackages = with pkgs; [ checkStorageSpace ];
age.secrets.restic-pw = { age.secrets.restic-pw = {
file = ../../secrets/restic-pw.age; file = ../../secrets/restic-pw.age;

2
modules/misc/btrfs.nix
View File

@@ -1,4 +1,4 @@
{config, lib, ...}: { config, lib, ... }:
with lib; with lib;
let let
cfg = config.custom.misc.btrfs; cfg = config.custom.misc.btrfs;

6
modules/misc/cli-tools.nix
View File

@@ -4,7 +4,8 @@ let cfg = config.custom.cli-tools;
in { in {
options.custom.cli-tools = { enable = mkEnableOption "Enables cli-tools"; }; options.custom.cli-tools = { enable = mkEnableOption "Enables cli-tools"; };
config = let config =
let
getTotalPowerUsed = pkgs.writeShellScriptBin "total-power" '' getTotalPowerUsed = pkgs.writeShellScriptBin "total-power" ''
echo "$(sudo cat /sys/class/powercap/*/energy_uj | awk 'BEGIN { sum = 0; } { sum += $1; } END { print sum; }' "$@") / 1000000" | bc | xargs -I _ echo "_ W" echo "$(sudo cat /sys/class/powercap/*/energy_uj | awk 'BEGIN { sum = 0; } { sum += $1; } END { print sum; }' "$@") / 1000000" | bc | xargs -I _ echo "_ W"
''; '';
@@ -24,7 +25,8 @@ in {
echo "scale=2; ($power_curr - $power_prev) / 1" | bc | xargs -I _ echo "_ W" echo "scale=2; ($power_curr - $power_prev) / 1" | bc | xargs -I _ echo "_ W"
done done
''; '';
in mkIf cfg.enable { in
mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
getTotalPowerUsed getTotalPowerUsed
watchCurrentPowerUsed watchCurrentPowerUsed

2
modules/misc/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}: { pkgs, config, ... }:
{ {
imports = [ imports = [
./packages-list.nix ./packages-list.nix

2
modules/misc/nftables.nix
View File

@@ -1,4 +1,4 @@
{config, lib, ...}: { config, lib, ... }:
with lib; with lib;
let let
cfg = config.custom.nftables; cfg = config.custom.nftables;

6
modules/misc/packages-list.nix
View File

@@ -1,8 +1,10 @@
{ config, pkgs, ... }: { { config, pkgs, ... }: {
environment.etc."current-system-packages".text = let environment.etc."current-system-packages".text =
let
packages = builtins.map (p: "${p.name}") config.environment.systemPackages; packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
sortedUnique = sortedUnique =
builtins.sort builtins.lessThan (pkgs.lib.lists.unique packages); builtins.sort builtins.lessThan (pkgs.lib.lists.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique; formatted = builtins.concatStringsSep "\n" sortedUnique;
in formatted; in
formatted;
} }

3
modules/misc/static-ip.nix
View File

@@ -22,7 +22,8 @@ in {
description = "Default gateway"; description = "Default gateway";
}; };
}; };
config = let fallback = "1.1.1.1"; config =
let fallback = "1.1.1.1";
in mkIf cfg.enable { in mkIf cfg.enable {
networking = { networking = {
defaultGateway = cfg.gateway; defaultGateway = cfg.gateway;

2
modules/misc/tmpfs.nix
View File

@@ -1,4 +1,4 @@
{config, lib, ...}: { config, lib, ... }:
with lib; with lib;
let let
cfg = config.custom.tmpfs; cfg = config.custom.tmpfs;

2
modules/misc/wireshark.nix
View File

@@ -1,4 +1,4 @@
{lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
with lib; with lib;
let let
cfg = config.custom.wireshark; cfg = config.custom.wireshark;

96
modules/motd.nix
View File

@@ -1,52 +1,52 @@
{ {
users.motd = '' users.motd = ''
''; '';
} }

2
modules/networkmanager.nix
View File

@@ -1,4 +1,4 @@
{pkgs, lib, ...}: { pkgs, lib, ... }:
{ {
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.networkmanager.plugins = lib.mkForce [ pkgs.networkmanager-openvpn ]; networking.networkmanager.plugins = lib.mkForce [ pkgs.networkmanager-openvpn ];

2
modules/nix/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}: { pkgs, config, ... }:
{ {
imports = [ imports = [
./index.nix ./index.nix

2
modules/nix/ld.nix
View File

@@ -1,4 +1,4 @@
{config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let let
cfg = config.custom.nix.ld; cfg = config.custom.nix.ld;

3
modules/nix/settings.nix
View File

@@ -3,7 +3,8 @@ with lib;
let let
cfg = config.custom.nix.settings; cfg = config.custom.nix.settings;
cache = "https://cache.nixos.org"; cache = "https://cache.nixos.org";
in { in
{
options.custom.nix.settings = { options.custom.nix.settings = {
enable = mkEnableOption "Enables various nix settings"; enable = mkEnableOption "Enables various nix settings";
optimise = mkOption { optimise = mkOption {

1
modules/no-sleep-lid-closed.nix
View File

@@ -1,4 +1,3 @@
{ {
services.logind.lidSwitchExternalPower = "ignore"; services.logind.lidSwitchExternalPower = "ignore";
} }

1
modules/services/adam-site.nix
View File

@@ -1,4 +1,3 @@
{ config, pkgs, lib, inputs, ... }: { config, pkgs, lib, inputs, ... }:
with lib; with lib;
let cfg = config.custom.services.adam-site; let cfg = config.custom.services.adam-site;

6
modules/services/adguard.nix
View File

@@ -19,10 +19,12 @@ in {
description = "use https for the adguard instance"; description = "use https for the adguard instance";
}; };
}; };
config = let config =
let
ip = cfg.ip; ip = cfg.ip;
wireguardIp = config.custom.services.wireguard.ip; wireguardIp = config.custom.services.wireguard.ip;
in lib.mkIf cfg.enable { in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 53 ]; networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.allowedUDPPorts = [ 53 ];

9
modules/services/caldav.nix
View File

@@ -28,8 +28,10 @@ in {
large = [ "/var/lib/radicale/" ]; large = [ "/var/lib/radicale/" ];
}; };
systemd.services.kop-fhcalendar = let systemd.services.kop-fhcalendar =
radicale = if lib.versionOlder lib.version "25.05" then let
radicale =
if lib.versionOlder lib.version "25.05" then
(builtins.elemAt (builtins.elemAt
config.services.radicale.settings.storage.filesystem_folder 0) config.services.radicale.settings.storage.filesystem_folder 0)
else else
@@ -37,7 +39,8 @@ in {
# not reproducible # not reproducible
working = working =
"${radicale}/collection-root/kopatz/b6d2c446-8109-714a-397f-1f35d3136639"; "${radicale}/collection-root/kopatz/b6d2c446-8109-714a-397f-1f35d3136639";
in { in
{
description = "Download fh calendar"; description = "Download fh calendar";
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
after = [ "network.target" "network-online.target" ]; after = [ "network.target" "network-online.target" ];

12
modules/services/coturn.nix
View File

@@ -6,7 +6,7 @@
group = "turnserver"; group = "turnserver";
}; };
networking.firewall.allowedUDPPortRanges = [ { from = 49000; to=50000; } ]; networking.firewall.allowedUDPPortRanges = [{ from = 49000; to = 50000; }];
networking.firewall.allowedUDPPorts = [ 3478 ]; #5349 ]; networking.firewall.allowedUDPPorts = [ 3478 ]; #5349 ];
networking.firewall.allowedTCPPorts = [ 3478 ]; #5349 ]; networking.firewall.allowedTCPPorts = [ 3478 ]; #5349 ];
@@ -65,9 +65,9 @@
}; };
#systemd.services.coturn = { #systemd.services.coturn = {
# serviceConfig = { # serviceConfig = {
# User = lib.mkForce "root"; # User = lib.mkForce "root";
# Group = lib.mkForce "root"; # Group = lib.mkForce "root";
# }; # };
# }; # };
} }

2
modules/services/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}: { pkgs, config, ... }:
{ {
imports = [ imports = [
./acme.nix ./acme.nix

2
modules/services/dyndns.nix
View File

@@ -7,6 +7,6 @@
enable = true; enable = true;
protocol = "duckdns"; protocol = "duckdns";
passwordFile = config.age.secrets.duckdns.path; passwordFile = config.age.secrets.duckdns.path;
domains = ["wachbirn.duckdns.org"]; domains = [ "wachbirn.duckdns.org" ];
}; };
} }

2
modules/services/fileshelter.nix
View File

@@ -17,7 +17,7 @@ in
uid = cfg.uid; uid = cfg.uid;
group = "fileshelter"; group = "fileshelter";
}; };
users.groups.fileshelter = {}; users.groups.fileshelter = { };
age.secrets.fileshelter-conf = { age.secrets.fileshelter-conf = {
file = ../../secrets/fileshelter-conf.age; file = ../../secrets/fileshelter-conf.age;
owner = "fileshelter"; owner = "fileshelter";

2
modules/services/games/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}: { pkgs, config, ... }:
{ {
imports = [ imports = [
./terraria.nix ./terraria.nix

8
modules/services/games/palworld.nix
View File

@@ -1,7 +1,9 @@
# valheim.nix # valheim.nix
{config, pkgs, lib, ...}: let { config, pkgs, lib, ... }:
let
join = builtins.concatStringsSep " "; join = builtins.concatStringsSep " ";
in { in
{
services.cron = { services.cron = {
enable = true; enable = true;
@@ -20,7 +22,7 @@ in {
group = "palworld"; group = "palworld";
}; };
users.groups.palworld = {}; users.groups.palworld = { };
systemd.services.palworld = { systemd.services.palworld = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];

4
modules/services/grafana.nix
View File

@@ -1,4 +1,4 @@
{pkgs, config, lib, ...}: { pkgs, config, lib, ... }:
let let
useHttps = config.services.step-ca.enable; useHttps = config.services.step-ca.enable;
fqdn = "grafana.home.arpa"; fqdn = "grafana.home.arpa";
@@ -91,7 +91,7 @@ in
settings.namespaces = [ settings.namespaces = [
{ {
name = "nginxlog"; name = "nginxlog";
source.files = ["/var/log/nginx/access.log"]; source.files = [ "/var/log/nginx/access.log" ];
format = "$remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\""; format = "$remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\"";
} }
]; ];

2
modules/services/home-assistant.nix
View File

@@ -13,7 +13,7 @@
config = { config = {
# Includes dependencies for a basic setup # Includes dependencies for a basic setup
# https://www.home-assistant.io/integrations/default_config/ # https://www.home-assistant.io/integrations/default_config/
default_config = {}; default_config = { };
}; };
}; };
} }

2
modules/services/invidious.nix
View File

@@ -1,4 +1,4 @@
{ config, vars, ...} : { config, vars, ... }:
let let
fqdn = "yt.home.arpa"; fqdn = "yt.home.arpa";
useHttps = config.services.step-ca.enable; useHttps = config.services.step-ca.enable;

15
modules/services/kavita.nix
View File

@@ -21,14 +21,16 @@ in {
}; };
isTest = mkEnableOption "Is this a test vm?"; isTest = mkEnableOption "Is this a test vm?";
}; };
config = let config =
let
fqdn = "kavita-kopatz.duckdns.org"; fqdn = "kavita-kopatz.duckdns.org";
useStepCa = false; # config.services.step-ca.enable; useStepCa = false; # config.services.step-ca.enable;
useHttps = cfg.https; useHttps = cfg.https;
baseDir = cfg.dir; baseDir = cfg.dir;
mangal = "${pkgs.mangal-patched}/bin/mangal"; mangal = "${pkgs.mangal-patched}/bin/mangal";
githubRunnerEnabled = config.services.github-runners ? oberprofis.enable; githubRunnerEnabled = config.services.github-runners ? oberprofis.enable;
in lib.mkIf cfg.enable { in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 5000 ]; networking.firewall.allowedTCPPorts = [ 5000 ];
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
(if githubRunnerEnabled then (if githubRunnerEnabled then
@@ -48,18 +50,21 @@ in {
services.kavita = { services.kavita = {
enable = true; enable = true;
user = "kavita"; user = "kavita";
package = let package =
let
backend = pkgs.unstable.kavita.backend.overrideAttrs backend = pkgs.unstable.kavita.backend.overrideAttrs
(old: { patches = old.patches ++ [ ./kavita-patches-chapter-parsing.diff ./kavita-page-size.diff ]; }); (old: { patches = old.patches ++ [ ./kavita-patches-chapter-parsing.diff ./kavita-page-size.diff ]; });
kavitaPatched = pkgs.unstable.kavita.overrideAttrs (old: { backend = backend; }); kavitaPatched = pkgs.unstable.kavita.overrideAttrs (old: { backend = backend; });
in kavitaPatched; in
kavitaPatched;
settings = { settings = {
Port = 5000; Port = 5000;
IpAddresses = "127.0.0.1"; IpAddresses = "127.0.0.1";
BaseUrl = "/kavita"; BaseUrl = "/kavita";
}; };
dataDir = baseDir; dataDir = baseDir;
tokenKeyFile = if cfg.isTest then tokenKeyFile =
if cfg.isTest then
(builtins.toFile "test" (builtins.toFile "test"
"wWKNeGUslGILrUUp8Dnn4xyYnivZWBb8uqjKg3ALyCs7reV5v3CtE/E2b6i0Mwz1Xw1p9a0wcduRDNoa8Yh8kQ==") "wWKNeGUslGILrUUp8Dnn4xyYnivZWBb8uqjKg3ALyCs7reV5v3CtE/E2b6i0Mwz1Xw1p9a0wcduRDNoa8Yh8kQ==")
else else

8
modules/services/kubernetes.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, lib, ...}: { pkgs, config, lib, ... }:
# idk, dont need this # idk, dont need this
with lib; with lib;
let let
@@ -8,10 +8,12 @@ in
options.custom.services.kubernetes = { options.custom.services.kubernetes = {
enable = mkEnableOption "Enables kubernetes"; enable = mkEnableOption "Enables kubernetes";
}; };
config = let config =
let
kubeMasterIP = "localhost"; kubeMasterIP = "localhost";
kubeMasterHostname = "localhost"; kubeMasterHostname = "localhost";
in lib.mkIf cfg.enable { in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default) 6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)

102
modules/services/minecraft-server.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...}: { pkgs, ... }:
{ {
services.minecraft-server = { services.minecraft-server = {
enable = true; enable = true;
@@ -11,56 +11,56 @@
filipus098 = "a09fb009-be78-4e26-9f33-1534186e2228"; filipus098 = "a09fb009-be78-4e26-9f33-1534186e2228";
}; };
serverProperties = { serverProperties = {
allow-flight=true; allow-flight = true;
allow-nether=true; allow-nether = true;
broadcast-console-to-ops=true; broadcast-console-to-ops = true;
broadcast-rcon-to-ops=true; broadcast-rcon-to-ops = true;
debug=false; debug = false;
difficulty="hard"; difficulty = "hard";
enable-command-block=false; enable-command-block = false;
enable-jmx-monitoring=false; enable-jmx-monitoring = false;
enable-query=false; enable-query = false;
enable-rcon=false; enable-rcon = false;
enable-status=true; enable-status = true;
enforce-secure-profile=true; enforce-secure-profile = true;
enforce-whitelist=false; enforce-whitelist = false;
entity-broadcast-range-percentage=100; entity-broadcast-range-percentage = 100;
force-gamemode=false; force-gamemode = false;
function-permission-level=2; function-permission-level = 2;
gamemode="survival"; gamemode = "survival";
generate-structures=true; generate-structures = true;
hardcore=false; hardcore = false;
hide-online-players=false; hide-online-players = false;
initial-enabled-packs="vanilla"; initial-enabled-packs = "vanilla";
level-name="budak"; level-name = "budak";
level-type="minecraft\:normal"; level-type = "minecraft\:normal";
log-ips=true; log-ips = true;
max-chained-neighbor-updates=1000000; max-chained-neighbor-updates = 1000000;
max-players=5; max-players = 5;
max-tick-time=60000; max-tick-time = 60000;
max-world-size=29999984; max-world-size = 29999984;
motd="A Minecraft Server"; motd = "A Minecraft Server";
network-compression-threshold=256; network-compression-threshold = 256;
online-mode=true; online-mode = true;
op-permission-level=4; op-permission-level = 4;
player-idle-timeout=0; player-idle-timeout = 0;
prevent-proxy-connections=false; prevent-proxy-connections = false;
pvp=true; pvp = true;
"query.port"=25565; "query.port" = 25565;
rate-limit=0; rate-limit = 0;
"rcon.password"="123asdadsqwe123123"; "rcon.password" = "123asdadsqwe123123";
"rcon.port"=25575; "rcon.port" = 25575;
require-resource-pack=false; require-resource-pack = false;
server-port=25565; server-port = 25565;
simulation-distance=10; simulation-distance = 10;
spawn-animals=true; spawn-animals = true;
spawn-monsters=true; spawn-monsters = true;
spawn-npcs=true; spawn-npcs = true;
spawn-protection=16; spawn-protection = 16;
sync-chunk-writes=true; sync-chunk-writes = true;
use-native-transport=true; use-native-transport = true;
view-distance=10; view-distance = 10;
white-list=true; white-list = true;
}; };
}; };
} }

6
modules/services/nginx.nix
View File

@@ -45,7 +45,8 @@ in {
more_set_headers "Permissions-Policy: geolocation=(), microphone=()"; more_set_headers "Permissions-Policy: geolocation=(), microphone=()";
''; '';
virtualHosts = let virtualHosts =
let
kopConfig = { kopConfig = {
root = pkgs.kop-website; root = pkgs.kop-website;
forceSSL = cfg.https; forceSSL = cfg.https;
@@ -107,7 +108,8 @@ in {
}; };
}; };
}; };
in { in
{
"kopatz.ddns.net" = kopConfig; "kopatz.ddns.net" = kopConfig;
"kop.oasch.net" = kopConfig; "kop.oasch.net" = kopConfig;
}; };

3
modules/services/smartd.nix
View File

@@ -17,7 +17,8 @@ let
--data "$JSON" --data "$JSON"
''; '';
cfg = config.custom.services.smartd; cfg = config.custom.services.smartd;
in { in
{
options.custom.services.smartd = { options.custom.services.smartd = {
enable = lib.mkEnableOption "Enables smartd monitoring"; enable = lib.mkEnableOption "Enables smartd monitoring";

48
modules/services/step-ca.nix
View File

@@ -2,33 +2,33 @@
let let
root_ca = root_ca =
'' ''
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIBjTCCATKgAwIBAgIRAMVH2+JHZ3wm2fLUlKjTYDswCgYIKoZIzj0EAwIwJDEM MIIBjTCCATKgAwIBAgIRAMVH2+JHZ3wm2fLUlKjTYDswCgYIKoZIzj0EAwIwJDEM
MAoGA1UEChMDS29wMRQwEgYDVQQDEwtLb3AgUm9vdCBDQTAeFw0yMzEyMDgxNDUx MAoGA1UEChMDS29wMRQwEgYDVQQDEwtLb3AgUm9vdCBDQTAeFw0yMzEyMDgxNDUx
MTZaFw0zMzEyMDUxNDUxMTZaMCQxDDAKBgNVBAoTA0tvcDEUMBIGA1UEAxMLS29w MTZaFw0zMzEyMDUxNDUxMTZaMCQxDDAKBgNVBAoTA0tvcDEUMBIGA1UEAxMLS29w
IFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATdZBOkNynShXipzhuX IFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATdZBOkNynShXipzhuX
f6dUByD3chNupNWsagYC5AlPRJT9fAeHEIK/bxWkFwRtLBDopWvBu9lHahBgpHc7 f6dUByD3chNupNWsagYC5AlPRJT9fAeHEIK/bxWkFwRtLBDopWvBu9lHahBgpHc7
y7rTo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNV y7rTo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNV
HQ4EFgQU9AVtwipW5HDBLfZRH1KZCnIKCfowCgYIKoZIzj0EAwIDSQAwRgIhAMHj HQ4EFgQU9AVtwipW5HDBLfZRH1KZCnIKCfowCgYIKoZIzj0EAwIDSQAwRgIhAMHj
AipNdhQKIYPvMt/h1uW4xP3NTkitnmshM09+rIasAiEAlSalGddXDkqJBHhPD+Fr AipNdhQKIYPvMt/h1uW4xP3NTkitnmshM09+rIasAiEAlSalGddXDkqJBHhPD+Fr
gpuVkfVkA8gQCXNs5F9TnxA= gpuVkfVkA8gQCXNs5F9TnxA=
-----END CERTIFICATE----- -----END CERTIFICATE-----
''; '';
intermediate_ca = intermediate_ca =
'' ''
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIBtDCCAVqgAwIBAgIQbEVEV7LgtjVWO+qBrrmgETAKBggqhkjOPQQDAjAkMQww MIIBtDCCAVqgAwIBAgIQbEVEV7LgtjVWO+qBrrmgETAKBggqhkjOPQQDAjAkMQww
CgYDVQQKEwNLb3AxFDASBgNVBAMTC0tvcCBSb290IENBMB4XDTIzMTIwODE0NTEx CgYDVQQKEwNLb3AxFDASBgNVBAMTC0tvcCBSb290IENBMB4XDTIzMTIwODE0NTEx
N1oXDTMzMTIwNTE0NTExN1owLDEMMAoGA1UEChMDS29wMRwwGgYDVQQDExNLb3Ag N1oXDTMzMTIwNTE0NTExN1owLDEMMAoGA1UEChMDS29wMRwwGgYDVQQDExNLb3Ag
SW50ZXJtZWRpYXRlIENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmv7jg7Cs SW50ZXJtZWRpYXRlIENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmv7jg7Cs
4L5v52+3yUmn79hZFS2vmm/5wwcUCL63dokEXQsHgbEjaRKsF/MW0yJDLTB6Sdhl 4L5v52+3yUmn79hZFS2vmm/5wwcUCL63dokEXQsHgbEjaRKsF/MW0yJDLTB6Sdhl
pCvoNJqITWuEN6NmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C pCvoNJqITWuEN6NmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
AQAwHQYDVR0OBBYEFDgVolMCmdrhDIXhuIs4q/KwRKNLMB8GA1UdIwQYMBaAFPQF AQAwHQYDVR0OBBYEFDgVolMCmdrhDIXhuIs4q/KwRKNLMB8GA1UdIwQYMBaAFPQF
bcIqVuRwwS32UR9SmQpyCgn6MAoGCCqGSM49BAMCA0gAMEUCIQCQa01E+UvAJ8KR bcIqVuRwwS32UR9SmQpyCgn6MAoGCCqGSM49BAMCA0gAMEUCIQCQa01E+UvAJ8KR
DFfDducZUpW4tZRN35lqoge7T9nM2QIgK4FFt1NqDqcjOSabAXPOQ68bvdxlHW0y DFfDducZUpW4tZRN35lqoge7T9nM2QIgK4FFt1NqDqcjOSabAXPOQ68bvdxlHW0y
AgN9qNc3Jbo= AgN9qNc3Jbo=
-----END CERTIFICATE----- -----END CERTIFICATE-----
''; '';
in in
{ {

10
modules/services/synapse.nix
View File

@@ -9,7 +9,8 @@ let
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}'; return 200 '${builtins.toJSON data}';
''; '';
in { in
{
networking.domain = "kopatz.ddns.net"; networking.domain = "kopatz.ddns.net";
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
@@ -77,15 +78,16 @@ in {
config.age.secrets.matrix-registration.path config.age.secrets.matrix-registration.path
]; ];
settings.listeners = [ settings.listeners = [
{ port = 8008; {
port = 8008;
bind_addresses = [ "::1" ]; bind_addresses = [ "::1" ];
type = "http"; type = "http";
tls = false; tls = false;
x_forwarded = true; x_forwarded = true;
resources = [ { resources = [{
names = [ "client" "federation" ]; names = [ "client" "federation" ];
compress = true; compress = true;
} ]; }];
} }
]; ];
}; };

4
modules/services/wireguard-client.nix
View File

@@ -6,7 +6,7 @@
}; };
systemd.network.networks.wg0 = { systemd.network.networks.wg0 = {
dns = [ "192.168.2.1"]; dns = [ "192.168.2.1" ];
}; };
networking.wg-quick.interfaces = { networking.wg-quick.interfaces = {
wg0 = { wg0 = {
@@ -15,7 +15,7 @@
privateKeyFile = config.age.secrets.wireguard-client.path; privateKeyFile = config.age.secrets.wireguard-client.path;
listenPort = 51820; listenPort = 51820;
dns = [ "192.168.2.1" ]; dns = [ "192.168.2.1" ];
address = ["192.168.2.22/24"]; address = [ "192.168.2.22/24" ];
peers = [ peers = [
{ {
#allowedIPs = [ "192.168.2.0/24" "192.168.0.0/24" ]; #allowedIPs = [ "192.168.2.0/24" "192.168.0.0/24" ];

7
modules/services/wireguard.nix
View File

@@ -13,9 +13,10 @@ in
}; };
}; };
config = config =
let let
wireguardIp = cfg.ip; wireguardIp = cfg.ip;
in lib.mkIf cfg.enable { in
lib.mkIf cfg.enable {
age.secrets.wireguard-private = { age.secrets.wireguard-private = {
file = ../../secrets/wireguard-private.age; file = ../../secrets/wireguard-private.age;
@@ -109,5 +110,5 @@ in lib.mkIf cfg.enable {
privateKeyFile = config.age.secrets.wireguard-private.path; privateKeyFile = config.age.secrets.wireguard-private.path;
}; };
}; };
}; };
} }

2
modules/support/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}: { pkgs, config, ... }:
{ {
imports = [ imports = [

38
modules/themes/tsukasa.nix
View File

@@ -1,21 +1,21 @@
{ {
"base00"= "201a1e"; "base00" = "201a1e";
"base01"= "5c4133"; "base01" = "5c4133";
"base02"= "83644f"; "base02" = "83644f";
"base03"= "c3955f"; "base03" = "c3955f";
"base04"= "dab353"; "base04" = "dab353";
"base05"= "f4dfb4"; "base05" = "f4dfb4";
"base06"= "fef1de"; "base06" = "fef1de";
"base07"= "fef1de"; "base07" = "fef1de";
"base08"= "ed8796"; "base08" = "ed8796";
"base09"= "f5a97f"; "base09" = "f5a97f";
"base0A"= "eed49f"; "base0A" = "eed49f";
"base0B"= "a6da95"; "base0B" = "a6da95";
"base0C"= "8bd5ca"; "base0C" = "8bd5ca";
"base0D"= "8aadf4"; "base0D" = "8aadf4";
"base0E"= "c6a0f6"; "base0E" = "c6a0f6";
"base0F"= "f0c6c6"; "base0F" = "f0c6c6";
"author"= "Stylix"; "author" = "Stylix";
"scheme"= "Stylix"; "scheme" = "Stylix";
"slug"= "stylix"; "slug" = "stylix";
} }

3
overlays.nix
View File

@@ -8,7 +8,8 @@ let
system = "x86_64-linux"; system = "x86_64-linux";
config.allowUnfree = true; config.allowUnfree = true;
}; };
in { in
{
# This one brings our custom packages from the 'pkgs' directory # This one brings our custom packages from the 'pkgs' directory
additions = final: _prev: import ./pkgs { pkgs = final; }; additions = final: _prev: import ./pkgs { pkgs = final; };

2
pkgs/adam-site/default.nix
View File

@@ -8,7 +8,7 @@ buildNpmPackage rec {
ref = "main"; ref = "main";
rev = "6575c418f45aef025d2d89d5b0b4ff4fbdffe298"; rev = "6575c418f45aef025d2d89d5b0b4ff4fbdffe298";
}; };
npmDepsHash="sha256-PRFHBlVIdHfATAAKVKax+bY4o+9czdfl7HjFnKk4KtI="; npmDepsHash = "sha256-PRFHBlVIdHfATAAKVKax+bY4o+9czdfl7HjFnKk4KtI=";
installPhase = '' installPhase = ''
mkdir -p $out mkdir -p $out
cp -r ./dist/adams-site/* $out cp -r ./dist/adams-site/* $out

39
pkgs/electron27/default.nix
View File

@@ -1,7 +1,33 @@
{ lib, stdenv, libXScrnSaver, makeWrapper, fetchurl, wrapGAppsHook3, glib, gtk3 { lib
, unzip, at-spi2-atk, libdrm, libgbm, libxkbcommon, libxshmfence, libGL , stdenv
, vulkan-loader, alsa-lib, cairo, cups, dbus, expat, gdk-pixbuf, nss, nspr, xorg , libXScrnSaver
, pango, systemd, pciutils, }: , makeWrapper
, fetchurl
, wrapGAppsHook3
, glib
, gtk3
, unzip
, at-spi2-atk
, libdrm
, libgbm
, libxkbcommon
, libxshmfence
, libGL
, vulkan-loader
, alsa-lib
, cairo
, cups
, dbus
, expat
, gdk-pixbuf
, nss
, nspr
, xorg
, pango
, systemd
, pciutils
,
}:
let let
version = "27.3.11"; version = "27.3.11";
@@ -157,6 +183,7 @@ let
passthru.dist = finalAttrs.finalPackage + "/Applications"; passthru.dist = finalAttrs.finalPackage + "/Applications";
}; };
in stdenv.mkDerivation (finalAttrs: in
lib.recursiveUpdate (common stdenv.hostPlatform) stdenv.mkDerivation (finalAttrs:
lib.recursiveUpdate (common stdenv.hostPlatform)
((if stdenv.hostPlatform.isDarwin then darwin else linux) finalAttrs)) ((if stdenv.hostPlatform.isDarwin then darwin else linux) finalAttrs))

19
pkgs/lact/default.nix
View File

@@ -1,6 +1,19 @@
{ lib, rustPlatform, stdenv, fetchFromGitHub, blueprint-compiler, pkg-config { lib
, wrapGAppsHook4, gdk-pixbuf, gtk4, libdrm, vulkan-loader, coreutils , rustPlatform
, nix-update-script, hwdata, fuse }: , stdenv
, fetchFromGitHub
, blueprint-compiler
, pkg-config
, wrapGAppsHook4
, gdk-pixbuf
, gtk4
, libdrm
, vulkan-loader
, coreutils
, nix-update-script
, hwdata
, fuse
}:
rustPlatform.buildRustPackage rec { rustPlatform.buildRustPackage rec {
pname = "lact"; pname = "lact";

12
pkgs/mangal/default.nix
View File

@@ -1,9 +1,9 @@
{ { lib
lib, , stdenv
stdenv, , buildGoModule
buildGoModule, , fetchFromGitHub
fetchFromGitHub, , installShellFiles
installShellFiles, ,
}: }:
buildGoModule rec { buildGoModule rec {
name = "mangal"; name = "mangal";

9
systems/amd-server-vm/configuration.nix
View File

@@ -1,7 +1,8 @@
{ config, pkgs, modulesPath, lib, ... }: { config, pkgs, modulesPath, lib, ... }:
{ {
imports = [ # Include the results of the hardware scan. imports = [
# Include the results of the hardware scan.
#./hardware-configuration.nix #./hardware-configuration.nix
../../modules/services/ssh.nix ../../modules/services/ssh.nix
../../modules/services/step-ca.nix ../../modules/services/step-ca.nix
@@ -45,7 +46,8 @@
}; };
misc = { misc = {
docker.enable = true; docker.enable = true;
backup = let backup =
let
kavita = "/data/kavita"; kavita = "/data/kavita";
gitolite = "/var/lib/gitolite"; gitolite = "/var/lib/gitolite";
syncthing = [ "/data/synced/default/" "/data/synced/work_drive/" ]; syncthing = [ "/data/synced/default/" "/data/synced/work_drive/" ];
@@ -54,7 +56,8 @@
backupPathsSmall = [ "/home" gitolite ] ++ syncthing; backupPathsSmall = [ "/home" gitolite ] ++ syncthing;
backupPathsMedium = [ "/home" gitolite ] ++ syncthing; backupPathsMedium = [ "/home" gitolite ] ++ syncthing;
backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull; backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull;
in { in
{
enable = true; enable = true;
excludePaths = lib.mkOptionDefault [ "${kavita}/manga" ]; excludePaths = lib.mkOptionDefault [ "${kavita}/manga" ];
small = backupPathsSmall; # goes to backblaze small = backupPathsSmall; # goes to backblaze

3
systems/amd-server/configuration.nix
View File

@@ -5,7 +5,8 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = [ # Include the results of the hardware scan. imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/kernel.nix ../../modules/kernel.nix
../../modules/services/ssh.nix ../../modules/services/ssh.nix

9
systems/laptop/configuration.nix
View File

@@ -1,5 +1,6 @@
{ config, pkgs, inputs, ... }: { { config, pkgs, inputs, ... }: {
imports = [ # Include the results of the hardware scan. imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./modules/battery.nix ./modules/battery.nix
../../modules/ecryptfs.nix ../../modules/ecryptfs.nix
@@ -86,7 +87,8 @@
# "d /docker-data 0755 kopatz users" # "d /docker-data 0755 kopatz users"
#]; #];
security.pki.certificates = ['' security.pki.certificates = [
''
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIBjTCCATKgAwIBAgIRAMVH2+JHZ3wm2fLUlKjTYDswCgYIKoZIzj0EAwIwJDEM MIIBjTCCATKgAwIBAgIRAMVH2+JHZ3wm2fLUlKjTYDswCgYIKoZIzj0EAwIwJDEM
MAoGA1UEChMDS29wMRQwEgYDVQQDEwtLb3AgUm9vdCBDQTAeFw0yMzEyMDgxNDUx MAoGA1UEChMDS29wMRQwEgYDVQQDEwtLb3AgUm9vdCBDQTAeFw0yMzEyMDgxNDUx
@@ -98,7 +100,8 @@
AipNdhQKIYPvMt/h1uW4xP3NTkitnmshM09+rIasAiEAlSalGddXDkqJBHhPD+Fr AipNdhQKIYPvMt/h1uW4xP3NTkitnmshM09+rIasAiEAlSalGddXDkqJBHhPD+Fr
gpuVkfVkA8gQCXNs5F9TnxA= gpuVkfVkA8gQCXNs5F9TnxA=
-----END CERTIFICATE----- -----END CERTIFICATE-----
'']; ''
];
system.stateVersion = "23.05"; # Did you read the comment? system.stateVersion = "23.05"; # Did you read the comment?
} }

12
systems/laptop/hardware-configuration.nix
View File

@@ -5,7 +5,8 @@
{ {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix") [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "uas" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "uas" "sd_mod" "rtsx_pci_sdmmc" ];
@@ -14,18 +15,19 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/10537ea5-9d9f-4be8-8509-c7f9c9b978b8"; {
device = "/dev/disk/by-uuid/10537ea5-9d9f-4be8-8509-c7f9c9b978b8";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/C163-6BD5"; {
device = "/dev/disk/by-uuid/C163-6BD5";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/3ef4829c-e9ea-4cc0-85a1-bd8e704b9940"; } [{ device = "/dev/disk/by-uuid/3ef4829c-e9ea-4cc0-85a1-bd8e704b9940"; }];
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

9
systems/mini-pc-proxmox/configuration.nix
View File

@@ -5,7 +5,8 @@
{ config, pkgs, modulesPath, lib, ... }: { config, pkgs, modulesPath, lib, ... }:
{ {
imports = [ # Include the results of the hardware scan. imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/services/ssh.nix ../../modules/services/ssh.nix
../../modules/services/step-ca.nix ../../modules/services/step-ca.nix
@@ -47,7 +48,8 @@
}; };
misc = { misc = {
docker.enable = true; docker.enable = true;
backup = let backup =
let
kavita = "/data/kavita"; kavita = "/data/kavita";
gitolite = "/var/lib/gitolite"; gitolite = "/var/lib/gitolite";
syncthing = [ "/data/synced/default/" "/data/synced/work_drive/" ]; syncthing = [ "/data/synced/default/" "/data/synced/work_drive/" ];
@@ -56,7 +58,8 @@
backupPathsSmall = [ "/home" gitolite ] ++ syncthing; backupPathsSmall = [ "/home" gitolite ] ++ syncthing;
backupPathsMedium = [ "/home" gitolite ] ++ syncthing; backupPathsMedium = [ "/home" gitolite ] ++ syncthing;
backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull; backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull;
in { in
{
enable = true; enable = true;
small = backupPathsSmall; # goes to backblaze small = backupPathsSmall; # goes to backblaze
medium = backupPathsMedium; # goes to gdrive medium = backupPathsMedium; # goes to gdrive

10
systems/mini-pc-proxmox/hardware-configuration.nix
View File

@@ -5,13 +5,15 @@
{ {
fileSystems."/data" = fileSystems."/data" =
{ device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a"; {
device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd" "noatime" "nofail" ]; options = [ "compress=zstd" "noatime" "nofail" ];
}; };
fileSystems."/1tbssd" = fileSystems."/1tbssd" =
{ device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892"; {
device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892";
fsType = "ext4"; fsType = "ext4";
options = ["defaults" "nofail" "noatime"]; options = [ "defaults" "nofail" "noatime" ];
}; };
} }

9
systems/mini-pc/configuration.nix
View File

@@ -5,7 +5,8 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ # Include the results of the hardware scan. imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/services/ssh.nix ../../modules/services/ssh.nix
../../modules/services/step-ca.nix ../../modules/services/step-ca.nix
@@ -38,7 +39,8 @@
misc = { misc = {
btrfs.enable = true; btrfs.enable = true;
docker.enable = true; docker.enable = true;
backup = let backup =
let
kavita = "/data/kavita"; kavita = "/data/kavita";
gitolite = "/var/lib/gitolite"; gitolite = "/var/lib/gitolite";
syncthing = [ "/synced/default/" "/synced/work_drive/" ]; syncthing = [ "/synced/default/" "/synced/work_drive/" ];
@@ -46,7 +48,8 @@
backupPathsSmall = [ "/home" gitolite ] ++ syncthing; backupPathsSmall = [ "/home" gitolite ] ++ syncthing;
backupPathsMedium = [ "/home" gitolite ] ++ syncthing; backupPathsMedium = [ "/home" gitolite ] ++ syncthing;
backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull; backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull;
in { in
{
enable = true; enable = true;
small = backupPathsSmall; # goes to backblaze small = backupPathsSmall; # goes to backblaze
medium = backupPathsMedium; # goes to gdrive medium = backupPathsMedium; # goes to gdrive

20
systems/mini-pc/hardware-configuration.nix
View File

@@ -5,7 +5,8 @@
{ {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix") [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
@@ -14,7 +15,8 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/193dfa08-bf89-4a8b-a159-592c0a0b4d6e"; {
device = "/dev/disk/by-uuid/193dfa08-bf89-4a8b-a159-592c0a0b4d6e";
fsType = "ext4"; fsType = "ext4";
options = [ options = [
"defaults" "defaults"
@@ -23,25 +25,27 @@
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/EEC1-C78B"; {
device = "/dev/disk/by-uuid/EEC1-C78B";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ]; options = [ "fmask=0022" "dmask=0022" ];
}; };
fileSystems."/data" = fileSystems."/data" =
{ device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a"; {
device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd" "noatime" "nofail" ]; options = [ "compress=zstd" "noatime" "nofail" ];
}; };
fileSystems."/1tbssd" = fileSystems."/1tbssd" =
{ device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892"; {
device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892";
fsType = "ext4"; fsType = "ext4";
options = ["defaults" "nofail" "noatime"]; options = [ "defaults" "nofail" "noatime" ];
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/af6bf3d5-07a4-4139-9464-ffc1c4e23549"; } [{ device = "/dev/disk/by-uuid/af6bf3d5-07a4-4139-9464-ffc1c4e23549"; }];
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

9
systems/pc/configuration.nix
View File

@@ -3,7 +3,8 @@
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, inputs, ... }: { { config, pkgs, lib, inputs, ... }: {
imports = [ # Include the results of the hardware scan. imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/flatpak.nix ../../modules/flatpak.nix
../../modules/gpg.nix ../../modules/gpg.nix
@@ -220,7 +221,8 @@
# Allow unfree packages # Allow unfree packages
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
security.pki.certificates = ['' security.pki.certificates = [
''
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIBjTCCATKgAwIBAgIRAMVH2+JHZ3wm2fLUlKjTYDswCgYIKoZIzj0EAwIwJDEM MIIBjTCCATKgAwIBAgIRAMVH2+JHZ3wm2fLUlKjTYDswCgYIKoZIzj0EAwIwJDEM
MAoGA1UEChMDS29wMRQwEgYDVQQDEwtLb3AgUm9vdCBDQTAeFw0yMzEyMDgxNDUx MAoGA1UEChMDS29wMRQwEgYDVQQDEwtLb3AgUm9vdCBDQTAeFw0yMzEyMDgxNDUx
@@ -232,7 +234,8 @@
AipNdhQKIYPvMt/h1uW4xP3NTkitnmshM09+rIasAiEAlSalGddXDkqJBHhPD+Fr AipNdhQKIYPvMt/h1uW4xP3NTkitnmshM09+rIasAiEAlSalGddXDkqJBHhPD+Fr
gpuVkfVkA8gQCXNs5F9TnxA= gpuVkfVkA8gQCXNs5F9TnxA=
-----END CERTIFICATE----- -----END CERTIFICATE-----
'']; ''
];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions

Some files were not shown because too many files have changed in this diff Show More