kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

format

Browse Source
This commit is contained in:
Kopatz
2025-03-18 16:27:20 +01:00
parent 923ab37209
commit cc32af7b80
131 changed files with 2383 additions and 2224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
flake.nix
View File

@@ -63,9 +63,25 @@
# inputs.nixpkgs.follows = "nixpkgs-unstable";
#};
};
outputs = { self, nur, nixpkgs, nixos-hardware, nixos-wsl, nixpkgs-unstable
, agenix, home-manager, home-manager-unstable, nix-colors, nixos-cosmic
, nixvim, nixos-generators, stylix, disko, flake-utils, ... }@inputs:
outputs =
{ self
, nur
, nixpkgs
, nixos-hardware
, nixos-wsl
, nixpkgs-unstable
, agenix
, home-manager
, home-manager-unstable
, nix-colors
, nixos-cosmic
, nixvim
, nixos-generators
, stylix
, disko
, flake-utils
, ...
}@inputs:
let
inherit (self) outputs;
system = "x86_64-linux";
@@ -84,10 +100,16 @@
builtins.foldl' (acc: elem: nixpkgs.lib.recursiveUpdate acc elem) { }
list;
# helper function to create a machine
mkHost = { modules, specialArgs ? {
mkHost =
{ modules
, specialArgs ? {
pkgsVersion = nixpkgs-unstable;
home-manager-version = home-manager-unstable;
}, system ? "x86_64-linux", minimal ? false, graphical ? true }:
}
, system ? "x86_64-linux"
, minimal ? false
, graphical ? true
}:
let lib = specialArgs.pkgsVersion.lib;
in specialArgs.pkgsVersion.lib.nixosSystem {
inherit system;
@@ -102,10 +124,15 @@
];
specialArgs = specialArgs // { inherit inputs outputs; };
};
mkStableServer = { modules, specialArgs ? {
mkStableServer =
{ modules
, specialArgs ? {
pkgsVersion = nixpkgs;
home-manager-version = home-manager;
}, system ? "x86_64-linux", minimal ? false }:
}
, system ? "x86_64-linux"
, minimal ? false
}:
let lib = specialArgs.pkgsVersion.lib;
in specialArgs.pkgsVersion.lib.nixosSystem {
inherit system;
@@ -141,7 +168,8 @@
};
};
});
in {
in
{
overlays = import ./overlays.nix { inherit inputs; };
nixosConfigurations = {

6
home-manager/code.nix
View File

@@ -1,6 +1,7 @@
{ osConfig, config, pkgs, inputs, lib, ... }: {
config = lib.mkIf osConfig.custom.graphical.code.enable rec {
home.activation.makeVSCodeConfigWritable = let
home.activation.makeVSCodeConfigWritable =
let
configDirName = {
"vscode" = "Code";
"vscode-insiders" = "Code - Insiders";
@@ -8,7 +9,8 @@
}.${programs.vscode.package.pname};
configPath =
"${config.xdg.configHome}/${configDirName}/User/settings.json";
in {
in
{
after = [ "writeBoundary" ];
before = [ ];
data = ''

3
home-manager/firefox/default.nix
View File

@@ -58,7 +58,8 @@ let
};
};
};
in {
in
{
stylix = lib.mkIf osConfig.custom.graphical.stylix.enable {
targets.firefox = {
profileNames = [ "default" ];

3
home-manager/floorp/default.nix
View File

@@ -58,7 +58,8 @@ let
};
};
};
in {
in
{
programs.floorp = {
enable = true;
policies = {

18
home-manager/hyprland/hyprland-settings.nix
View File

@@ -12,7 +12,8 @@ let
'';
monitor1 = if isPc then "DP-1" else if isLaptop then "eDP-1" else "eDP-1";
monitor2 = "HDMI-A-1";
in {
in
{
config = lib.mkIf cfg.enable {
home.file.".config/hypr/hyprshade.toml".source =
@@ -29,7 +30,8 @@ in {
#
# See https://wiki.hyprland.org/Configuring/Monitors/
monitor = if isPc then [
monitor =
if isPc then [
"${monitor2},1920x1080@60,0x0,1"
"${monitor1},2560x1440@144,1920x0,1"
"Unknown-1,disable"
@@ -181,7 +183,8 @@ in {
"$mainMod" = "SUPER";
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = let
bind =
let
rofi = "${pkgs.rofi-wayland}/bin/rofi";
kitty = "${pkgs.kitty}/bin/kitty";
#dolphin = "${pkgs.dolphin}/bin/dolphin";
@@ -196,7 +199,8 @@ in {
#swaylock = "${pkgs.swaylock}/bin/swaylock";
hyprlock = "${pkgs.hyprlock}/bin/hyprlock";
playerctl = "${pkgs.playerctl}/bin/playerctl";
in [
in
[
"$mainMod, Q, exec, ${kitty}"
"$mainMod, C, killactive"
#"$mainMod, L, exec, ${swaylock} -f -c 000000"
@@ -318,14 +322,16 @@ in {
"xrandr --monitor ${monitor1} --primary"
];
};
extraConfig = let
extraConfig =
let
wl-copy = "${pkgs.wl-clipboard}/bin/wl-copy";
wl-paste = "${pkgs.wl-clipboard}/bin/wl-paste";
dunstify = "${pkgs.dunst}/bin/dunstify";
dunstctl = "${pkgs.dunst}/bin/dunstctl";
pdfgrep = "${pkgs.pdfgrep}/bin/pdfgrep --cache";
path = "/synced/fh/os-hardening/**/slides";
in ''
in
''
bind = $mainMod, A, submap, notes
submap = notes

6
home-manager/hyprland/waybar.nix
View File

@@ -2,7 +2,8 @@
with lib;
let cfg = osConfig.custom.graphical.hyprland;
in {
config = let
config =
let
# styles from https://github.com/khaneliman/khanelinix/blob/8375f8cfbe5bfd87565b4dc34c9d30630c17336d/modules/home/desktop/addons/waybar/default.nix
base16 = config.stylix.base16Scheme;
readAndReplace = path: replace: builtins.readFile (pkgs.replaceVars path replace);
@@ -14,7 +15,8 @@ in {
powerStyle = builtins.readFile ./styles/power.css;
statsStyle = builtins.readFile ./styles/stats.css;
workspacesStyle = builtins.readFile ./styles/workspaces.css;
in lib.mkIf cfg.enable {
in
lib.mkIf cfg.enable {
home.file.".config/waybar" = {
recursive = true;

3
home-manager/i3.nix
View File

@@ -68,7 +68,8 @@ in {
# wm-restack = "i3";
# override-redirect = true;
};
"module/i3" = let padding = 2;
"module/i3" =
let padding = 2;
in {
type = "internal/i3";
pin-workspaces = true;

3
home-manager/nixvim/default.nix
View File

@@ -30,7 +30,8 @@ let
];
merged =
builtins.foldl' (acc: elem: lib.recursiveUpdate acc elem) { } configs;
in {
in
{
home.sessionVariables = { EDITOR = "nvim"; };
programs.nixvim = merged;
}

13
home-manager/nixvim/lsp.nix
View File

@@ -1,19 +1,28 @@
{ pkgs, ... }:
{
plugins = {
otter = { # provide lsp functionality for code embedded in other languages
otter = {
# provide lsp functionality for code embedded in other languages
enable = true;
settings.handle_leading_whitespace = true;
};
lsp = {
enable = true;
inlayHints = true;
servers = {
bashls.enable = true;
#ccls.enable = true;
clangd.enable = true;
cssls.enable = true;
gopls.enable = true;
nixd.enable = true;
nixd = {
enable = true;
settings = {
nixpkgs.expr = ''import <nixpkgs> { }'';
formatting.command = [ "nixpkgs-fmt" ];
options.nixos.expr = ''(builtins.getFlake ("/home/kopatz/projects/github/nix-config")).nixosConfigurations.kop-pc.options'';
};
};
html.enable = true;
dartls.enable = true;
ts_ls.enable = true;

2
home-manager/nixvim/none-ls.nix
View File

@@ -10,7 +10,7 @@
fantomas.enable = true;
gofmt.enable = true;
goimports.enable = true;
nixfmt.enable = true;
#nixfmt.enable = true;
markdownlint.enable = true;
shellharden.enable = true;
shfmt.enable = true;

3
home-manager/nixvim/which_key.nix
View File

@@ -2,4 +2,5 @@
opts = {
timeoutlen = 500;
};
plugins.which-key = { enable = true; }; }
plugins.which-key = { enable = true; };
}

6
home-manager/rofi/default.nix
View File

@@ -8,7 +8,8 @@ let
r = c."${color}-rgb-r";
g = c."${color}-rgb-g";
b = c."${color}-rgb-b";
in "rgba ( ${r}, ${g}, ${b}, ${opacity} % )";
in
"rgba ( ${r}, ${g}, ${b}, ${opacity} % )";
mkRgb = mkRgba "100";
rofiOpacity =
builtins.toString (builtins.ceil (config.stylix.opacity.popups * 100));
@@ -55,7 +56,8 @@ let
alternate-active-text = mkRgb "base0D";
alternate-urgent-text = mkRgb "base08";
};
in {
in
{
home.file.".config/rofi" = {
enable = true;
recursive = true;

6
home-manager/stylix.nix
View File

@@ -1,7 +1,9 @@
{ osConfig, pkgs, config, lib, ... }:
let cfg = osConfig.custom.graphical.stylix;
let
cfg = osConfig.custom.graphical.stylix;
base16 = config.stylix.base16Scheme;
in {
in
{
config = lib.mkIf cfg.enable {
stylix = {
enable = true;

3
modules/graphical/games.nix
View File

@@ -11,7 +11,8 @@ let
# hash = "sha256-aWpTUAm9FBuZI2KwEvhSnLB7Mfp5nYgUwvvLF47FIfM=";
# };
#});
in {
in
{
options.custom.graphical.games = {
enable = mkEnableOption "Enables games";
enablePreinstalled = mkEnableOption "Enables preinstalled games";

6
modules/graphical/shared.nix
View File

@@ -6,11 +6,13 @@ in {
enable = mkEnableOption "Enables shared";
};
config = let
config =
let
screenshot = pkgs.writeShellScriptBin "screenshot" ''
${pkgs.scrot}/bin/scrot -fs - | ${pkgs.xclip}/bin/xclip -selection clipboard -t image/png -i
'';
in mkIf cfg.enable {
in
mkIf cfg.enable {
programs.dconf.enable = true;
fonts.fontDir.enable = true;

9
modules/hardware/nvidia.nix
View File

@@ -28,9 +28,11 @@ in {
};
};
config = let
config =
let
# the option was renamed in unstable
nvidiaOption = if (pkgsVersion == inputs.nixpkgs-unstable) then {
nvidiaOption =
if (pkgsVersion == inputs.nixpkgs-unstable) then {
hardware.graphics = {
enable = true;
enable32Bit = true;
@@ -44,7 +46,8 @@ in {
};
};
nvidia_oc = "${pkgs.nvidia_oc}/bin/nvidia_oc";
in lib.mkIf cfg.enable (lib.recursiveUpdate nvidiaOption {
in
lib.mkIf cfg.enable (lib.recursiveUpdate nvidiaOption {
boot.kernelParams =
[ "nvidia-drm.fbdev=1" "nvidia.NVreg_PreserveVideoMemoryAllocations=1" ];
services.xserver.videoDrivers = [ "nvidia" ];

6
modules/hardware/wooting.nix
View File

@@ -8,7 +8,8 @@ in
enable = mkEnableOption "Enable wooting hardware support";
};
config = let
config =
let
wooting-udev = pkgs.stdenv.mkDerivation rec {
pname = "wooting-udev-rules";
version = "unstable-2023-03-31";
@@ -30,7 +31,8 @@ in
maintainers = with maintainers; [ davidtwco ];
};
};
in mkIf cfg.enable {
in
mkIf cfg.enable {
services.udev.packages = [ wooting-udev ];
environment.systemPackages = with pkgs; [

9
modules/kernel.nix
View File

@@ -47,7 +47,8 @@ let
# kernel = config.boot.kernelPackages.kernel;
# };
in {
in
{
#boot.extraModulePackages = [ amdgpu_module ];
#boot.kernelPackages = pkgs.linuxPackages_latest;
#boot.kernelPackages = pkgs.linuxPackages_testing;
@@ -62,7 +63,8 @@ in {
# };
#});
boot.kernelPackages = let
boot.kernelPackages =
let
amd_drm_next_pkg = { fetchurl, buildLinux, ... }@args:
buildLinux (args // rec {
@@ -81,5 +83,6 @@ in {
extraMeta.branch = "6.14.0-rc4";
} // (args.argsOverride or { }));
linux_amd_drm_next = pkgs.callPackage amd_drm_next_pkg { };
in pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_amd_drm_next);
in
pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_amd_drm_next);
}

6
modules/misc/backup.nix
View File

@@ -32,7 +32,8 @@ in
};
};
config = let
config =
let
checkStorageSpace = pkgs.writeShellApplication {
name = "checkBackupStorageSpace";
text = ''
@@ -51,7 +52,8 @@ in
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePathsRemote)} ${builtins.concatStringsSep " " cfg.large}
'';
};
in mkIf cfg.enable {
in
mkIf cfg.enable {
environment.systemPackages = with pkgs; [ checkStorageSpace ];
age.secrets.restic-pw = {
file = ../../secrets/restic-pw.age;

6
modules/misc/cli-tools.nix
View File

@@ -4,7 +4,8 @@ let cfg = config.custom.cli-tools;
in {
options.custom.cli-tools = { enable = mkEnableOption "Enables cli-tools"; };
config = let
config =
let
getTotalPowerUsed = pkgs.writeShellScriptBin "total-power" ''
echo "$(sudo cat /sys/class/powercap/*/energy_uj | awk 'BEGIN { sum = 0; } { sum += $1; } END { print sum; }' "$@") / 1000000" | bc | xargs -I _ echo "_ W"
'';
@@ -24,7 +25,8 @@ in {
echo "scale=2; ($power_curr - $power_prev) / 1" | bc | xargs -I _ echo "_ W"
done
'';
in mkIf cfg.enable {
in
mkIf cfg.enable {
environment.systemPackages = with pkgs; [
getTotalPowerUsed
watchCurrentPowerUsed

6
modules/misc/packages-list.nix
View File

@@ -1,8 +1,10 @@
{ config, pkgs, ... }: {
environment.etc."current-system-packages".text = let
environment.etc."current-system-packages".text =
let
packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
sortedUnique =
builtins.sort builtins.lessThan (pkgs.lib.lists.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique;
in formatted;
in
formatted;
}

3
modules/misc/static-ip.nix
View File

@@ -22,7 +22,8 @@ in {
description = "Default gateway";
};
};
config = let fallback = "1.1.1.1";
config =
let fallback = "1.1.1.1";
in mkIf cfg.enable {
networking = {
defaultGateway = cfg.gateway;

3
modules/nix/settings.nix
View File

@@ -3,7 +3,8 @@ with lib;
let
cfg = config.custom.nix.settings;
cache = "https://cache.nixos.org";
in {
in
{
options.custom.nix.settings = {
enable = mkEnableOption "Enables various nix settings";
optimise = mkOption {

1
modules/no-sleep-lid-closed.nix
View File

@@ -1,4 +1,3 @@
{
services.logind.lidSwitchExternalPower = "ignore";
}

1
modules/services/adam-site.nix
View File

@@ -1,4 +1,3 @@
{ config, pkgs, lib, inputs, ... }:
with lib;
let cfg = config.custom.services.adam-site;

6
modules/services/adguard.nix
View File

@@ -19,10 +19,12 @@ in {
description = "use https for the adguard instance";
};
};
config = let
config =
let
ip = cfg.ip;
wireguardIp = config.custom.services.wireguard.ip;
in lib.mkIf cfg.enable {
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];

9
modules/services/caldav.nix
View File

@@ -28,8 +28,10 @@ in {
large = [ "/var/lib/radicale/" ];
};
systemd.services.kop-fhcalendar = let
radicale = if lib.versionOlder lib.version "25.05" then
systemd.services.kop-fhcalendar =
let
radicale =
if lib.versionOlder lib.version "25.05" then
(builtins.elemAt
config.services.radicale.settings.storage.filesystem_folder 0)
else
@@ -37,7 +39,8 @@ in {
# not reproducible
working =
"${radicale}/collection-root/kopatz/b6d2c446-8109-714a-397f-1f35d3136639";
in {
in
{
description = "Download fh calendar";
wants = [ "network-online.target" ];
after = [ "network.target" "network-online.target" ];

6
modules/services/games/palworld.nix
View File

@@ -1,7 +1,9 @@
# valheim.nix
{config, pkgs, lib, ...}: let
{ config, pkgs, lib, ... }:
let
join = builtins.concatStringsSep " ";
in {
in
{
services.cron = {
enable = true;

15
modules/services/kavita.nix
View File

@@ -21,14 +21,16 @@ in {
};
isTest = mkEnableOption "Is this a test vm?";
};
config = let
config =
let
fqdn = "kavita-kopatz.duckdns.org";
useStepCa = false; # config.services.step-ca.enable;
useHttps = cfg.https;
baseDir = cfg.dir;
mangal = "${pkgs.mangal-patched}/bin/mangal";
githubRunnerEnabled = config.services.github-runners ? oberprofis.enable;
in lib.mkIf cfg.enable {
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 5000 ];
systemd.tmpfiles.rules = [
(if githubRunnerEnabled then
@@ -48,18 +50,21 @@ in {
services.kavita = {
enable = true;
user = "kavita";
package = let
package =
let
backend = pkgs.unstable.kavita.backend.overrideAttrs
(old: { patches = old.patches ++ [ ./kavita-patches-chapter-parsing.diff ./kavita-page-size.diff ]; });
kavitaPatched = pkgs.unstable.kavita.overrideAttrs (old: { backend = backend; });
in kavitaPatched;
in
kavitaPatched;
settings = {
Port = 5000;
IpAddresses = "127.0.0.1";
BaseUrl = "/kavita";
};
dataDir = baseDir;
tokenKeyFile = if cfg.isTest then
tokenKeyFile =
if cfg.isTest then
(builtins.toFile "test"
"wWKNeGUslGILrUUp8Dnn4xyYnivZWBb8uqjKg3ALyCs7reV5v3CtE/E2b6i0Mwz1Xw1p9a0wcduRDNoa8Yh8kQ==")
else

6
modules/services/kubernetes.nix
View File

@@ -8,10 +8,12 @@ in
options.custom.services.kubernetes = {
enable = mkEnableOption "Enables kubernetes";
};
config = let
config =
let
kubeMasterIP = "localhost";
kubeMasterHostname = "localhost";
in lib.mkIf cfg.enable {
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)

6
modules/services/nginx.nix
View File

@@ -45,7 +45,8 @@ in {
more_set_headers "Permissions-Policy: geolocation=(), microphone=()";
'';
virtualHosts = let
virtualHosts =
let
kopConfig = {
root = pkgs.kop-website;
forceSSL = cfg.https;
@@ -107,7 +108,8 @@ in {
};
};
};
in {
in
{
"kopatz.ddns.net" = kopConfig;
"kop.oasch.net" = kopConfig;
};

3
modules/services/smartd.nix
View File

@@ -17,7 +17,8 @@ let
--data "$JSON"
'';
cfg = config.custom.services.smartd;
in {
in
{
options.custom.services.smartd = {
enable = lib.mkEnableOption "Enables smartd monitoring";

6
modules/services/synapse.nix
View File

@@ -9,7 +9,8 @@ let
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in {
in
{
networking.domain = "kopatz.ddns.net";
networking.firewall.allowedTCPPorts = [ 80 443 ];
@@ -77,7 +78,8 @@ in {
config.age.secrets.matrix-registration.path
];
settings.listeners = [
{ port = 8008;
{
port = 8008;
bind_addresses = [ "::1" ];
type = "http";
tls = false;

3
modules/services/wireguard.nix
View File

@@ -15,7 +15,8 @@ in
config =
let
wireguardIp = cfg.ip;
in lib.mkIf cfg.enable {
in
lib.mkIf cfg.enable {
age.secrets.wireguard-private = {
file = ../../secrets/wireguard-private.age;

3
overlays.nix
View File

@@ -8,7 +8,8 @@ let
system = "x86_64-linux";
config.allowUnfree = true;
};
in {
in
{
# This one brings our custom packages from the 'pkgs' directory
additions = final: _prev: import ./pkgs { pkgs = final; };

37
pkgs/electron27/default.nix
View File

@@ -1,7 +1,33 @@
{ lib, stdenv, libXScrnSaver, makeWrapper, fetchurl, wrapGAppsHook3, glib, gtk3
, unzip, at-spi2-atk, libdrm, libgbm, libxkbcommon, libxshmfence, libGL
, vulkan-loader, alsa-lib, cairo, cups, dbus, expat, gdk-pixbuf, nss, nspr, xorg
, pango, systemd, pciutils, }:
{ lib
, stdenv
, libXScrnSaver
, makeWrapper
, fetchurl
, wrapGAppsHook3
, glib
, gtk3
, unzip
, at-spi2-atk
, libdrm
, libgbm
, libxkbcommon
, libxshmfence
, libGL
, vulkan-loader
, alsa-lib
, cairo
, cups
, dbus
, expat
, gdk-pixbuf
, nss
, nspr
, xorg
, pango
, systemd
, pciutils
,
}:
let
version = "27.3.11";
@@ -157,6 +183,7 @@ let
passthru.dist = finalAttrs.finalPackage + "/Applications";
};
in stdenv.mkDerivation (finalAttrs:
in
stdenv.mkDerivation (finalAttrs:
lib.recursiveUpdate (common stdenv.hostPlatform)
((if stdenv.hostPlatform.isDarwin then darwin else linux) finalAttrs))

19
pkgs/lact/default.nix
View File

@@ -1,6 +1,19 @@
{ lib, rustPlatform, stdenv, fetchFromGitHub, blueprint-compiler, pkg-config
, wrapGAppsHook4, gdk-pixbuf, gtk4, libdrm, vulkan-loader, coreutils
, nix-update-script, hwdata, fuse }:
{ lib
, rustPlatform
, stdenv
, fetchFromGitHub
, blueprint-compiler
, pkg-config
, wrapGAppsHook4
, gdk-pixbuf
, gtk4
, libdrm
, vulkan-loader
, coreutils
, nix-update-script
, hwdata
, fuse
}:
rustPlatform.buildRustPackage rec {
pname = "lact";

12
pkgs/mangal/default.nix
View File

@@ -1,9 +1,9 @@
{
lib,
stdenv,
buildGoModule,
fetchFromGitHub,
installShellFiles,
{ lib
, stdenv
, buildGoModule
, fetchFromGitHub
, installShellFiles
,
}:
buildGoModule rec {
name = "mangal";

9
systems/amd-server-vm/configuration.nix
View File

@@ -1,7 +1,8 @@
{ config, pkgs, modulesPath, lib, ... }:
{
imports = [ # Include the results of the hardware scan.
imports = [
# Include the results of the hardware scan.
#./hardware-configuration.nix
../../modules/services/ssh.nix
../../modules/services/step-ca.nix
@@ -45,7 +46,8 @@
};
misc = {
docker.enable = true;
backup = let
backup =
let
kavita = "/data/kavita";
gitolite = "/var/lib/gitolite";
syncthing = [ "/data/synced/default/" "/data/synced/work_drive/" ];
@@ -54,7 +56,8 @@
backupPathsSmall = [ "/home" gitolite ] ++ syncthing;
backupPathsMedium = [ "/home" gitolite ] ++ syncthing;
backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull;
in {
in
{
enable = true;
excludePaths = lib.mkOptionDefault [ "${kavita}/manga" ];
small = backupPathsSmall; # goes to backblaze

3
systems/amd-server/configuration.nix
View File

@@ -5,7 +5,8 @@
{ config, lib, pkgs, ... }:
{
imports = [ # Include the results of the hardware scan.
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/kernel.nix
../../modules/services/ssh.nix

9
systems/laptop/configuration.nix
View File

@@ -1,5 +1,6 @@
{ config, pkgs, inputs, ... }: {
imports = [ # Include the results of the hardware scan.
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./modules/battery.nix
../../modules/ecryptfs.nix
@@ -86,7 +87,8 @@
# "d /docker-data 0755 kopatz users"
#];
security.pki.certificates = [''
security.pki.certificates = [
''
-----BEGIN CERTIFICATE-----
MIIBjTCCATKgAwIBAgIRAMVH2+JHZ3wm2fLUlKjTYDswCgYIKoZIzj0EAwIwJDEM
MAoGA1UEChMDS29wMRQwEgYDVQQDEwtLb3AgUm9vdCBDQTAeFw0yMzEyMDgxNDUx
@@ -98,7 +100,8 @@
AipNdhQKIYPvMt/h1uW4xP3NTkitnmshM09+rIasAiEAlSalGddXDkqJBHhPD+Fr
gpuVkfVkA8gQCXNs5F9TnxA=
-----END CERTIFICATE-----
''];
''
];
system.stateVersion = "23.05"; # Did you read the comment?
}

12
systems/laptop/hardware-configuration.nix
View File

@@ -5,7 +5,8 @@
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "uas" "sd_mod" "rtsx_pci_sdmmc" ];
@@ -14,18 +15,19 @@
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/10537ea5-9d9f-4be8-8509-c7f9c9b978b8";
{
device = "/dev/disk/by-uuid/10537ea5-9d9f-4be8-8509-c7f9c9b978b8";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/C163-6BD5";
{
device = "/dev/disk/by-uuid/C163-6BD5";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/3ef4829c-e9ea-4cc0-85a1-bd8e704b9940"; }
];
[{ device = "/dev/disk/by-uuid/3ef4829c-e9ea-4cc0-85a1-bd8e704b9940"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

9
systems/mini-pc-proxmox/configuration.nix
View File

@@ -5,7 +5,8 @@
{ config, pkgs, modulesPath, lib, ... }:
{
imports = [ # Include the results of the hardware scan.
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/services/ssh.nix
../../modules/services/step-ca.nix
@@ -47,7 +48,8 @@
};
misc = {
docker.enable = true;
backup = let
backup =
let
kavita = "/data/kavita";
gitolite = "/var/lib/gitolite";
syncthing = [ "/data/synced/default/" "/data/synced/work_drive/" ];
@@ -56,7 +58,8 @@
backupPathsSmall = [ "/home" gitolite ] ++ syncthing;
backupPathsMedium = [ "/home" gitolite ] ++ syncthing;
backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull;
in {
in
{
enable = true;
small = backupPathsSmall; # goes to backblaze
medium = backupPathsMedium; # goes to gdrive

6
systems/mini-pc-proxmox/hardware-configuration.nix
View File

@@ -5,12 +5,14 @@
{
fileSystems."/data" =
{ device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a";
{
device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "nofail" ];
};
fileSystems."/1tbssd" =
{ device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892";
{
device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892";
fsType = "ext4";
options = [ "defaults" "nofail" "noatime" ];
};

9
systems/mini-pc/configuration.nix
View File

@@ -5,7 +5,8 @@
{ config, pkgs, ... }:
{
imports = [ # Include the results of the hardware scan.
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/services/ssh.nix
../../modules/services/step-ca.nix
@@ -38,7 +39,8 @@
misc = {
btrfs.enable = true;
docker.enable = true;
backup = let
backup =
let
kavita = "/data/kavita";
gitolite = "/var/lib/gitolite";
syncthing = [ "/synced/default/" "/synced/work_drive/" ];
@@ -46,7 +48,8 @@
backupPathsSmall = [ "/home" gitolite ] ++ syncthing;
backupPathsMedium = [ "/home" gitolite ] ++ syncthing;
backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull;
in {
in
{
enable = true;
small = backupPathsSmall; # goes to backblaze
medium = backupPathsMedium; # goes to gdrive

18
systems/mini-pc/hardware-configuration.nix
View File

@@ -5,7 +5,8 @@
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
@@ -14,7 +15,8 @@
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/193dfa08-bf89-4a8b-a159-592c0a0b4d6e";
{
device = "/dev/disk/by-uuid/193dfa08-bf89-4a8b-a159-592c0a0b4d6e";
fsType = "ext4";
options = [
"defaults"
@@ -23,25 +25,27 @@
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/EEC1-C78B";
{
device = "/dev/disk/by-uuid/EEC1-C78B";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/data" =
{ device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a";
{
device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "nofail" ];
};
fileSystems."/1tbssd" =
{ device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892";
{
device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892";
fsType = "ext4";
options = [ "defaults" "nofail" "noatime" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/af6bf3d5-07a4-4139-9464-ffc1c4e23549"; }
];
[{ device = "/dev/disk/by-uuid/af6bf3d5-07a4-4139-9464-ffc1c4e23549"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

9
systems/pc/configuration.nix
View File

@@ -3,7 +3,8 @@
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, inputs, ... }: {
imports = [ # Include the results of the hardware scan.
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/flatpak.nix
../../modules/gpg.nix
@@ -220,7 +221,8 @@
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
security.pki.certificates = [''
security.pki.certificates = [
''
-----BEGIN CERTIFICATE-----
MIIBjTCCATKgAwIBAgIRAMVH2+JHZ3wm2fLUlKjTYDswCgYIKoZIzj0EAwIwJDEM
MAoGA1UEChMDS29wMRQwEgYDVQQDEwtLb3AgUm9vdCBDQTAeFw0yMzEyMDgxNDUx
@@ -232,7 +234,8 @@
AipNdhQKIYPvMt/h1uW4xP3NTkitnmshM09+rIasAiEAlSalGddXDkqJBHhPD+Fr
gpuVkfVkA8gQCXNs5F9TnxA=
-----END CERTIFICATE-----
''];
''
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions

9
systems/pc/hardware-configuration.nix
View File

@@ -5,7 +5,8 @@
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
@@ -14,7 +15,8 @@
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/dd65bdf8-c003-439c-a1aa-d050cb20959d";
{
device = "/dev/disk/by-uuid/dd65bdf8-c003-439c-a1aa-d050cb20959d";
fsType = "ext4";
options = [
"defaults"
@@ -23,7 +25,8 @@
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/CC7C-CF82";
{
device = "/dev/disk/by-uuid/CC7C-CF82";
fsType = "vfat";
};

4
systems/userdata-default.nix
View File

@@ -1,3 +1 @@
{
}
{ }