megamanmalte/nixos
0
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

feat(flake): Recreate using flake-parts

Browse source
This commit is contained in:
Malte Tammena 2023-04-19 01:01:07 +02:00
parent eb2504157e
commit 5716aa16be
20 changed files with 1593 additions and 1478 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

375
flake.lock
View file

@ -205,13 +205,16 @@
}
},
"devshell_2": {
"flake": false,
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1663445644,
"narHash": "sha256-+xVlcK60x7VY1vRJbNUEAHi17ZuoQxAIH4S4iUFUGBA=",
"lastModified": 1678957337,
"narHash": "sha256-Gw4nVbuKRdTwPngeOZQOzH/IFowmz4LryMPDiJN/ah4=",
"owner": "numtide",
"repo": "devshell",
"rev": "e3dc3e21594fe07bdb24bdf1c8657acaa4cb8f66",
"rev": "3e0e60ab37cd0bf7ab59888f5c32499d851edb47",
"type": "github"
},
"original": {
@ -221,25 +224,6 @@
}
},
"devshell_3": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1678957337,
"narHash": "sha256-Gw4nVbuKRdTwPngeOZQOzH/IFowmz4LryMPDiJN/ah4=",
"owner": "numtide",
"repo": "devshell",
"rev": "3e0e60ab37cd0bf7ab59888f5c32499d851edb47",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_4": {
"flake": false,
"locked": {
"lastModified": 1663445644,
@ -255,10 +239,10 @@
"type": "github"
}
},
"devshell_5": {
"devshell_4": {
"inputs": {
"flake-utils": "flake-utils_6",
"nixpkgs": "nixpkgs_9"
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1678957337,
@ -274,7 +258,42 @@
"type": "github"
}
},
"devshell_5": {
"flake": false,
"locked": {
"lastModified": 1663445644,
"narHash": "sha256-+xVlcK60x7VY1vRJbNUEAHi17ZuoQxAIH4S4iUFUGBA=",
"owner": "numtide",
"repo": "devshell",
"rev": "e3dc3e21594fe07bdb24bdf1c8657acaa4cb8f66",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_6": {
"inputs": {
"flake-utils": "flake-utils_7",
"nixpkgs": "nixpkgs_10"
},
"locked": {
"lastModified": 1678957337,
"narHash": "sha256-Gw4nVbuKRdTwPngeOZQOzH/IFowmz4LryMPDiJN/ah4=",
"owner": "numtide",
"repo": "devshell",
"rev": "3e0e60ab37cd0bf7ab59888f5c32499d851edb47",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_7": {
"flake": false,
"locked": {
"lastModified": 1663445644,
@ -294,7 +313,7 @@
"inputs": {
"all-cabal-json": "all-cabal-json",
"crane": "crane",
"devshell": "devshell_2",
"devshell": "devshell_3",
"drv-parts": "drv-parts",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts",
@ -303,7 +322,7 @@
"gomod2nix": "gomod2nix",
"mach-nix": "mach-nix",
"nix-pypi-fetcher": "nix-pypi-fetcher",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_3",
"nixpkgsV1": "nixpkgsV1",
"poetry2nix": "poetry2nix",
"pre-commit-hooks": "pre-commit-hooks",
@ -327,7 +346,7 @@
"inputs": {
"all-cabal-json": "all-cabal-json_2",
"crane": "crane_2",
"devshell": "devshell_4",
"devshell": "devshell_5",
"drv-parts": "drv-parts_2",
"flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_3",
@ -336,7 +355,7 @@
"gomod2nix": "gomod2nix_2",
"mach-nix": "mach-nix_2",
"nix-pypi-fetcher": "nix-pypi-fetcher_2",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_7",
"nixpkgsV1": "nixpkgsV1_2",
"poetry2nix": "poetry2nix_2",
"pre-commit-hooks": "pre-commit-hooks_2",
@ -360,16 +379,16 @@
"inputs": {
"all-cabal-json": "all-cabal-json_3",
"crane": "crane_3",
"devshell": "devshell_6",
"devshell": "devshell_7",
"drv-parts": "drv-parts_3",
"flake-compat": "flake-compat_6",
"flake-parts": "flake-parts_5",
"flake-parts": "flake-parts_6",
"flake-utils-pre-commit": "flake-utils-pre-commit_3",
"ghc-utils": "ghc-utils_3",
"gomod2nix": "gomod2nix_3",
"mach-nix": "mach-nix_3",
"nix-pypi-fetcher": "nix-pypi-fetcher_3",
"nixpkgs": "nixpkgs_10",
"nixpkgs": "nixpkgs_11",
"nixpkgsV1": "nixpkgsV1_3",
"poetry2nix": "poetry2nix_3",
"pre-commit-hooks": "pre-commit-hooks_3",
@ -487,7 +506,7 @@
},
"emulator-2a": {
"inputs": {
"devshell": "devshell",
"devshell": "devshell_2",
"dream2nix": "dream2nix",
"flake-parts": "flake-parts_2",
"nixpkgs": [
@ -513,7 +532,7 @@
},
"fend": {
"inputs": {
"devshell": "devshell_3",
"devshell": "devshell_4",
"dream2nix": "dream2nix_2",
"flake-parts": "flake-parts_4",
"nixpkgs": [
@ -766,6 +785,24 @@
}
},
"flake-parts_5": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": {
"lastModified": 1680392223,
"narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_6": {
"inputs": {
"nixpkgs-lib": [
"mensa",
@ -787,9 +824,9 @@
"type": "github"
}
},
"flake-parts_6": {
"flake-parts_7": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
"nixpkgs-lib": "nixpkgs-lib_4"
},
"locked": {
"lastModified": 1680392223,
@ -805,7 +842,7 @@
"type": "github"
}
},
"flake-parts_7": {
"flake-parts_8": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs-wayland",
@ -904,11 +941,11 @@
},
"flake-utils_3": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"lastModified": 1642700792,
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
"type": "github"
},
"original": {
@ -919,11 +956,11 @@
},
"flake-utils_4": {
"locked": {
"lastModified": 1642700792,
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
@ -933,6 +970,21 @@
}
},
"flake-utils_5": {
"locked": {
"lastModified": 1642700792,
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_6": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -947,7 +999,7 @@
"type": "github"
}
},
"flake-utils_6": {
"flake-utils_7": {
"locked": {
"lastModified": 1642700792,
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
@ -962,7 +1014,7 @@
"type": "github"
}
},
"flake-utils_7": {
"flake-utils_8": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -977,7 +1029,7 @@
"type": "github"
}
},
"flake-utils_8": {
"flake-utils_9": {
"inputs": {
"systems": "systems"
},
@ -995,21 +1047,6 @@
"type": "github"
}
},
"flake-utils_9": {
"locked": {
"lastModified": 1644229661,
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"ghc-utils": {
"flake": false,
"locked": {
@ -1300,8 +1337,8 @@
},
"lib-aggregate": {
"inputs": {
"flake-utils": "flake-utils_8",
"nixpkgs-lib": "nixpkgs-lib_5"
"flake-utils": "flake-utils_9",
"nixpkgs-lib": "nixpkgs-lib_6"
},
"locked": {
"lastModified": 1681214977,
@ -1380,9 +1417,9 @@
},
"mensa": {
"inputs": {
"devshell": "devshell_5",
"devshell": "devshell_6",
"dream2nix": "dream2nix_3",
"flake-parts": "flake-parts_6",
"flake-parts": "flake-parts_7",
"nixpkgs": [
"nixpkgs"
],
@ -1407,7 +1444,7 @@
"nix-colors": {
"inputs": {
"base16-schemes": "base16-schemes",
"nixpkgs-lib": "nixpkgs-lib_4"
"nixpkgs-lib": "nixpkgs-lib_5"
},
"locked": {
"lastModified": 1680875144,
@ -1425,8 +1462,8 @@
},
"nix-eval-jobs": {
"inputs": {
"flake-parts": "flake-parts_7",
"nixpkgs": "nixpkgs_14"
"flake-parts": "flake-parts_8",
"nixpkgs": "nixpkgs_15"
},
"locked": {
"lastModified": 1681421147,
@ -1599,6 +1636,24 @@
}
},
"nixpkgs-lib_4": {
"locked": {
"dir": "lib",
"lastModified": 1680213900,
"narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e3652e0735fbec227f342712f180f4f21f0594f2",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib_5": {
"locked": {
"lastModified": 1680397293,
"narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=",
@ -1613,7 +1668,7 @@
"type": "github"
}
},
"nixpkgs-lib_5": {
"nixpkgs-lib_6": {
"locked": {
"lastModified": 1681001314,
"narHash": "sha256-5sDnCLdrKZqxLPK4KA8+f4A3YKO/u6ElpMILvX0g72c=",
@ -1713,7 +1768,7 @@
"flake-compat": "flake-compat_8",
"lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": "nixpkgs_15"
"nixpkgs": "nixpkgs_16"
},
"locked": {
"lastModified": 1681461427,
@ -1791,6 +1846,22 @@
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1677383253,
"narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9952d6bc395f5841262b006fbace8dd7e143b634",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": {
"lastModified": 1665580254,
"narHash": "sha256-hO61XPkp1Hphl4HGNzj1VvDH5URt7LI6LaY/385Eul4=",
@ -1805,7 +1876,7 @@
"type": "indirect"
}
},
"nixpkgs_11": {
"nixpkgs_12": {
"locked": {
"lastModified": 1681303793,
"narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=",
@ -1821,7 +1892,7 @@
"type": "github"
}
},
"nixpkgs_12": {
"nixpkgs_13": {
"locked": {
"lastModified": 1680945546,
"narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=",
@ -1837,7 +1908,7 @@
"type": "github"
}
},
"nixpkgs_13": {
"nixpkgs_14": {
"locked": {
"lastModified": 1681303793,
"narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=",
@ -1852,7 +1923,7 @@
"type": "indirect"
}
},
"nixpkgs_14": {
"nixpkgs_15": {
"locked": {
"lastModified": 1681347147,
"narHash": "sha256-B+hTioRc3Jdf4SJyeCiO0fW5ShIznJk2OTiW2vOV+mc=",
@ -1868,7 +1939,7 @@
"type": "github"
}
},
"nixpkgs_15": {
"nixpkgs_16": {
"locked": {
"lastModified": 1681303793,
"narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=",
@ -1884,7 +1955,23 @@
"type": "github"
}
},
"nixpkgs_16": {
"nixpkgs_17": {
"locked": {
"lastModified": 1680945546,
"narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d9f759f2ea8d265d974a6e1259bd510ac5844c5d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_18": {
"locked": {
"lastModified": 1680945546,
"narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=",
@ -1901,6 +1988,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1677383253,
"narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9952d6bc395f5841262b006fbace8dd7e143b634",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1665580254,
"narHash": "sha256-hO61XPkp1Hphl4HGNzj1VvDH5URt7LI6LaY/385Eul4=",
@ -1915,7 +2018,7 @@
"type": "indirect"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1681303793,
"narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=",
@ -1931,23 +2034,23 @@
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1680945546,
"narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d9f759f2ea8d265d974a6e1259bd510ac5844c5d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1680945546,
"narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d9f759f2ea8d265d974a6e1259bd510ac5844c5d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1677383253,
"narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=",
@ -1963,7 +2066,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1665580254,
"narHash": "sha256-hO61XPkp1Hphl4HGNzj1VvDH5URt7LI6LaY/385Eul4=",
@ -1978,7 +2081,7 @@
"type": "indirect"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1681303793,
"narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=",
@ -1994,7 +2097,7 @@
"type": "github"
}
},
"nixpkgs_8": {
"nixpkgs_9": {
"locked": {
"lastModified": 1680945546,
"narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=",
@ -2010,22 +2113,6 @@
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1677383253,
"narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9952d6bc395f5841262b006fbace8dd7e143b634",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"poetry2nix": {
"flake": false,
"locked": {
@ -2107,9 +2194,9 @@
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_4",
"gitignore": "gitignore",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
@ -2129,9 +2216,9 @@
"pre-commit-hooks-nix_2": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-utils": "flake-utils_5",
"flake-utils": "flake-utils_6",
"gitignore": "gitignore_2",
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
@ -2151,9 +2238,9 @@
"pre-commit-hooks-nix_3": {
"inputs": {
"flake-compat": "flake-compat_7",
"flake-utils": "flake-utils_7",
"flake-utils": "flake-utils_8",
"gitignore": "gitignore_3",
"nixpkgs": "nixpkgs_11",
"nixpkgs": "nixpkgs_12",
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
@ -2329,9 +2416,11 @@
"cataclysm-dda": "cataclysm-dda",
"colmena": "colmena",
"custom-udev-rules": "custom-udev-rules",
"devshell": "devshell",
"emulator-2a": "emulator-2a",
"fend": "fend",
"fenix": "fenix",
"flake-parts": "flake-parts_5",
"home-manager": "home-manager",
"hydra": "hydra",
"hyprland": "hyprland",
@ -2340,14 +2429,14 @@
"nix-colors": "nix-colors",
"nixForHydra": "nixForHydra",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_13",
"nixpkgs": "nixpkgs_14",
"nixpkgs-wayland": "nixpkgs-wayland",
"nixpkgsForNixForHydra": "nixpkgsForNixForHydra",
"qmk-udev-rules": "qmk-udev-rules",
"radicale_infcloud": "radicale_infcloud",
"rip": "rip",
"sops-nix": "sops-nix",
"utils": "utils_2",
"treefmt-nix": "treefmt-nix_4",
"xdg-desktop-portal-hyprland": "xdg-desktop-portal-hyprland"
}
},
@ -2422,7 +2511,7 @@
},
"treefmt-nix": {
"inputs": {
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1681486253,
@ -2440,7 +2529,7 @@
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": "nixpkgs_8"
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1681486253,
@ -2458,7 +2547,25 @@
},
"treefmt-nix_3": {
"inputs": {
"nixpkgs": "nixpkgs_12"
"nixpkgs": "nixpkgs_13"
},
"locked": {
"lastModified": 1681486253,
"narHash": "sha256-EjiQZvXQH9tUPCyLC6lQpfGnoq4+kI9v59bDJWPicYo=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "b25d1a3c2c7554d0462ab1dfddf2f13128638b90",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_4": {
"inputs": {
"nixpkgs": "nixpkgs_17"
},
"locked": {
"lastModified": 1681486253,
@ -2489,24 +2596,6 @@
"type": "github"
}
},
"utils_2": {
"inputs": {
"flake-utils": "flake-utils_9"
},
"locked": {
"lastModified": 1657226504,
"narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
},
"wlroots": {
"flake": false,
"locked": {
@ -2528,7 +2617,7 @@
"xdg-desktop-portal-hyprland": {
"inputs": {
"hyprland-protocols": "hyprland-protocols_2",
"nixpkgs": "nixpkgs_16"
"nixpkgs": "nixpkgs_18"
},
"locked": {
"lastModified": 1681416853,

395
flake.nix
View file

@ -2,9 +2,12 @@
description = "Malte Tammena's system configuration";
inputs = {
flake-parts.url = "github:hercules-ci/flake-parts";
devshell.url = "github:numtide/devshell";
treefmt-nix.url = "github:numtide/treefmt-nix";
nixpkgs.url = "nixpkgs/nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware";
utils.url = "github:gytis-ivaskevicius/flake-utils-plus";
custom-udev-rules.url = "github:MalteT/custom-udev-rules";
nix-colors.url = "github:Misterio77/nix-colors";
@ -86,282 +89,152 @@
};
nixConfig = {
# Only usefull if you're part of my VPN
extra-substituters = ["http://cache.home"];
};
outputs = {
self,
utils,
nixpkgs,
nixos-hardware,
...
} @ inputs: let
pkgs = self.pkgs.x86_64-linux.nixpkgs;
hosts = [
"helix-texta"
"murex-pecten"
"cornu-aspersum"
"granodomus-lima"
"trochulus-hispidus"
"radix-balthica"
"faunus-ater"
"polymita-picta"
outputs = inputs @ {flake-parts, ...}: let
# Overlays useful to most of my systems
overlaysSharedByAll = [
inputs.fenix.overlays.default
inputs.colmena.overlay
inputs.xdg-desktop-portal-hyprland.overlays.default
(self: super: {
# Add fonts
hackNerdLigatures = super.callPackage ./pkgs/hack.nix {};
# Add the emulator
"2a-emulator" =
inputs.emulator-2a.packages.x86_64-linux."2a-emulator";
# Add my mensa tool
inherit (inputs.mensa.packages.x86_64-linux) mensa;
darkman = super.callPackage ./pkgs/darkman.nix {};
# TODO: Replace with upstream
inherit (inputs.fend.packages.x86_64-linux) fend;
hydra = inputs.hydra.packages.x86_64-linux.default;
# TODO: Remove once hydra fixes these removed aliases
inherit (super.perlPackages) buildPerlPackage;
netcat-openbsd = super.libressl.nc;
})
# Override cataclysm to use git
(import ./overlays/cataclysm-dda.nix)
(import ./overlays/qmk-udev-rules.nix)
(import ./overlays/sane-backends.nix)
(import ./overlays/logisim.nix)
(import ./overlays/fzf-kak.nix)
(import ./overlays/prometheus-fritzbox-exporter.nix)
(import ./overlays/waybar-hypr.nix)
];
defaultModules = [
inputs.home-manager.nixosModules.home-manager
self.nixosModules.home-manager-config
inputs.custom-udev-rules.nixosModule
# Modules useful to most of my systems
modulesSharedByAllSystems = [
inputs.sops-nix.nixosModules.sops
self.nixosModules.nixUnstable
inputs.self.nixosModules.nixUnstable
inputs.home-manager.nixosModules.home-manager
./modules/base-system.nix
{config._module.args.flake = self;}
];
# The list of all hosts known to me
listOfHosts = let
removeSuffix = builtins.replaceStrings [".nix"] [""];
hostDir = builtins.readDir ./hosts;
hostFileNames = builtins.attrNames hostDir;
in
map removeSuffix hostFileNames;
in
utils.lib.mkFlake {
inherit self inputs;
supportedSystems = ["x86_64-linux"];
nix.generateRegistryFromInputs = true;
nix.linkInputs = true;
sharedOverlays = [
inputs.fenix.overlays.default
inputs.colmena.overlay
inputs.xdg-desktop-portal-hyprland.overlays.default
utils.overlay
(self: super: {
# Add fonts
hackNerdLigatures = super.callPackage ./pkgs/hack.nix {};
# Add the emulator
"2a-emulator" =
inputs.emulator-2a.packages.x86_64-linux."2a-emulator";
# Add my mensa tool
inherit (inputs.mensa.packages.x86_64-linux) mensa;
darkman = super.callPackage ./pkgs/darkman.nix {};
# TODO: Replace with upstream
inherit (inputs.fend.packages.x86_64-linux) fend;
hydra = inputs.hydra.packages.x86_64-linux.default;
# TODO: Remove once hydra fixes these removed aliases
inherit (super.perlPackages) buildPerlPackage;
netcat-openbsd = super.libressl.nc;
})
# Override cataclysm to use git
(import ./overlays/cataclysm-dda.nix)
(import ./overlays/qmk-udev-rules.nix)
(import ./overlays/sane-backends.nix)
(import ./overlays/logisim.nix)
(import ./overlays/fzf-kak.nix)
(import ./overlays/prometheus-fritzbox-exporter.nix)
(import ./overlays/waybar-hypr.nix)
flake-parts.lib.mkFlake {inherit inputs;} {
# Flake-parts modules to use
imports = [
inputs.devshell.flakeModule
inputs.treefmt-nix.flakeModule
];
hostDefaults.system = "x86_64-linux";
hostDefaults.modules = defaultModules;
hosts = builtins.listToAttrs (map (host: {
name = host;
value = {modules = [self.nixosModules.${host}];};
})
hosts);
nixosModules = {
home-manager-config = _: {
home-manager.verbose = true;
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {inherit (inputs) nix-colors;};
# Available systems, only x86 for now
systems = ["x86_64-linux"];
perSystem = {
config,
self',
inputs',
pkgs,
system,
...
}: {
# Configure treefmt
treefmt.projectRootFile = "flake.nix";
treefmt.programs = {
alejandra.enable = true;
shellcheck.enable = true;
shfmt.enable = true;
};
nixUnstable = {pkgs, ...}: {
nix.registry.nixpkgs.flake = nixpkgs;
nix.package = pkgs.nixUnstable;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
};
helix-texta = {
pkgs,
config,
...
}: {
imports = [
./hosts/helix-texta.nix
./modules/light-actkbd.nix
self.nixosModules.thinkpad-p1-gen3
];
};
murex-pecten = {...}: {
imports = [
nixos-hardware.nixosModules.common-pc
nixos-hardware.nixosModules.common-pc-ssd
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
./hosts/murex-pecten.nix
./hardware/aorus.nix
];
};
cornu-aspersum = {...}: {
imports = [
./hosts/cornu-aspersum.nix
./hardware/netcup-rs-2000-g9.nix
./modules/nginx-reverse-proxy.nix
];
};
granodomus-lima = {...}: {
imports = [
./hosts/granodomus-lima.nix
./hardware/netcup-vps-200-g10.nix
./modules/nginx-reverse-proxy.nix
];
};
trochulus-hispidus = {pkgs, ...}: {
imports = [
./hosts/trochulus-hispidus.nix
./hardware/latitude-e7440.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-laptop
nixos-hardware.nixosModules.common-pc-laptop-ssd
];
};
thinkpad-p1-gen3 = {...}: {
imports = [
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-nvidia
nixos-hardware.nixosModules.common-pc-laptop
nixos-hardware.nixosModules.common-pc-laptop-ssd
nixos-hardware.nixosModules.common-pc-laptop-acpi_call
./hardware/thinkpad-p1-gen3.nix
];
};
radix-balthica = {...}: {
imports = [
./hosts/radix-balthica.nix
];
};
faunus-ater = {...}: {
imports = [
nixos-hardware.nixosModules.common-cpu-intel #-cpu-only
./modules/nginx-reverse-proxy.nix
./hosts/faunus-ater.nix
./hardware/asrock-z370-i3-black-box.nix
];
};
polymita-picta = {...}: {
imports = [
./hosts/polymita-picta.nix
./hardware/steam-deck.nix
(inputs.jovian-nixos + "/modules")
# Load all packages from ./pkgs
packages = let
pkgFiles = builtins.attrNames (builtins.readDir ./pkgs);
toPackage = file: {
name = builtins.replaceStrings [".nix"] [""] file;
value = pkgs.callPackage ./pkgs/${file} {};
};
in
builtins.listToAttrs (builtins.map toPackage pkgFiles);
# Create a useable devshell for me
devshells.default = {
name = "dev";
packages = [
pkgs.nil
self'.packages.rebuild
self'.packages.personal-cache
self'.packages.all-hosts
self'.packages.option
self'.packages.test-config
];
};
};
colmena =
# Useful modules and all those from ./modules
flake.nixosModules =
{
meta = {nixpkgs = pkgs;};
defaults = {...}: {imports = defaultModules;};
homeManagerConfig = _: {
home-manager.verbose = true;
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {inherit (inputs) nix-colors;};
};
nixUnstable = {pkgs, ...}: {
nix.registry.nixpkgs.flake = inputs.nixpkgs;
nix.package = pkgs.nixUnstable;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
};
}
// (builtins.listToAttrs (map (
host: {
name = host;
value = {
imports = [self.nixosModules.${host}];
config.deployment = {
targetHost = host;
targetUser = "root";
};
};
}
)
hosts));
hydraJobs = {
shell.x86_64-linux = self.devShell.x86_64-linux;
packages = self.packages;
nixosConfigurations.x86_64-linux = builtins.listToAttrs (map (host: {
name = host;
value = self.nixosConfigurations.${host}.config.system.build.toplevel;
})
hosts);
};
packages.x86_64-linux.iso = self.nixosConfigurations.radix-balthica.config.system.build.isoImage;
packages.x86_64-linux.vm = self.nixosConfigurations.radix-balthica.config.system.build.vm;
outputsBuilder = channels: {
devShell = channels.nixpkgs.mkShell {
name = "system config devshell";
packages = let
personalCache = pkgs.writeShellApplication {
name = "personal-cache";
runtimeInputs = with pkgs; [
coreutils
nix
];
text = builtins.readFile ./scripts/personal-cache.sh;
};
rebuild = pkgs.writeShellApplication {
name = "rebuild";
runtimeInputs = with pkgs; [
coreutils
git
personalCache
nixos-rebuild
];
text = builtins.readFile ./scripts/rebuild.sh;
};
allHosts = pkgs.writeShellApplication {
name = "all-hosts";
runtimeInputs = with pkgs; [
jq
nix
];
text = ''
nix eval --json .#nixosConfigurations --apply builtins.attrNames 2>/dev/null | jq -r .[]
'';
};
option = pkgs.writeShellApplication {
name = "option";
runtimeInputs = with pkgs; [
coreutils
nix
];
text = builtins.readFile ./scripts/option.sh;
};
testConfig = pkgs.writeShellApplication {
name = "test-config";
runtimeInputs = with pkgs; [
coreutils
nix
allHosts
nixos-rebuild
bat
];
text = builtins.readFile ./scripts/test-config.sh;
};
git = "${pkgs.git}/bin/git";
nixos-rebuild = "${pkgs.nixos-rebuild}/bin/nixos-rebuild";
bat = "${pkgs.bat}/bin/bat";
in
with pkgs; [
rebuild
personalCache
allHosts
option
testConfig
inputs.colmena.packages.x86_64-linux.colmena
fup-repl
alejandra
nil
];
// (let
removeSuffix = builtins.replaceStrings [".nix"] [""];
moduleFiles = builtins.attrNames (builtins.readDir ./modules);
listOfModules = builtins.map removeSuffix moduleFiles;
toModule = name: {
inherit name;
value = builtins.readFile ./modules/${name};
};
in
builtins.listToAttrs (builtins.map toModule listOfModules));
# All my system's configurations
flake.nixosConfigurations = let
genSystem = name: {
inherit name;
value = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs;};
modules = modulesSharedByAllSystems ++ [{nixpkgs.overlays = overlaysSharedByAll;} ./hosts/${name}.nix];
};
};
in
builtins.listToAttrs (builtins.map genSystem listOfHosts);
# Iso for USB
flake.packages.x86_64-linux.iso = inputs.self.nixosConfigurations.radix-balthica.config.system.build.isoImage;
# VM for testing
flake.packages.x86_64-linux.vm = inputs.self.nixosConfigurations.radix-balthica.config.system.build.vm;
# Copy most things to hydraJobs so hydra evaluates and builds them
flake.hydraJobs = {
inherit (inputs.self) packages devShells;
nixosConfigurations.x86_64-linux = builtins.listToAttrs (builtins.map (name: {
inherit name;
value = inputs.self.nixosConfigurations.${name}.config.system.build.toplevel;
})
listOfHosts);
};
};
}

156
hosts/cornu-aspersum.nix
View file

@ -1,80 +1,92 @@
{pkgs, ...}: {
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
{
pkgs,
inputs,
...
}: {
imports = [
inputs.self.nixosModules.homeManagerConfig
../hardware/netcup-rs-2000-g9.nix
../modules/nginx-reverse-proxy.nix
];
networking.hostId = "94d2a920";
networking.hostName = "cornu-aspersum";
networking.interfaces.ens3.useDHCP = true;
config = {
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
settings.ssh.openOutsideVPN = true;
networking.hostId = "94d2a920";
networking.hostName = "cornu-aspersum";
networking.interfaces.ens3.useDHCP = true;
users.users = {
root = {
hashedPassword = "$6$Yb1gdlKIpY1hRW1X$uUcNFuNnK2JFFN55Tkc.fPV.4I7RJvIfLEQayVP1utfkmjF0f/EHjtypxq11jR5NUUIJFQLW6ffajjduA2689.";
};
};
settings.ssh.openOutsideVPN = true;
sops.defaultSopsFile = ../secrets/hosts/cornu-aspersum/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# Run radicale with infcloud interface for me and Marie
services.radicaleWithInfcloud.enable = true;
services.qemuGuest.enable = true;
services.bind = {
enable = true;
cacheNetworks = ["any"];
forwarders = ["100.100.100.100"];
listenOn = ["any"];
listenOnIpv6 = ["any"];
zones."home" = let
cornu-aspersum = {
v4 = "100.86.42.110";
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6256:2a6e";
users.users = {
root = {
hashedPassword = "$6$Yb1gdlKIpY1hRW1X$uUcNFuNnK2JFFN55Tkc.fPV.4I7RJvIfLEQayVP1utfkmjF0f/EHjtypxq11jR5NUUIJFQLW6ffajjduA2689.";
};
faunus-ater = {
v4 = "100.108.135.4";
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704";
};
point = domain: host: ''
${domain} AAAA ${host.v6}
${domain} A ${host.v4}
'';
in {
master = true;
# TODO: Fix TTLs
file = pkgs.writeText "home-zone" ''
$TTL 1
@ IN SOA home. malte.home. (
5 ; Serial
1 ; Refresh
1 ; Retry
1 ; Expire
1) ; Negative Cache TTL
@ NS home.
${point "home." cornu-aspersum}
${point "foto" faunus-ater}
${point "mc" cornu-aspersum}
${point "doc" faunus-ater}
${point "sheet" faunus-ater}
${point "media" faunus-ater}
${point "file" faunus-ater}
${point "stats" faunus-ater}
${point "cache" faunus-ater}
${point "hydra" faunus-ater}
'';
};
};
networking.firewall.allowedTCPPorts = [53];
networking.firewall.allowedUDPPorts = [53];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
sops.defaultSopsFile = ../secrets/hosts/cornu-aspersum/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# Run radicale with infcloud interface for me and Marie
services.radicaleWithInfcloud.enable = true;
services.qemuGuest.enable = true;
services.bind = {
enable = true;
cacheNetworks = ["any"];
forwarders = ["100.100.100.100"];
listenOn = ["any"];
listenOnIpv6 = ["any"];
zones."home" = let
cornu-aspersum = {
v4 = "100.86.42.110";
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6256:2a6e";
};
faunus-ater = {
v4 = "100.108.135.4";
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704";
};
point = domain: host: ''
${domain} AAAA ${host.v6}
${domain} A ${host.v4}
'';
in {
master = true;
# TODO: Fix TTLs
file = pkgs.writeText "home-zone" ''
$TTL 1
@ IN SOA home. malte.home. (
5 ; Serial
1 ; Refresh
1 ; Retry
1 ; Expire
1) ; Negative Cache TTL
@ NS home.
${point "home." cornu-aspersum}
${point "foto" faunus-ater}
${point "mc" cornu-aspersum}
${point "doc" faunus-ater}
${point "sheet" faunus-ater}
${point "media" faunus-ater}
${point "file" faunus-ater}
${point "stats" faunus-ater}
${point "cache" faunus-ater}
${point "hydra" faunus-ater}
'';
};
};
networking.firewall.allowedTCPPorts = [53];
networking.firewall.allowedUDPPorts = [53];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
};
}

942
hosts/faunus-ater.nix
View file

@ -2,6 +2,7 @@
pkgs,
lib,
config,
inputs,
...
}: let
sopsPath = key: config.sops.secrets.${key}.path;
@ -25,491 +26,498 @@
vpnIPv4 = "100.108.135.4";
vpnIPv6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704";
in {
networking.hostName = "faunus-ater";
networking.hostId = "a4d7bec4";
networking.interfaces.eno1.useDHCP = true;
# === Make sure ZFS works ===
# TODO: Update and think of some automatic way of keeping this up to date.
boot.kernelPackages = pkgs.linuxPackages_5_15;
# === Can't handle this ===
systemd.enableEmergencyMode = false;
# === Settings ===
settings.ssh.openOutsideVPN = true;
settings.printing.enable = true;
# === ZFS services ===
services.zfs.trim.enable = true;
services.zfs.autoScrub.enable = true;
services.zfs.autoScrub.pools = ["rpool"];
# === Additional services ===
services.fwupd.enable = true;
powerManagement = {
enable = true;
powertop.enable = true;
cpuFreqGovernor = "powersave";
};
# === Git.home, because everything else sucks ===
services.gogsHome = {
enable = true;
passwordFile = sopsPath "gogs-database-password";
addr = {
v4 = vpnIPv4;
v6 = vpnIPv6;
};
stateDir = "/data/dirty/gogs";
};
sops.secrets.gogs-database-password = {
owner = config.users.users.gogs.name;
mode = "0400";
};
# === Extend printing settings because sharing is caring ===
services.printing = {
listenAddresses = ["*:631"];
allowFrom = ["all" "@IF(${vpnInterface})"];
defaultShared = true;
browsing = true;
logLevel = "debug";
};
networking.firewall.interfaces.${vpnInterface} = {
allowedUDPPorts = [631];
allowedTCPPorts = [631 config.services.hydra.port];
};
hardware.printers = {
ensureDefaultPrinter = "Local";
ensurePrinters = lib.singleton {
description = "The fastest Boi in town!";
deviceUri = "usb://Samsung/ML-1640%20Series?serial=144QBAHS600499T.";
location = "@Home";
model = "samsung/ML-1640.ppd";
name = "Local";
ppdOptions = {
PageSize = "A4";
Resolution = "600dpi";
};
};
};
virtualisation.oci-containers.backend = "podman";
virtualisation.podman = {
enable = true;
dockerCompat = true;
extraPackages = with pkgs; [zfs];
};
# Override storage driver
virtualisation.containers.storage.settings = {
storage = {
driver = "zfs";
graphroot = "/var/lib/containers/storage";
runroot = "/run/containers/storage";
};
};
virtualisation.oci-containers.containers."timetagger" = {
image = "ghcr.io/almarklein/timetagger:v23.2.1";
ports = ["5873:5873"];
environment = {
TIMETAGGER_BIND = "0.0.0.0:5873";
TIMETAGGER_DATADIR = "/root/_timetagger";
TIMETAGGER_LOG_LEVEL = "info";
TIMETAGGER_CREDENTIALS = "malte:$2a$08$P.e3SD0cnPK0P4mFYShELuoa37.1e1dEqE8MWa6LJ/kSJfje1BdBi,marie:$2a$08$ubOZWO510y5bgwIl0O4Ne.dKZdWoHqEMzvs56L6esqvLfBJ/6OgYm";
};
volumes = [
"/data/dirty/timetagger:/root/_timetagger"
];
};
services.nginx.virtualHosts."time.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://127.0.0.1:5873";
proxyWebsockets = true;
};
};
# === Dim ===
# virtualisation.oci-containers.containers."dim" = {
# environment = {};
# image = "ghcr.io/dusk-labs/dim:dev";
# ports = lib.singleton "7999:8000";
# volumes = [
# # TODO: https://github.com/Dusk-Labs/dim/blob/master/docker-compose-template.yml
# "/srv/media.deletemesoon:/media:ro"
# ];
# #user = "${config.users.users.dim.name}:${config.users.groups.dim.name}";
# };
# === SheetAble ===
# virtualisation.oci-containers.containers."sheetable" = {
# environment = {
# CONFIG_PATH = "/app/config/";
# };
# image = "vallezw/sheetable";
# ports = lib.singleton "7998:8080";
# volumes = [
# # TODO: https://sheetable.net/docs/Installation/installation-docker
# ];
# };
# === Seafile ===
# services.seafile = {
# enable = true;
# adminEmail = "malte.tammena@pm.me";
# initialAdminPassword = "test";
# seafileSettings = {
# fileserver.host = "::1";
# };
# ccnetSettings.General.SERVICE_URL = "http://file.home";
# };
# === HYDRA & Friends. ===
services.hydra = {
enable = true;
package = pkgs.hydra;
notificationSender = "hydra@home";
hydraURL = "http://faunus-ater:${builtins.toString config.services.hydra.port}";
minimumDiskFree = 10;
useSubstitutes = true;
};
services.nix-serve = {
enable = true;
secretKeyFile = sopsPath "nix-store-signing-key";
# FIXME: Remove once fixed upstream
package = pkgs.nix-serve.override {
nix = pkgs.nixVersions.nix_2_12;
};
};
# Build on other machines aswell if possible
nix.buildMachines = [
{
hostName = "localhost";
maxJobs = 4;
speedFactor = 1;
sshKey = sopsPath "hydra-overseer-key";
sshUser = "hydra-minion";
systems = ["x86_64-linux" "i686-linux"];
}
{
hostName = "helix-texta";
maxJobs = 4;
speedFactor = 2;
sshKey = sopsPath "hydra-overseer-key";
sshUser = "hydra-minion";
supportedFeatures = ["kvm" "big-parallel"];
systems = ["x86_64-linux" "i686-linux"];
}
{
hostName = "murex-pecten";
maxJobs = 4;
speedFactor = 4;
sshKey = sopsPath "hydra-overseer-key";
sshUser = "hydra-minion";
supportedFeatures = ["kvm" "big-parallel"];
systems = ["x86_64-linux" "i686-linux"];
}
imports = [
inputs.nixos-hardware.nixosModules.common-cpu-intel #-cpu-only
../modules/nginx-reverse-proxy.nix
../hardware/asrock-z370-i3-black-box.nix
];
# TODO: This doesn't seem to work
programs.ssh.extraConfig = ''
Host *
StrictHostKeyChecking accept-new
'';
nix.extraOptions = ''
allowed-uris = http:// https://
'';
systemd.services."hydra-initial-setup" = {
description = "Setup hydra admin password once";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
LoadCredential = "USER_PW:${sopsPath "hydra-admin-password"}";
config = {
networking.hostName = "faunus-ater";
networking.hostId = "a4d7bec4";
networking.interfaces.eno1.useDHCP = true;
# === Make sure ZFS works ===
# TODO: Update and think of some automatic way of keeping this up to date.
boot.kernelPackages = pkgs.linuxPackages_5_15;
# === Can't handle this ===
systemd.enableEmergencyMode = false;
# === Settings ===
settings.ssh.openOutsideVPN = true;
settings.printing.enable = true;
# === ZFS services ===
services.zfs.trim.enable = true;
services.zfs.autoScrub.enable = true;
services.zfs.autoScrub.pools = ["rpool"];
# === Additional services ===
services.fwupd.enable = true;
powerManagement = {
enable = true;
powertop.enable = true;
cpuFreqGovernor = "powersave";
};
wantedBy = lib.singleton "multi-user.target";
requires = lib.singleton "hydra-init.service";
after = lib.singleton "hydra-init.service";
environment = {
inherit (config.systemd.services.hydra-init.environment) HYDRA_DBI;
# === Git.home, because everything else sucks ===
services.gogsHome = {
enable = true;
passwordFile = sopsPath "gogs-database-password";
addr = {
v4 = vpnIPv4;
v6 = vpnIPv6;
};
stateDir = "/data/dirty/gogs";
};
script = let
hydra-create-user = "${pkgs.hydra}/bin/hydra-create-user";
in ''
if [ ! -e ~hydra/.setup-is-complete ]; then
# create admin user
${hydra-create-user} admin --full-name 'Admin Mc. Admining' --email-address 'admin@faunus-ater' --password "$USER_PW" --role admin || exit 1
# done
touch ~hydra/.setup-is-complete
fi
'';
};
services.nginx.virtualHosts = {
"hydra.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://localhost:${builtins.toString config.services.hydra.port}";
sops.secrets.gogs-database-password = {
owner = config.users.users.gogs.name;
mode = "0400";
};
# === Extend printing settings because sharing is caring ===
services.printing = {
listenAddresses = ["*:631"];
allowFrom = ["all" "@IF(${vpnInterface})"];
defaultShared = true;
browsing = true;
logLevel = "debug";
};
networking.firewall.interfaces.${vpnInterface} = {
allowedUDPPorts = [631];
allowedTCPPorts = [631 config.services.hydra.port];
};
hardware.printers = {
ensureDefaultPrinter = "Local";
ensurePrinters = lib.singleton {
description = "The fastest Boi in town!";
deviceUri = "usb://Samsung/ML-1640%20Series?serial=144QBAHS600499T.";
location = "@Home";
model = "samsung/ML-1640.ppd";
name = "Local";
ppdOptions = {
PageSize = "A4";
Resolution = "600dpi";
};
};
};
"cache.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://localhost:${builtins.toString config.services.nix-serve.port}";
virtualisation.oci-containers.backend = "podman";
virtualisation.podman = {
enable = true;
dockerCompat = true;
extraPackages = with pkgs; [zfs];
};
# Override storage driver
virtualisation.containers.storage.settings = {
storage = {
driver = "zfs";
graphroot = "/var/lib/containers/storage";
runroot = "/run/containers/storage";
};
};
};
# === PAPERLESS service, save me! ===
services.paperless = {
enable = true;
address = "[::1]";
passwordFile = sopsPath "paperless-admin-password";
dataDir = "/data/dirty/paperless";
extraConfig = {
PAPERLESS_OCR_LANGUAGE = "deu";
PAPERLESS_CONSUMER_RECURSIVE = true;
PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true;
PAPERLESS_URL = "https://doc.home";
};
};
services.nginx.virtualHosts."doc.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://[::1]:${builtins.toString config.services.paperless.port}";
proxyWebsockets = true;
};
};
# === Komga, for my reading needs ===
services.komga = {
enable = true;
stateDir = "/data/dirty/komga";
};
services.nginx.virtualHosts."read.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://[::1]:${builtins.toString config.services.komga.port}";
proxyWebsockets = true;
};
};
# === Trilium ===
services.trilium-server = {
enable = true;
port = 10302;
dataDir = "/data/dirty/trilium";
};
services.nginx.virtualHosts."note.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://${config.services.trilium-server.host}:${builtins.toString config.services.trilium-server.port}";
proxyWebsockets = true;
};
};
# === Photoprism ===
services.photoprism = {
enable = true;
port = 2342;
storagePath = "/data/dirty/photoprism/storage";
originalsPath = "/data/dirty/photoprism/originals";
importPath = "/data/dirty/photoprism/import";
passwordFile = sopsPath "photoprism-admin-password";
settings = {
PHOTOPRISM_SESSION_MAXAGE = "31536000";
PHOTOPRISM_SESSION_TIMEOUT = "31536000";
PHOTOPRISM_UPLOAD_NSFW = "true";
PHOTOPRISM_DETECT_NSFW = "true";
PHOTOPRISM_SITE_URL = "https://foto.home";
PHOTOPRISM_SITE_TITLE = "PhotoPrism";
PHOTOPRISM_SITE_CAPTION = "All the pictures!";
PHOTOPRISM_SITE_DESCRIPTION = "";
PHOTOPRISM_SITE_AUTHOR = "";
};
};
# TODO: Why does it not work without these? :/
systemd.services.photoprism.serviceConfig.User = lib.mkForce null;
systemd.services.photoprism.serviceConfig.Group = lib.mkForce null;
systemd.services.photoprism.serviceConfig.DynamicUser = lib.mkForce false;
systemd.services.photoprism.serviceConfig.SystemCallFilter = lib.mkForce [];
services.nginx.virtualHosts."foto.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://localhost:${builtins.toString config.services.photoprism.port}";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 500M;
'';
};
# === Restic User Backup ===
services.resticConfigured = {
enable = true;
rootDir = "/data/dirty/restic";
openFirewall = true;
};
# === Grafana ===
services.grafanaHome = {
enable = true;
nginx.listenAddresses = [vpnIPv4 "[${vpnIPv6}]"];
nginx.sslCertificate = sopsPath "nginx-cert-crt";
nginx.sslCertificateKey = sopsPath "nginx-cert-key";
grafana.adminPasswordFile = sopsPath "grafana-admin-password";
};
# === Prometheus ===
services.prometheus = {
enable = true;
enableReload = true;
exporters = {
fritzbox = {
enable = true;
gatewayAddress = "spof";
virtualisation.oci-containers.containers."timetagger" = {
image = "ghcr.io/almarklein/timetagger:v23.2.1";
ports = ["5873:5873"];
environment = {
TIMETAGGER_BIND = "0.0.0.0:5873";
TIMETAGGER_DATADIR = "/root/_timetagger";
TIMETAGGER_LOG_LEVEL = "info";
TIMETAGGER_CREDENTIALS = "malte:$2a$08$P.e3SD0cnPK0P4mFYShELuoa37.1e1dEqE8MWa6LJ/kSJfje1BdBi,marie:$2a$08$ubOZWO510y5bgwIl0O4Ne.dKZdWoHqEMzvs56L6esqvLfBJ/6OgYm";
};
node = {
enable = true;
enabledCollectors = ["systemd"];
disabledCollectors = ["diskstats"];
};
};
scrapeConfigs = scrapedExporters {inherit (config.services.prometheus.exporters) fritzbox node;};
};
systemd.services."prometheus-fritzbox-exporter".serviceConfig.EnvironmentFile = sopsPath "fritzbox-exporter-env";
# TODO: Yikes
systemd.services."prometheus-fritzbox-exporter".serviceConfig.ExecStart = let
cfg = config.services.prometheus.exporters.fritzbox;
in
lib.mkForce ''
${pkgs.prometheus-fritzbox-exporter}/bin/fritzbox_exporter \
-listen-address ${cfg.listenAddress}:${toString cfg.port} \
-gateway-url http://${cfg.gatewayAddress}:${toString cfg.gatewayPort} \
-gateway-luaurl http://${cfg.gatewayAddress} \
-metrics-file ${pkgs.prometheus-fritzbox-exporter}/share/metrics.json \
-lua-metrics-file ${pkgs.prometheus-fritzbox-exporter}/share/metrics-lua_cable.json
'';
# services.nginx.virtualHosts."media.home" = {
# locations."/" = {
# proxyPass = "http://127.0.0.1:7999";
# proxyWebsockets = true;
# };
# };
# services.nginx.virtualHosts."file.home" = {
# locations."/" = {
# proxyPass = "http://[::1]:${builtins.toString config.services.seafile.seafileSettings.fileserver.port}";
# proxyWebsockets = true;
# };
# };
# networking.firewall.allowedTCPPorts = [config.services.seafile.seafileSettings.fileserver.port];
# === Print Service ===
systemd.paths."print-all-files" = {
requires = ["printer.target"];
after = ["printer.target"];
wantedBy = ["default.target"];
pathConfig = {
DirectoryNotEmpty = "/srv/to-be-printed";
MakeDirectory = true;
DirectoryMode = "777";
Unit = "print-all-files.service";
};
};
systemd.services."print-all-files" = let
printAndDeleteFile = pkgs.writeShellApplication {
name = "print-and-delete-file";
runtimeInputs = [
pkgs.coreutils
pkgs.cups
volumes = [
"/data/dirty/timetagger:/root/_timetagger"
];
text = ''
echo Printing "$1"
lp -- "$1"
rm "$1"
'';
};
script = pkgs.writeShellApplication {
name = "print-all-files-script";
runtimeInputs = [
pkgs.coreutils
printAndDeleteFile
];
text = ''
find . -type f -exec print-and-delete-file "{}" \;
'';
services.nginx.virtualHosts."time.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://127.0.0.1:5873";
proxyWebsockets = true;
};
};
in {
requires = ["printer.target"];
after = ["printer.target"];
serviceConfig = {
WorkingDirectory = "/srv/to-be-printed";
ExecStart = "${script}/bin/print-all-files-script";
# Wait 15 seconds before restart to let the file load, if not present yet
RestartSec = "15";
# === Dim ===
# virtualisation.oci-containers.containers."dim" = {
# environment = {};
# image = "ghcr.io/dusk-labs/dim:dev";
# ports = lib.singleton "7999:8000";
# volumes = [
# # TODO: https://github.com/Dusk-Labs/dim/blob/master/docker-compose-template.yml
# "/srv/media.deletemesoon:/media:ro"
# ];
# #user = "${config.users.users.dim.name}:${config.users.groups.dim.name}";
# };
# === SheetAble ===
# virtualisation.oci-containers.containers."sheetable" = {
# environment = {
# CONFIG_PATH = "/app/config/";
# };
# image = "vallezw/sheetable";
# ports = lib.singleton "7998:8080";
# volumes = [
# # TODO: https://sheetable.net/docs/Installation/installation-docker
# ];
# };
# === Seafile ===
# services.seafile = {
# enable = true;
# adminEmail = "malte.tammena@pm.me";
# initialAdminPassword = "test";
# seafileSettings = {
# fileserver.host = "::1";
# };
# ccnetSettings.General.SERVICE_URL = "http://file.home";
# };
# === HYDRA & Friends. ===
services.hydra = {
enable = true;
package = pkgs.hydra;
notificationSender = "hydra@home";
hydraURL = "http://faunus-ater:${builtins.toString config.services.hydra.port}";
minimumDiskFree = 10;
useSubstitutes = true;
};
};
users.users.sftp = {
description = "User used for all sftp stuff";
isNormalUser = true;
group = "sftp";
openssh.authorizedKeys.keyFiles = [
../secrets/users/malte/sftp-key.pub
../secrets/users/marie/sftp-key.pub
services.nix-serve = {
enable = true;
secretKeyFile = sopsPath "nix-store-signing-key";
# FIXME: Remove once fixed upstream
package = pkgs.nix-serve.override {
nix = pkgs.nixVersions.nix_2_12;
};
};
# Build on other machines aswell if possible
nix.buildMachines = [
{
hostName = "localhost";
maxJobs = 4;
speedFactor = 1;
sshKey = sopsPath "hydra-overseer-key";
sshUser = "hydra-minion";
systems = ["x86_64-linux" "i686-linux"];
}
{
hostName = "helix-texta";
maxJobs = 4;
speedFactor = 2;
sshKey = sopsPath "hydra-overseer-key";
sshUser = "hydra-minion";
supportedFeatures = ["kvm" "big-parallel"];
systems = ["x86_64-linux" "i686-linux"];
}
{
hostName = "murex-pecten";
maxJobs = 4;
speedFactor = 4;
sshKey = sopsPath "hydra-overseer-key";
sshUser = "hydra-minion";
supportedFeatures = ["kvm" "big-parallel"];
systems = ["x86_64-linux" "i686-linux"];
}
];
};
users.groups.sftp = {};
# TODO: This doesn't seem to work
programs.ssh.extraConfig = ''
Host *
StrictHostKeyChecking accept-new
'';
nix.extraOptions = ''
allowed-uris = http:// https://
'';
systemd.services."hydra-initial-setup" = {
description = "Setup hydra admin password once";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
LoadCredential = "USER_PW:${sopsPath "hydra-admin-password"}";
};
wantedBy = lib.singleton "multi-user.target";
requires = lib.singleton "hydra-init.service";
after = lib.singleton "hydra-init.service";
environment = {
inherit (config.systemd.services.hydra-init.environment) HYDRA_DBI;
};
script = let
hydra-create-user = "${pkgs.hydra}/bin/hydra-create-user";
in ''
if [ ! -e ~hydra/.setup-is-complete ]; then
# create admin user
${hydra-create-user} admin --full-name 'Admin Mc. Admining' --email-address 'admin@faunus-ater' --password "$USER_PW" --role admin || exit 1
# done
touch ~hydra/.setup-is-complete
fi
'';
};
services.nginx.virtualHosts = {
"hydra.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://localhost:${builtins.toString config.services.hydra.port}";
};
};
"cache.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://localhost:${builtins.toString config.services.nix-serve.port}";
};
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# === PAPERLESS service, save me! ===
services.paperless = {
enable = true;
address = "[::1]";
passwordFile = sopsPath "paperless-admin-password";
dataDir = "/data/dirty/paperless";
extraConfig = {
PAPERLESS_OCR_LANGUAGE = "deu";
PAPERLESS_CONSUMER_RECURSIVE = true;
PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true;
PAPERLESS_URL = "https://doc.home";
};
};
services.nginx.virtualHosts."doc.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://[::1]:${builtins.toString config.services.paperless.port}";
proxyWebsockets = true;
};
};
# === BACKUPS ===
services.restic.backups = {
# Make sure my 'active IO' disk get's saved once a day
zdirty = {
initialize = true;
repository = "/data/archive/dirty.bak";
timerConfig.OnCalendar = "daily";
paths = lib.singleton "/data/dirty";
pruneOpts = [
"--keep-daily 1"
"--keep-weekly 1"
"--keep-monthly 1"
"--keep-yearly 5"
# === Komga, for my reading needs ===
services.komga = {
enable = true;
stateDir = "/data/dirty/komga";
};
services.nginx.virtualHosts."read.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://[::1]:${builtins.toString config.services.komga.port}";
proxyWebsockets = true;
};
};
# === Trilium ===
services.trilium-server = {
enable = true;
port = 10302;
dataDir = "/data/dirty/trilium";
};
services.nginx.virtualHosts."note.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://${config.services.trilium-server.host}:${builtins.toString config.services.trilium-server.port}";
proxyWebsockets = true;
};
};
# === Photoprism ===
services.photoprism = {
enable = true;
port = 2342;
storagePath = "/data/dirty/photoprism/storage";
originalsPath = "/data/dirty/photoprism/originals";
importPath = "/data/dirty/photoprism/import";
passwordFile = sopsPath "photoprism-admin-password";
settings = {
PHOTOPRISM_SESSION_MAXAGE = "31536000";
PHOTOPRISM_SESSION_TIMEOUT = "31536000";
PHOTOPRISM_UPLOAD_NSFW = "true";
PHOTOPRISM_DETECT_NSFW = "true";
PHOTOPRISM_SITE_URL = "https://foto.home";
PHOTOPRISM_SITE_TITLE = "PhotoPrism";
PHOTOPRISM_SITE_CAPTION = "All the pictures!";
PHOTOPRISM_SITE_DESCRIPTION = "";
PHOTOPRISM_SITE_AUTHOR = "";
};
};
# TODO: Why does it not work without these? :/
systemd.services.photoprism.serviceConfig.User = lib.mkForce null;
systemd.services.photoprism.serviceConfig.Group = lib.mkForce null;
systemd.services.photoprism.serviceConfig.DynamicUser = lib.mkForce false;
systemd.services.photoprism.serviceConfig.SystemCallFilter = lib.mkForce [];
services.nginx.virtualHosts."foto.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://localhost:${builtins.toString config.services.photoprism.port}";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 500M;
'';
};
# === Restic User Backup ===
services.resticConfigured = {
enable = true;
rootDir = "/data/dirty/restic";
openFirewall = true;
};
# === Grafana ===
services.grafanaHome = {
enable = true;
nginx.listenAddresses = [vpnIPv4 "[${vpnIPv6}]"];
nginx.sslCertificate = sopsPath "nginx-cert-crt";
nginx.sslCertificateKey = sopsPath "nginx-cert-key";
grafana.adminPasswordFile = sopsPath "grafana-admin-password";
};
# === Prometheus ===
services.prometheus = {
enable = true;
enableReload = true;
exporters = {
fritzbox = {
enable = true;
gatewayAddress = "spof";
};
node = {
enable = true;
enabledCollectors = ["systemd"];
disabledCollectors = ["diskstats"];
};
};
scrapeConfigs = scrapedExporters {inherit (config.services.prometheus.exporters) fritzbox node;};
};
systemd.services."prometheus-fritzbox-exporter".serviceConfig.EnvironmentFile = sopsPath "fritzbox-exporter-env";
# TODO: Yikes
systemd.services."prometheus-fritzbox-exporter".serviceConfig.ExecStart = let
cfg = config.services.prometheus.exporters.fritzbox;
in
lib.mkForce ''
${pkgs.prometheus-fritzbox-exporter}/bin/fritzbox_exporter \
-listen-address ${cfg.listenAddress}:${toString cfg.port} \
-gateway-url http://${cfg.gatewayAddress}:${toString cfg.gatewayPort} \
-gateway-luaurl http://${cfg.gatewayAddress} \
-metrics-file ${pkgs.prometheus-fritzbox-exporter}/share/metrics.json \
-lua-metrics-file ${pkgs.prometheus-fritzbox-exporter}/share/metrics-lua_cable.json
'';
# services.nginx.virtualHosts."media.home" = {
# locations."/" = {
# proxyPass = "http://127.0.0.1:7999";
# proxyWebsockets = true;
# };
# };
# services.nginx.virtualHosts."file.home" = {
# locations."/" = {
# proxyPass = "http://[::1]:${builtins.toString config.services.seafile.seafileSettings.fileserver.port}";
# proxyWebsockets = true;
# };
# };
# networking.firewall.allowedTCPPorts = [config.services.seafile.seafileSettings.fileserver.port];
# === Print Service ===
systemd.paths."print-all-files" = {
requires = ["printer.target"];
after = ["printer.target"];
wantedBy = ["default.target"];
pathConfig = {
DirectoryNotEmpty = "/srv/to-be-printed";
MakeDirectory = true;
DirectoryMode = "777";
Unit = "print-all-files.service";
};
};
systemd.services."print-all-files" = let
printAndDeleteFile = pkgs.writeShellApplication {
name = "print-and-delete-file";
runtimeInputs = [
pkgs.coreutils
pkgs.cups
];
text = ''
echo Printing "$1"
lp -- "$1"
rm "$1"
'';
};
script = pkgs.writeShellApplication {
name = "print-all-files-script";
runtimeInputs = [
pkgs.coreutils
printAndDeleteFile
];
text = ''
find . -type f -exec print-and-delete-file "{}" \;
'';
};
in {
requires = ["printer.target"];
after = ["printer.target"];
serviceConfig = {
WorkingDirectory = "/srv/to-be-printed";
ExecStart = "${script}/bin/print-all-files-script";
# Wait 15 seconds before restart to let the file load, if not present yet
RestartSec = "15";
};
};
users.users.sftp = {
description = "User used for all sftp stuff";
isNormalUser = true;
group = "sftp";
openssh.authorizedKeys.keyFiles = [
../secrets/users/malte/sftp-key.pub
../secrets/users/marie/sftp-key.pub
];
passwordFile = sopsPath "internal-restic-password";
};
};
users.groups.sftp = {};
# === RUNTIME SECRETS ===
sops.defaultSopsFile = ../secrets/hosts/faunus-ater/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets = {
"paperless-admin-password" = {};
"photoprism-admin-password" = {};
"grafana-admin-password" = {
owner = config.users.users.grafana.name;
mode = "0400";
};
"nginx-cert-key" = {
owner = config.users.users.nginx.name;
mode = "0400";
};
"nginx-cert-crt" = {
owner = config.users.users.nginx.name;
mode = "0400";
};
"fritzbox-exporter-env" = {};
"internal-restic-password" = {};
"nix-store-signing-key" = {};
"hydra-admin-password" = {
owner = config.users.users.hydra.name;
mode = "0400";
};
"hydra-overseer-key" = {
owner = config.users.users.hydra.name;
mode = "0440";
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
# === BACKUPS ===
services.restic.backups = {
# Make sure my 'active IO' disk get's saved once a day
zdirty = {
initialize = true;
repository = "/data/archive/dirty.bak";
timerConfig.OnCalendar = "daily";
paths = lib.singleton "/data/dirty";
pruneOpts = [
"--keep-daily 1"
"--keep-weekly 1"
"--keep-monthly 1"
"--keep-yearly 5"
];
passwordFile = sopsPath "internal-restic-password";
};
};
# === RUNTIME SECRETS ===
sops.defaultSopsFile = ../secrets/hosts/faunus-ater/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets = {
"paperless-admin-password" = {};
"photoprism-admin-password" = {};
"grafana-admin-password" = {
owner = config.users.users.grafana.name;
mode = "0400";
};
"nginx-cert-key" = {
owner = config.users.users.nginx.name;
mode = "0400";
};
"nginx-cert-crt" = {
owner = config.users.users.nginx.name;
mode = "0400";
};
"fritzbox-exporter-env" = {};
"internal-restic-password" = {};
"nix-store-signing-key" = {};
"hydra-admin-password" = {
owner = config.users.users.hydra.name;
mode = "0400";
};
"hydra-overseer-key" = {
owner = config.users.users.hydra.name;
mode = "0440";
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
};
}

166
hosts/granodomus-lima.nix
View file

@ -1,89 +1,91 @@
{
config,
pkgs,
...
}: {
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
{pkgs, ...}: {
imports = [
../hardware/netcup-vps-200-g10.nix
../modules/nginx-reverse-proxy.nix
];
config = {
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking.hostId = "94d74a20";
networking.hostName = "granodomus-lima";
networking.interfaces.ens3.useDHCP = true;
networking.hostId = "94d74a20";
networking.hostName = "granodomus-lima";
networking.interfaces.ens3.useDHCP = true;
settings.ssh.openOutsideVPN = true;
settings.ssh.openOutsideVPN = true;
users.users = {
root = {
hashedPassword = "$6$Yb1gdlKIpY1hRW1X$uUcNFuNnK2JFFN55Tkc.fPV.4I7RJvIfLEQayVP1utfkmjF0f/EHjtypxq11jR5NUUIJFQLW6ffajjduA2689.";
};
};
sops.defaultSopsFile = ../secrets/hosts/granodomus-lima/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# Run radicale with infcloud interface for me and Marie
services.radicaleWithInfcloud.enable = true;
services.qemuGuest.enable = true;
services.bind = {
enable = true;
cacheNetworks = ["any"];
forwarders = ["100.100.100.100"];
listenOn = ["any"];
listenOnIpv6 = ["any"];
zones."home" = let
granodomus-lima = {
v4 = "100.66.69.111";
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6242:456f";
users.users = {
root = {
hashedPassword = "$6$Yb1gdlKIpY1hRW1X$uUcNFuNnK2JFFN55Tkc.fPV.4I7RJvIfLEQayVP1utfkmjF0f/EHjtypxq11jR5NUUIJFQLW6ffajjduA2689.";
};
faunus-ater = {
v4 = "100.108.135.4";
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704";
};
point = domain: host: ''
${domain} AAAA ${host.v6}
${domain} A ${host.v4}
'';
in {
master = true;
# TODO: Fix TTLs
file = pkgs.writeText "home-zone" ''
$TTL 1
@ IN SOA home. malte.home. (
5 ; Serial
1 ; Refresh
1 ; Retry
1 ; Expire
1) ; Negative Cache TTL
@ NS home.
${point "home." granodomus-lima}
${point "cal" granodomus-lima}
${point "mc" granodomus-lima}
${point "foto" faunus-ater}
${point "doc" faunus-ater}
${point "sheet" faunus-ater}
${point "media" faunus-ater}
${point "file" faunus-ater}
${point "stats" faunus-ater}
${point "cache" faunus-ater}
${point "hydra" faunus-ater}
${point "git" faunus-ater}
${point "read" faunus-ater}
${point "note" faunus-ater}
${point "time" faunus-ater}
'';
};
};
networking.firewall.allowedTCPPorts = [53];
networking.firewall.allowedUDPPorts = [53];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
sops.defaultSopsFile = ../secrets/hosts/granodomus-lima/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# Run radicale with infcloud interface for me and Marie
services.radicaleWithInfcloud.enable = true;
services.qemuGuest.enable = true;
services.bind = {
enable = true;
cacheNetworks = ["any"];
forwarders = ["100.100.100.100"];
listenOn = ["any"];
listenOnIpv6 = ["any"];
zones."home" = let
granodomus-lima = {
v4 = "100.66.69.111";
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6242:456f";
};
faunus-ater = {
v4 = "100.108.135.4";
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704";
};
point = domain: host: ''
${domain} AAAA ${host.v6}
${domain} A ${host.v4}
'';
in {
master = true;
# TODO: Fix TTLs
file = pkgs.writeText "home-zone" ''
$TTL 1
@ IN SOA home. malte.home. (
5 ; Serial
1 ; Refresh
1 ; Retry
1 ; Expire
1) ; Negative Cache TTL
@ NS home.
${point "home." granodomus-lima}
${point "cal" granodomus-lima}
${point "mc" granodomus-lima}
${point "foto" faunus-ater}
${point "doc" faunus-ater}
${point "sheet" faunus-ater}
${point "media" faunus-ater}
${point "file" faunus-ater}
${point "stats" faunus-ater}
${point "cache" faunus-ater}
${point "hydra" faunus-ater}
${point "git" faunus-ater}
${point "read" faunus-ater}
${point "note" faunus-ater}
${point "time" faunus-ater}
'';
};
};
networking.firewall.allowedTCPPorts = [53];
networking.firewall.allowedUDPPorts = [53];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
};
}

313
hosts/helix-texta.nix
View file

@ -1,166 +1,177 @@
{
config,
pkgs,
lib,
options,
flake,
inputs,
...
}: {
boot = {
# Use the systemd-boot EFI boot loader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
networking = {
hostName = "helix-texta";
networkmanager.enable = true;
};
nixpkgs.overlays = [
flake.inputs.nixpkgs-wayland.overlay
imports = [
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-gpu-nvidia
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
inputs.nixos-hardware.nixosModules.common-pc-laptop-acpi_call
inputs.self.nixosModules.homeManagerConfig
inputs.custom-udev-rules.nixosModule
../hardware/thinkpad-p1-gen3.nix
../modules/light-actkbd.nix
];
system.fsPackages = [pkgs.sshfs];
settings.minimalGnome.enable = true;
settings.printing.enable = true;
settings.batteryStuff.enable = true;
# Pipewire for my wayland
sound.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
# config.pipewire-pulse."stream.properties" = {
# "channelmix.upmix" = true;
# "channelmix.lfe-cutoff" = 150;
# };
# config.pipewire = {"default.clock.allowed-rates" = [48000 44100];};
# media-session.config.media-session = lib.recursiveUpdate options.services.pipewire.media-session.config.media-session.default {
# "session.modules".default = options.services.pipewire.media-session.config.media-session.default."session.modules".default ++ ["default-profile"];
# };
# media-session.config.alsa-monitor = {
# rules = [
# {
# matches = [
# {
# "node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0";
# }
# ];
# actions = {
# update-props = {
# #"audio.rate" = 96000;
# "api.alsa.headroom" = 1024;
# };
# };
# }
# ];
# };
};
xdg.portal = {
enable = true;
extraPortals = with pkgs; [xdg-desktop-portal-gtk xdg-desktop-portal-hyprland];
};
services.udev.customRules = [
# Rename the Scarlett Solo using udev
{
name = "85-scarlett-solo";
rules = ''
SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="8211", ENV{ID_VENDOR_ID}=="1235", TAG+="systemd", SYMLINK+="scarlett_solo"
'';
}
{
name = "85-yubikey";
rules = ''
SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="0407", ENV{ID_VENDOR_ID}=="1050", TAG+="systemd", SYMLINK+="yubikey"
'';
}
];
security.pam = {
yubico = {
control = "sufficient";
mode = "challenge-response";
debug = false;
config = {
boot = {
# Use the systemd-boot EFI boot loader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
# TODO: Update once my PR lands
services.login.yubicoAuth = true;
services.login.fprintAuth = true;
services.sshd.fprintAuth = false;
};
# TODO: This is not good
services.fprintd.enable = true;
users.mutableUsers = false;
users.custom.malte.enable = true;
networking = {
hostName = "helix-texta";
networkmanager.enable = true;
};
# Use some fonts
fonts = {
enableDefaultFonts = true;
fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels];
fontconfig = {
nixpkgs.overlays = [
inputs.nixpkgs-wayland.overlay
];
system.fsPackages = [pkgs.sshfs];
settings.minimalGnome.enable = true;
settings.printing.enable = true;
settings.batteryStuff.enable = true;
# Pipewire for my wayland
sound.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
defaultFonts.monospace = ["Hack NF FC Ligatured"];
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
# config.pipewire-pulse."stream.properties" = {
# "channelmix.upmix" = true;
# "channelmix.lfe-cutoff" = 150;
# };
# config.pipewire = {"default.clock.allowed-rates" = [48000 44100];};
# media-session.config.media-session = lib.recursiveUpdate options.services.pipewire.media-session.config.media-session.default {
# "session.modules".default = options.services.pipewire.media-session.config.media-session.default."session.modules".default ++ ["default-profile"];
# };
# media-session.config.alsa-monitor = {
# rules = [
# {
# matches = [
# {
# "node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0";
# }
# ];
# actions = {
# update-props = {
# #"audio.rate" = 96000;
# "api.alsa.headroom" = 1024;
# };
# };
# }
# ];
# };
};
};
# Configure GPG with SSH support and enable the yubikey
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "qt";
};
# TODO: This defaults to true, why does it not work with virtualisation.containers.enable?
boot.enableContainers = false;
virtualisation = {
podman = {
xdg.portal = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
extraPortals = with pkgs; [xdg-desktop-portal-gtk xdg-desktop-portal-hyprland];
};
services.udev.customRules = [
# Rename the Scarlett Solo using udev
{
name = "85-scarlett-solo";
rules = ''
SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="8211", ENV{ID_VENDOR_ID}=="1235", TAG+="systemd", SYMLINK+="scarlett_solo"
'';
}
{
name = "85-yubikey";
rules = ''
SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="0407", ENV{ID_VENDOR_ID}=="1050", TAG+="systemd", SYMLINK+="yubikey"
'';
}
];
security.pam = {
yubico = {
control = "sufficient";
mode = "challenge-response";
debug = false;
};
# TODO: Update once my PR lands
services.login.yubicoAuth = true;
services.login.fprintAuth = true;
services.sshd.fprintAuth = false;
};
# TODO: This is not good
services.fprintd.enable = true;
users.mutableUsers = false;
users.custom.malte.enable = true;
# Use some fonts
fonts = {
enableDefaultFonts = true;
fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels];
fontconfig = {
enable = true;
defaultFonts.monospace = ["Hack NF FC Ligatured"];
};
};
# Configure GPG with SSH support and enable the yubikey
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "qt";
};
# TODO: This defaults to true, why does it not work with virtualisation.containers.enable?
boot.enableContainers = false;
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
};
programs.steam.enable = true;
nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {extraPkgs = pkgs: [pkgs.openssl];};
};
services.udev.packages = with pkgs; [yubikey-personalization chrysalis];
environment.systemPackages = with pkgs; [
thunderbolt
qt5.qtwayland
chrysalis
];
# TODO: Remove when firefox' RDD is fixed (allows libva)
environment.variables."MOZ_DISABLE_RDD_SANDBOX" = "1";
services.fwupd.enable = true;
services.devmon.enable = true;
sops.defaultSopsFile = ../secrets/hosts/helix-texta/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment?
};
programs.steam.enable = true;
nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {extraPkgs = pkgs: [pkgs.openssl];};
};
services.udev.packages = with pkgs; [yubikey-personalization chrysalis];
environment.systemPackages = with pkgs; [
thunderbolt
qt5.qtwayland
chrysalis
];
# TODO: Remove when firefox' RDD is fixed (allows libva)
environment.variables."MOZ_DISABLE_RDD_SANDBOX" = "1";
services.fwupd.enable = true;
services.devmon.enable = true;
sops.defaultSopsFile = ../secrets/hosts/helix-texta/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment?
}

310
hosts/murex-pecten.nix
View file

@ -1,174 +1,186 @@
{
pkgs,
flake,
inputs,
...
}: {
# Use the systemd-boot EFI boot loader.
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
networking = {
hostName = "murex-pecten";
networkmanager.enable = true;
};
system.fsPackages = [pkgs.sshfs];
nixpkgs.overlays = [
flake.inputs.nixpkgs-wayland.overlay
imports = [
inputs.nixos-hardware.nixosModules.common-pc
inputs.nixos-hardware.nixosModules.common-pc-ssd
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-gpu-amd
inputs.self.nixosModules.homeManagerConfig
inputs.custom-udev-rules.nixosModule
../hardware/aorus.nix
];
settings.minimalGnome.enable = true;
settings.printing.enable = true;
config = {
# Use the systemd-boot EFI boot loader.
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
networking = {
hostName = "murex-pecten";
networkmanager.enable = true;
};
# config.pipewire-pulse."stream.properties" = {
# "channelmix.upmix" = true;
# "channelmix.lfe-cutoff" = 150;
# };
system.fsPackages = [pkgs.sshfs];
# config.pipewire."default.clock.allowed-rates" = [48000 44100];
nixpkgs.overlays = [
inputs.nixpkgs-wayland.overlay
];
# media-session.config.alsa-monitor = {
# rules = [
# {
# matches = [
# {
# "node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0";
# }
# ];
# actions = {
# update-props = {
# #"audio.rate" = 96000;
# "api.alsa.headroom" = 1024;
# };
# };
# }
# ];
# };
};
settings.minimalGnome.enable = true;
settings.printing.enable = true;
xdg.portal = {
enable = true;
extraPortals = with pkgs; [xdg-desktop-portal-gtk xdg-desktop-portal-hyprland];
};
hardware = {
opengl = {
sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [amdvlk];
extraPackages32 = with pkgs; [driversi686Linux.amdvlk];
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
# config.pipewire-pulse."stream.properties" = {
# "channelmix.upmix" = true;
# "channelmix.lfe-cutoff" = 150;
# };
# config.pipewire."default.clock.allowed-rates" = [48000 44100];
# media-session.config.alsa-monitor = {
# rules = [
# {
# matches = [
# {
# "node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0";
# }
# ];
# actions = {
# update-props = {
# #"audio.rate" = 96000;
# "api.alsa.headroom" = 1024;
# };
# };
# }
# ];
# };
};
};
users.mutableUsers = false;
users.custom.marie.enable = false;
users.custom.malte.enable = true;
fonts = {
enableDefaultFonts = true;
fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels];
fontconfig = {
xdg.portal = {
enable = true;
defaultFonts.monospace = ["Hack NF FC Ligatured"];
extraPortals = with pkgs; [xdg-desktop-portal-gtk xdg-desktop-portal-hyprland];
};
};
# Configure GPG with SSH support and enable the yubikey
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "qt";
};
security.pam = {
yubico = {
enable = false;
mode = "challenge-response";
control = "sufficient";
hardware = {
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [amdvlk];
extraPackages32 = with pkgs; [driversi686Linux.amdvlk];
};
};
services.login.yubicoAuth = true;
};
# TODO: Remove/Move
services.mysql.enable = true;
services.mysql.package = pkgs.mariadb;
users.mutableUsers = false;
users.custom.marie.enable = false;
users.custom.malte.enable = true;
services.udev.customRules = [
# Rename the Scarlett Solo using udev
{
name = "85-scarlett-solo";
rules = ''
SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="8211", ENV{ID_VENDOR_ID}=="1235", TAG+="systemd", SYMLINK+="scarlett_solo"
'';
}
{
name = "85-yubikey";
rules = ''
SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="0407", ENV{ID_VENDOR_ID}=="1050", TAG+="systemd", SYMLINK+="yubikey"
'';
}
];
fonts = {
enableDefaultFonts = true;
fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels];
fontconfig = {
enable = true;
defaultFonts.monospace = ["Hack NF FC Ligatured"];
};
};
# TODO: This defaults to true, why does it not work with virtualisation.containers.enable?
boot.enableContainers = false;
virtualisation = {
podman = {
# Configure GPG with SSH support and enable the yubikey
programs.gnupg.agent = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
dockerSocket.enable = true;
enableSSHSupport = true;
pinentryFlavor = "qt";
};
security.pam = {
yubico = {
enable = false;
mode = "challenge-response";
control = "sufficient";
};
services.login.yubicoAuth = true;
};
# TODO: Remove/Move
services.mysql.enable = true;
services.mysql.package = pkgs.mariadb;
services.udev.customRules = [
# Rename the Scarlett Solo using udev
{
name = "85-scarlett-solo";
rules = ''
SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="8211", ENV{ID_VENDOR_ID}=="1235", TAG+="systemd", SYMLINK+="scarlett_solo"
'';
}
{
name = "85-yubikey";
rules = ''
SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="0407", ENV{ID_VENDOR_ID}=="1050", TAG+="systemd", SYMLINK+="yubikey"
'';
}
];
# TODO: This defaults to true, why does it not work with virtualisation.containers.enable?
boot.enableContainers = false;
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
dockerSocket.enable = true;
};
};
programs.steam.enable = true;
programs.corectrl.enable = true;
services.dbus.packages = with pkgs; [openrgb];
services.udev.packages = with pkgs; [
yubikey-personalization
chrysalis
openrgb
i2c-tools
gnome3.gnome-settings-daemon
qmk-udev-rules
vial
];
sops.defaultSopsFile = ../secrets/hosts/murex-pecten/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
environment.systemPackages = with pkgs; [
qt5.qtwayland
thunderbolt
chrysalis
openrgb
gnomeExtensions.appindicator
qmk
vial
];
services.fwupd.enable = true;
services.devmon.enable = true;
services.ratbagd.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
};
programs.steam.enable = true;
programs.corectrl.enable = true;
services.dbus.packages = with pkgs; [openrgb];
services.udev.packages = with pkgs; [
yubikey-personalization
chrysalis
openrgb
i2c-tools
gnome3.gnome-settings-daemon
qmk-udev-rules
vial
];
sops.defaultSopsFile = ../secrets/hosts/murex-pecten/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
environment.systemPackages = with pkgs; [
qt5.qtwayland
thunderbolt
chrysalis
openrgb
gnomeExtensions.appindicator
qmk
vial
];
services.fwupd.enable = true;
services.devmon.enable = true;
services.ratbagd.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
}

127
hosts/polymita-picta.nix
View file

@ -1,64 +1,75 @@
{pkgs, ...}: {
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
networking.hostName = "polymita-picta";
networking.networkmanager.enable = true;
{
pkgs,
inputs,
...
}: {
imports = [
inputs.self.nixosModules.homeManagerConfig
(inputs.jovian-nixos + "/modules")
../hardware/steam-deck.nix
];
config = {
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
networking.hostName = "polymita-picta";
networking.networkmanager.enable = true;
# === Settings ===
settings.ssh.openOutsideVPN = true;
# === Settings ===
settings.ssh.openOutsideVPN = true;
hardware.pulseaudio.enable = false;
hardware.pulseaudio.enable = false;
services.xserver.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
services.xserver.displayManager = {
lightdm.enable = true;
autoLogin = {
enable = true;
user = "malte";
services.xserver.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
services.xserver.displayManager = {
lightdm.enable = true;
autoLogin = {
enable = true;
user = "malte";
};
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
programs.dconf.enable = true;
users = {
mutableUsers = false;
defaultUserShell = pkgs.fish;
custom.malte.enable = true;
custom.malte.steamDeck = true;
};
environment.systemPackages = with pkgs; [
steam-rom-manager
];
security.sudo.extraRules = [
{
users = ["malte"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
jovian.devices.steamdeck.enable = true;
jovian.steam.enable = true;
jovian.devices.steamdeck.enableVendorRadv = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
programs.dconf.enable = true;
users = {
mutableUsers = false;
defaultUserShell = pkgs.fish;
custom.malte.enable = true;
custom.malte.steamDeck = true;
};
environment.systemPackages = with pkgs; [
steam-rom-manager
];
security.sudo.extraRules = [
{
users = ["malte"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
jovian.devices.steamdeck.enable = true;
jovian.steam.enable = true;
jovian.devices.steamdeck.enableVendorRadv = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

177
hosts/trochulus-hispidus.nix
View file

@ -1,96 +1,105 @@
{
config,
pkgs,
inputs,
...
}: {
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
imports = [
inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
inputs.self.nixosModules.homeManagerConfig
../hardware/latitude-e7440.nix
];
config = {
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "trochulus-hispidus";
networking.hostName = "trochulus-hispidus";
networking.interfaces.eno1.useDHCP = true;
networking.interfaces.wlp2s0.useDHCP = true;
networking.interfaces.eno1.useDHCP = true;
networking.interfaces.wlp2s0.useDHCP = true;
settings.minimalGnome.enable = true;
settings.printing.enable = true;
settings.minimalGnome.enable = true;
settings.printing.enable = true;
hardware = {
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
vaapiVdpau
libvdpau-va-gl
];
hardware = {
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
vaapiVdpau
libvdpau-va-gl
];
extraPackages32 = with pkgs.pkgsi686Linux; [vaapiIntel];
extraPackages32 = with pkgs.pkgsi686Linux; [vaapiIntel];
};
};
# Make sure her settings are all in German since she prefers it that way!
i18n.defaultLocale = "de_DE.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "de";
};
services.xserver.layout = "de";
# TODO: Remove when firefox' RDD is fixed (allows libva)
environment.variables."MOZ_DISABLE_RDD_SANDBOX" = "1";
# Enable the X11 windowing system.
services.xserver = {
enable = true;
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
libinput.enable = true;
libinput.mouse.accelProfile = "flat";
libinput.touchpad.accelProfile = "flat";
};
# But disable geary in favour of evolution
programs.geary.enable = false;
programs.evolution.enable = true;
services.fprintd.enable = true;
services.fwupd.enable = true;
services.devmon.enable = true;
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
xdg.portal = {
enable = true;
extraPortals = [pkgs.xdg-desktop-portal-wlr];
};
users = {
mutableUsers = false;
custom.marie.enable = true;
};
fonts = {
enableDefaultFonts = true;
fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels];
fontconfig = {enable = true;};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
};
# Make sure her settings are all in German since she prefers it that way!
i18n.defaultLocale = "de_DE.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "de";
};
services.xserver.layout = "de";
# TODO: Remove when firefox' RDD is fixed (allows libva)
environment.variables."MOZ_DISABLE_RDD_SANDBOX" = "1";
# Enable the X11 windowing system.
services.xserver = {
enable = true;
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
libinput.enable = true;
libinput.mouse.accelProfile = "flat";
libinput.touchpad.accelProfile = "flat";
};
# But disable geary in favour of evolution
programs.geary.enable = false;
programs.evolution.enable = true;
services.fprintd.enable = true;
services.fwupd.enable = true;
services.devmon.enable = true;
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
xdg.portal = {
enable = true;
extraPortals = [pkgs.xdg-desktop-portal-wlr];
};
users = {
mutableUsers = false;
custom.marie.enable = true;
};
fonts = {
enableDefaultFonts = true;
fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels];
fontconfig = {enable = true;};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
}

4
modules/malte.nix
View file

@ -2,7 +2,7 @@
pkgs,
lib,
config,
flake,
inputs,
...
}: let
cfg = config.users.custom.malte;
@ -38,7 +38,7 @@ in {
openssh.authorizedKeys.keyFiles = [../users/malte/yubikey.pub];
};
home-manager.users.malte.imports = [../users/malte/home.nix flake.inputs.nix-colors.homeManagerModule flake.inputs.hyprland.homeManagerModules.default];
home-manager.users.malte.imports = [../users/malte/home.nix inputs.nix-colors.homeManagerModule inputs.hyprland.homeManagerModules.default];
programs.fish.enable = true;
services.darkman.enable = !cfg.steamDeck;

16
pkgs/all-hosts.nix Normal file
View file

@ -0,0 +1,16 @@
{
writeShellApplication,
jq,
nix,
...
}:
writeShellApplication {
name = "all-hosts";
runtimeInputs = [
jq
nix
];
text = ''
nix eval --json .#nixosConfigurations --apply builtins.attrNames 2>/dev/null | jq -r .[]
'';
}

14
pkgs/option.nix Normal file
View file

@ -0,0 +1,14 @@
{
writeShellApplication,
coreutils,
nix,
...
}:
writeShellApplication {
name = "option";
runtimeInputs = [
coreutils
nix
];
text = builtins.readFile ../scripts/option.sh;
}

14
pkgs/personal-cache.nix Normal file
View file

@ -0,0 +1,14 @@
{
writeShellApplication,
coreutils,
nix,
...
}:
writeShellApplication {
name = "personal-cache";
runtimeInputs = [
coreutils
nix
];
text = builtins.readFile ../scripts/personal-cache.sh;
}

18
pkgs/rebuild.nix Normal file
View file

@ -0,0 +1,18 @@
{
writeShellApplication,
coreutils,
git,
nixos-rebuild,
callPackage,
...
}:
writeShellApplication {
name = "rebuild";
runtimeInputs = [
coreutils
git
(callPackage ./personal-cache.nix {})
nixos-rebuild
];
text = builtins.readFile ../scripts/rebuild.sh;
}

20
pkgs/test-config.nix Normal file
View file

@ -0,0 +1,20 @@
{
writeShellApplication,
coreutils,
nix,
nixos-rebuild,
bat,
callPackage,
...
}:
writeShellApplication {
name = "test-config";
runtimeInputs = [
coreutils
nix
(callPackage ./all-hosts.nix {})
nixos-rebuild
bat
];
text = builtins.readFile ../scripts/test-config.sh;
}

2
scripts/notmuch-new.sh
View file

@ -1,3 +1,5 @@
#!/bin/sh
# Script to be run after mailboxes have been synchronized
# Expects `notmuch` in the PATH

1
scripts/option.sh
View file

@ -1,3 +1,4 @@
#!/bin/bash
function print_help() {
printf "Usage:"

1
scripts/personal-cache.sh
View file

@ -1,3 +1,4 @@
#!/bin/bash
store="http://cache.home"

17
scripts/rebuild.sh
View file

@ -1,3 +1,4 @@
#!/bin/bash
function print_help() {
printf "Usage:"
@ -13,17 +14,17 @@ action=$1
case "$action" in
"switch" | "boot" | "test")
optSudo=sudo
;;
optSudo=sudo
;;
*)
optSudo=
;;
optSudo=
;;
esac
ARGS=( "$action" )
ARGS=("$action")
if personal-cache --ping; then
ARGS+=( "--option" "extra-substituters" "$(personal-cache --url)" )
ARGS+=("--option" "extra-substituters" "$(personal-cache --url)")
printf "Cache is up and running!\n"
else
printf "Cache is down!\n"
@ -31,10 +32,10 @@ fi
if [ -n "${2+x}" ]; then
host=$2
ARGS+=( "--build-host" "root@$host" "--target-host" "root@$host" "--flake" ".#${host}" )
ARGS+=("--build-host" "root@$host" "--target-host" "root@$host" "--flake" ".#${host}")
printf "Building on %s!\n" "$host"
else
ARGS+=( "--flake" "." )
ARGS+=("--flake" "." "--show-trace")
printf "Building on localhost!\n"
fi

3
scripts/test-config.sh
View file

@ -1,8 +1,9 @@
#!/bin/bash
for host in $(all-hosts); do
printf -- "-> Checking %s.. " "$host"
if nixos-rebuild --flake ".#$host" dry-build 2> /tmp/build-output; then
if nixos-rebuild --show-trace --flake ".#$host" dry-build 2>/tmp/build-output; then
printf "ok\n"
else
printf "failed!\n"