megamanmalte/nixos
0
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

feat(flake): Recreate using flake-parts

Browse source
This commit is contained in:
Malte Tammena 2023-04-19 01:01:07 +02:00
parent eb2504157e
commit 5716aa16be
20 changed files with 1593 additions and 1478 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

375
flake.lock
View file

@ -205,13 +205,16 @@
} }
}, },
"devshell_2": { "devshell_2": {
"flake": false, "inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_2"
},
"locked": { "locked": {
"lastModified": 1663445644, "lastModified": 1678957337,
"narHash": "sha256-+xVlcK60x7VY1vRJbNUEAHi17ZuoQxAIH4S4iUFUGBA=", "narHash": "sha256-Gw4nVbuKRdTwPngeOZQOzH/IFowmz4LryMPDiJN/ah4=",
"owner": "numtide", "owner": "numtide",
"repo": "devshell", "repo": "devshell",
"rev": "e3dc3e21594fe07bdb24bdf1c8657acaa4cb8f66", "rev": "3e0e60ab37cd0bf7ab59888f5c32499d851edb47",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -221,25 +224,6 @@
} }
}, },
"devshell_3": { "devshell_3": {
"inputs": {
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1678957337,
"narHash": "sha256-Gw4nVbuKRdTwPngeOZQOzH/IFowmz4LryMPDiJN/ah4=",
"owner": "numtide",
"repo": "devshell",
"rev": "3e0e60ab37cd0bf7ab59888f5c32499d851edb47",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1663445644, "lastModified": 1663445644,
@ -255,10 +239,10 @@
"type": "github" "type": "github"
} }
}, },
"devshell_5": { "devshell_4": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_6", "flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_9" "nixpkgs": "nixpkgs_6"
}, },
"locked": { "locked": {
"lastModified": 1678957337, "lastModified": 1678957337,
@ -274,7 +258,42 @@
"type": "github" "type": "github"
} }
}, },
"devshell_5": {
"flake": false,
"locked": {
"lastModified": 1663445644,
"narHash": "sha256-+xVlcK60x7VY1vRJbNUEAHi17ZuoQxAIH4S4iUFUGBA=",
"owner": "numtide",
"repo": "devshell",
"rev": "e3dc3e21594fe07bdb24bdf1c8657acaa4cb8f66",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_6": { "devshell_6": {
"inputs": {
"flake-utils": "flake-utils_7",
"nixpkgs": "nixpkgs_10"
},
"locked": {
"lastModified": 1678957337,
"narHash": "sha256-Gw4nVbuKRdTwPngeOZQOzH/IFowmz4LryMPDiJN/ah4=",
"owner": "numtide",
"repo": "devshell",
"rev": "3e0e60ab37cd0bf7ab59888f5c32499d851edb47",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_7": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1663445644, "lastModified": 1663445644,
@ -294,7 +313,7 @@
"inputs": { "inputs": {
"all-cabal-json": "all-cabal-json", "all-cabal-json": "all-cabal-json",
"crane": "crane", "crane": "crane",
"devshell": "devshell_2", "devshell": "devshell_3",
"drv-parts": "drv-parts", "drv-parts": "drv-parts",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
@ -303,7 +322,7 @@
"gomod2nix": "gomod2nix", "gomod2nix": "gomod2nix",
"mach-nix": "mach-nix", "mach-nix": "mach-nix",
"nix-pypi-fetcher": "nix-pypi-fetcher", "nix-pypi-fetcher": "nix-pypi-fetcher",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_3",
"nixpkgsV1": "nixpkgsV1", "nixpkgsV1": "nixpkgsV1",
"poetry2nix": "poetry2nix", "poetry2nix": "poetry2nix",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",
@ -327,7 +346,7 @@
"inputs": { "inputs": {
"all-cabal-json": "all-cabal-json_2", "all-cabal-json": "all-cabal-json_2",
"crane": "crane_2", "crane": "crane_2",
"devshell": "devshell_4", "devshell": "devshell_5",
"drv-parts": "drv-parts_2", "drv-parts": "drv-parts_2",
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_3",
@ -336,7 +355,7 @@
"gomod2nix": "gomod2nix_2", "gomod2nix": "gomod2nix_2",
"mach-nix": "mach-nix_2", "mach-nix": "mach-nix_2",
"nix-pypi-fetcher": "nix-pypi-fetcher_2", "nix-pypi-fetcher": "nix-pypi-fetcher_2",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_7",
"nixpkgsV1": "nixpkgsV1_2", "nixpkgsV1": "nixpkgsV1_2",
"poetry2nix": "poetry2nix_2", "poetry2nix": "poetry2nix_2",
"pre-commit-hooks": "pre-commit-hooks_2", "pre-commit-hooks": "pre-commit-hooks_2",
@ -360,16 +379,16 @@
"inputs": { "inputs": {
"all-cabal-json": "all-cabal-json_3", "all-cabal-json": "all-cabal-json_3",
"crane": "crane_3", "crane": "crane_3",
"devshell": "devshell_6", "devshell": "devshell_7",
"drv-parts": "drv-parts_3", "drv-parts": "drv-parts_3",
"flake-compat": "flake-compat_6", "flake-compat": "flake-compat_6",
"flake-parts": "flake-parts_5", "flake-parts": "flake-parts_6",
"flake-utils-pre-commit": "flake-utils-pre-commit_3", "flake-utils-pre-commit": "flake-utils-pre-commit_3",
"ghc-utils": "ghc-utils_3", "ghc-utils": "ghc-utils_3",
"gomod2nix": "gomod2nix_3", "gomod2nix": "gomod2nix_3",
"mach-nix": "mach-nix_3", "mach-nix": "mach-nix_3",
"nix-pypi-fetcher": "nix-pypi-fetcher_3", "nix-pypi-fetcher": "nix-pypi-fetcher_3",
"nixpkgs": "nixpkgs_10", "nixpkgs": "nixpkgs_11",
"nixpkgsV1": "nixpkgsV1_3", "nixpkgsV1": "nixpkgsV1_3",
"poetry2nix": "poetry2nix_3", "poetry2nix": "poetry2nix_3",
"pre-commit-hooks": "pre-commit-hooks_3", "pre-commit-hooks": "pre-commit-hooks_3",
@ -487,7 +506,7 @@
}, },
"emulator-2a": { "emulator-2a": {
"inputs": { "inputs": {
"devshell": "devshell", "devshell": "devshell_2",
"dream2nix": "dream2nix", "dream2nix": "dream2nix",
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
"nixpkgs": [ "nixpkgs": [
@ -513,7 +532,7 @@
}, },
"fend": { "fend": {
"inputs": { "inputs": {
"devshell": "devshell_3", "devshell": "devshell_4",
"dream2nix": "dream2nix_2", "dream2nix": "dream2nix_2",
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_4",
"nixpkgs": [ "nixpkgs": [
@ -766,6 +785,24 @@
} }
}, },
"flake-parts_5": { "flake-parts_5": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": {
"lastModified": 1680392223,
"narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_6": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"mensa", "mensa",
@ -787,9 +824,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_6": { "flake-parts_7": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib_3" "nixpkgs-lib": "nixpkgs-lib_4"
}, },
"locked": { "locked": {
"lastModified": 1680392223, "lastModified": 1680392223,
@ -805,7 +842,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_7": { "flake-parts_8": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nixpkgs-wayland", "nixpkgs-wayland",
@ -904,11 +941,11 @@
}, },
"flake-utils_3": { "flake-utils_3": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1642700792,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -919,11 +956,11 @@
}, },
"flake-utils_4": { "flake-utils_4": {
"locked": { "locked": {
"lastModified": 1642700792, "lastModified": 1667395993,
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -933,6 +970,21 @@
} }
}, },
"flake-utils_5": { "flake-utils_5": {
"locked": {
"lastModified": 1642700792,
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "846b2ae0fc4cc943637d3d1def4454213e203cba",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_6": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -947,7 +999,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_6": { "flake-utils_7": {
"locked": { "locked": {
"lastModified": 1642700792, "lastModified": 1642700792,
"narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=",
@ -962,7 +1014,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_7": { "flake-utils_8": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -977,7 +1029,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_8": { "flake-utils_9": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
}, },
@ -995,21 +1047,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_9": {
"locked": {
"lastModified": 1644229661,
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"ghc-utils": { "ghc-utils": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -1300,8 +1337,8 @@
}, },
"lib-aggregate": { "lib-aggregate": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_8", "flake-utils": "flake-utils_9",
"nixpkgs-lib": "nixpkgs-lib_5" "nixpkgs-lib": "nixpkgs-lib_6"
}, },
"locked": { "locked": {
"lastModified": 1681214977, "lastModified": 1681214977,
@ -1380,9 +1417,9 @@
}, },
"mensa": { "mensa": {
"inputs": { "inputs": {
"devshell": "devshell_5", "devshell": "devshell_6",
"dream2nix": "dream2nix_3", "dream2nix": "dream2nix_3",
"flake-parts": "flake-parts_6", "flake-parts": "flake-parts_7",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@ -1407,7 +1444,7 @@
"nix-colors": { "nix-colors": {
"inputs": { "inputs": {
"base16-schemes": "base16-schemes", "base16-schemes": "base16-schemes",
"nixpkgs-lib": "nixpkgs-lib_4" "nixpkgs-lib": "nixpkgs-lib_5"
}, },
"locked": { "locked": {
"lastModified": 1680875144, "lastModified": 1680875144,
@ -1425,8 +1462,8 @@
}, },
"nix-eval-jobs": { "nix-eval-jobs": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_7", "flake-parts": "flake-parts_8",
"nixpkgs": "nixpkgs_14" "nixpkgs": "nixpkgs_15"
}, },
"locked": { "locked": {
"lastModified": 1681421147, "lastModified": 1681421147,
@ -1599,6 +1636,24 @@
} }
}, },
"nixpkgs-lib_4": { "nixpkgs-lib_4": {
"locked": {
"dir": "lib",
"lastModified": 1680213900,
"narHash": "sha256-cIDr5WZIj3EkKyCgj/6j3HBH4Jj1W296z7HTcWj1aMA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e3652e0735fbec227f342712f180f4f21f0594f2",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib_5": {
"locked": { "locked": {
"lastModified": 1680397293, "lastModified": 1680397293,
"narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=", "narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=",
@ -1613,7 +1668,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib_5": { "nixpkgs-lib_6": {
"locked": { "locked": {
"lastModified": 1681001314, "lastModified": 1681001314,
"narHash": "sha256-5sDnCLdrKZqxLPK4KA8+f4A3YKO/u6ElpMILvX0g72c=", "narHash": "sha256-5sDnCLdrKZqxLPK4KA8+f4A3YKO/u6ElpMILvX0g72c=",
@ -1713,7 +1768,7 @@
"flake-compat": "flake-compat_8", "flake-compat": "flake-compat_8",
"lib-aggregate": "lib-aggregate", "lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs", "nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": "nixpkgs_15" "nixpkgs": "nixpkgs_16"
}, },
"locked": { "locked": {
"lastModified": 1681461427, "lastModified": 1681461427,
@ -1791,6 +1846,22 @@
} }
}, },
"nixpkgs_10": { "nixpkgs_10": {
"locked": {
"lastModified": 1677383253,
"narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9952d6bc395f5841262b006fbace8dd7e143b634",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": { "locked": {
"lastModified": 1665580254, "lastModified": 1665580254,
"narHash": "sha256-hO61XPkp1Hphl4HGNzj1VvDH5URt7LI6LaY/385Eul4=", "narHash": "sha256-hO61XPkp1Hphl4HGNzj1VvDH5URt7LI6LaY/385Eul4=",
@ -1805,7 +1876,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_11": { "nixpkgs_12": {
"locked": { "locked": {
"lastModified": 1681303793, "lastModified": 1681303793,
"narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=", "narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=",
@ -1821,7 +1892,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_12": { "nixpkgs_13": {
"locked": { "locked": {
"lastModified": 1680945546, "lastModified": 1680945546,
"narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=", "narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=",
@ -1837,7 +1908,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_13": { "nixpkgs_14": {
"locked": { "locked": {
"lastModified": 1681303793, "lastModified": 1681303793,
"narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=", "narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=",
@ -1852,7 +1923,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_14": { "nixpkgs_15": {
"locked": { "locked": {
"lastModified": 1681347147, "lastModified": 1681347147,
"narHash": "sha256-B+hTioRc3Jdf4SJyeCiO0fW5ShIznJk2OTiW2vOV+mc=", "narHash": "sha256-B+hTioRc3Jdf4SJyeCiO0fW5ShIznJk2OTiW2vOV+mc=",
@ -1868,7 +1939,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_15": { "nixpkgs_16": {
"locked": { "locked": {
"lastModified": 1681303793, "lastModified": 1681303793,
"narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=", "narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=",
@ -1884,7 +1955,23 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_16": { "nixpkgs_17": {
"locked": {
"lastModified": 1680945546,
"narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d9f759f2ea8d265d974a6e1259bd510ac5844c5d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_18": {
"locked": { "locked": {
"lastModified": 1680945546, "lastModified": 1680945546,
"narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=", "narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=",
@ -1901,6 +1988,22 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1677383253,
"narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9952d6bc395f5841262b006fbace8dd7e143b634",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1665580254, "lastModified": 1665580254,
"narHash": "sha256-hO61XPkp1Hphl4HGNzj1VvDH5URt7LI6LaY/385Eul4=", "narHash": "sha256-hO61XPkp1Hphl4HGNzj1VvDH5URt7LI6LaY/385Eul4=",
@ -1915,7 +2018,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_3": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1681303793, "lastModified": 1681303793,
"narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=", "narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=",
@ -1931,23 +2034,23 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": {
"locked": {
"lastModified": 1680945546,
"narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d9f759f2ea8d265d974a6e1259bd510ac5844c5d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": { "nixpkgs_5": {
"locked": {
"lastModified": 1680945546,
"narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d9f759f2ea8d265d974a6e1259bd510ac5844c5d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1677383253, "lastModified": 1677383253,
"narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=", "narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=",
@ -1963,7 +2066,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1665580254, "lastModified": 1665580254,
"narHash": "sha256-hO61XPkp1Hphl4HGNzj1VvDH5URt7LI6LaY/385Eul4=", "narHash": "sha256-hO61XPkp1Hphl4HGNzj1VvDH5URt7LI6LaY/385Eul4=",
@ -1978,7 +2081,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs_7": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1681303793, "lastModified": 1681303793,
"narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=", "narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=",
@ -1994,7 +2097,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_8": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1680945546, "lastModified": 1680945546,
"narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=", "narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=",
@ -2010,22 +2113,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_9": {
"locked": {
"lastModified": 1677383253,
"narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9952d6bc395f5841262b006fbace8dd7e143b634",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"poetry2nix": { "poetry2nix": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -2107,9 +2194,9 @@
"pre-commit-hooks-nix": { "pre-commit-hooks-nix": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_4",
"gitignore": "gitignore", "gitignore": "gitignore",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
@ -2129,9 +2216,9 @@
"pre-commit-hooks-nix_2": { "pre-commit-hooks-nix_2": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_5",
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_6",
"gitignore": "gitignore_2", "gitignore": "gitignore_2",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable_2" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
@ -2151,9 +2238,9 @@
"pre-commit-hooks-nix_3": { "pre-commit-hooks-nix_3": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_7", "flake-compat": "flake-compat_7",
"flake-utils": "flake-utils_7", "flake-utils": "flake-utils_8",
"gitignore": "gitignore_3", "gitignore": "gitignore_3",
"nixpkgs": "nixpkgs_11", "nixpkgs": "nixpkgs_12",
"nixpkgs-stable": "nixpkgs-stable_3" "nixpkgs-stable": "nixpkgs-stable_3"
}, },
"locked": { "locked": {
@ -2329,9 +2416,11 @@
"cataclysm-dda": "cataclysm-dda", "cataclysm-dda": "cataclysm-dda",
"colmena": "colmena", "colmena": "colmena",
"custom-udev-rules": "custom-udev-rules", "custom-udev-rules": "custom-udev-rules",
"devshell": "devshell",
"emulator-2a": "emulator-2a", "emulator-2a": "emulator-2a",
"fend": "fend", "fend": "fend",
"fenix": "fenix", "fenix": "fenix",
"flake-parts": "flake-parts_5",
"home-manager": "home-manager", "home-manager": "home-manager",
"hydra": "hydra", "hydra": "hydra",
"hyprland": "hyprland", "hyprland": "hyprland",
@ -2340,14 +2429,14 @@
"nix-colors": "nix-colors", "nix-colors": "nix-colors",
"nixForHydra": "nixForHydra", "nixForHydra": "nixForHydra",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_13", "nixpkgs": "nixpkgs_14",
"nixpkgs-wayland": "nixpkgs-wayland", "nixpkgs-wayland": "nixpkgs-wayland",
"nixpkgsForNixForHydra": "nixpkgsForNixForHydra", "nixpkgsForNixForHydra": "nixpkgsForNixForHydra",
"qmk-udev-rules": "qmk-udev-rules", "qmk-udev-rules": "qmk-udev-rules",
"radicale_infcloud": "radicale_infcloud", "radicale_infcloud": "radicale_infcloud",
"rip": "rip", "rip": "rip",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"utils": "utils_2", "treefmt-nix": "treefmt-nix_4",
"xdg-desktop-portal-hyprland": "xdg-desktop-portal-hyprland" "xdg-desktop-portal-hyprland": "xdg-desktop-portal-hyprland"
} }
}, },
@ -2422,7 +2511,7 @@
}, },
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1681486253, "lastModified": 1681486253,
@ -2440,7 +2529,7 @@
}, },
"treefmt-nix_2": { "treefmt-nix_2": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_8" "nixpkgs": "nixpkgs_9"
}, },
"locked": { "locked": {
"lastModified": 1681486253, "lastModified": 1681486253,
@ -2458,7 +2547,25 @@
}, },
"treefmt-nix_3": { "treefmt-nix_3": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_12" "nixpkgs": "nixpkgs_13"
},
"locked": {
"lastModified": 1681486253,
"narHash": "sha256-EjiQZvXQH9tUPCyLC6lQpfGnoq4+kI9v59bDJWPicYo=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "b25d1a3c2c7554d0462ab1dfddf2f13128638b90",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_4": {
"inputs": {
"nixpkgs": "nixpkgs_17"
}, },
"locked": { "locked": {
"lastModified": 1681486253, "lastModified": 1681486253,
@ -2489,24 +2596,6 @@
"type": "github" "type": "github"
} }
}, },
"utils_2": {
"inputs": {
"flake-utils": "flake-utils_9"
},
"locked": {
"lastModified": 1657226504,
"narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
},
"wlroots": { "wlroots": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -2528,7 +2617,7 @@
"xdg-desktop-portal-hyprland": { "xdg-desktop-portal-hyprland": {
"inputs": { "inputs": {
"hyprland-protocols": "hyprland-protocols_2", "hyprland-protocols": "hyprland-protocols_2",
"nixpkgs": "nixpkgs_16" "nixpkgs": "nixpkgs_18"
}, },
"locked": { "locked": {
"lastModified": 1681416853, "lastModified": 1681416853,

395
flake.nix
View file

@ -2,9 +2,12 @@
description = "Malte Tammena's system configuration"; description = "Malte Tammena's system configuration";
inputs = { inputs = {
flake-parts.url = "github:hercules-ci/flake-parts";
devshell.url = "github:numtide/devshell";
treefmt-nix.url = "github:numtide/treefmt-nix";
nixpkgs.url = "nixpkgs/nixos-unstable"; nixpkgs.url = "nixpkgs/nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware"; nixos-hardware.url = "github:NixOS/nixos-hardware";
utils.url = "github:gytis-ivaskevicius/flake-utils-plus";
custom-udev-rules.url = "github:MalteT/custom-udev-rules"; custom-udev-rules.url = "github:MalteT/custom-udev-rules";
nix-colors.url = "github:Misterio77/nix-colors"; nix-colors.url = "github:Misterio77/nix-colors";
@ -86,282 +89,152 @@
}; };
nixConfig = { nixConfig = {
# Only usefull if you're part of my VPN
extra-substituters = ["http://cache.home"]; extra-substituters = ["http://cache.home"];
}; };
outputs = { outputs = inputs @ {flake-parts, ...}: let
self, # Overlays useful to most of my systems
utils, overlaysSharedByAll = [
nixpkgs, inputs.fenix.overlays.default
nixos-hardware, inputs.colmena.overlay
... inputs.xdg-desktop-portal-hyprland.overlays.default
} @ inputs: let (self: super: {
pkgs = self.pkgs.x86_64-linux.nixpkgs; # Add fonts
hackNerdLigatures = super.callPackage ./pkgs/hack.nix {};
hosts = [ # Add the emulator
"helix-texta" "2a-emulator" =
"murex-pecten" inputs.emulator-2a.packages.x86_64-linux."2a-emulator";
"cornu-aspersum" # Add my mensa tool
"granodomus-lima" inherit (inputs.mensa.packages.x86_64-linux) mensa;
"trochulus-hispidus" darkman = super.callPackage ./pkgs/darkman.nix {};
"radix-balthica" # TODO: Replace with upstream
"faunus-ater" inherit (inputs.fend.packages.x86_64-linux) fend;
"polymita-picta" hydra = inputs.hydra.packages.x86_64-linux.default;
# TODO: Remove once hydra fixes these removed aliases
inherit (super.perlPackages) buildPerlPackage;
netcat-openbsd = super.libressl.nc;
})
# Override cataclysm to use git
(import ./overlays/cataclysm-dda.nix)
(import ./overlays/qmk-udev-rules.nix)
(import ./overlays/sane-backends.nix)
(import ./overlays/logisim.nix)
(import ./overlays/fzf-kak.nix)
(import ./overlays/prometheus-fritzbox-exporter.nix)
(import ./overlays/waybar-hypr.nix)
]; ];
# Modules useful to most of my systems
defaultModules = [ modulesSharedByAllSystems = [
inputs.home-manager.nixosModules.home-manager
self.nixosModules.home-manager-config
inputs.custom-udev-rules.nixosModule
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
self.nixosModules.nixUnstable inputs.self.nixosModules.nixUnstable
inputs.home-manager.nixosModules.home-manager
./modules/base-system.nix ./modules/base-system.nix
{config._module.args.flake = self;}
]; ];
# The list of all hosts known to me
listOfHosts = let
removeSuffix = builtins.replaceStrings [".nix"] [""];
hostDir = builtins.readDir ./hosts;
hostFileNames = builtins.attrNames hostDir;
in
map removeSuffix hostFileNames;
in in
utils.lib.mkFlake { flake-parts.lib.mkFlake {inherit inputs;} {
inherit self inputs; # Flake-parts modules to use
imports = [
supportedSystems = ["x86_64-linux"]; inputs.devshell.flakeModule
nix.generateRegistryFromInputs = true; inputs.treefmt-nix.flakeModule
nix.linkInputs = true;
sharedOverlays = [
inputs.fenix.overlays.default
inputs.colmena.overlay
inputs.xdg-desktop-portal-hyprland.overlays.default
utils.overlay
(self: super: {
# Add fonts
hackNerdLigatures = super.callPackage ./pkgs/hack.nix {};
# Add the emulator
"2a-emulator" =
inputs.emulator-2a.packages.x86_64-linux."2a-emulator";
# Add my mensa tool
inherit (inputs.mensa.packages.x86_64-linux) mensa;
darkman = super.callPackage ./pkgs/darkman.nix {};
# TODO: Replace with upstream
inherit (inputs.fend.packages.x86_64-linux) fend;
hydra = inputs.hydra.packages.x86_64-linux.default;
# TODO: Remove once hydra fixes these removed aliases
inherit (super.perlPackages) buildPerlPackage;
netcat-openbsd = super.libressl.nc;
})
# Override cataclysm to use git
(import ./overlays/cataclysm-dda.nix)
(import ./overlays/qmk-udev-rules.nix)
(import ./overlays/sane-backends.nix)
(import ./overlays/logisim.nix)
(import ./overlays/fzf-kak.nix)
(import ./overlays/prometheus-fritzbox-exporter.nix)
(import ./overlays/waybar-hypr.nix)
]; ];
# Available systems, only x86 for now
hostDefaults.system = "x86_64-linux"; systems = ["x86_64-linux"];
hostDefaults.modules = defaultModules; perSystem = {
config,
hosts = builtins.listToAttrs (map (host: { self',
name = host; inputs',
value = {modules = [self.nixosModules.${host}];}; pkgs,
}) system,
hosts); ...
}: {
nixosModules = { # Configure treefmt
home-manager-config = _: { treefmt.projectRootFile = "flake.nix";
home-manager.verbose = true; treefmt.programs = {
home-manager.useGlobalPkgs = true; alejandra.enable = true;
home-manager.useUserPackages = true; shellcheck.enable = true;
home-manager.extraSpecialArgs = {inherit (inputs) nix-colors;}; shfmt.enable = true;
}; };
# Load all packages from ./pkgs
nixUnstable = {pkgs, ...}: { packages = let
nix.registry.nixpkgs.flake = nixpkgs; pkgFiles = builtins.attrNames (builtins.readDir ./pkgs);
nix.package = pkgs.nixUnstable; toPackage = file: {
nix.extraOptions = '' name = builtins.replaceStrings [".nix"] [""] file;
experimental-features = nix-command flakes value = pkgs.callPackage ./pkgs/${file} {};
''; };
}; in
builtins.listToAttrs (builtins.map toPackage pkgFiles);
helix-texta = { # Create a useable devshell for me
pkgs, devshells.default = {
config, name = "dev";
... packages = [
}: { pkgs.nil
imports = [ self'.packages.rebuild
./hosts/helix-texta.nix self'.packages.personal-cache
./modules/light-actkbd.nix self'.packages.all-hosts
self.nixosModules.thinkpad-p1-gen3 self'.packages.option
]; self'.packages.test-config
};
murex-pecten = {...}: {
imports = [
nixos-hardware.nixosModules.common-pc
nixos-hardware.nixosModules.common-pc-ssd
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
./hosts/murex-pecten.nix
./hardware/aorus.nix
];
};
cornu-aspersum = {...}: {
imports = [
./hosts/cornu-aspersum.nix
./hardware/netcup-rs-2000-g9.nix
./modules/nginx-reverse-proxy.nix
];
};
granodomus-lima = {...}: {
imports = [
./hosts/granodomus-lima.nix
./hardware/netcup-vps-200-g10.nix
./modules/nginx-reverse-proxy.nix
];
};
trochulus-hispidus = {pkgs, ...}: {
imports = [
./hosts/trochulus-hispidus.nix
./hardware/latitude-e7440.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-laptop
nixos-hardware.nixosModules.common-pc-laptop-ssd
];
};
thinkpad-p1-gen3 = {...}: {
imports = [
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-nvidia
nixos-hardware.nixosModules.common-pc-laptop
nixos-hardware.nixosModules.common-pc-laptop-ssd
nixos-hardware.nixosModules.common-pc-laptop-acpi_call
./hardware/thinkpad-p1-gen3.nix
];
};
radix-balthica = {...}: {
imports = [
./hosts/radix-balthica.nix
];
};
faunus-ater = {...}: {
imports = [
nixos-hardware.nixosModules.common-cpu-intel #-cpu-only
./modules/nginx-reverse-proxy.nix
./hosts/faunus-ater.nix
./hardware/asrock-z370-i3-black-box.nix
];
};
polymita-picta = {...}: {
imports = [
./hosts/polymita-picta.nix
./hardware/steam-deck.nix
(inputs.jovian-nixos + "/modules")
]; ];
}; };
}; };
# Useful modules and all those from ./modules
colmena = flake.nixosModules =
{ {
meta = {nixpkgs = pkgs;}; homeManagerConfig = _: {
defaults = {...}: {imports = defaultModules;}; home-manager.verbose = true;
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {inherit (inputs) nix-colors;};
};
nixUnstable = {pkgs, ...}: {
nix.registry.nixpkgs.flake = inputs.nixpkgs;
nix.package = pkgs.nixUnstable;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
};
} }
// (builtins.listToAttrs (map ( // (let
host: { removeSuffix = builtins.replaceStrings [".nix"] [""];
name = host; moduleFiles = builtins.attrNames (builtins.readDir ./modules);
value = { listOfModules = builtins.map removeSuffix moduleFiles;
imports = [self.nixosModules.${host}]; toModule = name: {
config.deployment = { inherit name;
targetHost = host; value = builtins.readFile ./modules/${name};
targetUser = "root"; };
}; in
}; builtins.listToAttrs (builtins.map toModule listOfModules));
} # All my system's configurations
) flake.nixosConfigurations = let
hosts)); genSystem = name: {
inherit name;
hydraJobs = { value = inputs.nixpkgs.lib.nixosSystem {
shell.x86_64-linux = self.devShell.x86_64-linux; system = "x86_64-linux";
packages = self.packages; specialArgs = {inherit inputs;};
nixosConfigurations.x86_64-linux = builtins.listToAttrs (map (host: { modules = modulesSharedByAllSystems ++ [{nixpkgs.overlays = overlaysSharedByAll;} ./hosts/${name}.nix];
name = host; };
value = self.nixosConfigurations.${host}.config.system.build.toplevel;
})
hosts);
};
packages.x86_64-linux.iso = self.nixosConfigurations.radix-balthica.config.system.build.isoImage;
packages.x86_64-linux.vm = self.nixosConfigurations.radix-balthica.config.system.build.vm;
outputsBuilder = channels: {
devShell = channels.nixpkgs.mkShell {
name = "system config devshell";
packages = let
personalCache = pkgs.writeShellApplication {
name = "personal-cache";
runtimeInputs = with pkgs; [
coreutils
nix
];
text = builtins.readFile ./scripts/personal-cache.sh;
};
rebuild = pkgs.writeShellApplication {
name = "rebuild";
runtimeInputs = with pkgs; [
coreutils
git
personalCache
nixos-rebuild
];
text = builtins.readFile ./scripts/rebuild.sh;
};
allHosts = pkgs.writeShellApplication {
name = "all-hosts";
runtimeInputs = with pkgs; [
jq
nix
];
text = ''
nix eval --json .#nixosConfigurations --apply builtins.attrNames 2>/dev/null | jq -r .[]
'';
};
option = pkgs.writeShellApplication {
name = "option";
runtimeInputs = with pkgs; [
coreutils
nix
];
text = builtins.readFile ./scripts/option.sh;
};
testConfig = pkgs.writeShellApplication {
name = "test-config";
runtimeInputs = with pkgs; [
coreutils
nix
allHosts
nixos-rebuild
bat
];
text = builtins.readFile ./scripts/test-config.sh;
};
git = "${pkgs.git}/bin/git";
nixos-rebuild = "${pkgs.nixos-rebuild}/bin/nixos-rebuild";
bat = "${pkgs.bat}/bin/bat";
in
with pkgs; [
rebuild
personalCache
allHosts
option
testConfig
inputs.colmena.packages.x86_64-linux.colmena
fup-repl
alejandra
nil
];
}; };
in
builtins.listToAttrs (builtins.map genSystem listOfHosts);
# Iso for USB
flake.packages.x86_64-linux.iso = inputs.self.nixosConfigurations.radix-balthica.config.system.build.isoImage;
# VM for testing
flake.packages.x86_64-linux.vm = inputs.self.nixosConfigurations.radix-balthica.config.system.build.vm;
# Copy most things to hydraJobs so hydra evaluates and builds them
flake.hydraJobs = {
inherit (inputs.self) packages devShells;
nixosConfigurations.x86_64-linux = builtins.listToAttrs (builtins.map (name: {
inherit name;
value = inputs.self.nixosConfigurations.${name}.config.system.build.toplevel;
})
listOfHosts);
}; };
}; };
} }

156
hosts/cornu-aspersum.nix
View file

@ -1,80 +1,92 @@
{pkgs, ...}: { {
boot.loader.grub.enable = true; pkgs,
boot.loader.grub.version = 2; inputs,
boot.loader.grub.device = "/dev/sda"; ...
}: {
imports = [
inputs.self.nixosModules.homeManagerConfig
../hardware/netcup-rs-2000-g9.nix
../modules/nginx-reverse-proxy.nix
];
networking.hostId = "94d2a920"; config = {
networking.hostName = "cornu-aspersum"; boot.loader.grub.enable = true;
networking.interfaces.ens3.useDHCP = true; boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
settings.ssh.openOutsideVPN = true; networking.hostId = "94d2a920";
networking.hostName = "cornu-aspersum";
networking.interfaces.ens3.useDHCP = true;
users.users = { settings.ssh.openOutsideVPN = true;
root = {
hashedPassword = "$6$Yb1gdlKIpY1hRW1X$uUcNFuNnK2JFFN55Tkc.fPV.4I7RJvIfLEQayVP1utfkmjF0f/EHjtypxq11jR5NUUIJFQLW6ffajjduA2689.";
};
};
sops.defaultSopsFile = ../secrets/hosts/cornu-aspersum/secrets.yaml; users.users = {
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; root = {
hashedPassword = "$6$Yb1gdlKIpY1hRW1X$uUcNFuNnK2JFFN55Tkc.fPV.4I7RJvIfLEQayVP1utfkmjF0f/EHjtypxq11jR5NUUIJFQLW6ffajjduA2689.";
# Run radicale with infcloud interface for me and Marie
services.radicaleWithInfcloud.enable = true;
services.qemuGuest.enable = true;
services.bind = {
enable = true;
cacheNetworks = ["any"];
forwarders = ["100.100.100.100"];
listenOn = ["any"];
listenOnIpv6 = ["any"];
zones."home" = let
cornu-aspersum = {
v4 = "100.86.42.110";
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6256:2a6e";
}; };
faunus-ater = {
v4 = "100.108.135.4";
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704";
};
point = domain: host: ''
${domain} AAAA ${host.v6}
${domain} A ${host.v4}
'';
in {
master = true;
# TODO: Fix TTLs
file = pkgs.writeText "home-zone" ''
$TTL 1
@ IN SOA home. malte.home. (
5 ; Serial
1 ; Refresh
1 ; Retry
1 ; Expire
1) ; Negative Cache TTL
@ NS home.
${point "home." cornu-aspersum}
${point "foto" faunus-ater}
${point "mc" cornu-aspersum}
${point "doc" faunus-ater}
${point "sheet" faunus-ater}
${point "media" faunus-ater}
${point "file" faunus-ater}
${point "stats" faunus-ater}
${point "cache" faunus-ater}
${point "hydra" faunus-ater}
'';
}; };
};
networking.firewall.allowedTCPPorts = [53];
networking.firewall.allowedUDPPorts = [53];
# This value determines the NixOS release from which the default sops.defaultSopsFile = ../secrets/hosts/cornu-aspersum/secrets.yaml;
# settings for stateful data, like file locations and database versions sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system. # Run radicale with infcloud interface for me and Marie
# Before changing this value read the documentation for this option services.radicaleWithInfcloud.enable = true;
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment? services.qemuGuest.enable = true;
services.bind = {
enable = true;
cacheNetworks = ["any"];
forwarders = ["100.100.100.100"];
listenOn = ["any"];
listenOnIpv6 = ["any"];
zones."home" = let
cornu-aspersum = {
v4 = "100.86.42.110";
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6256:2a6e";
};
faunus-ater = {
v4 = "100.108.135.4";
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704";
};
point = domain: host: ''
${domain} AAAA ${host.v6}
${domain} A ${host.v4}
'';
in {
master = true;
# TODO: Fix TTLs
file = pkgs.writeText "home-zone" ''
$TTL 1
@ IN SOA home. malte.home. (
5 ; Serial
1 ; Refresh
1 ; Retry
1 ; Expire
1) ; Negative Cache TTL
@ NS home.
${point "home." cornu-aspersum}
${point "foto" faunus-ater}
${point "mc" cornu-aspersum}
${point "doc" faunus-ater}
${point "sheet" faunus-ater}
${point "media" faunus-ater}
${point "file" faunus-ater}
${point "stats" faunus-ater}
${point "cache" faunus-ater}
${point "hydra" faunus-ater}
'';
};
};
networking.firewall.allowedTCPPorts = [53];
networking.firewall.allowedUDPPorts = [53];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
};
} }

942
hosts/faunus-ater.nix
View file

@ -2,6 +2,7 @@
pkgs, pkgs,
lib, lib,
config, config,
inputs,
... ...
}: let }: let
sopsPath = key: config.sops.secrets.${key}.path; sopsPath = key: config.sops.secrets.${key}.path;
@ -25,491 +26,498 @@
vpnIPv4 = "100.108.135.4"; vpnIPv4 = "100.108.135.4";
vpnIPv6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704"; vpnIPv6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704";
in { in {
networking.hostName = "faunus-ater"; imports = [
networking.hostId = "a4d7bec4"; inputs.nixos-hardware.nixosModules.common-cpu-intel #-cpu-only
networking.interfaces.eno1.useDHCP = true; ../modules/nginx-reverse-proxy.nix
../hardware/asrock-z370-i3-black-box.nix
# === Make sure ZFS works ===
# TODO: Update and think of some automatic way of keeping this up to date.
boot.kernelPackages = pkgs.linuxPackages_5_15;
# === Can't handle this ===
systemd.enableEmergencyMode = false;
# === Settings ===
settings.ssh.openOutsideVPN = true;
settings.printing.enable = true;
# === ZFS services ===
services.zfs.trim.enable = true;
services.zfs.autoScrub.enable = true;
services.zfs.autoScrub.pools = ["rpool"];
# === Additional services ===
services.fwupd.enable = true;
powerManagement = {
enable = true;
powertop.enable = true;
cpuFreqGovernor = "powersave";
};
# === Git.home, because everything else sucks ===
services.gogsHome = {
enable = true;
passwordFile = sopsPath "gogs-database-password";
addr = {
v4 = vpnIPv4;
v6 = vpnIPv6;
};
stateDir = "/data/dirty/gogs";
};
sops.secrets.gogs-database-password = {
owner = config.users.users.gogs.name;
mode = "0400";
};
# === Extend printing settings because sharing is caring ===
services.printing = {
listenAddresses = ["*:631"];
allowFrom = ["all" "@IF(${vpnInterface})"];
defaultShared = true;
browsing = true;
logLevel = "debug";
};
networking.firewall.interfaces.${vpnInterface} = {
allowedUDPPorts = [631];
allowedTCPPorts = [631 config.services.hydra.port];
};
hardware.printers = {
ensureDefaultPrinter = "Local";
ensurePrinters = lib.singleton {
description = "The fastest Boi in town!";
deviceUri = "usb://Samsung/ML-1640%20Series?serial=144QBAHS600499T.";
location = "@Home";
model = "samsung/ML-1640.ppd";
name = "Local";
ppdOptions = {
PageSize = "A4";
Resolution = "600dpi";
};
};
};
virtualisation.oci-containers.backend = "podman";
virtualisation.podman = {
enable = true;
dockerCompat = true;
extraPackages = with pkgs; [zfs];
};
# Override storage driver
virtualisation.containers.storage.settings = {
storage = {
driver = "zfs";
graphroot = "/var/lib/containers/storage";
runroot = "/run/containers/storage";
};
};
virtualisation.oci-containers.containers."timetagger" = {
image = "ghcr.io/almarklein/timetagger:v23.2.1";
ports = ["5873:5873"];
environment = {
TIMETAGGER_BIND = "0.0.0.0:5873";
TIMETAGGER_DATADIR = "/root/_timetagger";
TIMETAGGER_LOG_LEVEL = "info";
TIMETAGGER_CREDENTIALS = "malte:$2a$08$P.e3SD0cnPK0P4mFYShELuoa37.1e1dEqE8MWa6LJ/kSJfje1BdBi,marie:$2a$08$ubOZWO510y5bgwIl0O4Ne.dKZdWoHqEMzvs56L6esqvLfBJ/6OgYm";
};
volumes = [
"/data/dirty/timetagger:/root/_timetagger"
];
};
services.nginx.virtualHosts."time.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://127.0.0.1:5873";
proxyWebsockets = true;
};
};
# === Dim ===
# virtualisation.oci-containers.containers."dim" = {
# environment = {};
# image = "ghcr.io/dusk-labs/dim:dev";
# ports = lib.singleton "7999:8000";
# volumes = [
# # TODO: https://github.com/Dusk-Labs/dim/blob/master/docker-compose-template.yml
# "/srv/media.deletemesoon:/media:ro"
# ];
# #user = "${config.users.users.dim.name}:${config.users.groups.dim.name}";
# };
# === SheetAble ===
# virtualisation.oci-containers.containers."sheetable" = {
# environment = {
# CONFIG_PATH = "/app/config/";
# };
# image = "vallezw/sheetable";
# ports = lib.singleton "7998:8080";
# volumes = [
# # TODO: https://sheetable.net/docs/Installation/installation-docker
# ];
# };
# === Seafile ===
# services.seafile = {
# enable = true;
# adminEmail = "malte.tammena@pm.me";
# initialAdminPassword = "test";
# seafileSettings = {
# fileserver.host = "::1";
# };
# ccnetSettings.General.SERVICE_URL = "http://file.home";
# };
# === HYDRA & Friends. ===
services.hydra = {
enable = true;
package = pkgs.hydra;
notificationSender = "hydra@home";
hydraURL = "http://faunus-ater:${builtins.toString config.services.hydra.port}";
minimumDiskFree = 10;
useSubstitutes = true;
};
services.nix-serve = {
enable = true;
secretKeyFile = sopsPath "nix-store-signing-key";
# FIXME: Remove once fixed upstream
package = pkgs.nix-serve.override {
nix = pkgs.nixVersions.nix_2_12;
};
};
# Build on other machines aswell if possible
nix.buildMachines = [
{
hostName = "localhost";
maxJobs = 4;
speedFactor = 1;
sshKey = sopsPath "hydra-overseer-key";
sshUser = "hydra-minion";
systems = ["x86_64-linux" "i686-linux"];
}
{
hostName = "helix-texta";
maxJobs = 4;
speedFactor = 2;
sshKey = sopsPath "hydra-overseer-key";
sshUser = "hydra-minion";
supportedFeatures = ["kvm" "big-parallel"];
systems = ["x86_64-linux" "i686-linux"];
}
{
hostName = "murex-pecten";
maxJobs = 4;
speedFactor = 4;
sshKey = sopsPath "hydra-overseer-key";
sshUser = "hydra-minion";
supportedFeatures = ["kvm" "big-parallel"];
systems = ["x86_64-linux" "i686-linux"];
}
]; ];
# TODO: This doesn't seem to work config = {
programs.ssh.extraConfig = '' networking.hostName = "faunus-ater";
Host * networking.hostId = "a4d7bec4";
StrictHostKeyChecking accept-new networking.interfaces.eno1.useDHCP = true;
'';
nix.extraOptions = '' # === Make sure ZFS works ===
allowed-uris = http:// https:// # TODO: Update and think of some automatic way of keeping this up to date.
''; boot.kernelPackages = pkgs.linuxPackages_5_15;
systemd.services."hydra-initial-setup" = {
description = "Setup hydra admin password once"; # === Can't handle this ===
serviceConfig = { systemd.enableEmergencyMode = false;
Type = "oneshot";
RemainAfterExit = true; # === Settings ===
LoadCredential = "USER_PW:${sopsPath "hydra-admin-password"}"; settings.ssh.openOutsideVPN = true;
settings.printing.enable = true;
# === ZFS services ===
services.zfs.trim.enable = true;
services.zfs.autoScrub.enable = true;
services.zfs.autoScrub.pools = ["rpool"];
# === Additional services ===
services.fwupd.enable = true;
powerManagement = {
enable = true;
powertop.enable = true;
cpuFreqGovernor = "powersave";
}; };
wantedBy = lib.singleton "multi-user.target";
requires = lib.singleton "hydra-init.service"; # === Git.home, because everything else sucks ===
after = lib.singleton "hydra-init.service"; services.gogsHome = {
environment = { enable = true;
inherit (config.systemd.services.hydra-init.environment) HYDRA_DBI; passwordFile = sopsPath "gogs-database-password";
addr = {
v4 = vpnIPv4;
v6 = vpnIPv6;
};
stateDir = "/data/dirty/gogs";
}; };
script = let sops.secrets.gogs-database-password = {
hydra-create-user = "${pkgs.hydra}/bin/hydra-create-user"; owner = config.users.users.gogs.name;
in '' mode = "0400";
if [ ! -e ~hydra/.setup-is-complete ]; then };
# create admin user
${hydra-create-user} admin --full-name 'Admin Mc. Admining' --email-address 'admin@faunus-ater' --password "$USER_PW" --role admin || exit 1 # === Extend printing settings because sharing is caring ===
# done services.printing = {
touch ~hydra/.setup-is-complete listenAddresses = ["*:631"];
fi allowFrom = ["all" "@IF(${vpnInterface})"];
''; defaultShared = true;
}; browsing = true;
services.nginx.virtualHosts = { logLevel = "debug";
"hydra.home" = mkVirtHost { };
locations."/" = { networking.firewall.interfaces.${vpnInterface} = {
proxyPass = "http://localhost:${builtins.toString config.services.hydra.port}"; allowedUDPPorts = [631];
allowedTCPPorts = [631 config.services.hydra.port];
};
hardware.printers = {
ensureDefaultPrinter = "Local";
ensurePrinters = lib.singleton {
description = "The fastest Boi in town!";
deviceUri = "usb://Samsung/ML-1640%20Series?serial=144QBAHS600499T.";
location = "@Home";
model = "samsung/ML-1640.ppd";
name = "Local";
ppdOptions = {
PageSize = "A4";
Resolution = "600dpi";
};
}; };
}; };
"cache.home" = mkVirtHost {
locations."/" = { virtualisation.oci-containers.backend = "podman";
proxyPass = "http://localhost:${builtins.toString config.services.nix-serve.port}"; virtualisation.podman = {
enable = true;
dockerCompat = true;
extraPackages = with pkgs; [zfs];
};
# Override storage driver
virtualisation.containers.storage.settings = {
storage = {
driver = "zfs";
graphroot = "/var/lib/containers/storage";
runroot = "/run/containers/storage";
}; };
}; };
};
# === PAPERLESS service, save me! === virtualisation.oci-containers.containers."timetagger" = {
services.paperless = { image = "ghcr.io/almarklein/timetagger:v23.2.1";
enable = true; ports = ["5873:5873"];
address = "[::1]"; environment = {
passwordFile = sopsPath "paperless-admin-password"; TIMETAGGER_BIND = "0.0.0.0:5873";
dataDir = "/data/dirty/paperless"; TIMETAGGER_DATADIR = "/root/_timetagger";
extraConfig = { TIMETAGGER_LOG_LEVEL = "info";
PAPERLESS_OCR_LANGUAGE = "deu"; TIMETAGGER_CREDENTIALS = "malte:$2a$08$P.e3SD0cnPK0P4mFYShELuoa37.1e1dEqE8MWa6LJ/kSJfje1BdBi,marie:$2a$08$ubOZWO510y5bgwIl0O4Ne.dKZdWoHqEMzvs56L6esqvLfBJ/6OgYm";
PAPERLESS_CONSUMER_RECURSIVE = true;
PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true;
PAPERLESS_URL = "https://doc.home";
};
};
services.nginx.virtualHosts."doc.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://[::1]:${builtins.toString config.services.paperless.port}";
proxyWebsockets = true;
};
};
# === Komga, for my reading needs ===
services.komga = {
enable = true;
stateDir = "/data/dirty/komga";
};
services.nginx.virtualHosts."read.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://[::1]:${builtins.toString config.services.komga.port}";
proxyWebsockets = true;
};
};
# === Trilium ===
services.trilium-server = {
enable = true;
port = 10302;
dataDir = "/data/dirty/trilium";
};
services.nginx.virtualHosts."note.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://${config.services.trilium-server.host}:${builtins.toString config.services.trilium-server.port}";
proxyWebsockets = true;
};
};
# === Photoprism ===
services.photoprism = {
enable = true;
port = 2342;
storagePath = "/data/dirty/photoprism/storage";
originalsPath = "/data/dirty/photoprism/originals";
importPath = "/data/dirty/photoprism/import";
passwordFile = sopsPath "photoprism-admin-password";
settings = {
PHOTOPRISM_SESSION_MAXAGE = "31536000";
PHOTOPRISM_SESSION_TIMEOUT = "31536000";
PHOTOPRISM_UPLOAD_NSFW = "true";
PHOTOPRISM_DETECT_NSFW = "true";
PHOTOPRISM_SITE_URL = "https://foto.home";
PHOTOPRISM_SITE_TITLE = "PhotoPrism";
PHOTOPRISM_SITE_CAPTION = "All the pictures!";
PHOTOPRISM_SITE_DESCRIPTION = "";
PHOTOPRISM_SITE_AUTHOR = "";
};
};
# TODO: Why does it not work without these? :/
systemd.services.photoprism.serviceConfig.User = lib.mkForce null;
systemd.services.photoprism.serviceConfig.Group = lib.mkForce null;
systemd.services.photoprism.serviceConfig.DynamicUser = lib.mkForce false;
systemd.services.photoprism.serviceConfig.SystemCallFilter = lib.mkForce [];
services.nginx.virtualHosts."foto.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://localhost:${builtins.toString config.services.photoprism.port}";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 500M;
'';
};
# === Restic User Backup ===
services.resticConfigured = {
enable = true;
rootDir = "/data/dirty/restic";
openFirewall = true;
};
# === Grafana ===
services.grafanaHome = {
enable = true;
nginx.listenAddresses = [vpnIPv4 "[${vpnIPv6}]"];
nginx.sslCertificate = sopsPath "nginx-cert-crt";
nginx.sslCertificateKey = sopsPath "nginx-cert-key";
grafana.adminPasswordFile = sopsPath "grafana-admin-password";
};
# === Prometheus ===
services.prometheus = {
enable = true;
enableReload = true;
exporters = {
fritzbox = {
enable = true;
gatewayAddress = "spof";
}; };
node = { volumes = [
enable = true; "/data/dirty/timetagger:/root/_timetagger"
enabledCollectors = ["systemd"];
disabledCollectors = ["diskstats"];
};
};
scrapeConfigs = scrapedExporters {inherit (config.services.prometheus.exporters) fritzbox node;};
};
systemd.services."prometheus-fritzbox-exporter".serviceConfig.EnvironmentFile = sopsPath "fritzbox-exporter-env";
# TODO: Yikes
systemd.services."prometheus-fritzbox-exporter".serviceConfig.ExecStart = let
cfg = config.services.prometheus.exporters.fritzbox;
in
lib.mkForce ''
${pkgs.prometheus-fritzbox-exporter}/bin/fritzbox_exporter \
-listen-address ${cfg.listenAddress}:${toString cfg.port} \
-gateway-url http://${cfg.gatewayAddress}:${toString cfg.gatewayPort} \
-gateway-luaurl http://${cfg.gatewayAddress} \
-metrics-file ${pkgs.prometheus-fritzbox-exporter}/share/metrics.json \
-lua-metrics-file ${pkgs.prometheus-fritzbox-exporter}/share/metrics-lua_cable.json
'';
# services.nginx.virtualHosts."media.home" = {
# locations."/" = {
# proxyPass = "http://127.0.0.1:7999";
# proxyWebsockets = true;
# };
# };
# services.nginx.virtualHosts."file.home" = {
# locations."/" = {
# proxyPass = "http://[::1]:${builtins.toString config.services.seafile.seafileSettings.fileserver.port}";
# proxyWebsockets = true;
# };
# };
# networking.firewall.allowedTCPPorts = [config.services.seafile.seafileSettings.fileserver.port];
# === Print Service ===
systemd.paths."print-all-files" = {
requires = ["printer.target"];
after = ["printer.target"];
wantedBy = ["default.target"];
pathConfig = {
DirectoryNotEmpty = "/srv/to-be-printed";
MakeDirectory = true;
DirectoryMode = "777";
Unit = "print-all-files.service";
};
};
systemd.services."print-all-files" = let
printAndDeleteFile = pkgs.writeShellApplication {
name = "print-and-delete-file";
runtimeInputs = [
pkgs.coreutils
pkgs.cups
]; ];
text = ''
echo Printing "$1"
lp -- "$1"
rm "$1"
'';
}; };
script = pkgs.writeShellApplication { services.nginx.virtualHosts."time.home" = mkVirtHost {
name = "print-all-files-script"; locations."/" = {
runtimeInputs = [ proxyPass = "http://127.0.0.1:5873";
pkgs.coreutils proxyWebsockets = true;
printAndDeleteFile };
];
text = ''
find . -type f -exec print-and-delete-file "{}" \;
'';
}; };
in {
requires = ["printer.target"]; # === Dim ===
after = ["printer.target"]; # virtualisation.oci-containers.containers."dim" = {
serviceConfig = { # environment = {};
WorkingDirectory = "/srv/to-be-printed"; # image = "ghcr.io/dusk-labs/dim:dev";
ExecStart = "${script}/bin/print-all-files-script"; # ports = lib.singleton "7999:8000";
# Wait 15 seconds before restart to let the file load, if not present yet # volumes = [
RestartSec = "15"; # # TODO: https://github.com/Dusk-Labs/dim/blob/master/docker-compose-template.yml
# "/srv/media.deletemesoon:/media:ro"
# ];
# #user = "${config.users.users.dim.name}:${config.users.groups.dim.name}";
# };
# === SheetAble ===
# virtualisation.oci-containers.containers."sheetable" = {
# environment = {
# CONFIG_PATH = "/app/config/";
# };
# image = "vallezw/sheetable";
# ports = lib.singleton "7998:8080";
# volumes = [
# # TODO: https://sheetable.net/docs/Installation/installation-docker
# ];
# };
# === Seafile ===
# services.seafile = {
# enable = true;
# adminEmail = "malte.tammena@pm.me";
# initialAdminPassword = "test";
# seafileSettings = {
# fileserver.host = "::1";
# };
# ccnetSettings.General.SERVICE_URL = "http://file.home";
# };
# === HYDRA & Friends. ===
services.hydra = {
enable = true;
package = pkgs.hydra;
notificationSender = "hydra@home";
hydraURL = "http://faunus-ater:${builtins.toString config.services.hydra.port}";
minimumDiskFree = 10;
useSubstitutes = true;
}; };
}; services.nix-serve = {
users.users.sftp = { enable = true;
description = "User used for all sftp stuff"; secretKeyFile = sopsPath "nix-store-signing-key";
isNormalUser = true; # FIXME: Remove once fixed upstream
group = "sftp"; package = pkgs.nix-serve.override {
openssh.authorizedKeys.keyFiles = [ nix = pkgs.nixVersions.nix_2_12;
../secrets/users/malte/sftp-key.pub };
../secrets/users/marie/sftp-key.pub };
# Build on other machines aswell if possible
nix.buildMachines = [
{
hostName = "localhost";
maxJobs = 4;
speedFactor = 1;
sshKey = sopsPath "hydra-overseer-key";
sshUser = "hydra-minion";
systems = ["x86_64-linux" "i686-linux"];
}
{
hostName = "helix-texta";
maxJobs = 4;
speedFactor = 2;
sshKey = sopsPath "hydra-overseer-key";
sshUser = "hydra-minion";
supportedFeatures = ["kvm" "big-parallel"];
systems = ["x86_64-linux" "i686-linux"];
}
{
hostName = "murex-pecten";
maxJobs = 4;
speedFactor = 4;
sshKey = sopsPath "hydra-overseer-key";
sshUser = "hydra-minion";
supportedFeatures = ["kvm" "big-parallel"];
systems = ["x86_64-linux" "i686-linux"];
}
]; ];
}; # TODO: This doesn't seem to work
users.groups.sftp = {}; programs.ssh.extraConfig = ''
Host *
StrictHostKeyChecking accept-new
'';
nix.extraOptions = ''
allowed-uris = http:// https://
'';
systemd.services."hydra-initial-setup" = {
description = "Setup hydra admin password once";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
LoadCredential = "USER_PW:${sopsPath "hydra-admin-password"}";
};
wantedBy = lib.singleton "multi-user.target";
requires = lib.singleton "hydra-init.service";
after = lib.singleton "hydra-init.service";
environment = {
inherit (config.systemd.services.hydra-init.environment) HYDRA_DBI;
};
script = let
hydra-create-user = "${pkgs.hydra}/bin/hydra-create-user";
in ''
if [ ! -e ~hydra/.setup-is-complete ]; then
# create admin user
${hydra-create-user} admin --full-name 'Admin Mc. Admining' --email-address 'admin@faunus-ater' --password "$USER_PW" --role admin || exit 1
# done
touch ~hydra/.setup-is-complete
fi
'';
};
services.nginx.virtualHosts = {
"hydra.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://localhost:${builtins.toString config.services.hydra.port}";
};
};
"cache.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://localhost:${builtins.toString config.services.nix-serve.port}";
};
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; # === PAPERLESS service, save me! ===
services.paperless = {
enable = true;
address = "[::1]";
passwordFile = sopsPath "paperless-admin-password";
dataDir = "/data/dirty/paperless";
extraConfig = {
PAPERLESS_OCR_LANGUAGE = "deu";
PAPERLESS_CONSUMER_RECURSIVE = true;
PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true;
PAPERLESS_URL = "https://doc.home";
};
};
services.nginx.virtualHosts."doc.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://[::1]:${builtins.toString config.services.paperless.port}";
proxyWebsockets = true;
};
};
# === BACKUPS === # === Komga, for my reading needs ===
services.restic.backups = { services.komga = {
# Make sure my 'active IO' disk get's saved once a day enable = true;
zdirty = { stateDir = "/data/dirty/komga";
initialize = true; };
repository = "/data/archive/dirty.bak"; services.nginx.virtualHosts."read.home" = mkVirtHost {
timerConfig.OnCalendar = "daily"; locations."/" = {
paths = lib.singleton "/data/dirty"; proxyPass = "http://[::1]:${builtins.toString config.services.komga.port}";
pruneOpts = [ proxyWebsockets = true;
"--keep-daily 1" };
"--keep-weekly 1" };
"--keep-monthly 1"
"--keep-yearly 5" # === Trilium ===
services.trilium-server = {
enable = true;
port = 10302;
dataDir = "/data/dirty/trilium";
};
services.nginx.virtualHosts."note.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://${config.services.trilium-server.host}:${builtins.toString config.services.trilium-server.port}";
proxyWebsockets = true;
};
};
# === Photoprism ===
services.photoprism = {
enable = true;
port = 2342;
storagePath = "/data/dirty/photoprism/storage";
originalsPath = "/data/dirty/photoprism/originals";
importPath = "/data/dirty/photoprism/import";
passwordFile = sopsPath "photoprism-admin-password";
settings = {
PHOTOPRISM_SESSION_MAXAGE = "31536000";
PHOTOPRISM_SESSION_TIMEOUT = "31536000";
PHOTOPRISM_UPLOAD_NSFW = "true";
PHOTOPRISM_DETECT_NSFW = "true";
PHOTOPRISM_SITE_URL = "https://foto.home";
PHOTOPRISM_SITE_TITLE = "PhotoPrism";
PHOTOPRISM_SITE_CAPTION = "All the pictures!";
PHOTOPRISM_SITE_DESCRIPTION = "";
PHOTOPRISM_SITE_AUTHOR = "";
};
};
# TODO: Why does it not work without these? :/
systemd.services.photoprism.serviceConfig.User = lib.mkForce null;
systemd.services.photoprism.serviceConfig.Group = lib.mkForce null;
systemd.services.photoprism.serviceConfig.DynamicUser = lib.mkForce false;
systemd.services.photoprism.serviceConfig.SystemCallFilter = lib.mkForce [];
services.nginx.virtualHosts."foto.home" = mkVirtHost {
locations."/" = {
proxyPass = "http://localhost:${builtins.toString config.services.photoprism.port}";
proxyWebsockets = true;
};
extraConfig = ''
client_max_body_size 500M;
'';
};
# === Restic User Backup ===
services.resticConfigured = {
enable = true;
rootDir = "/data/dirty/restic";
openFirewall = true;
};
# === Grafana ===
services.grafanaHome = {
enable = true;
nginx.listenAddresses = [vpnIPv4 "[${vpnIPv6}]"];
nginx.sslCertificate = sopsPath "nginx-cert-crt";
nginx.sslCertificateKey = sopsPath "nginx-cert-key";
grafana.adminPasswordFile = sopsPath "grafana-admin-password";
};
# === Prometheus ===
services.prometheus = {
enable = true;
enableReload = true;
exporters = {
fritzbox = {
enable = true;
gatewayAddress = "spof";
};
node = {
enable = true;
enabledCollectors = ["systemd"];
disabledCollectors = ["diskstats"];
};
};
scrapeConfigs = scrapedExporters {inherit (config.services.prometheus.exporters) fritzbox node;};
};
systemd.services."prometheus-fritzbox-exporter".serviceConfig.EnvironmentFile = sopsPath "fritzbox-exporter-env";
# TODO: Yikes
systemd.services."prometheus-fritzbox-exporter".serviceConfig.ExecStart = let
cfg = config.services.prometheus.exporters.fritzbox;
in
lib.mkForce ''
${pkgs.prometheus-fritzbox-exporter}/bin/fritzbox_exporter \
-listen-address ${cfg.listenAddress}:${toString cfg.port} \
-gateway-url http://${cfg.gatewayAddress}:${toString cfg.gatewayPort} \
-gateway-luaurl http://${cfg.gatewayAddress} \
-metrics-file ${pkgs.prometheus-fritzbox-exporter}/share/metrics.json \
-lua-metrics-file ${pkgs.prometheus-fritzbox-exporter}/share/metrics-lua_cable.json
'';
# services.nginx.virtualHosts."media.home" = {
# locations."/" = {
# proxyPass = "http://127.0.0.1:7999";
# proxyWebsockets = true;
# };
# };
# services.nginx.virtualHosts."file.home" = {
# locations."/" = {
# proxyPass = "http://[::1]:${builtins.toString config.services.seafile.seafileSettings.fileserver.port}";
# proxyWebsockets = true;
# };
# };
# networking.firewall.allowedTCPPorts = [config.services.seafile.seafileSettings.fileserver.port];
# === Print Service ===
systemd.paths."print-all-files" = {
requires = ["printer.target"];
after = ["printer.target"];
wantedBy = ["default.target"];
pathConfig = {
DirectoryNotEmpty = "/srv/to-be-printed";
MakeDirectory = true;
DirectoryMode = "777";
Unit = "print-all-files.service";
};
};
systemd.services."print-all-files" = let
printAndDeleteFile = pkgs.writeShellApplication {
name = "print-and-delete-file";
runtimeInputs = [
pkgs.coreutils
pkgs.cups
];
text = ''
echo Printing "$1"
lp -- "$1"
rm "$1"
'';
};
script = pkgs.writeShellApplication {
name = "print-all-files-script";
runtimeInputs = [
pkgs.coreutils
printAndDeleteFile
];
text = ''
find . -type f -exec print-and-delete-file "{}" \;
'';
};
in {
requires = ["printer.target"];
after = ["printer.target"];
serviceConfig = {
WorkingDirectory = "/srv/to-be-printed";
ExecStart = "${script}/bin/print-all-files-script";
# Wait 15 seconds before restart to let the file load, if not present yet
RestartSec = "15";
};
};
users.users.sftp = {
description = "User used for all sftp stuff";
isNormalUser = true;
group = "sftp";
openssh.authorizedKeys.keyFiles = [
../secrets/users/malte/sftp-key.pub
../secrets/users/marie/sftp-key.pub
]; ];
passwordFile = sopsPath "internal-restic-password";
}; };
}; users.groups.sftp = {};
# === RUNTIME SECRETS === hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
sops.defaultSopsFile = ../secrets/hosts/faunus-ater/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets = {
"paperless-admin-password" = {};
"photoprism-admin-password" = {};
"grafana-admin-password" = {
owner = config.users.users.grafana.name;
mode = "0400";
};
"nginx-cert-key" = {
owner = config.users.users.nginx.name;
mode = "0400";
};
"nginx-cert-crt" = {
owner = config.users.users.nginx.name;
mode = "0400";
};
"fritzbox-exporter-env" = {};
"internal-restic-password" = {};
"nix-store-signing-key" = {};
"hydra-admin-password" = {
owner = config.users.users.hydra.name;
mode = "0400";
};
"hydra-overseer-key" = {
owner = config.users.users.hydra.name;
mode = "0440";
};
};
# This value determines the NixOS release from which the default # === BACKUPS ===
# settings for stateful data, like file locations and database versions services.restic.backups = {
# on your system were taken. Its perfectly fine and recommended to leave # Make sure my 'active IO' disk get's saved once a day
# this value at the release version of the first install of this system. zdirty = {
# Before changing this value read the documentation for this option initialize = true;
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). repository = "/data/archive/dirty.bak";
system.stateVersion = "22.05"; # Did you read the comment? timerConfig.OnCalendar = "daily";
paths = lib.singleton "/data/dirty";
pruneOpts = [
"--keep-daily 1"
"--keep-weekly 1"
"--keep-monthly 1"
"--keep-yearly 5"
];
passwordFile = sopsPath "internal-restic-password";
};
};
# === RUNTIME SECRETS ===
sops.defaultSopsFile = ../secrets/hosts/faunus-ater/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets = {
"paperless-admin-password" = {};
"photoprism-admin-password" = {};
"grafana-admin-password" = {
owner = config.users.users.grafana.name;
mode = "0400";
};
"nginx-cert-key" = {
owner = config.users.users.nginx.name;
mode = "0400";
};
"nginx-cert-crt" = {
owner = config.users.users.nginx.name;
mode = "0400";
};
"fritzbox-exporter-env" = {};
"internal-restic-password" = {};
"nix-store-signing-key" = {};
"hydra-admin-password" = {
owner = config.users.users.hydra.name;
mode = "0400";
};
"hydra-overseer-key" = {
owner = config.users.users.hydra.name;
mode = "0440";
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
};
} }

166
hosts/granodomus-lima.nix
View file

@ -1,89 +1,91 @@
{ {pkgs, ...}: {
config, imports = [
pkgs, ../hardware/netcup-vps-200-g10.nix
... ../modules/nginx-reverse-proxy.nix
}: { ];
boot.loader.grub.enable = true; config = {
boot.loader.grub.version = 2; boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking.hostId = "94d74a20"; networking.hostId = "94d74a20";
networking.hostName = "granodomus-lima"; networking.hostName = "granodomus-lima";
networking.interfaces.ens3.useDHCP = true; networking.interfaces.ens3.useDHCP = true;
settings.ssh.openOutsideVPN = true; settings.ssh.openOutsideVPN = true;
users.users = { users.users = {
root = { root = {
hashedPassword = "$6$Yb1gdlKIpY1hRW1X$uUcNFuNnK2JFFN55Tkc.fPV.4I7RJvIfLEQayVP1utfkmjF0f/EHjtypxq11jR5NUUIJFQLW6ffajjduA2689."; hashedPassword = "$6$Yb1gdlKIpY1hRW1X$uUcNFuNnK2JFFN55Tkc.fPV.4I7RJvIfLEQayVP1utfkmjF0f/EHjtypxq11jR5NUUIJFQLW6ffajjduA2689.";
};
};
sops.defaultSopsFile = ../secrets/hosts/granodomus-lima/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# Run radicale with infcloud interface for me and Marie
services.radicaleWithInfcloud.enable = true;
services.qemuGuest.enable = true;
services.bind = {
enable = true;
cacheNetworks = ["any"];
forwarders = ["100.100.100.100"];
listenOn = ["any"];
listenOnIpv6 = ["any"];
zones."home" = let
granodomus-lima = {
v4 = "100.66.69.111";
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6242:456f";
}; };
faunus-ater = {
v4 = "100.108.135.4";
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704";
};
point = domain: host: ''
${domain} AAAA ${host.v6}
${domain} A ${host.v4}
'';
in {
master = true;
# TODO: Fix TTLs
file = pkgs.writeText "home-zone" ''
$TTL 1
@ IN SOA home. malte.home. (
5 ; Serial
1 ; Refresh
1 ; Retry
1 ; Expire
1) ; Negative Cache TTL
@ NS home.
${point "home." granodomus-lima}
${point "cal" granodomus-lima}
${point "mc" granodomus-lima}
${point "foto" faunus-ater}
${point "doc" faunus-ater}
${point "sheet" faunus-ater}
${point "media" faunus-ater}
${point "file" faunus-ater}
${point "stats" faunus-ater}
${point "cache" faunus-ater}
${point "hydra" faunus-ater}
${point "git" faunus-ater}
${point "read" faunus-ater}
${point "note" faunus-ater}
${point "time" faunus-ater}
'';
}; };
};
networking.firewall.allowedTCPPorts = [53];
networking.firewall.allowedUDPPorts = [53];
# This value determines the NixOS release from which the default sops.defaultSopsFile = ../secrets/hosts/granodomus-lima/secrets.yaml;
# settings for stateful data, like file locations and database versions sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system. # Run radicale with infcloud interface for me and Marie
# Before changing this value read the documentation for this option services.radicaleWithInfcloud.enable = true;
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment? services.qemuGuest.enable = true;
services.bind = {
enable = true;
cacheNetworks = ["any"];
forwarders = ["100.100.100.100"];
listenOn = ["any"];
listenOnIpv6 = ["any"];
zones."home" = let
granodomus-lima = {
v4 = "100.66.69.111";
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:6242:456f";
};
faunus-ater = {
v4 = "100.108.135.4";
v6 = "fd7a:115c:a1e0:ab12:4843:cd96:626c:8704";
};
point = domain: host: ''
${domain} AAAA ${host.v6}
${domain} A ${host.v4}
'';
in {
master = true;
# TODO: Fix TTLs
file = pkgs.writeText "home-zone" ''
$TTL 1
@ IN SOA home. malte.home. (
5 ; Serial
1 ; Refresh
1 ; Retry
1 ; Expire
1) ; Negative Cache TTL
@ NS home.
${point "home." granodomus-lima}
${point "cal" granodomus-lima}
${point "mc" granodomus-lima}
${point "foto" faunus-ater}
${point "doc" faunus-ater}
${point "sheet" faunus-ater}
${point "media" faunus-ater}
${point "file" faunus-ater}
${point "stats" faunus-ater}
${point "cache" faunus-ater}
${point "hydra" faunus-ater}
${point "git" faunus-ater}
${point "read" faunus-ater}
${point "note" faunus-ater}
${point "time" faunus-ater}
'';
};
};
networking.firewall.allowedTCPPorts = [53];
networking.firewall.allowedUDPPorts = [53];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
};
} }

313
hosts/helix-texta.nix
View file

@ -1,166 +1,177 @@
{ {
config,
pkgs, pkgs,
lib, inputs,
options,
flake,
... ...
}: { }: {
boot = { imports = [
# Use the systemd-boot EFI boot loader. inputs.nixos-hardware.nixosModules.common-cpu-intel
loader = { inputs.nixos-hardware.nixosModules.common-gpu-nvidia
systemd-boot.enable = true; inputs.nixos-hardware.nixosModules.common-pc-laptop
efi.canTouchEfiVariables = true; inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
}; inputs.nixos-hardware.nixosModules.common-pc-laptop-acpi_call
}; inputs.self.nixosModules.homeManagerConfig
inputs.custom-udev-rules.nixosModule
networking = { ../hardware/thinkpad-p1-gen3.nix
hostName = "helix-texta"; ../modules/light-actkbd.nix
networkmanager.enable = true;
};
nixpkgs.overlays = [
flake.inputs.nixpkgs-wayland.overlay
]; ];
system.fsPackages = [pkgs.sshfs]; config = {
boot = {
settings.minimalGnome.enable = true; # Use the systemd-boot EFI boot loader.
settings.printing.enable = true; loader = {
settings.batteryStuff.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
# Pipewire for my wayland };
sound.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
# config.pipewire-pulse."stream.properties" = {
# "channelmix.upmix" = true;
# "channelmix.lfe-cutoff" = 150;
# };
# config.pipewire = {"default.clock.allowed-rates" = [48000 44100];};
# media-session.config.media-session = lib.recursiveUpdate options.services.pipewire.media-session.config.media-session.default {
# "session.modules".default = options.services.pipewire.media-session.config.media-session.default."session.modules".default ++ ["default-profile"];
# };
# media-session.config.alsa-monitor = {
# rules = [
# {
# matches = [
# {
# "node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0";
# }
# ];
# actions = {
# update-props = {
# #"audio.rate" = 96000;
# "api.alsa.headroom" = 1024;
# };
# };
# }
# ];
# };
};
xdg.portal = {
enable = true;
extraPortals = with pkgs; [xdg-desktop-portal-gtk xdg-desktop-portal-hyprland];
};
services.udev.customRules = [
# Rename the Scarlett Solo using udev
{
name = "85-scarlett-solo";
rules = ''
SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="8211", ENV{ID_VENDOR_ID}=="1235", TAG+="systemd", SYMLINK+="scarlett_solo"
'';
}
{
name = "85-yubikey";
rules = ''
SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="0407", ENV{ID_VENDOR_ID}=="1050", TAG+="systemd", SYMLINK+="yubikey"
'';
}
];
security.pam = {
yubico = {
control = "sufficient";
mode = "challenge-response";
debug = false;
}; };
# TODO: Update once my PR lands
services.login.yubicoAuth = true;
services.login.fprintAuth = true;
services.sshd.fprintAuth = false;
};
# TODO: This is not good
services.fprintd.enable = true;
users.mutableUsers = false; networking = {
users.custom.malte.enable = true; hostName = "helix-texta";
networkmanager.enable = true;
};
# Use some fonts nixpkgs.overlays = [
fonts = { inputs.nixpkgs-wayland.overlay
enableDefaultFonts = true; ];
fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels];
fontconfig = { system.fsPackages = [pkgs.sshfs];
settings.minimalGnome.enable = true;
settings.printing.enable = true;
settings.batteryStuff.enable = true;
# Pipewire for my wayland
sound.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true; enable = true;
defaultFonts.monospace = ["Hack NF FC Ligatured"]; alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
# config.pipewire-pulse."stream.properties" = {
# "channelmix.upmix" = true;
# "channelmix.lfe-cutoff" = 150;
# };
# config.pipewire = {"default.clock.allowed-rates" = [48000 44100];};
# media-session.config.media-session = lib.recursiveUpdate options.services.pipewire.media-session.config.media-session.default {
# "session.modules".default = options.services.pipewire.media-session.config.media-session.default."session.modules".default ++ ["default-profile"];
# };
# media-session.config.alsa-monitor = {
# rules = [
# {
# matches = [
# {
# "node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0";
# }
# ];
# actions = {
# update-props = {
# #"audio.rate" = 96000;
# "api.alsa.headroom" = 1024;
# };
# };
# }
# ];
# };
}; };
}; xdg.portal = {
# Configure GPG with SSH support and enable the yubikey
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "qt";
};
# TODO: This defaults to true, why does it not work with virtualisation.containers.enable?
boot.enableContainers = false;
virtualisation = {
podman = {
enable = true; enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement extraPortals = with pkgs; [xdg-desktop-portal-gtk xdg-desktop-portal-hyprland];
dockerCompat = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
}; };
services.udev.customRules = [
# Rename the Scarlett Solo using udev
{
name = "85-scarlett-solo";
rules = ''
SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="8211", ENV{ID_VENDOR_ID}=="1235", TAG+="systemd", SYMLINK+="scarlett_solo"
'';
}
{
name = "85-yubikey";
rules = ''
SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="0407", ENV{ID_VENDOR_ID}=="1050", TAG+="systemd", SYMLINK+="yubikey"
'';
}
];
security.pam = {
yubico = {
control = "sufficient";
mode = "challenge-response";
debug = false;
};
# TODO: Update once my PR lands
services.login.yubicoAuth = true;
services.login.fprintAuth = true;
services.sshd.fprintAuth = false;
};
# TODO: This is not good
services.fprintd.enable = true;
users.mutableUsers = false;
users.custom.malte.enable = true;
# Use some fonts
fonts = {
enableDefaultFonts = true;
fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels];
fontconfig = {
enable = true;
defaultFonts.monospace = ["Hack NF FC Ligatured"];
};
};
# Configure GPG with SSH support and enable the yubikey
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "qt";
};
# TODO: This defaults to true, why does it not work with virtualisation.containers.enable?
boot.enableContainers = false;
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
};
programs.steam.enable = true;
nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {extraPkgs = pkgs: [pkgs.openssl];};
};
services.udev.packages = with pkgs; [yubikey-personalization chrysalis];
environment.systemPackages = with pkgs; [
thunderbolt
qt5.qtwayland
chrysalis
];
# TODO: Remove when firefox' RDD is fixed (allows libva)
environment.variables."MOZ_DISABLE_RDD_SANDBOX" = "1";
services.fwupd.enable = true;
services.devmon.enable = true;
sops.defaultSopsFile = ../secrets/hosts/helix-texta/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment?
}; };
programs.steam.enable = true;
nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {extraPkgs = pkgs: [pkgs.openssl];};
};
services.udev.packages = with pkgs; [yubikey-personalization chrysalis];
environment.systemPackages = with pkgs; [
thunderbolt
qt5.qtwayland
chrysalis
];
# TODO: Remove when firefox' RDD is fixed (allows libva)
environment.variables."MOZ_DISABLE_RDD_SANDBOX" = "1";
services.fwupd.enable = true;
services.devmon.enable = true;
sops.defaultSopsFile = ../secrets/hosts/helix-texta/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment?
} }

310
hosts/murex-pecten.nix
View file

@ -1,174 +1,186 @@
{ {
pkgs, pkgs,
flake, inputs,
... ...
}: { }: {
# Use the systemd-boot EFI boot loader. imports = [
boot.loader = { inputs.nixos-hardware.nixosModules.common-pc
systemd-boot.enable = true; inputs.nixos-hardware.nixosModules.common-pc-ssd
efi.canTouchEfiVariables = true; inputs.nixos-hardware.nixosModules.common-cpu-amd
}; inputs.nixos-hardware.nixosModules.common-gpu-amd
inputs.self.nixosModules.homeManagerConfig
networking = { inputs.custom-udev-rules.nixosModule
hostName = "murex-pecten"; ../hardware/aorus.nix
networkmanager.enable = true;
};
system.fsPackages = [pkgs.sshfs];
nixpkgs.overlays = [
flake.inputs.nixpkgs-wayland.overlay
]; ];
settings.minimalGnome.enable = true; config = {
settings.printing.enable = true; # Use the systemd-boot EFI boot loader.
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
sound.enable = true; networking = {
security.rtkit.enable = true; hostName = "murex-pecten";
services.pipewire = { networkmanager.enable = true;
enable = true; };
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
# config.pipewire-pulse."stream.properties" = { system.fsPackages = [pkgs.sshfs];
# "channelmix.upmix" = true;
# "channelmix.lfe-cutoff" = 150;
# };
# config.pipewire."default.clock.allowed-rates" = [48000 44100]; nixpkgs.overlays = [
inputs.nixpkgs-wayland.overlay
];
# media-session.config.alsa-monitor = { settings.minimalGnome.enable = true;
# rules = [ settings.printing.enable = true;
# {
# matches = [
# {
# "node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0";
# }
# ];
# actions = {
# update-props = {
# #"audio.rate" = 96000;
# "api.alsa.headroom" = 1024;
# };
# };
# }
# ];
# };
};
xdg.portal = { sound.enable = true;
enable = true; security.rtkit.enable = true;
extraPortals = with pkgs; [xdg-desktop-portal-gtk xdg-desktop-portal-hyprland]; services.pipewire = {
};
hardware = {
opengl = {
enable = true; enable = true;
driSupport = true; alsa.enable = true;
driSupport32Bit = true; alsa.support32Bit = true;
extraPackages = with pkgs; [amdvlk]; pulse.enable = true;
extraPackages32 = with pkgs; [driversi686Linux.amdvlk]; jack.enable = true;
# config.pipewire-pulse."stream.properties" = {
# "channelmix.upmix" = true;
# "channelmix.lfe-cutoff" = 150;
# };
# config.pipewire."default.clock.allowed-rates" = [48000 44100];
# media-session.config.alsa-monitor = {
# rules = [
# {
# matches = [
# {
# "node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y7ENM550A6399B-00.pro-output-0";
# }
# ];
# actions = {
# update-props = {
# #"audio.rate" = 96000;
# "api.alsa.headroom" = 1024;
# };
# };
# }
# ];
# };
}; };
};
users.mutableUsers = false; xdg.portal = {
users.custom.marie.enable = false;
users.custom.malte.enable = true;
fonts = {
enableDefaultFonts = true;
fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels];
fontconfig = {
enable = true; enable = true;
defaultFonts.monospace = ["Hack NF FC Ligatured"]; extraPortals = with pkgs; [xdg-desktop-portal-gtk xdg-desktop-portal-hyprland];
}; };
};
# Configure GPG with SSH support and enable the yubikey hardware = {
programs.gnupg.agent = { opengl = {
enable = true; enable = true;
enableSSHSupport = true; driSupport = true;
pinentryFlavor = "qt"; driSupport32Bit = true;
}; extraPackages = with pkgs; [amdvlk];
extraPackages32 = with pkgs; [driversi686Linux.amdvlk];
security.pam = { };
yubico = {
enable = false;
mode = "challenge-response";
control = "sufficient";
}; };
services.login.yubicoAuth = true;
};
# TODO: Remove/Move users.mutableUsers = false;
services.mysql.enable = true; users.custom.marie.enable = false;
services.mysql.package = pkgs.mariadb; users.custom.malte.enable = true;
services.udev.customRules = [ fonts = {
# Rename the Scarlett Solo using udev enableDefaultFonts = true;
{ fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels];
name = "85-scarlett-solo"; fontconfig = {
rules = '' enable = true;
SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="8211", ENV{ID_VENDOR_ID}=="1235", TAG+="systemd", SYMLINK+="scarlett_solo" defaultFonts.monospace = ["Hack NF FC Ligatured"];
''; };
} };
{
name = "85-yubikey";
rules = ''
SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="0407", ENV{ID_VENDOR_ID}=="1050", TAG+="systemd", SYMLINK+="yubikey"
'';
}
];
# TODO: This defaults to true, why does it not work with virtualisation.containers.enable? # Configure GPG with SSH support and enable the yubikey
boot.enableContainers = false; programs.gnupg.agent = {
virtualisation = {
podman = {
enable = true; enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement enableSSHSupport = true;
dockerCompat = true; pinentryFlavor = "qt";
dockerSocket.enable = true;
}; };
security.pam = {
yubico = {
enable = false;
mode = "challenge-response";
control = "sufficient";
};
services.login.yubicoAuth = true;
};
# TODO: Remove/Move
services.mysql.enable = true;
services.mysql.package = pkgs.mariadb;
services.udev.customRules = [
# Rename the Scarlett Solo using udev
{
name = "85-scarlett-solo";
rules = ''
SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="8211", ENV{ID_VENDOR_ID}=="1235", TAG+="systemd", SYMLINK+="scarlett_solo"
'';
}
{
name = "85-yubikey";
rules = ''
SUBSYSTEM=="usb", ENV{ID_MODEL_ID}=="0407", ENV{ID_VENDOR_ID}=="1050", TAG+="systemd", SYMLINK+="yubikey"
'';
}
];
# TODO: This defaults to true, why does it not work with virtualisation.containers.enable?
boot.enableContainers = false;
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
dockerSocket.enable = true;
};
};
programs.steam.enable = true;
programs.corectrl.enable = true;
services.dbus.packages = with pkgs; [openrgb];
services.udev.packages = with pkgs; [
yubikey-personalization
chrysalis
openrgb
i2c-tools
gnome3.gnome-settings-daemon
qmk-udev-rules
vial
];
sops.defaultSopsFile = ../secrets/hosts/murex-pecten/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
environment.systemPackages = with pkgs; [
qt5.qtwayland
thunderbolt
chrysalis
openrgb
gnomeExtensions.appindicator
qmk
vial
];
services.fwupd.enable = true;
services.devmon.enable = true;
services.ratbagd.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
}; };
programs.steam.enable = true;
programs.corectrl.enable = true;
services.dbus.packages = with pkgs; [openrgb];
services.udev.packages = with pkgs; [
yubikey-personalization
chrysalis
openrgb
i2c-tools
gnome3.gnome-settings-daemon
qmk-udev-rules
vial
];
sops.defaultSopsFile = ../secrets/hosts/murex-pecten/secrets.yaml;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
environment.systemPackages = with pkgs; [
qt5.qtwayland
thunderbolt
chrysalis
openrgb
gnomeExtensions.appindicator
qmk
vial
];
services.fwupd.enable = true;
services.devmon.enable = true;
services.ratbagd.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
} }

127
hosts/polymita-picta.nix
View file

@ -1,64 +1,75 @@
{pkgs, ...}: { {
boot.loader.systemd-boot.enable = true; pkgs,
boot.loader.efi.canTouchEfiVariables = false; inputs,
networking.hostName = "polymita-picta"; ...
networking.networkmanager.enable = true; }: {
imports = [
inputs.self.nixosModules.homeManagerConfig
(inputs.jovian-nixos + "/modules")
../hardware/steam-deck.nix
];
config = {
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
networking.hostName = "polymita-picta";
networking.networkmanager.enable = true;
# === Settings === # === Settings ===
settings.ssh.openOutsideVPN = true; settings.ssh.openOutsideVPN = true;
hardware.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
services.xserver.enable = true; services.xserver.enable = true;
services.xserver.desktopManager.plasma5.enable = true; services.xserver.desktopManager.plasma5.enable = true;
services.xserver.displayManager = { services.xserver.displayManager = {
lightdm.enable = true; lightdm.enable = true;
autoLogin = { autoLogin = {
enable = true; enable = true;
user = "malte"; user = "malte";
};
}; };
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
programs.dconf.enable = true;
users = {
mutableUsers = false;
defaultUserShell = pkgs.fish;
custom.malte.enable = true;
custom.malte.steamDeck = true;
};
environment.systemPackages = with pkgs; [
steam-rom-manager
];
security.sudo.extraRules = [
{
users = ["malte"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
jovian.devices.steamdeck.enable = true;
jovian.steam.enable = true;
jovian.devices.steamdeck.enableVendorRadv = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}; };
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
programs.dconf.enable = true;
users = {
mutableUsers = false;
defaultUserShell = pkgs.fish;
custom.malte.enable = true;
custom.malte.steamDeck = true;
};
environment.systemPackages = with pkgs; [
steam-rom-manager
];
security.sudo.extraRules = [
{
users = ["malte"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
jovian.devices.steamdeck.enable = true;
jovian.steam.enable = true;
jovian.devices.steamdeck.enableVendorRadv = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
} }

177
hosts/trochulus-hispidus.nix
View file

@ -1,96 +1,105 @@
{ {
config,
pkgs, pkgs,
inputs,
... ...
}: { }: {
boot.loader.systemd-boot.enable = true; imports = [
boot.loader.efi.canTouchEfiVariables = true; inputs.nixos-hardware.nixosModules.common-cpu-intel
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
inputs.self.nixosModules.homeManagerConfig
../hardware/latitude-e7440.nix
];
config = {
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "trochulus-hispidus"; networking.hostName = "trochulus-hispidus";
networking.interfaces.eno1.useDHCP = true; networking.interfaces.eno1.useDHCP = true;
networking.interfaces.wlp2s0.useDHCP = true; networking.interfaces.wlp2s0.useDHCP = true;
settings.minimalGnome.enable = true; settings.minimalGnome.enable = true;
settings.printing.enable = true; settings.printing.enable = true;
hardware = { hardware = {
opengl = { opengl = {
enable = true; enable = true;
driSupport = true; driSupport = true;
driSupport32Bit = true; driSupport32Bit = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
intel-media-driver intel-media-driver
vaapiIntel vaapiIntel
vaapiVdpau vaapiVdpau
libvdpau-va-gl libvdpau-va-gl
]; ];
extraPackages32 = with pkgs.pkgsi686Linux; [vaapiIntel]; extraPackages32 = with pkgs.pkgsi686Linux; [vaapiIntel];
};
}; };
# Make sure her settings are all in German since she prefers it that way!
i18n.defaultLocale = "de_DE.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "de";
};
services.xserver.layout = "de";
# TODO: Remove when firefox' RDD is fixed (allows libva)
environment.variables."MOZ_DISABLE_RDD_SANDBOX" = "1";
# Enable the X11 windowing system.
services.xserver = {
enable = true;
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
libinput.enable = true;
libinput.mouse.accelProfile = "flat";
libinput.touchpad.accelProfile = "flat";
};
# But disable geary in favour of evolution
programs.geary.enable = false;
programs.evolution.enable = true;
services.fprintd.enable = true;
services.fwupd.enable = true;
services.devmon.enable = true;
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
xdg.portal = {
enable = true;
extraPortals = [pkgs.xdg-desktop-portal-wlr];
};
users = {
mutableUsers = false;
custom.marie.enable = true;
};
fonts = {
enableDefaultFonts = true;
fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels];
fontconfig = {enable = true;};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
}; };
# Make sure her settings are all in German since she prefers it that way!
i18n.defaultLocale = "de_DE.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "de";
};
services.xserver.layout = "de";
# TODO: Remove when firefox' RDD is fixed (allows libva)
environment.variables."MOZ_DISABLE_RDD_SANDBOX" = "1";
# Enable the X11 windowing system.
services.xserver = {
enable = true;
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
libinput.enable = true;
libinput.mouse.accelProfile = "flat";
libinput.touchpad.accelProfile = "flat";
};
# But disable geary in favour of evolution
programs.geary.enable = false;
programs.evolution.enable = true;
services.fprintd.enable = true;
services.fwupd.enable = true;
services.devmon.enable = true;
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
xdg.portal = {
enable = true;
extraPortals = [pkgs.xdg-desktop-portal-wlr];
};
users = {
mutableUsers = false;
custom.marie.enable = true;
};
fonts = {
enableDefaultFonts = true;
fonts = with pkgs; [hackNerdLigatures noto-fonts noto-fonts-cjk joypixels];
fontconfig = {enable = true;};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
} }

4
modules/malte.nix
View file

@ -2,7 +2,7 @@
pkgs, pkgs,
lib, lib,
config, config,
flake, inputs,
... ...
}: let }: let
cfg = config.users.custom.malte; cfg = config.users.custom.malte;
@ -38,7 +38,7 @@ in {
openssh.authorizedKeys.keyFiles = [../users/malte/yubikey.pub]; openssh.authorizedKeys.keyFiles = [../users/malte/yubikey.pub];
}; };
home-manager.users.malte.imports = [../users/malte/home.nix flake.inputs.nix-colors.homeManagerModule flake.inputs.hyprland.homeManagerModules.default]; home-manager.users.malte.imports = [../users/malte/home.nix inputs.nix-colors.homeManagerModule inputs.hyprland.homeManagerModules.default];
programs.fish.enable = true; programs.fish.enable = true;
services.darkman.enable = !cfg.steamDeck; services.darkman.enable = !cfg.steamDeck;

16
pkgs/all-hosts.nix Normal file
View file

@ -0,0 +1,16 @@
{
writeShellApplication,
jq,
nix,
...
}:
writeShellApplication {
name = "all-hosts";
runtimeInputs = [
jq
nix
];
text = ''
nix eval --json .#nixosConfigurations --apply builtins.attrNames 2>/dev/null | jq -r .[]
'';
}

14
pkgs/option.nix Normal file
View file

@ -0,0 +1,14 @@
{
writeShellApplication,
coreutils,
nix,
...
}:
writeShellApplication {
name = "option";
runtimeInputs = [
coreutils
nix
];
text = builtins.readFile ../scripts/option.sh;
}

14
pkgs/personal-cache.nix Normal file
View file

@ -0,0 +1,14 @@
{
writeShellApplication,
coreutils,
nix,
...
}:
writeShellApplication {
name = "personal-cache";
runtimeInputs = [
coreutils
nix
];
text = builtins.readFile ../scripts/personal-cache.sh;
}

18
pkgs/rebuild.nix Normal file
View file

@ -0,0 +1,18 @@
{
writeShellApplication,
coreutils,
git,
nixos-rebuild,
callPackage,
...
}:
writeShellApplication {
name = "rebuild";
runtimeInputs = [
coreutils
git
(callPackage ./personal-cache.nix {})
nixos-rebuild
];
text = builtins.readFile ../scripts/rebuild.sh;
}

20
pkgs/test-config.nix Normal file
View file

@ -0,0 +1,20 @@
{
writeShellApplication,
coreutils,
nix,
nixos-rebuild,
bat,
callPackage,
...
}:
writeShellApplication {
name = "test-config";
runtimeInputs = [
coreutils
nix
(callPackage ./all-hosts.nix {})
nixos-rebuild
bat
];
text = builtins.readFile ../scripts/test-config.sh;
}

2
scripts/notmuch-new.sh
View file

@ -1,3 +1,5 @@
#!/bin/sh
# Script to be run after mailboxes have been synchronized # Script to be run after mailboxes have been synchronized
# Expects `notmuch` in the PATH # Expects `notmuch` in the PATH

1
scripts/option.sh
View file

@ -1,3 +1,4 @@
#!/bin/bash
function print_help() { function print_help() {
printf "Usage:" printf "Usage:"

1
scripts/personal-cache.sh
View file

@ -1,3 +1,4 @@
#!/bin/bash
store="http://cache.home" store="http://cache.home"

17
scripts/rebuild.sh
View file

@ -1,3 +1,4 @@
#!/bin/bash
function print_help() { function print_help() {
printf "Usage:" printf "Usage:"
@ -13,17 +14,17 @@ action=$1
case "$action" in case "$action" in
"switch" | "boot" | "test") "switch" | "boot" | "test")
optSudo=sudo optSudo=sudo
;; ;;
*) *)
optSudo= optSudo=
;; ;;
esac esac
ARGS=( "$action" ) ARGS=("$action")
if personal-cache --ping; then if personal-cache --ping; then
ARGS+=( "--option" "extra-substituters" "$(personal-cache --url)" ) ARGS+=("--option" "extra-substituters" "$(personal-cache --url)")
printf "Cache is up and running!\n" printf "Cache is up and running!\n"
else else
printf "Cache is down!\n" printf "Cache is down!\n"
@ -31,10 +32,10 @@ fi
if [ -n "${2+x}" ]; then if [ -n "${2+x}" ]; then
host=$2 host=$2
ARGS+=( "--build-host" "root@$host" "--target-host" "root@$host" "--flake" ".#${host}" ) ARGS+=("--build-host" "root@$host" "--target-host" "root@$host" "--flake" ".#${host}")
printf "Building on %s!\n" "$host" printf "Building on %s!\n" "$host"
else else
ARGS+=( "--flake" "." ) ARGS+=("--flake" "." "--show-trace")
printf "Building on localhost!\n" printf "Building on localhost!\n"
fi fi

3
scripts/test-config.sh
View file

@ -1,8 +1,9 @@
#!/bin/bash
for host in $(all-hosts); do for host in $(all-hosts); do
printf -- "-> Checking %s.. " "$host" printf -- "-> Checking %s.. " "$host"
if nixos-rebuild --flake ".#$host" dry-build 2> /tmp/build-output; then if nixos-rebuild --show-trace --flake ".#$host" dry-build 2>/tmp/build-output; then
printf "ok\n" printf "ok\n"
else else
printf "failed!\n" printf "failed!\n"