alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alex:0c0c27361ce55eecc1c36b35dff620fdfb69f529
Branches Tags
alex:main
...
compare: alex:main
Branches Tags
alex:main

168 Commits
0c0c27361c ... main

Author SHA1 Message Date
Alexander Heldt
4d0e3681cb manatee: Add new vdev to zpool 2025-11-22 11:42:34 +01:00
Alexander Heldt
b246c9c1ec pinwheel: Fix GOPATH for go 2025-11-08 23:13:04 +01:00
Alexander Heldt
3cfc99ad2d pinwheel: Configure flycheck for emacs 2025-11-08 23:12:16 +01:00
Alexander Heldt
cbc4564289 pinwheel: Remove eldoc-box from emacs 2025-11-08 22:57:23 +01:00
Alexander Heldt
084387246a pinwheel: Remove knowledge of andromeda 2025-11-02 21:37:02 +01:00
Alexander Heldt
534752a1c3 test-vm: Increase disk size 2025-11-02 21:34:50 +01:00
Alexander Heldt
6c7a17035e pinwheel: Enable gleam in emacs 2025-10-29 20:15:21 +01:00
Alexander Heldt
7f86e790c2 pinwheel: Add gleam module 2025-10-29 20:14:08 +01:00
Alexander Heldt
88067e2f8c manatee: Add navidrome module 2025-10-26 20:34:52 +00:00
Alexander Heldt
b723becbba Update whib-frontend input 2025-10-26 21:21:28 +01:00
Alexander Heldt
200cb8b026 tadpole: Update whib backend host 2025-10-26 21:12:59 +01:00
Alexander Heldt
b7ad1d391f tadpole: Add whib-frontend service 2025-10-26 16:24:29 +01:00
Alexander Heldt
0e1b8581af test-vm: Add whib-frontend module 2025-10-26 15:24:21 +01:00
Alexander Heldt
21adf4a3dc Add whib-frontend input 2025-10-26 15:23:47 +01:00
Alexander Heldt
8349132d66 manatee: Set EDITOR to be vim 2025-10-26 12:56:53 +01:00
Alexander Heldt
91f78ba510 pinwheel: Set cursor theme 2025-10-20 18:48:34 +02:00
Alexander Heldt
9e45600e37 pinwheel: Update music and use naviterm 2025-10-20 18:47:46 +02:00
Alexander Heldt
87d1d96211 Add flake input for naviterm 2025-10-20 18:42:22 +02:00
Alexander Heldt
67134682d9 pinwheel: Disable resolved.dnssec 
As it breaks tailscale <-> openvpn

> At the time of September 2023, systemd upstream advise to disable DNSSEC
> by default as the current code is not robust enough to deal with
> “in the wild” non-compliant servers, which will usually give you a
> broken bad experience in addition of insecure.
 2025-10-19 14:39:05 +02:00
Alexander Heldt
cefd4a966c pinwheel: Remove unused update-systemd-resolved 2025-10-19 14:37:45 +02:00
Alexander Heldt
07a7d65f0d pinwheel: Re-enable systemd-resolved 
As `openvpn` is broken without it running (segfaults)
 2025-10-19 11:50:19 +02:00
Alexander Heldt
4e0144715c Update flake inputs 2025-10-19 11:50:06 +02:00
Alexander Heldt
7180d12bb8 pinwheel: Replace hyprland monitor script with auto-center-* 2025-10-15 16:25:56 +02:00
Alexander Heldt
4ae2967529 Update flake inputs 2025-10-15 15:25:49 +02:00
Alexander Heldt
54b3b0373d Update flake inputs 2025-10-13 14:44:49 +00:00
Alexander Heldt
d518832836 pinwheel: Fix go ENV variables 2025-10-07 14:35:37 +02:00
Alexander Heldt
5db42c1ca9 Update flake inputs 2025-10-06 21:08:48 +02:00
Alexander Heldt
b9d5cfd001 pinwheel: Use latest intellij for work 2025-10-06 20:29:38 +02:00
Alexander Heldt
bf54e4a9e1 pinwheel: Add vlc 2025-10-06 20:26:42 +02:00
Alexander Heldt
061a238037 backwards: Add nethack 2025-07-10 16:48:43 +02:00
Alexander Heldt
ce4536d340 backwards: Add sshfs 2025-07-10 16:48:27 +02:00
Alexander Heldt
edae2eb1d4 pinwheel/backwards: Remove ttrpg syncthing share 2025-07-10 16:33:44 +02:00
Alexander Heldt
50cabdcfc8 syncthing: Update phone ID 2025-07-10 16:21:03 +02:00
Alexander Heldt
f7dfd9dbdb manatee: Bump upload limit for calibre-web 2025-07-10 14:11:38 +00:00
Alexander Heldt
f27e42dc8f manatee: Add virtual host for calibre-web 2025-07-10 14:11:38 +00:00
Alexander Heldt
fd77d43d2e pinwheel: Remove unsafe beekeeper-studio 2025-07-10 16:09:40 +02:00
Alexander Heldt
8d81defb25 Update flake inputs 2025-07-10 16:07:42 +02:00
Alexander Heldt
c87c07ca3a manatee/backwards: Move calibre-web module to manatee 2025-05-18 20:13:10 +02:00
Alexander Heldt
5f5df49717 pinwheel/manatee: Share org via syncthing 2025-05-18 17:36:37 +02:00
Alexander Heldt
ba6c13725a manatee: Add syncthing ID to shared syncthing module 2025-05-18 15:12:52 +00:00
Alexander Heldt
62a9709ff5 manatee: Use secrets for syncthing cert/key 2025-05-18 17:09:39 +02:00
Alexander Heldt
173e7acec8 manatee: Add secrets for syncthing cert/key 2025-05-18 17:09:38 +02:00
Alexander Heldt
80089dbb49 manatee: Add syncthing module 2025-05-18 15:05:37 +00:00
Alexander Heldt
c7b7a4f1d9 manatee: Add public directory in sync ZFS dataset 2025-05-18 16:33:03 +02:00
Alexander Heldt
6db6c605a3 manatee: Add sync ZFS dataset 2025-05-18 16:32:46 +02:00
Alexander Heldt
aadd529260 manatee: Add nginx module 2025-05-18 16:08:22 +02:00
Alexander Heldt
99c1658a2e backwards: Enable hardware acceleration 2025-05-14 19:50:23 +02:00
Alexander Heldt
820d1a4372 manatee: Enable ZFS auto scrub 2025-05-09 21:55:47 +02:00
Alexander Heldt
a37e5da5b8 manatee: Enable smartd for harddrives 2025-05-09 21:54:32 +02:00
Alexander Heldt
0abb85a15e pinwheel: Fix ssh hostname for manatee 2025-05-09 21:40:14 +02:00
Alexander Heldt
94e2be1e11 backwards: Add ssh keys for manatee 2025-05-09 21:39:57 +02:00
Alexander Heldt
7f9e4fab1e manatee: Add backwards to authorized ssh keys 2025-05-09 21:33:49 +02:00
Alexander Heldt
7690235909 backwards/manatee: Add secrets for ssh keys 2025-05-09 21:31:49 +02:00
Alexander Heldt
3d5c00f741 manatee: Add enable option to jellyfin module 2025-05-09 21:26:22 +02:00
Alexander Heldt
9f37b19502 manatee: Add immich module 2025-05-09 21:26:21 +02:00
Alexander Heldt
7bca2c9135 manatee: Add public directory in cameras ZFS dataset 2025-05-06 16:48:46 +00:00
Alexander Heldt
eb191a911a manatee: Add cameras ZFS dataset 2025-05-06 16:32:48 +00:00
Alexander Heldt
a777f629ce backwards: Do not backup reading-material to the cloud 2025-05-04 14:35:44 +02:00
Alexander Heldt
8298eb4f3b backwards: Fix wrong secret name of restic-password 2025-05-04 14:29:39 +02:00
Alexander Heldt
3004725f7d pinwheel/backwards: Adjust reading-material sync through syncthing 
Move `books` and into `reading-material`
 2025-05-04 14:25:09 +02:00
Alexander Heldt
29104dc775 pinwheel: Adjust colors.background to match dracula themes 2025-05-04 12:24:34 +02:00
Alexander Heldt
a2afc6a205 pinwheel: Fix zsh.initContent attribute definition 2025-05-03 17:32:28 +02:00
Alexander Heldt
f12e35babf backwards: Fix pulseaudio attribute definition 2025-05-03 17:29:41 +02:00
Alexander Heldt
fa846cba4f Update flake input 2025-05-03 15:26:58 +00:00
Alexander Heldt
ecb67deed3 backwards: Remove audiobookshelf module 2025-05-03 16:50:15 +02:00
Alexander Heldt
72d2bb976f manatee: Add audiobookshelf module 2025-05-03 16:49:22 +02:00
Alexander Heldt
24c1731071 backwards: Remove transmission module 2025-05-03 16:29:16 +02:00
Alexander Heldt
ab94e2c1eb backwards: Remove jellyfin module 2025-05-03 16:28:25 +02:00
Alexander Heldt
50fd0cc57f manatee: Add jellyfin module 2025-05-03 16:26:43 +02:00
Alexander Heldt
4e14b6b379 manatee: Add transmission module 2025-05-03 12:50:35 +02:00
Alexander Heldt
338b8be3d9 manatee: Add storage group that owns /mnt/media/public 2025-05-03 12:45:14 +02:00
Alexander Heldt
99ebd8988d manatee: Add tailscale module 2025-05-02 16:03:46 +02:00
Alexander Heldt
3fb253038b manatee: Add host manatee 2025-05-02 12:07:28 +02:00
Alexander Heldt
7d9ac21c7d manatee: Add secrets for ssh machine (root) key 2025-05-02 12:07:26 +02:00
Alexander Heldt
8e3acc8a33 manatee: Add secrets for ssh key to git.ppp.pm 2025-05-02 12:04:45 +02:00
Alexander Heldt
ddd3b1c6e7 Add disco to inputs 2025-05-02 12:00:41 +02:00
Alexander Heldt
3952959a12 pinwheel: Add ssh key for manatee 2025-05-02 12:00:37 +02:00
Alexander Heldt
ef67c83808 manatee: Add manatee to secrets 2025-05-02 11:53:01 +02:00
Alexander Heldt
f1b6bb9ae0 pinwheel/backwards: Share reading-material through syncthing 2025-03-25 20:46:16 +01:00
Alexander Heldt
36744c4b60 backwards: Share reading-material with phone and tablet 2025-03-25 20:29:18 +01:00
Alexander Heldt
08d05ccae3 Add tablet to shared syncthing devices 2025-03-25 20:22:40 +01:00
Alexander Heldt
2411eeca80 pinwheel: Use updated attribute name for pulseaudio 2025-03-25 20:19:40 +01:00
Alexander Heldt
f9b5905c96 backwards: Fix firefox binary paths 2025-03-25 20:18:43 +01:00
Alexander Heldt
90c885d6cd pinwheel: Fix firefox binary paths 2025-03-02 11:31:43 +01:00
Alexander Heldt
393975767b Update flake inputs 2025-03-02 11:31:33 +01:00
Alexander Heldt
b177ce25c5 Update WHIB input 2025-02-08 12:00:19 +01:00
Alexander Heldt
f8eaab252d backwards: Fix retroarch 2025-02-02 12:02:54 +01:00
Alexander Heldt
2bbad27f23 Update flake inputs 2025-02-02 11:37:13 +01:00
Alexander Heldt
c478f795f1 tadpole/test-vm: Update WHIB service 
- Update `WHIB` input
- Update secrets to reflect changes in input
 2025-02-02 11:05:59 +01:00
Alexander Heldt
01cff093fd pinwheel: Fix style of notifications 2025-01-11 20:16:21 +01:00
Alexander Heldt
5b21268c54 tadpole: Use port 3001 for gitea 2025-01-03 12:39:41 +01:00
Alexander Heldt
e89a61c6c5 tadpole: Assert that nginx is running when using ppp.pm-site 2025-01-03 11:29:29 +01:00
Alexander Heldt
7ab5cc5b1c tadpole: Assert that nginx is running when using gitea 2025-01-03 11:29:29 +01:00
Alexander Heldt
6ca1c92a81 tadpole: Add WHIB backend 2025-01-03 11:29:29 +01:00
Alexander Heldt
349315ec47 tadpole: Add secrets for whib service 2025-01-03 11:29:29 +01:00
Alexander Heldt
4f15de53f3 test-vm: Add WHIB backend 2025-01-03 11:29:29 +01:00
Alexander Heldt
51d32e66c4 Update README with documentation about the test-vm 2024-12-20 13:05:45 +01:00
Alexander Heldt
12921700ab test-vm: Echo help message for shutdown alias 2024-12-20 13:05:23 +01:00
Alexander Heldt
94aef10d67 test-vm: Resize terminal to host terminal size 2024-12-20 12:12:16 +01:00
Alexander Heldt
fd31675cac test-vm: Add alias of shutting down the VM 2024-12-20 12:12:16 +01:00
Alexander Heldt
6b79aa8fca test-vm: Auto login a user and assume its sudo 2024-12-20 12:12:16 +01:00
Alexander Heldt
18c95d2f9c test-vm: Increase disk size 2024-12-20 12:12:16 +01:00
Alexander Heldt
00b2946d59 pinwheel: Don't override go version 2024-12-20 12:11:33 +01:00
Alexander Heldt
ea998d33a4 pinwheel: Fix fonts 2024-12-20 12:11:19 +01:00
Alexander Heldt
ea6a846139 Update flake inputs 2024-12-20 12:11:10 +01:00
Alexander Heldt
5ab0ac4828 pinwheel: Add volume sharing for vms 2024-11-28 18:26:28 +01:00
Alexander Heldt
a3133defeb config-manager: Fix --update 2024-11-28 18:25:55 +01:00
Alexander Heldt
94e35677a6 pinwheel: Fix hyprland "smart gaps" 2024-11-28 18:25:38 +01:00
Alexander Heldt
bdb8df947f Update flake inputs 2024-11-28 18:25:27 +01:00
Alexander Heldt
52567105ff pinwheel: Update work github token 2024-11-25 08:47:50 +01:00
Alexander Heldt
f8b39ee30c pinwheel: Set intellij version to 2024.2.4 in for work 2024-11-24 19:08:59 +01:00
Alexander Heldt
c80e053c1c pinwheel: Indent js code in emacs with spaces 2024-11-21 08:55:25 +01:00
Alexander Heldt
ebda6c57eb pinwheel: Add pants for work 2024-11-02 14:18:28 +01:00
Alexander Heldt
7009ee3c32 Update flake inputs 2024-11-02 14:11:33 +01:00
Alexander Heldt
3641a3185a backwards: Close transmission firewall ports 2024-10-25 08:57:27 +02:00
Alexander Heldt
148aeaeb8b pinhweel: Fix noto font 2024-10-25 08:55:56 +02:00
Alexander Heldt
6aa2525bd5 Update flake inputs 2024-10-25 08:55:42 +02:00
Alexander Heldt
a333821780 tadpole: Fix gitea reverse proxy host 2024-10-13 20:49:24 +02:00
Alexander Heldt
eba768ce3e Update flake inputs 2024-10-13 12:45:51 +02:00
Alexander Heldt
2480f5c14d backwards: Add moonlight 2024-10-02 17:05:22 +02:00
Alexander Heldt
d8419b01a2 pinwheel: Don't override graphite version 2024-09-30 08:08:56 +02:00
Alexander Heldt
3f849a3bb4 pinwheel: Increase swapfile size to 48GiB 2024-09-25 15:35:13 +02:00
Alexander Heldt
82b35d8646 Update flake inputs 2024-09-24 10:51:27 +02:00
Alexander Heldt
0ad5211923 backwards: Add bitwarden-desktop 2024-09-24 10:35:38 +02:00
Alexander Heldt
86edb834cb backwards: Add firefox 2024-09-22 19:02:40 +02:00
Alexander Heldt
32fae14d60 backwards: Add PCSX2 to games 2024-09-22 19:02:18 +02:00
Alexander Heldt
e7cf934176 pinwheel: Use eglot for python in emacs 2024-09-17 21:28:14 +02:00
Alexander Heldt
2f22d66628 backwards: Use secretsFile for networking.wireless 2024-09-17 21:17:42 +02:00
Alexander Heldt
6906fca9f9 backwards: Enable jellyseerr for jellyfin 2024-09-17 21:11:31 +02:00
Alexander Heldt
1f81b5a801 backwards: Enable radarr for jellyfin 2024-09-17 21:11:31 +02:00
Alexander Heldt
1446e7c592 backwards: Enable sonarr for jellyfin 2024-09-17 21:11:31 +02:00
Alexander Heldt
2a1fac11bf backwards: Enable prowlarr for jellyfin 2024-09-17 21:11:31 +02:00
Alexander Heldt
3a5a367a4a backwards: Add reverse proxy for jellyfin 2024-09-17 21:11:31 +02:00
Alexander Heldt
3ca0a58a04 tadpole: Remove unneeded assertion of existing certs for gitea 2024-09-17 21:11:31 +02:00
Alexander Heldt
1f7433463a backwards: Add reverse proxy for transmission 2024-09-17 21:11:31 +02:00
Alexander Heldt
aaeea7d0b3 backwards: Add nginx module 2024-09-17 21:11:31 +02:00
Alexander Heldt
cbaba1db4c tadpole: Clean up nginx and certs modules 2024-09-17 21:11:31 +02:00
Alexander Heldt
3092241f0b tadpole: Change default email for certs 2024-09-17 21:11:31 +02:00
Alexander Heldt
dc944a0969 Update flake inputs 2024-09-17 21:11:31 +02:00
Alexander Heldt
119ef9fa60 pinwheel: Remove retroarch 2024-09-17 21:11:31 +02:00
Alexander Heldt
2edf3980f0 pinwheel: Remove mullvad 2024-09-17 21:11:31 +02:00
Alexander Heldt
e2d97c4f60 pinwheel: Increase waybar module intervals 2024-09-17 21:11:31 +02:00
Alexander Heldt
0626b06ecc pinwheel: Add tailscale module to waybar 2024-09-17 21:11:31 +02:00
Alexander Heldt
f072b35101 pinwheel: Add secret for preferred tailscale exit node 2024-09-17 21:11:31 +02:00
Alexander Heldt
aa9a049377 pinwheel: Add swapfile 2024-09-17 21:11:31 +02:00
Alexander Heldt
c67549a118 pinwheel: Remove URL preference for gitlab in git 2024-09-17 21:11:31 +02:00
Alexander Heldt
f9ed371d8c Update url for pppdotpm-site input 2024-09-17 21:11:31 +02:00
Alexander Heldt
c9c8939c8e tadpole: Add match block for git.ppp.pm in ssh 2024-09-17 21:11:31 +02:00
Alexander Heldt
8e135ef94b tadpole: Add secrets for git.ppp.pm 2024-09-17 21:11:31 +02:00
Alexander Heldt
f0b43a0cc4 backwards: Add match block for git.ppp.pm in ssh 2024-09-05 18:44:19 +02:00
Alexander Heldt
320f164b11 backwards: Add secrets for git.ppp.pm 2024-09-05 18:26:47 +02:00
Alexander Heldt
899b450f8c pinwheel: Don't format files named "secrets.nix" in emacs 2024-09-05 18:20:46 +02:00
Alexander Heldt
d2743436aa pinwheel: Add grpcurl to work module 2024-09-05 12:40:00 +02:00
Alexander Heldt
fb281612e8 pinwheel: Move postman to work module 2024-09-05 12:39:44 +02:00
Alexander Heldt
18bda50a13 Update flake inputs 2024-09-04 21:15:37 +02:00
Alexander Heldt
a49c49cc02 pinwheel: Add nixfmt to nix module 2024-09-02 22:36:16 +02:00
Alexander Heldt
15711a903e pinwheel: Format nix files on save in emacs 2024-09-02 21:59:10 +02:00
Alexander Heldt
fd4d1d13df pinwheel: Remove nil from nix module 2024-09-02 21:59:10 +02:00
Alexander Heldt
0dfbf16522 pinwheel: Use nixd in emacs 2024-09-02 21:59:10 +02:00
Alexander Heldt
f15701f426 Apply nixfmt 2024-09-02 21:55:41 +02:00
Alexander Heldt
bda8def5fe Add dev shell with nixfmt 2024-09-02 21:07:34 +02:00
Alexander Heldt
dd9be869d2 Remove unused self reference in flake.nix 2024-09-02 20:42:12 +02:00
Alexander Heldt
4afbe23915 pinwheel: Remove pants.nix from work module 2024-09-02 20:41:42 +02:00
Alexander Heldt
04f1bef188 sombrero: remove host sombrero 2024-09-02 20:29:48 +02:00
Alexander Heldt
395e4f8256 backwards: Enable calibre-web module 2024-09-01 17:53:36 +02:00
Alexander Heldt
1c654cc104 backwards: Add calibre-web module 2024-09-01 17:51:44 +02:00
Alexander Heldt
6142c30f4a backwards: Enable audiobookshelf module 2024-09-01 12:20:36 +02:00
Alexander Heldt
81d06fc019 backwards: Add audiobookshelf module 2024-09-01 12:20:36 +02:00
151 changed files with 2660 additions and 1624 deletions
Expand all files Collapse all files

1
.envrc Normal file
View File

@@ -0,0 +1 @@
use flake

1
.gitignore vendored
View File

@@ -1,2 +1,3 @@
.direnv/
*.qcow2 *.qcow2
result result

10
README.md
View File

@@ -25,3 +25,13 @@ EDITOR=vim agenix -d "some-secret.age" -i ~/.ssh/alex.pinwheel
Or use some other SSH key that is has been used to key the secret. Or use some other SSH key that is has been used to key the secret.
# Test VM
Build the test VM with the command:
```
cm --build-test-vm
```
and test it with:
```
cm --run-test-vm
```

16
config-manager/default.nix
View File

@@ -1,4 +1,10 @@
{ inputs, pkgs, lib, config, ... }: {
inputs,
pkgs,
lib,
config,
...
}:
let let
flakePath = config.config-manager.flakePath; flakePath = config.config-manager.flakePath;
nixosConfiguration = config.config-manager.nixosConfiguration; nixosConfiguration = config.config-manager.nixosConfiguration;
@@ -14,20 +20,20 @@ let
pkgs.writeShellScriptBin "cm" '' pkgs.writeShellScriptBin "cm" ''
help() { help() {
cat << EOF cat << EOF
Usage: Usage:
cm [flag] cm [flag]
Flags: Flags:
--update updates the flake --update updates the flake
--switch rebuilds + switches configuration (using 'nh') --switch rebuilds + switches configuration (using 'nh')
--build-test-vm, --btvm build test-vm --build-test-vm, --btvm build test-vm
--run-test-vm, --rtvm run test-vm --run-test-vm, --rtvm run test-vm
EOF EOF
} }
update() { update() {
echo -e "\033[0;31mUPDATING FLAKE\033[0m" echo -e "\033[0;31mUPDATING FLAKE\033[0m"
nix flake update ${flakePath} nix flake update --flake ${flakePath}
} }
switch() { switch() {

162
flake.lock generated
View File

@@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1723293904, "lastModified": 1760836749,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -31,11 +31,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1700795494, "lastModified": 1744478979,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -45,20 +45,39 @@
"type": "github" "type": "github"
} }
}, },
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1760701190,
"narHash": "sha256-y7UhnWlER8r776JsySqsbTUh2Txf7K30smfHlqdaIQw=",
"owner": "nix-community",
"repo": "disko",
"rev": "3a9450b26e69dcb6f8de6e2b07b3fc1c288d85f5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"emacs-overlay": { "emacs-overlay": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1725037990, "lastModified": 1760951609,
"narHash": "sha256-7ZwhCJQ8/BvP5UDSOe9PUzrDlDePxfyDrkEYuuZZJJ8=", "narHash": "sha256-rWkUWKWcLin0+dKvinWC1IZVxJnIvXV3q/wlmmKkzo4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "emacs-overlay", "repo": "emacs-overlay",
"rev": "45405f34d10260753298ff244a9b9c36e04b2e11", "rev": "41bee8f6a80b36b0348a8e750e5db88fea528171",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -72,11 +91,11 @@
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1731533236,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -93,11 +112,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703113217, "lastModified": 1745494811,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -113,11 +132,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1724435763, "lastModified": 1760969583,
"narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=", "narHash": "sha256-vsf5mvR0xxK4GsfLx5bMJAQ4ysdrKymMIifNw+4TP7g=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be", "rev": "c9d758b500e53db5b74aa02d17dc45b65229e8e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -133,11 +152,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722636442, "lastModified": 1759613406,
"narHash": "sha256-+7IS0n3/F0I5j6ZbrVlLcIIPHY3o+/vLAqg/G48sG+w=", "narHash": "sha256-PzgQJydp+RlKvwDi807pXPlURdIAVqLppZDga3DwPqg=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "contrib", "repo": "contrib",
"rev": "9d67858b437d4a1299be496d371b66fc0d3e01f6", "rev": "32e1a75b65553daefb419f0906ce19e04815aa3a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -146,6 +165,27 @@
"type": "github" "type": "github"
} }
}, },
"naviterm": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1757496832,
"narHash": "sha256-R5EMcms24G6QGk62iNAMApeZmKsHwCDLj68UUdkhSLw=",
"owner": "detoxify92",
"repo": "naviterm",
"rev": "3b3bd2bace3676000f530b2f47fa28f431c56761",
"type": "gitlab"
},
"original": {
"owner": "detoxify92",
"repo": "naviterm",
"type": "gitlab"
}
},
"nh": { "nh": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -153,11 +193,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1724689275, "lastModified": 1760961269,
"narHash": "sha256-wpxC7XiZ9maYZA4BSLKGXc+pn2fwaiq2Ybu5kNjl1ao=", "narHash": "sha256-Udg6DnM6scJj+imbttJR7GQpG2WWeDZ1JOtySTY99M0=",
"owner": "viperML", "owner": "viperML",
"repo": "nh", "repo": "nh",
"rev": "a922eada049854019c5d1bbc82383f7095773e5c", "rev": "e27508e06f74c7f03616150c1ac1431eaef7f443",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -183,11 +223,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1724878143, "lastModified": 1760958188,
"narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", "narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", "rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -199,11 +239,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1724819573, "lastModified": 1760878510,
"narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", "narHash": "sha256-K5Osef2qexezUfs0alLvZ7nQFTGS9DL2oTVsIXsqLgs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", "rev": "5e2a59a5b1a82f89f2c7e598302a9cacebb72a67",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -215,16 +255,16 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1724855419, "lastModified": 1760862643,
"narHash": "sha256-WXHSyOF4nBX0cvHN3DfmEMcLOVdKH6tnMk9FQ8wTNRc=", "narHash": "sha256-PXwG0TM7Ek87DNx4LbGWuD93PbFeKAJs4FfALtp7Wo0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ae2fc9e0e42caaf3f068c1bfdc11c71734125e06", "rev": "33c6dca0c0cb31d6addcd34e90a63ad61826b28c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.05", "ref": "nixos-25.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@@ -242,25 +282,29 @@
"rev": "662a254ea8065a0f104ccf5a46b59252e1e08b58", "rev": "662a254ea8065a0f104ccf5a46b59252e1e08b58",
"revCount": 54, "revCount": 54,
"type": "git", "type": "git",
"url": "ssh://git@codeberg.org/ppp/ppp.pm-site.git" "url": "ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git"
}, },
"original": { "original": {
"ref": "main", "ref": "main",
"type": "git", "type": "git",
"url": "ssh://git@codeberg.org/ppp/ppp.pm-site.git" "url": "ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git"
} }
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"disko": "disko",
"emacs-overlay": "emacs-overlay", "emacs-overlay": "emacs-overlay",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"hyprland-contrib": "hyprland-contrib", "hyprland-contrib": "hyprland-contrib",
"naviterm": "naviterm",
"nh": "nh", "nh": "nh",
"nix-gc-env": "nix-gc-env", "nix-gc-env": "nix-gc-env",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"pppdotpm-site": "pppdotpm-site" "pppdotpm-site": "pppdotpm-site",
"whib-backend": "whib-backend",
"whib-frontend": "whib-frontend"
} }
}, },
"systems": { "systems": {
@@ -292,6 +336,48 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"whib-backend": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1739029248,
"narHash": "sha256-ux/Udy0Mhs66P/EQQ8S+xIuXRm9UHEYwSy12IZtlbnA=",
"ref": "master",
"rev": "222a8f6dde2e9270f6390b5e1e83c7ae1ea48290",
"revCount": 371,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git"
},
"original": {
"ref": "master",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git"
}
},
"whib-frontend": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1761508816,
"narHash": "sha256-adV/lyxcmuopyuzZ49v46Yt0gft+ioEL4yl1S+vUbus=",
"ref": "master",
"rev": "ab10bf50cb6b023a1b99f91c7e8d550231135eef",
"revCount": 223,
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git"
},
"original": {
"ref": "master",
"type": "git",
"url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git"
}
} }
}, },
"root": "root", "root": "root",

95
flake.nix
View File

@@ -6,12 +6,17 @@
nixos-hardware.url = "github:nixos/nixos-hardware/master"; nixos-hardware.url = "github:nixos/nixos-hardware/master";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
nh = { nh = {
url = "github:viperML/nh"; url = "github:viperML/nh";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-gc-env.url= "github:Julow/nix-gc-env"; nix-gc-env.url = "github:Julow/nix-gc-env";
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
@@ -33,17 +38,36 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
naviterm = {
url = "gitlab:detoxify92/naviterm";
inputs.nixpkgs.follows = "nixpkgs";
};
pppdotpm-site = { pppdotpm-site = {
url = "git+ssh://git@codeberg.org/ppp/ppp.pm-site.git?ref=main"; url = "git+ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git?ref=main";
inputs.nixpkgs.follows = "nixpkgs";
};
whib-backend = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib.git?ref=master";
inputs.nixpkgs.follows = "nixpkgs";
};
whib-frontend = {
url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib-react.git?ref=master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
outputs = { self, ... }@inputs: { outputs =
{ ... }@inputs:
{
nixosConfigurations = { nixosConfigurations = {
pinwheel = inputs.nixpkgs.lib.nixosSystem { pinwheel = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit inputs; }; specialArgs = {
inherit inputs;
};
modules = [ modules = [
./hosts/pinwheel/configuration.nix ./hosts/pinwheel/configuration.nix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-10th-gen inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x1-10th-gen
@@ -51,37 +75,70 @@
]; ];
}; };
manatee = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
./hosts/manatee/configuration.nix
./hosts/manatee/home.nix
];
};
backwards = inputs.nixpkgs.lib.nixosSystem { backwards = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit inputs; }; specialArgs = {
inherit inputs;
};
modules = [ modules = [
./hosts/backwards/configuration.nix ./hosts/backwards/configuration.nix
./hosts/backwards/home.nix ./hosts/backwards/home.nix
]; ];
}; };
sombrero = inputs.nixpkgs.lib.nixosSystem { tadpole =
system = "aarch64-linux"; let
specialArgs = { inherit inputs; };
modules = [
./hosts/sombrero/configuration.nix
./hosts/sombrero/home.nix
];
};
tadpole = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit inputs; }; in
inputs.nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs;
};
modules = [ modules = [
./hosts/tadpole/configuration.nix ./hosts/tadpole/configuration.nix
./hosts/tadpole/home.nix ./hosts/tadpole/home.nix
inputs.whib-backend.nixosModules.${system}.default
inputs.whib-frontend.nixosModules.${system}.default
]; ];
}; };
test-vm = inputs.nixpkgs.lib.nixosSystem { test-vm =
let
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit inputs; }; in
modules = [ ./hosts/test-vm/configuration.nix ]; inputs.nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs;
};
modules = [
./hosts/test-vm/configuration.nix
inputs.whib-backend.nixosModules.${system}.default
inputs.whib-frontend.nixosModules.${system}.default
];
};
};
devShells =
let
system = "x86_64-linux";
pkgs = inputs.nixpkgs.legacyPackages.${system};
in
{
${system}.default = pkgs.mkShell {
packages = [ pkgs.nixfmt-rfc-style ];
}; };
}; };
}; };

29
hosts/backwards/configuration.nix
View File

@@ -1,19 +1,21 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
imports = imports = [
[
../../config-manager/default.nix ../../config-manager/default.nix
../../shared-modules/syncthing.nix ../../shared-modules/syncthing.nix
./hardware-configuration.nix ./hardware-configuration.nix
./modules ./modules
]; ];
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
console.keyMap = "sv-latin1"; console.keyMap = "sv-latin1";
hardware.pulseaudio.enable = false; services.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
enable = true; enable = true;
@@ -22,11 +24,26 @@
pulse.enable = true; pulse.enable = true;
}; };
hardware = {
graphics = {
enable = true;
extraPackages = [
pkgs.intel-media-driver
pkgs.libvdpau-va-gl
];
};
};
users.users.alex = { users.users.alex = {
isNormalUser = true; isNormalUser = true;
description = "alex"; description = "alex";
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = [
packages = []; "networkmanager"
"wheel"
"video"
"render"
];
packages = [ ];
}; };
environment.variables.EDITOR = "vim"; environment.variables.EDITOR = "vim";

37
hosts/backwards/hardware-configuration.nix
View File

@@ -1,31 +1,46 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/bad3d82a-7bb8-490f-bd01-a4b16fe6f33d"; device = "/dev/disk/by-uuid/bad3d82a-7bb8-490f-bd01-a4b16fe6f33d";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/D049-60DD"; device = "/dev/disk/by-uuid/D049-60DD";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ]; options = [
"fmask=0077"
"dmask=0077"
];
}; };
swapDevices = swapDevices = [
[ { device = "/dev/disk/by-uuid/ff4de0e5-2c60-4ee7-a55c-450727efb921"; } { device = "/dev/disk/by-uuid/ff4de0e5-2c60-4ee7-a55c-450727efb921"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

7
hosts/backwards/modules/boot/default.nix
View File

@@ -1,4 +1,9 @@
{ inputs, lib, config, ... }: {
inputs,
lib,
config,
...
}:
let let
configurationLimit = config.mod.gc.configurationLimit; configurationLimit = config.mod.gc.configurationLimit;
in in

2
hosts/backwards/modules/default.nix
View File

@@ -12,9 +12,9 @@ in
ssh.enable = true; ssh.enable = true;
git.enable = true; git.enable = true;
nginx.enable = true;
syncthing.enable = true; syncthing.enable = true;
restic.enable = true; restic.enable = true;
transmission.enable = true;
}; };
}; };
} }

99
hosts/backwards/modules/firefox/default.nix Normal file
View File

@@ -0,0 +1,99 @@
{ pkgs, ... }:
let
wrapped = pkgs.wrapFirefox pkgs.firefox-devedition-unwrapped {
extraPolicies = {
DisableFirefoxAccounts = false;
CaptivePortal = false;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
OfferToSaveLogins = false;
OfferToSaveLoginsDefault = false;
PasswordManagerEnabled = false;
FirefoxHome = {
Search = false;
Pocket = false;
Snippets = false;
TopSites = false;
Highlights = false;
};
UserMessaging = {
ExtensionRecommendations = false;
SkipOnboarding = true;
};
};
};
ff-alex = pkgs.writeShellApplication {
name = "ff-alex";
text = ''
${wrapped}/bin/firefox-devedition -P alex --new-window "$@"
'';
};
sharedSettings = {
"general.smoothScroll" = true;
"apz.gtk.kinetic_scroll.enabled" = false;
"network.dns.force_waiting_https_rr" = false;
};
in
{
home-manager.users.alex = {
programs.firefox = {
enable = true;
package = wrapped;
profiles = {
alex = {
id = 0;
name = "alex";
isDefault = true;
settings = sharedSettings // { };
};
};
};
xdg = {
# /etc/profiles/per-user/alex/share/applications
desktopEntries = {
ff-alex = {
name = "ff-alex";
exec = "${ff-alex}/bin/ff-alex %U";
terminal = false;
};
};
mimeApps = {
enable = true;
defaultApplications = {
"text/html" = "ff-alex.desktop";
"x-scheme-handler/http" = "ff-alex.desktop";
"x-scheme-handler/https" = "ff-alex.desktop";
"application/x-exension-htm" = "ff-alex.desktop";
"application/x-exension-html" = "ff-alex.desktop";
"application/x-exension-shtml" = "ff-alex.desktop";
"application/xhtml+xml" = "ff-alex.desktop";
"application/x-exension-xhtml" = "ff-alex.desktop";
"application/x-exension-xht" = "ff-alex.desktop";
};
};
# https://github.com/nix-community/home-manager/issues/1213
configFile."mimeapps.list".force = true;
};
home.packages = [
ff-alex
];
};
environment.variables = {
MOZ_ENABLE_WAYLAND = 1;
BROWSER = "${ff-alex}/bin/ff-alex $@";
};
}

11
hosts/backwards/modules/games/default.nix
View File

@@ -2,13 +2,16 @@
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [
(pkgs.retroarch.override { pkgs.nethack
cores = [
pkgs.moonlight-qt
pkgs.pcsx2
(pkgs.retroarch.withCores (cores: [
pkgs.libretro.snes9x pkgs.libretro.snes9x
pkgs.libretro.genesis-plus-gx pkgs.libretro.genesis-plus-gx
pkgs.libretro.swanstation pkgs.libretro.swanstation
]; ]))
})
]; ];
}; };
} }

7
hosts/backwards/modules/git/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.git.enable; enabled = config.mod.git.enable;
in in

44
hosts/backwards/modules/jellyfin/default.nix
View File

@@ -1,44 +0,0 @@
{ pkgs, ... }:
{
fileSystems."/home/alex/media" = {
device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
fsType = "ext4";
options = [ "nofail" ];
};
# 1. enable vaapi on OS-level
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware = {
graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver # previously vaapiIntel
vaapiVdpau
libvdpau-va-gl
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
vpl-gpu-rt # QSV on 11th gen or newer
];
};
};
services.jellyfin = {
enable = true;
openFirewall = true;
user = "alex";
group = "users";
dataDir = "/home/alex/media/jellyfin";
};
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
}

25
hosts/backwards/modules/network/default.nix
View File

@@ -1,10 +1,22 @@
{ config, ... }:
{ {
networking = { networking = {
hostName = "backwards"; hostName = "backwards";
networkmanager.enable = false; networkmanager.enable = false;
wireless.enable = true;
#wireless.networks are defined in the secret `wpa_supplicant.conf` #wireless.networks are defined in the secret `wpa_supplicant.conf`
wireless = {
enable = true;
secretsFile = config.age.secrets.wireless-network-secrets.path;
networks = {
"w1-f1_5G" = {
pskRaw = "ext:w1-f1_psk";
};
};
};
defaultGateway = "192.168.50.1"; defaultGateway = "192.168.50.1";
nameservers = [ "1.1.1.1" ]; nameservers = [ "1.1.1.1" ];
@@ -12,19 +24,18 @@
wlp1s0 = { wlp1s0 = {
useDHCP = false; useDHCP = false;
ipv4 = { ipv4 = {
addresses = [{ addresses = [
{
address = "192.168.50.202"; address = "192.168.50.202";
prefixLength = 24; prefixLength = 24;
}]; }
];
}; };
}; };
}; };
}; };
age.secrets = { age.secrets = {
"wpa_supplicant.conf" = { "wireless-network-secrets".file = ../../../../secrets/backwards/wireless-network-secrets.age;
file = ../../../../secrets/backwards/wpa_supplicant.conf.age;
path = "/etc/wpa_supplicant.conf";
};
}; };
} }

18
hosts/sombrero/modules/nginx/default.nix → hosts/backwards/modules/nginx/default.nix
View File

@@ -5,21 +5,11 @@ in
{ {
options = { options = {
mod.nginx = { mod.nginx = {
enable = lib.mkEnableOption "add nginx module"; enable = lib.mkEnableOption "Enable nginx module";
}; };
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
security = {
acme = {
acceptTerms = true;
defaults = {
email = "p@ppp.pm";
};
};
};
services = { services = {
nginx = { nginx = {
enable = true; enable = true;
@@ -28,11 +18,5 @@ in
recommendedTlsSettings = true; recommendedTlsSettings = true;
}; };
}; };
networking = {
firewall = {
allowedTCPPorts = [ 80 443 ];
};
};
}; };
} }

7
hosts/backwards/modules/restic/default.nix
View File

@@ -45,7 +45,8 @@ in
environmentFile = config.age.secrets.restic-cloud-sync-key.path; environmentFile = config.age.secrets.restic-cloud-sync-key.path;
repositoryFile = config.age.secrets.restic-cloud-sync-repository.path; repositoryFile = config.age.secrets.restic-cloud-sync-repository.path;
paths = ["/home/alex/sync"]; paths = [ "/home/alex/sync" ];
exclude = [ "/home/alex/sync/reading-material" ];
timerConfig = { timerConfig = {
OnCalendar = "*-*-* 0/12:00:00"; # Every 12th hour, i.e. twice a day OnCalendar = "*-*-* 0/12:00:00"; # Every 12th hour, i.e. twice a day
@@ -65,9 +66,9 @@ in
secrets = { secrets = {
"restic-password".file = ../../../../secrets/backwards/restic-password.age; "restic-password".file = ../../../../secrets/backwards/restic-password.age;
"restic-cloud-sync-key".file = ../../../../secrets/backwards/restic-cloud-sync-key.age; "restic-cloud-sync-key".file = ../../../../secrets/backwards/restic-cloud-sync-key.age;
"restic-cloud-sync-repository".file = ../../../../secrets/backwards/restic-cloud-sync-repository.age; "restic-cloud-sync-repository".file =
../../../../secrets/backwards/restic-cloud-sync-repository.age;
}; };
}; };
}; };
} }

53
hosts/backwards/modules/ssh/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.ssh.enable; enabled = config.mod.ssh.enable;
@@ -18,12 +23,26 @@ in
enable = true; enable = true;
matchBlocks = { matchBlocks = {
"manatee" = {
hostname = "manatee";
user = "alex";
identityFile = "/home/alex/.ssh/alex.backwards-manatee";
port = 1122;
};
"git.ppp.pm" = {
hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.backwards-git.ppp.pm";
};
"codeberg.org" = { "codeberg.org" = {
hostname = "codeberg.org"; hostname = "codeberg.org";
identityFile = "/home/alex/.ssh/alex.backwards-codeberg.org"; identityFile = "/home/alex/.ssh/alex.backwards-codeberg.org";
}; };
}; };
}; };
home.packages = [ pkgs.sshfs ];
}; };
environment.etc."ssh/authorized_keys_command" = { environment.etc."ssh/authorized_keys_command" = {
@@ -41,10 +60,12 @@ in
enable = true; enable = true;
ports = [ 1122 ]; ports = [ 1122 ];
hostKeys = [{ hostKeys = [
{
path = "${rootSSHKeyPath}/root.backwards"; path = "${rootSSHKeyPath}/root.backwards";
type = "ed25519"; type = "ed25519";
}]; }
];
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
@@ -72,11 +93,37 @@ in
path = "${rootSSHKeyPath}/root.backwards.pub"; path = "${rootSSHKeyPath}/root.backwards.pub";
}; };
"alex.backwards-manatee" = {
file = ../../../../secrets/backwards/alex.backwards-manatee.age;
path = "/home/alex/.ssh/alex.backwards-manatee";
owner = "alex";
group = "users";
};
"alex.backwards-manatee.pub" = {
file = ../../../../secrets/backwards/alex.backwards-manatee.pub.age;
path = "/home/alex/.ssh/alex.backwards-manatee.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-backwards.pub" = { "alex.pinwheel-backwards.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.pub.age; file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.pub.age;
path = "${authorizedKeysPath}/alex.pinwheel-backwards.pub"; path = "${authorizedKeysPath}/alex.pinwheel-backwards.pub";
}; };
"alex.backwards-git.ppp.pm" = {
file = ../../../../secrets/backwards/alex.backwards-git.ppp.pm.age;
path = "/home/alex/.ssh/alex.backwards-git.ppp.pm";
owner = "alex";
group = "users";
};
"alex.backwards-git.ppp.pm.pub" = {
file = ../../../../secrets/backwards/alex.backwards-git.ppp.pm.pub.age;
path = "/home/alex/.ssh/alex.backwards-git.ppp.pm.pub";
owner = "alex";
group = "users";
};
"alex.backwards-codeberg.org" = { "alex.backwards-codeberg.org" = {
file = ../../../../secrets/backwards/alex.backwards-codeberg.org.age; file = ../../../../secrets/backwards/alex.backwards-codeberg.org.age;
path = "/home/alex/.ssh/alex.backwards-codeberg.org"; path = "/home/alex/.ssh/alex.backwards-codeberg.org";

8
hosts/backwards/modules/syncthing/default.nix
View File

@@ -34,12 +34,16 @@ in
devices = { devices = {
phone.id = config.lib.syncthing.phone; phone.id = config.lib.syncthing.phone;
pinwheel.id = config.lib.syncthing.pinwheel; pinwheel.id = config.lib.syncthing.pinwheel;
tablet.id = config.lib.syncthing.tablet;
}; };
folders = { folders = {
org = { org = {
path = "/home/alex/sync/org"; path = "/home/alex/sync/org";
devices = [ "phone" "pinwheel" ]; devices = [
"phone"
"pinwheel"
];
versioning = { versioning = {
type = "staggered"; type = "staggered";
params = { params = {
@@ -71,7 +75,7 @@ in
}; };
books = { books = {
path = "/home/alex/sync/books"; path = "/home/alex/sync/reading-material/books";
devices = [ "pinwheel" ]; devices = [ "pinwheel" ];
versioning = { versioning = {
type = "staggered"; type = "staggered";

56
hosts/manatee/configuration.nix Normal file
View File

@@ -0,0 +1,56 @@
{ pkgs, ... }:
{
imports = [
../../config-manager/default.nix
../../shared-modules/syncthing.nix
./hardware-configuration.nix
./disk-config.nix
./modules
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfree = true;
users.users.alex = {
isNormalUser = true;
description = "alex";
extraGroups = [
"wheel"
"storage"
];
};
environment.variables.EDITOR = "vim";
environment.systemPackages = with pkgs; [
vim
git
];
config-manager = {
flakePath = "/home/alex/config";
};
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

243
hosts/manatee/disk-config.nix Normal file
View File

@@ -0,0 +1,243 @@
{
inputs,
pkgs,
config,
...
}:
{
imports = [ inputs.disko.nixosModules.disko ];
config = {
users.groups.storage = { };
users.users.storage = {
isSystemUser = true;
description = "storage";
group = "storage";
};
systemd.tmpfiles.settings = {
"10-media-public" = {
"/mnt/media/public" = {
d = {
# Create directory
user = "storage";
group = "storage";
mode = "2775";
};
z = {
# Ensure permissions are inherited
user = "storage";
group = "storage";
mode = "2775";
};
};
};
"10-cameras-public" = {
"/mnt/cameras/public" = {
d = {
# Create directory
user = "storage";
group = "storage";
mode = "2775";
};
z = {
# Ensure permissions are inherited
user = "storage";
group = "storage";
mode = "2775";
};
};
};
"10-sync-public" = {
"/mnt/sync/public" = {
d = {
# Create directory
user = "storage";
group = "storage";
mode = "2775";
};
z = {
# Ensure permissions are inherited
user = "storage";
group = "storage";
mode = "2775";
};
};
};
};
environment.systemPackages = [
pkgs.smartmontools
];
services.smartd = {
enable = true;
devices = [
{ device = config.disko.devices.disk.root.device; }
{ device = config.disko.devices.disk.disk1.device; }
{ device = config.disko.devices.disk.disk2.device; }
];
};
services.zfs.autoScrub.enable = true;
networking.hostId = "0a9474e7"; # Required by ZFS
disko.devices = {
disk = {
root = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
disk1 = {
type = "disk";
device = "/dev/disk/by-id/ata-ST8000VN004-3CP101_WWZ8QCG4";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
disk2 = {
type = "disk";
device = "/dev/disk/by-id/ata-ST8000VN004-3CP101_WWZ8QDJ5";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
disk3 = {
type = "disk";
device = "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_85K2A0UCF4MJ";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
disk4 = {
type = "disk";
device = "/dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_85K2A0V6F4MJ";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
};
};
};
};
};
};
zpool = {
storage = {
type = "zpool";
mode = {
topology = {
type = "topology";
vdev = [
{
mode = "mirror";
members = [
"disk1"
"disk2"
];
}
{
mode = "mirror";
members = [
"disk3"
"disk4"
];
}
];
};
};
rootFsOptions = {
mountpoint = "none";
compression = "zstd";
xattr = "sa";
"com.sun:auto-snapshot" = "false";
};
datasets = {
media = {
type = "zfs_fs";
mountpoint = "/mnt/media";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
cameras = {
type = "zfs_fs";
mountpoint = "/mnt/cameras";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
sync = {
type = "zfs_fs";
mountpoint = "/mnt/sync";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
};
};
};
};
};
}

39
hosts/manatee/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

9
hosts/sombrero/home.nix → hosts/manatee/home.nix
View File

@@ -1,4 +1,4 @@
{ inputs, pkgs, ... }: { inputs, ... }:
{ {
imports = [ inputs.home-manager.nixosModules.home-manager ]; imports = [ inputs.home-manager.nixosModules.home-manager ];
@@ -13,13 +13,10 @@
home.username = "alex"; home.username = "alex";
home.homeDirectory = "/home/alex"; home.homeDirectory = "/home/alex";
home.packages = [ home.packages = [ ];
pkgs.unar
];
home.stateVersion = "22.11"; home.stateVersion = "24.11";
}; };
}; };
}; };
} }

2
hosts/sombrero/modules/age/default.nix → hosts/manatee/modules/age/default.nix
View File

@@ -4,7 +4,7 @@
config = { config = {
age = { age = {
identityPaths = [ "/etc/ssh/sombrero" ]; identityPaths = [ "/etc/ssh/manatee" ];
}; };
environment.systemPackages = [ environment.systemPackages = [

29
hosts/manatee/modules/audiobookshelf/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{ lib, config, ... }:
let
enabled = config.mod.audiobookshelf.enable;
in
{
options = {
mod.audiobookshelf = {
enable = lib.mkEnableOption "Enable audiobookshelf module";
};
};
config = lib.mkIf enabled {
users.users.audiobookshelf = {
isSystemUser = true;
description = "audiobookshelf";
group = "storage";
};
services.audiobookshelf = {
enable = true;
user = "audiobookshelf";
group = "storage";
host = "0.0.0.0";
port = 8000;
};
};
}

43
hosts/manatee/modules/boot/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
inputs,
lib,
config,
...
}:
let
configurationLimit = config.mod.gc.configurationLimit;
in
{
imports = [ inputs.nix-gc-env.nixosModules.default ];
options = {
mod.gc = {
configurationLimit = lib.mkOption {
type = lib.types.int;
default = 10;
description = "number of configuration generations to keep";
};
};
};
config = {
nix.gc = {
automatic = true;
dates = "weekly";
# `delete_generations` added by nix-gc-env
delete_generations = "+${builtins.toString configurationLimit}";
};
boot = {
loader = {
systemd-boot = {
enable = true;
inherit configurationLimit;
};
efi.canTouchEfiVariables = true;
};
};
};
}

47
hosts/manatee/modules/calibre-web/default.nix Normal file
View File

@@ -0,0 +1,47 @@
{ lib, config, ... }:
let
enabled = config.mod.calibre-web.enable;
in
{
options = {
mod.calibre-web = {
enable = lib.mkEnableOption "add calibre-web module";
};
};
config = lib.mkIf enabled {
services = {
calibre-web = {
enable = true;
user = "storage";
group = "storage";
listen = {
ip = "0.0.0.0";
port = 8083;
};
dataDir = "/mnt/media/public/books";
options = {
calibreLibrary = "/mnt/media/public/books";
enableBookUploading = true;
};
};
nginx = {
virtualHosts."books.ppp.pm" = {
extraConfig = ''
client_max_body_size 1024M;
'';
locations."/" = {
proxyPass = "http://0.0.0.0:8083"; # TODO add option for port + host
};
};
};
};
};
}

26
hosts/manatee/modules/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{ lib, ... }:
let
toModulePath = dir: _: ./. + "/${dir}";
filterDirs = dirs: lib.attrsets.filterAttrs (_: type: type == "directory") dirs;
in
{
imports = lib.mapAttrsToList toModulePath (filterDirs (builtins.readDir ./.));
config = {
mod = {
gc.configurationLimit = 10;
ssh.enable = true;
git.enable = true;
nginx.enable = true;
syncthing.enable = true;
transmission.enable = true;
calibre-web.enable = true;
audiobookshelf.enable = true;
jellyfin.enable = true;
immich.enable = true;
navidrome.enable = true;
};
};
}

11
hosts/sombrero/modules/git/default.nix → hosts/manatee/modules/git/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.git.enable; enabled = config.mod.git.enable;
in in
@@ -17,6 +22,10 @@ in
includes = [ includes = [
{ path = ./gitconfig; } { path = ./gitconfig; }
]; ];
extraConfig = {
rerere.enable = true;
};
}; };
home.packages = [ pkgs.tig ]; home.packages = [ pkgs.tig ];

5
hosts/sombrero/modules/git/gitconfig → hosts/manatee/modules/git/gitconfig
View File

@@ -5,6 +5,5 @@
[url "git@github.com:"] [url "git@github.com:"]
insteadOf = https://github.com/ insteadOf = https://github.com/
[url "git@codeberg.org:"] [url "gitea@git.ppp.pm:"]
insteadOf = https://codeberg.org/ insteadOf = https://git.ppp.pm/

35
hosts/manatee/modules/immich/default.nix Normal file
View File

@@ -0,0 +1,35 @@
{ lib, config, ... }:
let
enabled = config.mod.immich.enable;
in
{
options = {
mod.immich = {
enable = lib.mkEnableOption "Enable immich module";
};
};
config = lib.mkIf enabled {
users.users.immich = {
isSystemUser = true;
group = "storage";
extraGroups = [
"render"
"video"
];
};
services.immich = {
enable = true;
user = "immich";
group = "storage";
host = "0.0.0.0";
mediaLocation = "/mnt/cameras/public";
accelerationDevices = [ "/dev/dri/renderD128" ];
};
};
}

55
hosts/manatee/modules/jellyfin/default.nix Normal file
View File

@@ -0,0 +1,55 @@
{
lib,
pkgs,
config,
...
}:
let
enabled = config.mod.jellyfin.enable;
in
{
options = {
mod.jellyfin = {
enable = lib.mkEnableOption "Enable jellyfin module";
};
};
config = lib.mkIf enabled {
users.users.jellyfin = {
isSystemUser = true;
group = "storage";
extraGroups = [
"render"
"video"
];
};
hardware = {
graphics = {
enable = true;
extraPackages = [
pkgs.intel-media-driver # Modern Intel VA-API driver (needed for N305)
pkgs.libvdpau-va-gl # VDPAU backend for VA-API GLX interop
];
};
};
services = {
jellyfin = {
enable = true;
openFirewall = true;
user = "jellyfin";
group = "storage";
};
};
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
};
}

33
hosts/manatee/modules/navidrome/default.nix Normal file
View File

@@ -0,0 +1,33 @@
{
lib,
pkgs,
config,
...
}:
let
navidromeEnabled = config.mod.navidrome.enable;
in
{
options = {
mod.navidrome = {
enable = lib.mkEnableOption "Enable navidrome module";
};
};
config = {
services = lib.mkIf navidromeEnabled {
navidrome = {
enable = true;
openFirewall = true;
user = "navidrome";
group = "storage";
settings = {
Port = 4533;
Address = "0.0.0.0";
MusicFolder = "/mnt/media/public/music";
};
};
};
};
}

22
hosts/manatee/modules/network/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{ ... }:
{
networking = {
hostName = "manatee";
defaultGateway = "192.168.50.1";
nameservers = [ "1.1.1.1" ];
interfaces = {
enp3s0 = {
useDHCP = false;
ipv4 = {
addresses = [
{
address = "192.168.50.203";
prefixLength = 24;
}
];
};
};
};
};
}

22
hosts/manatee/modules/nginx/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{ lib, config, ... }:
let
enabled = config.mod.nginx.enable;
in
{
options = {
mod.nginx = {
enable = lib.mkEnableOption "Enable nginx module";
};
};
config = lib.mkIf enabled {
services = {
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
};
};
}

106
hosts/manatee/modules/ssh/default.nix Normal file
View File

@@ -0,0 +1,106 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.ssh.enable;
authorizedKeysPath = "/home/alex/.ssh/authorized-keys";
rootSSHKeyPath = "/etc/ssh";
in
{
options = {
mod.ssh = {
enable = lib.mkEnableOption "enable ssh module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
programs.ssh = {
enable = true;
matchBlocks = {
"git.ppp.pm" = {
hostname = "git.ppp.pm";
identityFile = "/home/alex/.ssh/alex.manatee-git.ppp.pm";
};
};
};
};
environment.etc."ssh/authorized_keys_command" = {
mode = "0755";
text = ''
#!${pkgs.bash}/bin/bash
for file in ${authorizedKeysPath}/*; do
${pkgs.coreutils}/bin/cat "$file"
done
'';
};
services = {
openssh = {
enable = true;
ports = [ 1122 ];
hostKeys = [
{
path = "${rootSSHKeyPath}/root.manatee";
type = "ed25519";
}
];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
authorizedKeysCommand = "/etc/ssh/authorized_keys_command";
authorizedKeysCommandUser = "root";
};
};
networking = {
firewall = {
allowedTCPPorts = [ 1122 ];
};
};
age.secrets = {
"root.manatee" = {
file = ../../../../secrets/manatee/root.manatee.age;
path = "${rootSSHKeyPath}/root.manatee";
};
"root.manatee.pub" = {
file = ../../../../secrets/manatee/root.manatee.pub.age;
path = "${rootSSHKeyPath}/root.manatee.pub";
};
"alex.pinwheel-manatee.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.pub.age;
path = "${authorizedKeysPath}/alex.pinwheel-manatee.pub";
};
"alex.backwards-manatee.pub" = {
file = ../../../../secrets/backwards/alex.backwards-manatee.pub.age;
path = "${authorizedKeysPath}/alex.backwards-manatee.pub";
};
"alex.manatee-git.ppp.pm" = {
file = ../../../../secrets/manatee/alex.manatee-git.ppp.pm.age;
path = "/home/alex/.ssh/alex.manatee-git.ppp.pm";
owner = "alex";
group = "users";
};
"alex.manatee-git.ppp.pm.pub" = {
file = ../../../../secrets/manatee/alex.manatee-git.ppp.pm.pub.age;
path = "/home/alex/.ssh/alex.manatee-git.ppp.pm.pub";
owner = "alex";
group = "users";
};
};
};
}

61
hosts/manatee/modules/syncthing/default.nix Normal file
View File

@@ -0,0 +1,61 @@
{ lib, config, ... }:
let
enabled = config.mod.syncthing.enable;
in
{
options = {
mod.syncthing = {
enable = lib.mkEnableOption "Enable syncthing module";
};
};
config = lib.mkIf enabled {
services.syncthing = {
enable = true;
cert = config.age.secrets.syncthing-cert.path;
key = config.age.secrets.syncthing-key.path;
user = "storage";
group = "storage";
dataDir = "/mnt/sync/public";
guiAddress = "0.0.0.0:8384";
settings = {
gui = {
user = "syncthing";
password = "$2a$12$YBcqhl8AXpoLmIWikuMtkOQLcrPXKKj0xY/qy4hggWnfjeVLQ3Ct6";
insecureSkipHostcheck = false;
};
devices = {
pinwheel.id = config.lib.syncthing.pinwheel;
};
folders = {
org = {
path = "/mnt/sync/public/org";
devices = [
"pinwheel"
];
versioning = {
type = "staggered";
params = {
maxage = "2592000"; # 30 days
};
};
};
};
};
};
age = {
secrets = {
"syncthing-cert".file = ../../../../secrets/manatee/syncthing-cert.age;
"syncthing-key".file = ../../../../secrets/manatee/syncthing-key.age;
};
};
};
}

2
hosts/sombrero/modules/tailscale/default.nix → hosts/manatee/modules/tailscale/default.nix
View File

@@ -1,5 +1,7 @@
{ ... }: { ... }:
{ {
# If an exit node is used, set:
# tailscale set --exit-node-allow-lan-access
services.tailscale.enable = true; services.tailscale.enable = true;
networking.firewall = { networking.firewall = {

30
hosts/backwards/modules/transmission/default.nix → hosts/manatee/modules/transmission/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.transmission.enable; enabled = config.mod.transmission.enable;
in in
@@ -16,25 +21,26 @@ in
package = pkgs.transmission_4; package = pkgs.transmission_4;
openFirewall = true; openFirewall = true;
openRPCPort = true;
user = "alex"; user = "storage";
group = "users"; group = "storage";
home = "/home/alex/media/ts-home"; home = "/mnt/media/public/.ts-home";
downloadDirPermissions = "775"; downloadDirPermissions = "775";
settings = { settings = {
rpc-bind-address = "0.0.0.0";
rpc-port = 9191;
incomplete-dir-enabled = false; incomplete-dir-enabled = false;
download-dir = "/home/alex/media/downloads"; download-dir = "/mnt/media/public/downloads";
rpc-authentication-required = true; rpc-bind-address = "0.0.0.0";
# Required to have empty user/pass to satisfy transmissionA
# https://github.com/transmission/transmission/discussions/1941#discussioncomment-1472352
rpc-whitelist-enabled = false; rpc-whitelist-enabled = false;
rpc-username = "transmission"; rpc-authentication-required = true;
rpc-password = "{55d884e4042db67313da49e05d7089a368eb64b3Br.3X.Xi"; rpc-username = "";
rpc-password = "";
}; };
}; };
}; };

8
hosts/pinwheel/configuration.nix
View File

@@ -1,7 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
imports = imports = [
[
../../config-manager/default.nix ../../config-manager/default.nix
../../nix-wrapper/default.nix ../../nix-wrapper/default.nix
../../shared-modules/syncthing.nix ../../shared-modules/syncthing.nix
@@ -9,7 +8,10 @@
./modules ./modules
]; ];
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
users.users.alex = { users.users.alex = {

34
hosts/pinwheel/hardware-configuration.nix
View File

@@ -1,31 +1,47 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }: {
config,
lib,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/9c3ef2ad-0244-4310-9984-2e548ced3e22"; device = "/dev/disk/by-uuid/9c3ef2ad-0244-4310-9984-2e548ced3e22";
fsType = "ext4"; fsType = "ext4";
}; };
boot.initrd.luks.devices."luks-f569d036-e500-4839-bc78-ce4b032840d8".device = "/dev/disk/by-uuid/f569d036-e500-4839-bc78-ce4b032840d8"; boot.initrd.luks.devices."luks-f569d036-e500-4839-bc78-ce4b032840d8".device = "/dev/disk/by-uuid/f569d036-e500-4839-bc78-ce4b032840d8";
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/FCAE-6849"; device = "/dev/disk/by-uuid/FCAE-6849";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices = [
{
device = "/swapfile";
size = 48 * 1024; # 48GB
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

5
hosts/pinwheel/home.nix
View File

@@ -14,6 +14,9 @@
home.homeDirectory = "/home/alex"; home.homeDirectory = "/home/alex";
home.packages = [ home.packages = [
inputs.whib-backend.packages.${pkgs.system}.whib-import
# pkgs.beekeeper-studio
pkgs.bitwarden-desktop
pkgs.gimp pkgs.gimp
pkgs.zip pkgs.zip
pkgs.unar pkgs.unar
@@ -22,7 +25,7 @@
pkgs.htop pkgs.htop
pkgs.onlyoffice-bin pkgs.onlyoffice-bin
pkgs.wdisplays pkgs.wdisplays
pkgs.postman pkgs.vlc
]; ];
home.stateVersion = "23.05"; home.stateVersion = "23.05";

7
hosts/pinwheel/modules/bemenu/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;

21
hosts/pinwheel/modules/bluetooth/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.bluetooth.enable; enabled = config.mod.bluetooth.enable;
in in
@@ -58,7 +63,12 @@ in
}; };
}; };
in in
builtins.listToAttrs (builtins.map mkTimer [ trackpad headphones ]); builtins.listToAttrs (
builtins.map mkTimer [
trackpad
headphones
]
);
services = services =
let let
@@ -107,7 +117,12 @@ in
}; };
}; };
in in
builtins.listToAttrs (builtins.map mkService [ trackpad headphones ]); builtins.listToAttrs (
builtins.map mkService [
trackpad
headphones
]
);
}; };
}; };
} }

8
hosts/pinwheel/modules/boot/default.nix
View File

@@ -1,4 +1,10 @@
{ inputs, pkgs, lib, config, ... }: {
inputs,
pkgs,
lib,
config,
...
}:
let let
configurationLimit = config.mod.gc.configurationLimit; configurationLimit = config.mod.gc.configurationLimit;
in in

7
hosts/pinwheel/modules/c/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.c.enable; enabled = config.mod.c.enable;
in in

2
hosts/pinwheel/modules/chromium/default.nix
View File

@@ -1,6 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
home-manager.users.alex= { home-manager.users.alex = {
home.packages = [ pkgs.ungoogled-chromium ]; home.packages = [ pkgs.ungoogled-chromium ];
}; };

2
hosts/pinwheel/modules/colors/default.nix
View File

@@ -3,7 +3,7 @@
colors = { colors = {
foreground = "bd93f9"; foreground = "bd93f9";
foreground-dim = "644294"; foreground-dim = "644294";
background = "1E2029"; background = "1E1E2F";
gray = "3a3a3a"; gray = "3a3a3a";
warning = "ff6969"; warning = "ff6969";

7
hosts/pinwheel/modules/containers/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
dockerEnabled = config.mod.containers.docker.enable; dockerEnabled = config.mod.containers.docker.enable;
podmanEnabled = config.mod.containers.podman.enable; podmanEnabled = config.mod.containers.podman.enable;

2
hosts/pinwheel/modules/default.nix
View File

@@ -27,13 +27,13 @@ in
zsh.enable = true; zsh.enable = true;
openvpn.enable = true; openvpn.enable = true;
mullvad.enable = true;
c.enable = true; c.enable = true;
go.enable = true; go.enable = true;
rust.enable = true; rust.enable = true;
scala.enable = true; scala.enable = true;
python.enable = true; python.enable = true;
gleam.enable = true;
keyboard.enable = true; keyboard.enable = true;
containers = { containers = {

1
hosts/pinwheel/modules/direnv/default.nix
View File

@@ -9,7 +9,6 @@ in
nix-direnv.enable = true; nix-direnv.enable = true;
}; };
programs.direnv.enableZshIntegration = lib.mkIf zshEnabled true; programs.direnv.enableZshIntegration = lib.mkIf zshEnabled true;
}; };
} }

2
hosts/pinwheel/modules/dunst/default.nix
View File

@@ -7,8 +7,6 @@
settings = { settings = {
global = { global = {
monitor = 1; monitor = 1;
width = 300;
height = 300;
offset = "10x10"; offset = "10x10";
origin = "top-right"; origin = "top-right";
transparency = 10; transparency = 10;

4
hosts/pinwheel/modules/emacs/config.nix
View File

@@ -1,5 +1,5 @@
{ emacs, runCommand, ... }: { emacs, runCommand, ... }:
runCommand "default.el" {} '' runCommand "default.el" { } ''
cp ${./config.org} $TMPDIR/config.org cp ${./config.org} $TMPDIR/config.org
cd $TMPDIR cd $TMPDIR
${emacs}/bin/emacs --batch -Q \ ${emacs}/bin/emacs --batch -Q \
@@ -7,4 +7,4 @@ runCommand "default.el" {} ''
-f org-babel-tangle -f org-babel-tangle
mv config.el $out mv config.el $out
'' ''

70
hosts/pinwheel/modules/emacs/config.org
View File

@@ -479,7 +479,34 @@ Setup prefix for keybindings.
* Flycheck * Flycheck
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(use-package flycheck) (use-package flycheck
:preface
(defun mp-flycheck-eldoc (callback &rest _ignored)
"Print flycheck messages at point by calling CALLBACK."
(when-let ((flycheck-errors (and flycheck-mode (flycheck-overlay-errors-at (point)))))
(mapc
(lambda (err)
(funcall callback
(format "%s: %s"
(let ((level (flycheck-error-level err)))
(pcase level
('info (propertize "I" 'face 'flycheck-error-list-info))
('error (propertize "E" 'face 'flycheck-error-list-error))
('warning (propertize "W" 'face 'flycheck-error-list-warning))
(_ level)))
(flycheck-error-message err))
:thing (or (flycheck-error-id err)
(flycheck-error-group err))
:face 'font-lock-doc-face))
flycheck-errors)))
(defun mp-flycheck-prefer-eldoc ()
(add-hook 'eldoc-documentation-functions #'mp-flycheck-eldoc nil t)
(setq eldoc-documentation-strategy 'eldoc-documentation-compose-eagerly)
(setq flycheck-display-errors-function nil)
(setq flycheck-help-echo-function nil))
:hook ((flycheck-mode . mp-flycheck-prefer-eldoc)))
(use-package flycheck-eglot (use-package flycheck-eglot
:after (flycheck eglot) :after (flycheck eglot)
@@ -498,15 +525,28 @@ Setup prefix for keybindings.
) )
(defun alex/format-on-save () (defun alex/format-on-save ()
(add-hook 'before-save-hook #'eglot-format-buffer -10 t) (let ((excluded-files '("secrets.nix")))
) (unless (member (file-name-nondirectory buffer-file-name) excluded-files)
(add-hook 'before-save-hook #'eglot-format-buffer -10 t))))
(use-package eglot (use-package eglot
:preface
(defun mp-eglot-eldoc ()
(setq eldoc-echo-area-use-multiline-p nil)
(setq eldoc-documentation-strategy
'eldoc-documentation-compose-eagerly))
:config :config
(add-to-list 'eglot-server-programs (add-to-list 'eglot-server-programs
'(scala-mode . '(scala-mode .
("metals" :initializationOptions (:isHttpEnabled t)))) ("metals" :initializationOptions (:isHttpEnabled t))))
(add-to-list 'eglot-server-programs
'(nix-mode . ("nixd")))
(add-to-list 'eglot-server-programs
'(gleam-ts-mode . ("gleam" "lsp")))
(setq-default eglot-workspace-configuration (setq-default eglot-workspace-configuration
'( '(
:metals ( :metals (
@@ -516,12 +556,20 @@ Setup prefix for keybindings.
) )
:hook ( :hook (
(eglot-managed-mode . mp-eglot-eldoc)
(go-mode . eglot-ensure) (go-mode . eglot-ensure)
(go-mode . alex/organize-imports-on-save) (go-mode . alex/organize-imports-on-save)
(go-mode . alex/format-on-save) (go-mode . alex/format-on-save)
(c-mode . eglot-ensure) (c-mode . eglot-ensure)
(nix-mode . eglot-ensure) (nix-mode . eglot-ensure)
(nix-mode . alex/format-on-save)
(gleam-ts-mode . eglot-ensure)
(gleam-ts-mode . alex/format-on-save)
(python-mode . eglot-ensure)
(javascript-mode . eglot-ensure) (javascript-mode . eglot-ensure)
(js-mode . eglot-ensure) (js-mode . eglot-ensure)
(js-jsx-mode . eglot-ensure) (js-jsx-mode . eglot-ensure)
@@ -541,13 +589,6 @@ Setup prefix for keybindings.
:after eglot :after eglot
:config (eglot-booster-mode)) :config (eglot-booster-mode))
#+END_SRC #+END_SRC
** Eldoc-box
#+BEGIN_SRC emacs-lisp
(use-package eldoc-box
:after eglot
:bind (:map eglot-mode-map
("M-h" . eldoc-box-help-at-point)))
#+END_SRC
** Go ** Go
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(use-package go-mode (use-package go-mode
@@ -565,6 +606,12 @@ Setup prefix for keybindings.
) )
) )
#+END_SRC #+END_SRC
** Gleam
#+BEGIN_SRC emacs-lisp
(use-package gleam-ts-mode
:mode "\\.gleam\\'"
)
#+END_SRC
** YAML ** YAML
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(use-package yaml-mode (use-package yaml-mode
@@ -596,7 +643,8 @@ Setup prefix for keybindings.
#+BEGIN_SRC emacs-lisp #+BEGIN_SRC emacs-lisp
(setq (setq
js-indent-level 2 js-indent-level 2
js2-basic-offset 2) js2-basic-offset 2
indent-tabs-mode nil)
(add-to-list 'auto-mode-alist '("\\.ts\\'" . typescript-ts-mode)) (add-to-list 'auto-mode-alist '("\\.ts\\'" . typescript-ts-mode))
#+END_SRC #+END_SRC

3
hosts/pinwheel/modules/emacs/default.nix
View File

@@ -3,7 +3,7 @@ let
emacs = pkgs.emacsWithPackagesFromUsePackage { emacs = pkgs.emacsWithPackagesFromUsePackage {
package = pkgs.emacs-unstable; package = pkgs.emacs-unstable;
config = ./config.org; config = ./config.org;
defaultInitFile = pkgs.callPackage ./config.nix {}; defaultInitFile = pkgs.callPackage ./config.nix { };
alwaysEnsure = true; alwaysEnsure = true;
alwaysTangle = true; alwaysTangle = true;
@@ -51,6 +51,7 @@ in
emacs emacs
pkgs.wl-clipboard pkgs.wl-clipboard
pkgs.emacs-lsp-booster pkgs.emacs-lsp-booster
pkgs.nixd
]; ];
}; };

14
hosts/pinwheel/modules/firefox/default.nix
View File

@@ -29,14 +29,14 @@ let
ff = pkgs.writeShellApplication { ff = pkgs.writeShellApplication {
name = "ff"; name = "ff";
text = '' text = ''
${wrapped}/bin/firefox --ProfileManager ${wrapped}/bin/firefox-devedition --ProfileManager
''; '';
}; };
ff-alex = pkgs.writeShellApplication { ff-alex = pkgs.writeShellApplication {
name = "ff-alex"; name = "ff-alex";
text = '' text = ''
${wrapped}/bin/firefox -P alex --new-window "$@" ${wrapped}/bin/firefox-devedition -P alex --new-window "$@"
''; '';
}; };
@@ -59,7 +59,7 @@ in
name = "alex"; name = "alex";
isDefault = true; isDefault = true;
settings = sharedSettings // {}; settings = sharedSettings // { };
}; };
work = { work = {
@@ -109,12 +109,14 @@ in
configFile."mimeapps.list".force = true; configFile."mimeapps.list".force = true;
}; };
home.packages = [
home.packages = [ ff ff-alex ]; ff
ff-alex
];
}; };
environment.variables = { environment.variables = {
MOZ_ENABLE_WAYLAND=1; MOZ_ENABLE_WAYLAND = 1;
BROWSER = "${ff-alex}/bin/ff-alex $@"; BROWSER = "${ff-alex}/bin/ff-alex $@";
}; };
} }

4
hosts/pinwheel/modules/fonts/default.nix
View File

@@ -2,9 +2,9 @@
{ {
fonts.packages = [ fonts.packages = [
pkgs.noto-fonts pkgs.noto-fonts
pkgs.noto-fonts-cjk pkgs.noto-fonts-cjk-sans
pkgs.noto-fonts-emoji pkgs.noto-fonts-emoji
pkgs.nerdfonts pkgs.nerd-fonts.jetbrains-mono
pkgs.liberation_ttf pkgs.liberation_ttf
]; ];
} }

7
hosts/pinwheel/modules/foot/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.foot.enable; enabled = config.mod.foot.enable;

12
hosts/pinwheel/modules/games/default.nix
View File

@@ -1,16 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [ pkgs.brogue-ce ];
pkgs.brogue-ce
(pkgs.retroarch.override {
cores = [
pkgs.libretro.genesis-plus-gx
pkgs.libretro.snes9x
pkgs.libretro.dolphin
];
})
];
}; };
} }

7
hosts/pinwheel/modules/git/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.git.enable; enabled = config.mod.git.enable;
in in

3
hosts/pinwheel/modules/git/gitconfig
View File

@@ -5,9 +5,6 @@
[url "git@github.com:"] [url "git@github.com:"]
insteadOf = https://github.com/ insteadOf = https://github.com/
[url "git@gitlab.com:"]
insteadOf = https://gitlab.com/
[url "git@codeberg.org:"] [url "git@codeberg.org:"]
insteadOf = https://codeberg.org/ insteadOf = https://codeberg.org/

25
hosts/pinwheel/modules/gleam/default.nix Normal file
View File

@@ -0,0 +1,25 @@
{
pkgs,
lib,
config,
...
}:
let
enabled = config.mod.gleam.enable;
in
{
options = {
mod.gleam = {
enable = lib.mkEnableOption "enable gleam module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
home.packages = [
pkgs.gleam
pkgs.erlang
];
};
};
}

25
hosts/pinwheel/modules/go/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.go.enable; enabled = config.mod.go.enable;
in in
@@ -10,26 +15,14 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
nixpkgs.overlays = let
buildGo122 = pkgs: pkg:
pkg.override { buildGoModule = pkgs.buildGo122Module; };
in
[
(final: prev: {
go = prev.go_1_22;
gopls = buildGo122 prev prev.gopls;
go-tools = buildGo122 prev prev.go-tools;
govulncheck = buildGo122 prev prev.govulncheck;
gotestsum = buildGo122 prev prev.gotestsum;
})
];
home-manager.users.alex = { home-manager.users.alex = {
programs.go = { programs.go = {
enable = true; enable = true;
package = pkgs.go; package = pkgs.go;
goPath = "code/go"; env = {
GOPATH = "/home/alex/code/go";
};
}; };
home.packages = [ home.packages = [

10
hosts/pinwheel/modules/greetd/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.greetd.enable; enabled = config.mod.greetd.enable;
in in
@@ -13,7 +18,8 @@ in
services.greetd = { services.greetd = {
enable = true; enable = true;
settings = let settings =
let
session = { session = {
user = "alex"; user = "alex";
command = "${pkgs.hyprland}/bin/Hyprland"; command = "${pkgs.hyprland}/bin/Hyprland";

122
hosts/pinwheel/modules/hyprland/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.hyprland.enable; enabled = config.mod.hyprland.enable;
in in
@@ -20,11 +25,14 @@ in
extraConfig = '' extraConfig = ''
exec-once=waybar exec-once=waybar
exec-once=hyprctl setcursor Adwaita 24
env = GDK_DPI_SCALE,1.5 env = GDK_DPI_SCALE,1.5
env = XCURSOR_SIZE,64 env = HYPRCURSOR_THEME,Adwaita
env = HYPRCURSOR_SIZE,24
monitor=eDP-1, 1920x1200, 0x0, 1 monitor=eDP-1, 1920x1200, auto-center-down, 1
monitor=HDMI-A-1, 2560x1440@100, auto-center-up, 1
workspace = 1, monitor:HDMI-A-1 workspace = 1, monitor:HDMI-A-1
workspace = 2, monitor:HDMI-A-1 workspace = 2, monitor:HDMI-A-1
@@ -37,6 +45,13 @@ in
workspace = 9, monitor:eDP-1 workspace = 9, monitor:eDP-1
workspace = 10, monitor:eDP-1 workspace = 10, monitor:eDP-1
workspace = w[tv1], gapsout:0, gapsin:0
workspace = f[1], gapsout:0, gapsin:0
windowrulev2 = bordersize 0, floating:0, onworkspace:w[tv1]
windowrulev2 = rounding 0, floating:0, onworkspace:w[tv1]
windowrulev2 = bordersize 0, floating:0, onworkspace:f[1]
windowrulev2 = rounding 0, floating:0, onworkspace:f[1]
exec-once=dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP exec-once=dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP
''; '';
@@ -55,7 +70,7 @@ in
# 2 - Cursor focus will be detached from keyboard focus. Clicking on a window will move keyboard focus to that window. # 2 - Cursor focus will be detached from keyboard focus. Clicking on a window will move keyboard focus to that window.
follow_mouse = 2; follow_mouse = 2;
sensitivity = 0.30; sensitivity = 0.3;
touchpad = { touchpad = {
natural_scroll = false; natural_scroll = false;
tap-and-drag = false; tap-and-drag = false;
@@ -79,19 +94,21 @@ in
dwindle = { dwindle = {
force_split = 2; force_split = 2;
no_gaps_when_only = 1;
}; };
bind = let bind =
ws = x: let
let n = if (x + 1) < 10 ws =
then (x + 1) x:
else 0; let
n = if (x + 1) < 10 then (x + 1) else 0;
in in
builtins.toString n; builtins.toString n;
select = builtins.genList (x: "$mod, ${ws x}, workspace, ${builtins.toString (x + 1)}") 10; select = builtins.genList (x: "$mod, ${ws x}, workspace, ${builtins.toString (x + 1)}") 10;
move = builtins.genList (x: "$mod SHIFT, ${ws x}, movetoworkspacesilent, ${builtins.toString (x + 1)}") 10; move = builtins.genList (
x: "$mod SHIFT, ${ws x}, movetoworkspacesilent, ${builtins.toString (x + 1)}"
) 10;
magnifier = pkgs.writeShellScript "magnifier" '' magnifier = pkgs.writeShellScript "magnifier" ''
CURRENT=$(${pkgs.hyprland}/bin/hyprctl getoption cursor:zoom_factor -j | ${pkgs.jq}/bin/jq .float) CURRENT=$(${pkgs.hyprland}/bin/hyprctl getoption cursor:zoom_factor -j | ${pkgs.jq}/bin/jq .float)
@@ -111,7 +128,9 @@ in
${pkgs.hyprland}/bin/hyprctl keyword cursor:zoom_factor $UPDATED ${pkgs.hyprland}/bin/hyprctl keyword cursor:zoom_factor $UPDATED
''; '';
in in
select ++ move ++ [ select
++ move
++ [
"$mod, ESCAPE, killactive" "$mod, ESCAPE, killactive"
"$mod, f, fullscreen, 1" "$mod, f, fullscreen, 1"
@@ -161,84 +180,5 @@ in
# openGL is needed for wayland/hyprland # openGL is needed for wayland/hyprland
hardware.graphics.enable = true; hardware.graphics.enable = true;
systemd.user.services.hyprland-monitors = {
# systemctl --user restart hyprland-monitors.service
# journalctl --user -u hyprland-monitors.service -e -f
unitConfig = {
Description = "handles hyprland monitor connect/disconnect";
};
wantedBy = [ "graphical-session.target" ];
requires = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
path = [
pkgs.coreutils # to include `cat`
pkgs.waybar
pkgs.hyprland
pkgs.socat
pkgs.jq
pkgs.bc
pkgs.libnotify
];
script = let
moveWSToMonitor = monitor: first: last:
if last < first
then throw "'first' has to be less than or equal to 'last'"
else
builtins.genList (n: "dispatch moveworkspacetomonitor ${builtins.toString (first + n)} ${monitor}") (last - first + 1);
external = moveWSToMonitor "HDMI-A-1" 1 5;
internal = moveWSToMonitor "eDPI-1" 6 10;
onlyInternal = moveWSToMonitor "eDPI-1" 1 10;
in
''
update() {
HDMI_STATUS=$(cat /sys/class/drm/card1-HDMI-A-1/status)
INTERNAL_WIDTH=1920
INTERNAL_HEIGHT=1200
if [ $HDMI_STATUS = "connected" ]; then
notify-send "Using external and laptop monitor"
hyprctl keyword monitor HDMI-A-1,preferred,0x0,1
HDMI=$(hyprctl monitors -j | jq '.[] | select(.name=="HDMI-A-1")')
HDMI_WIDTH=$(echo $HDMI | jq .width)
HDMI_HEIGHT=$(echo $HDMI | jq .height)
INTERNAL_POS_X=$(echo "($HDMI_WIDTH - $INTERNAL_WIDTH) / 2" | bc)
if (( $(echo "$INTERNAL_POS_X < 0" | bc) )); then INTERNAL_POS_X=0; fi
INTERNAL_POS_Y=$HDMI_HEIGHT
hyprctl keyword monitor eDP-1,$INTERNAL_WIDTH"x"$INTERNAL_HEIGHT,$INTERNAL_POS_X"x"$INTERNAL_POS_Y,1
hyprctl --batch "${lib.strings.concatStringsSep ";" (external ++ internal)}"
else
notify-send "Using only laptop monitor"
hyprctl --batch "keyword monitor HDMI-A,disable; keyword monitor eDP-1,$INTERNAL_WIDTH"x"$INTERNAL_HEIGHT,0x0,1"
hyprctl --batch "${lib.strings.concatStringsSep ";" onlyInternal}"
fi
}
handle() {
case $1 in
monitoradded\>\>*|monitorremoved\>\>*)
echo "handling event: \"$1\""
update ;;
esac
}
echo "Starting service with instance \"$HYPRLAND_INSTANCE_SIGNATURE\""
# Do initial configuration
update
socat -U - UNIX-CONNECT:$XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock | while read -r line; do handle "$line"; done
'';
};
}; };
} }

2
hosts/pinwheel/modules/javascript/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...}: { pkgs, ... }:
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ pkgs.nodePackages.typescript-language-server ]; home.packages = [ pkgs.nodePackages.typescript-language-server ];

7
hosts/pinwheel/modules/keyboard/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.keyboard.enable; enabled = config.mod.keyboard.enable;
in in

7
hosts/pinwheel/modules/light/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
in in

30
hosts/pinwheel/modules/mullvad/default.nix
View File

@@ -1,30 +0,0 @@
{ pkgs, lib, config, ... }:
let
enabled = config.mod.mullvad.enable;
in
{
options = {
mod.mullvad = {
enable = lib.mkEnableOption "enable mullvad module";
};
};
config = lib.mkIf enabled {
services.mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
age.secrets = {
"mullvad-device" = {
file = ../../../../secrets/pinwheel/mullvad-device.age;
path = "/etc/mullvad-vpn/device.json";
};
"mullvad-account-history" = {
file = ../../../../secrets/pinwheel/mullvad-account-history.age;
path = "/etc/mullvad-vpn/account-history.json";
};
};
};
}

50
hosts/pinwheel/modules/music/default.nix Normal file
View File

@@ -0,0 +1,50 @@
{
inputs,
pkgs,
lib,
config,
...
}:
let
hyprlandEnabled = config.mod.hyprland.enable;
in
{
home-manager.users.alex = {
wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled {
settings = {
bind =
let
prev = "${pkgs.playerctl}/bin/playerctl -p naviterm,spotify previous";
next = "${pkgs.playerctl}/bin/playerctl -p naviterm,spotify next";
in
[
", XF86AudioPrev, exec, ${prev}"
", XF86AudioNext, exec, ${next}"
", XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spotify play-pause"
", XF86AudioPause, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spoitfy play-pause"
"$mod ALT, LEFT, exec, ${prev}"
"$mod ALT, RIGHT, exec, ${next}"
"$mod ALT, DOWN, exec, ${pkgs.playerctl}/bin/playerctl -p naviterm,spotify play-pause"
];
};
};
home.packages = [
pkgs.playerctl
pkgs.spotify
inputs.naviterm.packages.${pkgs.system}.default
];
};
systemd.user.services.playerctld = {
unitConfig = {
Description = "starts playerctld daemon";
};
wantedBy = [ "default.target" ];
serviceConfig = {
ExecStart = "${pkgs.playerctl}/bin/playerctld";
};
};
}

2
hosts/pinwheel/modules/nix/default.nix
View File

@@ -2,7 +2,7 @@
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [
pkgs.nil pkgs.nixfmt-rfc-style
pkgs.nix-tree pkgs.nix-tree
]; ];
}; };

12
hosts/pinwheel/modules/openvpn/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.openvpn.enable; enabled = config.mod.openvpn.enable;
in in
@@ -13,13 +18,12 @@ in
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [
pkgs.openvpn pkgs.openvpn
pkgs.update-systemd-resolved
]; ];
}; };
services.resolved = { services.resolved = {
enable = false; enable = true;
dnssec = "true"; dnssec = "false";
domains = [ "~." ]; domains = [ "~." ];
fallbackDns = [ fallbackDns = [
"1.1.1.1#one.one.one.one" "1.1.1.1#one.one.one.one"

7
hosts/pinwheel/modules/physlock/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.physlock.enable; enabled = config.mod.physlock.enable;
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;

19
hosts/pinwheel/modules/power/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.power.enable; enabled = config.mod.power.enable;
lowbat = config.mod.lowbat; lowbat = config.mod.lowbat;
@@ -39,8 +44,8 @@ in
enable = true; enable = true;
settings = { settings = {
START_CHARGE_THRESH_BAT0=75; START_CHARGE_THRESH_BAT0 = 75;
STOP_CHARGE_THRESH_BAT0=80; STOP_CHARGE_THRESH_BAT0 = 80;
}; };
}; };
}; };
@@ -58,7 +63,7 @@ in
Persistent = true; Persistent = true;
}; };
wantedBy = ["timers.target"]; wantedBy = [ "timers.target" ];
}; };
}; };
@@ -78,9 +83,11 @@ in
pkgs.swaylock pkgs.swaylock
]; ];
script = let script =
let
pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause"; pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause";
in '' in
''
BATTERY_CAPACITY=$(cat /sys/class/power_supply/${lowbat.battery}/capacity) BATTERY_CAPACITY=$(cat /sys/class/power_supply/${lowbat.battery}/capacity)
BATTERY_STATUS=$(cat /sys/class/power_supply/${lowbat.battery}/status) BATTERY_STATUS=$(cat /sys/class/power_supply/${lowbat.battery}/status)
echo "Battery capacity: $BATTERY_CAPACITY" echo "Battery capacity: $BATTERY_CAPACITY"

7
hosts/pinwheel/modules/python/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.python.enable; enabled = config.mod.python.enable;
in in

7
hosts/pinwheel/modules/rust/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.rust.enable; enabled = config.mod.rust.enable;
in in

7
hosts/pinwheel/modules/scala/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.scala.enable; enabled = config.mod.scala.enable;

8
hosts/pinwheel/modules/screenshot/default.nix
View File

@@ -1,4 +1,10 @@
{ inputs, pkgs, lib, config, ...}: {
inputs,
pkgs,
lib,
config,
...
}:
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;

7
hosts/pinwheel/modules/scripts/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.scripts.enable; enabled = config.mod.scripts.enable;

15
hosts/pinwheel/modules/sound/default.nix
View File

@@ -1,11 +1,16 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
in in
{ {
users.users.alex.extraGroups = [ "audio" ]; users.users.alex.extraGroups = [ "audio" ];
hardware.pulseaudio.enable = false; services.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
@@ -20,7 +25,8 @@ in
home-manager.users.alex = { home-manager.users.alex = {
wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled { wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled {
settings = { settings = {
bind = let bind =
let
toggle-output-mute = pkgs.writeShellScript "toggle-output-mute" '' toggle-output-mute = pkgs.writeShellScript "toggle-output-mute" ''
${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle ${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
MUTED=$(${pkgs.wireplumber}/bin/wpctl get-volume @DEFAULT_AUDIO_SINK@ | grep MUTED | wc -l) MUTED=$(${pkgs.wireplumber}/bin/wpctl get-volume @DEFAULT_AUDIO_SINK@ | grep MUTED | wc -l)
@@ -32,7 +38,8 @@ in
MUTED=$(${pkgs.wireplumber}/bin/wpctl get-volume @DEFAULT_AUDIO_SOURCE@ | grep MUTED | wc -l) MUTED=$(${pkgs.wireplumber}/bin/wpctl get-volume @DEFAULT_AUDIO_SOURCE@ | grep MUTED | wc -l)
echo $MUTED > /sys/class/leds/platform::micmute/brightness echo $MUTED > /sys/class/leds/platform::micmute/brightness
''; '';
in [ in
[
", XF86AudioRaiseVolume, exec, ${pkgs.wireplumber}/bin/wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 2%+" ", XF86AudioRaiseVolume, exec, ${pkgs.wireplumber}/bin/wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 2%+"
", XF86AudioLowerVolume, exec, ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%-" ", XF86AudioLowerVolume, exec, ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 2%-"
", XF86AudioMute, exec, ${toggle-output-mute}" ", XF86AudioMute, exec, ${toggle-output-mute}"

41
hosts/pinwheel/modules/spotify/default.nix
View File

@@ -1,41 +0,0 @@
{ pkgs, lib, config, ... }:
let
hyprlandEnabled = config.mod.hyprland.enable;
in
{
home-manager.users.alex = {
wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled {
settings = {
bind = let
prev = "${pkgs.playerctl}/bin/playerctl -p spotify previous";
next = "${pkgs.playerctl}/bin/playerctl -p spotify next";
in [
", XF86AudioPrev, exec, ${prev}"
", XF86AudioNext, exec, ${next}"
", XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl -p spotify play-pause"
", XF86AudioPause, exec, ${pkgs.playerctl}/bin/playerctl -p spoitfy play-pause"
"$mod ALT, LEFT, exec, ${prev}"
"$mod ALT, RIGHT, exec, ${next}"
"$mod ALT, DOWN, exec, ${pkgs.playerctl}/bin/playerctl -p spotify play-pause"
];
};
};
home.packages = [
pkgs.playerctl
pkgs.spotify
];
};
systemd.user.services.playerctld = {
unitConfig = {
Description = "starts playerctld daemon";
};
wantedBy = [ "default.target" ];
serviceConfig = {
ExecStart = "${pkgs.playerctl}/bin/playerctld";
};
};
}

71
hosts/pinwheel/modules/ssh/default.nix
View File

@@ -5,6 +5,13 @@
enable = true; enable = true;
matchBlocks = { matchBlocks = {
"manatee" = {
hostname = "manatee";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-manatee";
port = 1122;
};
"backwards" = { "backwards" = {
hostname = "backwards"; hostname = "backwards";
user = "alex"; user = "alex";
@@ -12,26 +19,6 @@
port = 1122; port = 1122;
}; };
"sombrero.local" = {
hostname = "192.168.50.200";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-sombrero";
port = 1122;
};
"sombrero" = {
hostname = "sombrero.a2x.se";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-sombrero";
port = 1122;
};
"andromeda" = {
hostname = "andromeda.a2x.se";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-andromeda";
};
"tadpole" = { "tadpole" = {
hostname = "65.21.106.222"; hostname = "65.21.106.222";
user = "alex"; user = "alex";
@@ -60,6 +47,19 @@
}; };
age.secrets = { age.secrets = {
"alex.pinwheel-manatee" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.age;
path = "/home/alex/.ssh/alex.pinwheel-manatee";
owner = "alex";
group = "users";
};
"alex.pinwheel-manatee.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-manatee.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-manatee.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-backwards" = { "alex.pinwheel-backwards" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.age; file = ../../../../secrets/pinwheel/alex.pinwheel-backwards.age;
path = "/home/alex/.ssh/alex.pinwheel-backwards"; path = "/home/alex/.ssh/alex.pinwheel-backwards";
@@ -72,18 +72,6 @@
owner = "alex"; owner = "alex";
group = "users"; group = "users";
}; };
"alex.pinwheel-sombrero" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-sombrero.age;
path = "/home/alex/.ssh/alex.pinwheel-sombrero";
owner = "alex";
group = "users";
};
"alex.pinwheel-sombrero.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-sombrero.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-sombrero.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-github.com" = { "alex.pinwheel-github.com" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-github.com.age; file = ../../../../secrets/pinwheel/alex.pinwheel-github.com.age;
@@ -124,19 +112,6 @@
group = "users"; group = "users";
}; };
"alex.pinwheel-andromeda" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-andromeda.age;
path = "/home/alex/.ssh/alex.pinwheel-andromeda";
owner = "alex";
group = "users";
};
"alex.pinwheel-andromeda.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-andromeda.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-andromeda.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-tadpole" = { "alex.pinwheel-tadpole" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole.age; file = ../../../../secrets/pinwheel/alex.pinwheel-tadpole.age;
path = "/home/alex/.ssh/alex.pinwheel-tadpole"; path = "/home/alex/.ssh/alex.pinwheel-tadpole";
@@ -155,9 +130,11 @@
enable = true; enable = true;
ports = [ 1122 ]; ports = [ 1122 ];
hostKeys = [{ hostKeys = [
{
path = "/etc/ssh/pinwheel"; path = "/etc/ssh/pinwheel";
type = "ed25519"; type = "ed25519";
}]; }
];
}; };
} }

10
hosts/pinwheel/modules/swaylock/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.swaylock.enable; enabled = config.mod.swaylock.enable;
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
@@ -30,7 +35,8 @@ in
wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled { wayland.windowManager.hyprland = lib.mkIf hyprlandEnabled {
settings = { settings = {
bind = let bind =
let
pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause"; pause-music = "${pkgs.playerctl}/bin/playerctl -p spotify pause";
dpmsTimeout = config.mod.swaylock.dpmsTimeout; dpmsTimeout = config.mod.swaylock.dpmsTimeout;

16
hosts/pinwheel/modules/syncthing/default.nix
View File

@@ -16,13 +16,17 @@
devices = { devices = {
phone.id = config.lib.syncthing.phone; phone.id = config.lib.syncthing.phone;
backwards.id = config.lib.syncthing.backwards; backwards.id = config.lib.syncthing.backwards;
sombrero.id = config.lib.syncthing.sombrero; manatee.id = config.lib.syncthing.manatee;
}; };
folders = { folders = {
org = { org = {
path = "/home/alex/sync/org"; path = "/home/alex/sync/org";
devices = [ "sombrero" "phone" "backwards" ]; devices = [
"phone"
"backwards"
"manatee"
];
versioning = { versioning = {
type = "staggered"; type = "staggered";
params = { params = {
@@ -33,7 +37,7 @@
personal = { personal = {
path = "/home/alex/sync/personal"; path = "/home/alex/sync/personal";
devices = [ "sombrero" "backwards" ]; devices = [ "backwards" ];
versioning = { versioning = {
type = "staggered"; type = "staggered";
params = { params = {
@@ -44,7 +48,7 @@
work = { work = {
path = "/home/alex/sync/work"; path = "/home/alex/sync/work";
devices = [ "sombrero" "backwards" ]; devices = [ "backwards" ];
versioning = { versioning = {
type = "staggered"; type = "staggered";
params = { params = {
@@ -54,8 +58,8 @@
}; };
books = { books = {
path = "/home/alex/sync/books"; path = "/home/alex/sync/reading-material/books";
devices = [ "sombrero" "backwards" ]; devices = [ "backwards" ];
versioning = { versioning = {
type = "staggered"; type = "staggered";
params = { params = {

2
hosts/pinwheel/modules/terraform/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...}: { pkgs, ... }:
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.packages = [ home.packages = [

16
hosts/pinwheel/modules/vm/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.vm.enable; enabled = config.mod.vm.enable;
in in
@@ -12,7 +17,10 @@ in
config = lib.mkIf enabled { config = lib.mkIf enabled {
virtualisation = { virtualisation = {
spiceUSBRedirection.enable = true; # Allow redirecting USB to the VM spiceUSBRedirection.enable = true; # Allow redirecting USB to the VM
libvirtd.enable = true; libvirtd = {
enable = true;
qemu.vhostUserPackages = [ pkgs.virtiofsd ];
};
}; };
users.users.alex = { users.users.alex = {
@@ -26,8 +34,8 @@ in
home-manager.users.alex = { home-manager.users.alex = {
dconf.settings = { dconf.settings = {
"org/virt-manager/virt-manager/connections" = { "org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"]; autoconnect = [ "qemu:///system" ];
uris = ["qemu:///system"]; uris = [ "qemu:///system" ];
}; };
}; };
}; };

129
hosts/pinwheel/modules/waybar/default.nix
View File

@@ -1,15 +1,20 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
hyprlandEnabled = config.mod.hyprland.enable; hyprlandEnabled = config.mod.hyprland.enable;
spotify-status = pkgs.writeShellScript "spotify-status" '' music-status = pkgs.writeShellScript "music-status" ''
STATUS=$(${pkgs.playerctl}/bin/playerctl -p spotify status 2>&1) STATUS=$(${pkgs.playerctl}/bin/playerctl -p naviterm,spotify status 2>&1)
if [ "$STATUS" = "No players found" ]; then if [ "$STATUS" = "No players found" ]; then
echo "" echo ""
else else
FORMAT="{{markup_escape(xesam:title)}} - {{markup_escape(xesam:artist)}}" FORMAT="{{markup_escape(xesam:title)}} - {{markup_escape(xesam:artist)}}"
OUTPUT=$(${pkgs.playerctl}/bin/playerctl -p spotify metadata --format "$FORMAT") OUTPUT=$(${pkgs.playerctl}/bin/playerctl -p naviterm,spotify metadata --format "$FORMAT")
case "$STATUS" in case "$STATUS" in
"Playing") "Playing")
echo "<span font='14' rise='-3000'></span> $OUTPUT" echo "<span font='14' rise='-3000'></span> $OUTPUT"
@@ -35,47 +40,45 @@ let
fi fi
''; '';
mullvad = pkgs.writeShellScript "mullvad" '' tailscale = pkgs.writeShellScript "tailscale" ''
STATUS_DISCONNECTING="Disconnecting" STATUS_STOPPED="Tailscale is stopped."
STATUS_DISCONNECTED="Disconnected"
STATUS_CONNECTING="Connecting"
STATUS_CONNECTED="Connected"
status() {
STATUS=$(${pkgs.mullvad}/bin/mullvad status | ${pkgs.gawk}/bin/awk 'NR==1{print $1}')
echo $STATUS
}
output() { output() {
case $(status) in STATUS=$(tailscale status)
$STATUS_DISCONNECTED)
echo '{ "text": "", "class": "disconnected" }' ;; case $STATUS in
$STATUS_CONNECTING) $STATUS_STOPPED)
echo '{ "text": "", "tooltip": "Connecting", "class": "disconnected" }' ;; echo '{ "text": "", "class": "disconnected" }' ;;
$STATUS_CONNECTED)
TOOLTIP=$(${pkgs.mullvad}/bin/mullvad status | ${pkgs.gawk}/bin/awk 'NR==1')
echo "{ \"text\": \"\", \"tooltip\":\"$TOOLTIP\" }" ;;
$STATUS_DISCONNECTING)
echo '{ "text": "", "tooltip": "Disconnecting", "class": "disconnected" }' ;;
*) *)
echo '{ "text": "", "tooltip": "Status unknown", "class": "disconnected" }' ;; EXIT_NODE=$(tailscale status --json | ${pkgs.jq}/bin/jq .ExitNodeStatus)
EXIT_NODE_ONLINE=$(echo $EXIT_NODE | ${pkgs.jq}/bin/jq .Online)
if [ "$EXIT_NODE_ONLINE" == "null" ]; then
echo '{ "text": "", "class": "disconnected" }'
exit 0
fi
EXIT_NODE_ID=$(echo $EXIT_NODE | ${pkgs.jq}/bin/jq .ID)
EXIT_NODE_NAME=$(tailscale status --json | ${pkgs.jq}/bin/jq ".Peer.[] | select(.ID == $EXIT_NODE_ID) | .HostName")
echo "{ \"text\": \"\", \"tooltip\": $EXIT_NODE_NAME }"
;;
esac esac
} }
toggle() { toggle-exit-node() {
CURRENT_STATUS=$(status) PREFERRED_EXIT_NODE=$(${pkgs.coreutils}/bin/cat ${config.age.secrets.tailscale-preferred-exit-node.path})
case "$CURRENT_STATUS" in EXIT_NODE_ONLINE=$(tailscale status --json | ${pkgs.jq}/bin/jq .ExitNodeStatus.Online)
$STATUS_DISCONNECTED) if [ "$EXIT_NODE_ONLINE" == "true" ]; then
${pkgs.mullvad}/bin/mullvad connect --wait > /dev/null && ${pkgs.libnotify}/bin/notify-send "Connected to VPN";; tailscale set --exit-node="" && ${pkgs.libnotify}/bin/notify-send "Disconnected from Exit Node"
$STATUS_CONNECTED) else
${pkgs.mullvad}/bin/mullvad disconnect --wait > /dev/null && ${pkgs.libnotify}/bin/notify-send "Disconnected from VPN";; tailscale set --exit-node=$PREFERRED_EXIT_NODE && ${pkgs.libnotify}/bin/notify-send "Connected to Exit Node"
esac fi
} }
case $1 in case $1 in
--toggle) --toggle-exit-node)
toggle ;; toggle-exit-node ;;
--output) --output)
output ;; output ;;
esac esac
@@ -123,12 +126,12 @@ in
modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ]; modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ];
modules-right = [ modules-right = [
"custom/work-vpn-status" "custom/work-vpn-status"
"custom/spotify" "custom/music"
"custom/container-status" "custom/container-status"
"custom/dunst" "custom/dunst"
"custom/mullvad"
"bluetooth" "bluetooth"
"wireplumber" "wireplumber"
"custom/tailscale"
"network" "network"
"battery" "battery"
"clock" "clock"
@@ -136,12 +139,12 @@ in
"custom/work-vpn-status" = { "custom/work-vpn-status" = {
exec = "${work-vpn-status}"; exec = "${work-vpn-status}";
interval = 1; interval = 2;
}; };
"custom/spotify" = { "custom/music" = {
exec = spotify-status; exec = music-status;
interval = 1; interval = 2;
max-length = 70; max-length = 70;
tooltip = false; tooltip = false;
}; };
@@ -149,21 +152,21 @@ in
"custom/container-status" = { "custom/container-status" = {
exec = "${container-status}"; exec = "${container-status}";
return-type = "json"; return-type = "json";
interval = 1; interval = 2;
}; };
"custom/dunst" = { "custom/dunst" = {
exec = notifications-status; exec = notifications-status;
on-click-right = "${pkgs.dunst}/bin/dunstctl set-paused toggle"; on-click-right = "${pkgs.dunst}/bin/dunstctl set-paused toggle";
interval = 1; interval = 2;
tooltip = false; tooltip = false;
}; };
"custom/mullvad" = { "custom/tailscale" = {
exec = "${mullvad} --output"; exec = "${tailscale} --output";
return-type = "json"; return-type = "json";
on-click-right = "${mullvad} --toggle"; on-click-right = "${tailscale} --toggle-exit-node";
interval = 1; interval = 2;
}; };
bluetooth = { bluetooth = {
@@ -194,8 +197,15 @@ in
"interval" = 60; "interval" = 60;
"format" = "<span font='10' rise='1000'>{icon}</span> {capacity}%"; "format" = "<span font='10' rise='1000'>{icon}</span> {capacity}%";
"format-time" = "{H}h {M}min"; "format-time" = "{H}h {M}min";
"format-charging" ="󰂄 {capacity}%"; "format-charging" = "󰂄 {capacity}%";
"format-icons" = ["󰁺" "󰁻" "󰁽" "󰁿" "󰂁" "󰁹" ]; "format-icons" = [
"󰁺"
"󰁻"
"󰁽"
"󰁿"
"󰂁"
"󰁹"
];
}; };
"clock" = { "clock" = {
@@ -212,7 +222,10 @@ in
height = 30; height = 30;
spacing = 20; spacing = 20;
fixed-center = false; fixed-center = false;
output = [ "HDMI-A-1" ]; output = [
"HDMI-A-1"
"DP-3"
];
modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ]; modules-left = lib.mkIf hyprlandEnabled [ "hyprland/workspaces" ];
modules-right = [ modules-right = [
@@ -222,7 +235,7 @@ in
"custom/work-vpn-status" = { "custom/work-vpn-status" = {
exec = "${work-vpn-status}"; exec = "${work-vpn-status}";
interval = 1; interval = 2;
}; };
"clock" = { "clock" = {
@@ -267,7 +280,11 @@ in
color: #${config.lib.colors.warning}; color: #${config.lib.colors.warning};
} }
#custom-mullvad.disconnected { #custom-tailscale {
font-size: 30px;
}
#custom-tailscale.disconnected {
color: #${config.lib.colors.warning}; color: #${config.lib.colors.warning};
} }
@@ -286,4 +303,12 @@ in
''; '';
}; };
}; };
age.secrets = {
"tailscale-preferred-exit-node" = {
file = ../../../../secrets/pinwheel/tailscale-preferred-exit-node.age;
owner = "alex";
group = "users";
};
};
} }

7
hosts/pinwheel/modules/wezterm/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.wezterm.enable; enabled = config.mod.wezterm.enable;

33
hosts/pinwheel/modules/work/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
gitEnabled = config.mod.git.enable; gitEnabled = config.mod.git.enable;
goEnabled = config.mod.go.enable; goEnabled = config.mod.go.enable;
@@ -7,20 +12,24 @@ in
{ {
home-manager.users.alex = { home-manager.users.alex = {
home.sessionVariables = { home.sessionVariables = {
GITHUB_ACTOR="Alexander Heldt"; GITHUB_ACTOR = "Alexander Heldt";
GITHUB_TOKEN="$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-github-token.path})"; GITHUB_TOKEN = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-github-token.path})";
}; };
home.packages = [ home.packages = [
(pkgs.callPackage ./syb-cli.nix {}) # (pkgs.callPackage ./pants.nix { inherit (pkgs) system; })
(pkgs.callPackage ./pants.nix {}) # (pkgs.callPackage ./syb-cli.nix { })
(pkgs.jetbrains.plugins.addPlugins pkgs.jetbrains.idea-ultimate [ "ideavim" ]) (pkgs.jetbrains.plugins.addPlugins pkgs.jetbrains.idea-ultimate [ "ideavim" ])
(pkgs.google-cloud-sdk.withExtraComponents [ pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin ])
(pkgs.graphite-cli.overrideAttrs(_: { (pkgs.google-cloud-sdk.withExtraComponents [
version = "1.4.3"; pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin
})) ])
pkgs.xdg-utils # needed by graphite-cli
pkgs.graphite-cli
pkgs.postman
pkgs.grpcurl
# for `radio` # for `radio`
pkgs.go-mockery pkgs.go-mockery
@@ -28,7 +37,9 @@ in
]; ];
programs.go = lib.mkIf goEnabled { programs.go = lib.mkIf goEnabled {
goPrivate = [ "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-go-private.path})" ]; env = {
GOPRIVATE = [ "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.work-go-private.path})" ];
};
}; };
programs.git = lib.mkIf gitEnabled { programs.git = lib.mkIf gitEnabled {

72
hosts/pinwheel/modules/work/pants.nix
View File

@@ -1,47 +1,69 @@
{ {
fetchurl, system,
pkgs, pkgs,
lib, lib,
...
}: }:
let let
pname = "pants";
version = "0.12.0"; version = "0.12.0";
scie-pants = pkgs.stdenv.mkDerivation { if_let = v: p: if lib.attrsets.matchAttrs p v then v else null;
inherit pname version; match =
v: l: builtins.elemAt (lib.lists.findFirst (x: (if_let v (builtins.elemAt x 0)) != null) null l) 1;
src = fetchurl { package = match { platform = system; } [
url = "https://github.com/pantsbuild/scie-pants/releases/download/v${version}/scie-${pname}-linux-x86_64"; [
{ platform = "aarch64-linux"; }
{
url = "https://github.com/pantsbuild/scie-pants/releases/download/v${version}/scie-pants-linux-aarch64";
hash = lib.fakeSha256;
}
]
[
{ platform = "x86_64-linux"; }
{
url = "https://github.com/pantsbuild/scie-pants/releases/download/v${version}/scie-pants-linux-x86_64";
hash = "sha256-9PjgobndxVqDTYGtw1HESrtzwzH2qE9zFwR26xtwZrM="; hash = "sha256-9PjgobndxVqDTYGtw1HESrtzwzH2qE9zFwR26xtwZrM=";
}; }
]
[
{ platform = "aarch64-darwin"; }
{
url = "https://github.com/pantsbuild/scie-pants/releases/download/v${version}/scie-pants-macos-aarch64";
hash = "sha256-1Ha8GAOl7mWVunGKf7INMjar+jnLXaDEPStqE+kK3D4=";
}
]
];
phases = ["installPhase" "patchPhase"]; unpatched = pkgs.stdenv.mkDerivation {
name = "scie-pants";
version = version;
sourceRoot = ".";
phases = [
"installPhase"
"patchPhase"
];
src = pkgs.fetchurl package;
installPhase = '' installPhase = ''
runHook preInstall
mkdir -p $out/bin mkdir -p $out/bin
cp $src $out/bin/pants cp $src $out/bin/pants
chmod +x $out/bin/pants chmod +x $out/bin/pants
runHook postInstall
''; '';
}; };
in
pkgs.buildFHSUserEnv { patched = pkgs.buildFHSEnv {
name = "pants"; name = "pants";
targetPackages = [ pkgs.python39 ];
targetPackages = with pkgs; [ runScript = "${unpatched}/bin/pants";
python39
];
runScript = "${scie-pants}/bin/pants";
profile = '' profile = ''
export NIX_SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt" export NIX_SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt"
export SSL_CERT_FILE="/etc/ssl/certs/ca-bundle.crt" export SSL_CERT_FILE="/etc/ssl/certs/ca-bundle.crt"
''; '';
meta = with lib; {
description = "Protects your Pants from the elements";
homepage = "https://github.com/pantsbuild/scie-pants";
license = licenses.asl20;
maintainers = [];
platforms = [ "x86_64-linux" ];
mainProgram = "pants";
}; };
} in
if pkgs.stdenv.isDarwin then unpatched else patched

9
hosts/pinwheel/modules/zsh/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
let let
enabled = config.mod.zsh.enable; enabled = config.mod.zsh.enable;
in in
@@ -49,7 +54,7 @@ in
} }
]; ];
initExtra = lib.strings.concatStringsSep "\n" [ initContent = lib.strings.concatStringsSep "\n" [
"export KEYTIMEOUT=1" "export KEYTIMEOUT=1"
"bindkey -v '^?' backward-delete-char" "bindkey -v '^?' backward-delete-char"
"bindkey '^a' beginning-of-line" "bindkey '^a' beginning-of-line"

79
hosts/sombrero/configuration.nix
View File

@@ -1,79 +0,0 @@
{ pkgs, ... }:
{
imports =
[
../../config-manager/default.nix
../../shared-modules/syncthing.nix
./hardware-configuration.nix
./modules
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config.allowUnfree = true;
environment.variables.EDITOR = "vim";
hardware.enableRedistributableFirmware = true;
# Set your time zone.
time.timeZone = "Europe/Stockholm";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
# };
users = {
mutableUsers = false;
users.root = {
hashedPassword = "$6$3mkwaUWd8NA6XuEb$x80tETKGz6FEG.kej3v5Vh6hRNoC6bikhXogTP.zZwYtISA46JaN3RMK3ckbqt8Aj52d3krSLOfBaAR1qzuJ2/";
};
users."alex" = {
isNormalUser = true;
hashedPassword = "$6$3mkwaUWd8NA6XuEb$x80tETKGz6FEG.kej3v5Vh6hRNoC6bikhXogTP.zZwYtISA46JaN3RMK3ckbqt8Aj52d3krSLOfBaAR1qzuJ2/";
extraGroups = [ "wheel" ];
};
};
environment.systemPackages = with pkgs; [
gnumake
mkpasswd
vim
];
config-manager = {
flakePath = "/home/alex/config";
};
mod = {
git.enable = true;
ssh.enable = true;
docker.enable = true;
nginx.enable = true;
syncthing.enable = true;
plex.enable = true;
calibre-web.enable = true;
transmission.enable = true;
restic.enable = true;
pppdotpm-site.enable = false;
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

52
hosts/sombrero/hardware-configuration.nix
View File

@@ -1,52 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/15329cb1-655e-475d-96f0-bfb8ccd05167";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/AD29-0697";
fsType = "vfat";
};
fileSystems."/home/alex/media" =
{ device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
fsType = "ext4";
options = [ "nofail" ];
};
fileSystems."/home/alex/backup" =
{ device = "/dev/disk/by-uuid/34601701-65e6-4b2c-ac4d-8bef3dfd743f";
fsType = "ext4";
options = [ "nofail" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/98c46b15-7efe-43fd-8812-7e2c01f5a40a"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

25
hosts/sombrero/modules/boot/default.nix
View File

@@ -1,25 +0,0 @@
{ pkgs, ... }: {
boot = {
loader = {
grub.enable = false;
efi.canTouchEfiVariables = true;
raspberryPi = {
enable = true;
version = 4;
};
};
tmp = {
useTmpfs = true;
};
kernelPackages = pkgs.linuxPackages_rpi4;
kernelParams = [
"8250.nr_uarts=1"
"console=ttyAMA0,115200"
"console=tty1"
"cma=128M"
];
};
}

52
hosts/sombrero/modules/calibre-web/default.nix
View File

@@ -1,52 +0,0 @@
{ lib, config, ... }:
let
enabled = config.mod.calibre-web.enable;
nginxEnabled = config.mod.nginx.enable;
in
{
options = {
mod.calibre-web = {
enable = lib.mkEnableOption "add calibre-web module";
};
};
config = lib.mkIf (enabled && nginxEnabled) {
services = {
calibre-web = {
enable = true;
user = "alex";
group = "users";
listen = {
ip = "127.0.0.1";
port = 8083;
};
options = {
calibreLibrary = "/home/alex/backup/books";
enableBookUploading = true;
};
};
};
networking = {
firewall = {
allowedTCPPorts = [ 8083 ];
};
};
services = {
nginx = {
virtualHosts."books.sombrero.a2x.se" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8083";
};
};
};
};
};
}

8
hosts/sombrero/modules/default.nix
View File

@@ -1,8 +0,0 @@
{ lib, ... }:
let
toModulePath = dir: _: ./. + "/${dir}";
filterDirs = dirs: lib.attrsets.filterAttrs (_: type: type == "directory") dirs;
in
{
imports = lib.mapAttrsToList toModulePath (filterDirs (builtins.readDir ./.));
}

29
hosts/sombrero/modules/docker/default.nix
View File

@@ -1,29 +0,0 @@
{ pkgs, lib, config, ... }:
let
enabled = config.mod.docker.enable;
in
{
options = {
mod.docker = {
enable = lib.mkEnableOption "enable docker module";
};
};
config = lib.mkIf enabled {
virtualisation = {
docker = {
enable = true;
};
oci-containers = {
backend = "docker";
};
};
users.users.alex.extraGroups = [ "docker" ];
home-manager.users.alex = {
home.packages = [ pkgs.docker-compose ];
};
};
}

6
hosts/sombrero/modules/mullvad/default.nix
View File

@@ -1,6 +0,0 @@
{ ... }:
{
services.mullvad-vpn = {
enable = true;
};
}

18
hosts/sombrero/modules/network/default.nix
View File

@@ -1,18 +0,0 @@
{
networking = {
hostName = "sombrero";
defaultGateway = "192.168.50.1";
nameservers = [ "8.8.8.8" ];
interfaces = {
eth0 = {
ipv4 = {
addresses = [{
address = "192.168.50.200";
prefixLength = 24;
}];
};
};
};
};
}

42
hosts/sombrero/modules/plex/default.nix
View File

@@ -1,42 +0,0 @@
{ lib, config, ... }:
let
enable = config.mod.plex.enable;
dockerEnabled = config.mod.docker.enable;
in
{
options = {
mod.plex = {
enable = lib.mkEnableOption "enable plex module";
};
};
config = lib.mkIf (enable && dockerEnabled) {
virtualisation = {
oci-containers.containers = {
plex = {
image = "linuxserver/plex";
autoStart = true;
environment = {
TZ = "Europe/Stockholm";
VERSION = "latest";
};
extraOptions = [ "--network=host" ];
volumes = [
"/home/alex/media/plex/db:/config"
"/home/alex/media/movies:/movies"
"/home/alex/media/tv:/tv"
];
};
};
};
networking = {
firewall = {
allowedTCPPorts = [ 32400 ];
};
};
};
}

Some files were not shown because too many files have changed in this diff Show More