Lithospherical/nix-config
1
0
Fork 0
forked from jan-leila/nix-config
Code Pull requests Activity

Merge pull request 'main' (#2) from jan-leila/nix-config:main into main

Browse source 
Reviewed-on: #2
This commit is contained in:
Lithospherical 2025-06-05 04:13:46 +00:00
commit 198e4c4c5b
61 changed files with 1323 additions and 736 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.sops.yaml
View file

@ -13,3 +13,7 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *leyla - *leyla
- path_regex: secrets/application-keys.yaml$
key_groups:
- age:
- *leyla

63
configurations/home-manager/eve/packages.nix
View file

@ -12,41 +12,48 @@ in {
# See https://search.nixos.org/packages for all options # See https://search.nixos.org/packages for all options
home.packages = lib.lists.optionals userConfig.isDesktopUser ( home.packages = lib.lists.optionals userConfig.isDesktopUser (
with pkgs; [ with pkgs; [
firefox
bitwarden
discord
makemkv
signal-desktop-bin
ungoogled-chromium ungoogled-chromium
] ]
); );
# Packages that need to be installed with some extra configuration # Packages that need to be installed with some extra configuration
# See https://home-manager-options.extranix.com/ for all options # See https://home-manager-options.extranix.com/ for all options
programs = { programs = lib.mkMerge [
# Let Home Manager install and manage itself. {
home-manager.enable = true; # Let Home Manager install and manage itself.
home-manager.enable = true;
}
(lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) {
git = {
enable = true;
userName = "Eve";
userEmail = "evesnrobins@gmail.com";
extraConfig.init.defaultBranch = "main";
};
git = { openssh = {
enable = true; enable = true;
userName = "Eve"; hostKeys = [
userEmail = "evesnrobins@gmail.com"; {
extraConfig.init.defaultBranch = "main"; type = "ed25519";
}; path = "${config.home.username}_${osConfig.networking.hostName}_ed25519";
}
];
};
})
(lib.mkIf config.user.isDesktopUser {
vscode = {
enable = true;
package = pkgs.vscodium;
};
vscode = { firefox.enable = true;
enable = true; bitwarden.enable = true;
package = pkgs.vscodium; discord.enable = true;
}; makemkv.enable = true;
signal-desktop-bin.enable = true;
openssh = { steam.enable = true;
hostKeys = [ })
{ ];
type = "ed25519";
path = "${config.home.username}_${osConfig.networking.hostName}_ed25519";
}
];
};
};
}; };
} }

10
configurations/home-manager/leyla/default.nix
View file

@ -1,7 +1,11 @@
{osConfig, ...}: { {
config,
osConfig,
...
}: {
imports = [ imports = [
./packages
./i18n.nix ./i18n.nix
./packages.nix
./impermanence.nix ./impermanence.nix
./dconf.nix ./dconf.nix
]; ];
@ -35,7 +39,7 @@
# org.gradle.console=verbose # org.gradle.console=verbose
# org.gradle.daemon.idletimeout=3600000 # org.gradle.daemon.idletimeout=3600000
# ''; # '';
".config/user-dirs.dirs" = { "${config.xdg.configHome}/user-dirs.dirs" = {
force = true; force = true;
text = '' text = ''
# This file is written by xdg-user-dirs-update # This file is written by xdg-user-dirs-update

7
configurations/home-manager/leyla/impermanence.nix
View file

@ -1,5 +1,6 @@
{ {
lib, lib,
config,
osConfig, osConfig,
... ...
}: { }: {
@ -9,14 +10,10 @@
"desktop" "desktop"
"downloads" "downloads"
"documents" "documents"
{
directory = ".local/share/Steam";
method = "symlink";
}
]; ];
files = [ files = [
".bash_history" # keep shell history around ".bash_history" # keep shell history around
".local/share/recently-used.xbel" # gnome recently viewed files "${config.xdg.dataHome}/recently-used.xbel" # gnome recently viewed files
]; ];
allowOther = true; allowOther = true;
}; };

135
configurations/home-manager/leyla/packages.nix
View file

@ -1,135 +0,0 @@
{
lib,
config,
osConfig,
pkgs,
...
}: let
userConfig = osConfig.host.users.leyla;
hardware = osConfig.host.hardware;
in {
imports = [
./vscode/default.nix
./firefox.nix
];
config = lib.mkMerge [
(lib.mkIf userConfig.isTerminalUser {
home.packages = with pkgs; [
# command line tools
sox
yt-dlp
ffmpeg
imagemagick
];
})
(lib.mkIf userConfig.isDesktopUser {
nixpkgs.config = {
allowUnfree = true;
};
home.packages = (
lib.lists.optionals userConfig.isDesktopUser (
(with pkgs; [
# helvetica font
aileron
gnomeExtensions.dash-to-dock
# development tools
dbeaver-bin
bruno
proxmark3
])
++ (
lib.lists.optionals hardware.directAccess.enable (with pkgs; [
#foss platforms
signal-desktop-bin
bitwarden
ungoogled-chromium
libreoffice
inkscape
gimp
krita
freecad
# cura
# kicad-small
makemkv
onionshare
# rhythmbox
(lib.mkIf hardware.graphicsAcceleration.enable obs-studio)
# wireshark
# rpi-imager
# fritzing
mfoc
tor-browser
anki
pdfarranger
calibre
qbittorrent
picard
# proprietary platforms
discord
obsidian
(lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve)
# development tools
# androidStudioPackages.canary
jetbrains.idea-community
qFlipper
# system tools
protonvpn-gui
openvpn
noisetorch
# hardware management tools
(lib.mkIf hardware.piperMouse.enable piper)
(lib.mkIf hardware.openRGB.enable openrgb)
(lib.mkIf hardware.viaKeyboard.enable via)
])
)
)
);
programs = lib.mkIf userConfig.isDesktopUser {
# Let Home Manager install and manage itself.
home-manager.enable = true;
# set up git defaults
git = {
enable = true;
userName = "Leyla Becker";
userEmail = "git@jan-leila.com";
extraConfig.init.defaultBranch = "main";
};
# add direnv to auto load flakes for development
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
config = {
global.hide_env_diff = true;
whitelist.exact = ["/home/leyla/documents/code/nix-config"];
};
};
bash.enable = true;
openssh = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight"
];
hostKeys = [
{
type = "ed25519";
path = "${config.home.username}_${osConfig.networking.hostName}_ed25519";
}
];
};
};
})
];
}

118
configurations/home-manager/leyla/packages/default.nix Normal file
View file

@ -0,0 +1,118 @@
{
lib,
pkgs,
config,
osConfig,
...
}: let
hardware = osConfig.host.hardware;
in {
imports = [
./vscode
./firefox.nix
./direnv.nix
./openssh.nix
./git.nix
./makemkv.nix
];
config = lib.mkMerge [
{
programs = lib.mkMerge [
{
# Let Home Manager install and manage itself.
home-manager.enable = true;
}
(lib.mkIf (config.user.isTerminalUser || config.user.isDesktopUser) {
bash.enable = true;
git.enable = true;
openssh.enable = true;
})
(lib.mkIf config.user.isDesktopUser {
bitwarden.enable = true;
obs-studio.enable = hardware.graphicsAcceleration.enable;
qbittorrent.enable = true;
prostudiomasters.enable = true;
protonvpn-gui.enable = true;
dbeaver-bin.enable = true;
bruno.enable = true;
})
(lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) {
anki.enable = true;
makemkv.enable = true;
discord.enable = true;
signal-desktop-bin.enable = true;
calibre.enable = true;
obsidian.enable = true;
jetbrains.idea-community.enable = true;
vscode.enable = true;
firefox.enable = true;
steam.enable = true;
})
];
}
(lib.mkIf config.user.isTerminalUser {
home.packages = with pkgs; [
# command line tools
sox
yt-dlp
ffmpeg
imagemagick
];
})
(lib.mkIf config.user.isDesktopUser {
nixpkgs.config = {
allowUnfree = true;
};
home.packages = (
(with pkgs; [
aileron
gnomeExtensions.dash-to-dock
proxmark3
])
++ (
lib.lists.optionals hardware.directAccess.enable (with pkgs; [
#foss platforms
ungoogled-chromium
libreoffice
inkscape
gimp
krita
freecad
# cura
# kicad-small
onionshare
# rhythmbox
# wireshark
# rpi-imager
# fritzing
mfoc
tor-browser
pdfarranger
picard
# proprietary platforms
(lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve)
# development tools
# androidStudioPackages.canary
qFlipper
# system tools
openvpn
noisetorch
# hardware management tools
(lib.mkIf hardware.piperMouse.enable piper)
(lib.mkIf hardware.openRGB.enable openrgb)
(lib.mkIf hardware.viaKeyboard.enable via)
])
)
);
})
];
}

22
configurations/home-manager/leyla/packages/direnv.nix Normal file
View file

@ -0,0 +1,22 @@
{
lib,
config,
osConfig,
...
}: let
userConfig = osConfig.host.users.leyla;
in {
config = lib.mkIf userConfig.isDesktopUser {
programs = {
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
config = {
global.hide_env_diff = true;
whitelist.exact = ["${config.home.homeDirectory}/documents/code/nix-config"];
};
};
};
};
}

8
configurations/home-manager/leyla/firefox.nix → configurations/home-manager/leyla/packages/firefox.nix
View file

@ -2,14 +2,10 @@
lib, lib,
pkgs, pkgs,
inputs, inputs,
osConfig,
... ...
}: let }: {
is-desktop-user = osConfig.host.users.leyla.isDesktopUser; config = {
in {
config = lib.mkIf is-desktop-user {
programs.firefox = { programs.firefox = {
enable = true;
profiles.leyla = { profiles.leyla = {
settings = { settings = {
"browser.search.defaultenginename" = "Searx"; "browser.search.defaultenginename" = "Searx";

11
configurations/home-manager/leyla/packages/git.nix Normal file
View file

@ -0,0 +1,11 @@
{...}: {
config = {
programs = {
git = {
userName = "Leyla Becker";
userEmail = "git@jan-leila.com";
extraConfig.init.defaultBranch = "main";
};
};
};
}

17
configurations/home-manager/leyla/packages/makemkv.nix Normal file
View file

@ -0,0 +1,17 @@
{
config,
inputs,
...
}: {
config = {
sops.secrets = {
"application-keys/makemkv" = {
sopsFile = "${inputs.secrets}/application-keys.yaml";
};
};
programs.makemkv = {
appKeyFile = config.sops.placeholder."application-keys/makemkv";
destinationDir = "/home/leyla/downloads/makemkv";
};
};
}

23
configurations/home-manager/leyla/packages/openssh.nix Normal file
View file

@ -0,0 +1,23 @@
{
config,
osConfig,
...
}: {
config = {
programs = {
openssh = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight"
];
hostKeys = [
{
type = "ed25519";
path = "${config.home.username}_${osConfig.networking.hostName}_ed25519";
}
];
};
};
};
}

5
configurations/home-manager/leyla/vscode/default.nix → configurations/home-manager/leyla/packages/vscode/default.nix
View file

@ -8,9 +8,8 @@
}: let }: let
nix-development-enabled = osConfig.host.nix-development.enable; nix-development-enabled = osConfig.host.nix-development.enable;
ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable;
is-desktop-user = osConfig.host.users.leyla.isDesktopUser;
in { in {
config = lib.mkIf is-desktop-user { config = lib.mkIf config.user.isDesktopUser {
nixpkgs = { nixpkgs = {
overlays = [ overlays = [
inputs.nix-vscode-extensions.overlays.default inputs.nix-vscode-extensions.overlays.default
@ -27,8 +26,6 @@ in {
open-vsx = extensions.open-vsx; open-vsx = extensions.open-vsx;
vscode-marketplace = extensions.vscode-marketplace; vscode-marketplace = extensions.vscode-marketplace;
in { in {
enable = true;
package = pkgs.vscodium; package = pkgs.vscodium;
mutableExtensionsDir = false; mutableExtensionsDir = false;

0
configurations/home-manager/leyla/vscode/user-words.nix → configurations/home-manager/leyla/packages/vscode/user-words.nix
View file

20
configurations/nixos/defiant/configuration.nix
View file

@ -40,6 +40,8 @@
tokenFile = config.sops.secrets."services/zfs_smtp_token".path; tokenFile = config.sops.secrets."services/zfs_smtp_token".path;
}; };
pool = { pool = {
# We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA
bootDrives = ["nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"];
vdevs = [ vdevs = [
[ [
"ata-ST18000NE000-3G6101_ZVTCXVEB" "ata-ST18000NE000-3G6101_ZVTCXVEB"
@ -199,16 +201,14 @@
# temp enable desktop enviroment for setup # temp enable desktop enviroment for setup
# Enable the X11 windowing system. # Enable the X11 windowing system.
xserver = { xserver.enable = true;
enable = true;
# Enable the GNOME Desktop Environment. # Enable the GNOME Desktop Environment.
displayManager = { displayManager = {
gdm.enable = true; gdm.enable = true;
}; };
desktopManager = { desktopManager = {
gnome.enable = true; gnome.enable = true;
};
}; };
ollama = { ollama = {
@ -298,7 +298,7 @@
hibernate.enable = false; hibernate.enable = false;
hybrid-sleep.enable = false; hybrid-sleep.enable = false;
}; };
services.xserver.displayManager.gdm.autoSuspend = false; services.displayManager.gdm.autoSuspend = false;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions

20
configurations/nixos/emergent/configuration.nix
View file

@ -2,7 +2,6 @@
# your system. Help is available in the configuration.nix(5) man page, on # your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ {
config,
lib, lib,
pkgs, pkgs,
... ...
@ -39,8 +38,8 @@
services.xserver.enable = true; services.xserver.enable = true;
# Enable the GNOME Desktop Environment. # Enable the GNOME Desktop Environment.
services.xserver.displayManager.gdm.enable = true; services.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true; services.desktopManager.gnome.enable = true;
host = { host = {
users = { users = {
@ -50,6 +49,14 @@
isPrincipleUser = true; isPrincipleUser = true;
}; };
}; };
storage = {
enable = true;
pool = {
mode = "";
drives = ["wwn-0x5000039fd0cf05eb"];
};
};
}; };
# Configure keymap in X11 # Configure keymap in X11
@ -91,12 +98,7 @@
# Packages that need to be installed with some extra configuration # Packages that need to be installed with some extra configuration
# See https://search.nixos.org/options for all options # See https://search.nixos.org/options for all options
programs.steam = { programs = {};
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
# started in user sessions. # started in user sessions.

1
configurations/nixos/emergent/default.nix
View file

@ -3,6 +3,5 @@
imports = [ imports = [
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix
./disco-configuration.nix
]; ];
} }

57
configurations/nixos/emergent/disco-configuration.nix
View file

@ -1,57 +0,0 @@
{...}: {
disko.devices = {
disk = {
disk1 = {
type = "disk";
device = "/dev/disk/by-id/wwn-0x5000039fd0cf05eb";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["umask=0077"];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
mode = "";
options.cachefile = "none";
rootFsOptions = {
compression = "zstd";
"com.sun:auto-snapshot" = "true";
};
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank";
datasets = {
"system/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options = {
atime = "off";
relatime = "off";
canmount = "on";
};
};
};
};
};
};
}

60
configurations/nixos/horizon/configuration.nix
View file

@ -1,7 +1,8 @@
{ {
lib,
pkgs,
config, config,
inputs, inputs,
pkgs,
... ...
}: { }: {
imports = [ imports = [
@ -10,6 +11,19 @@
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
boot = {
initrd = {
availableKernelModules = ["usb_storage" "sd_mod"];
};
kernelModules = ["sg"];
# Bootloader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
host = { host = {
users = { users = {
leyla = { leyla = {
@ -32,6 +46,28 @@
roles = ["chat" "edit" "apply"]; roles = ["chat" "edit" "apply"];
apiBase = "http://twilight:11434"; apiBase = "http://twilight:11434";
}; };
"Deepseek Coder:6.7B" = {
model = "deepseek-coder:6.7b";
roles = ["chat" "edit" "apply"];
apiBase = "http://twilight:11434";
};
"Deepseek Coder:33B" = {
model = "deepseek-coder:33b";
roles = ["chat" "edit" "apply"];
apiBase = "http://twilight:11434";
};
"Deepseek r1:8B" = {
model = "deepseek-r1:8b";
roles = ["chat"];
apiBase = "http://twilight:11434";
};
"Deepseek r1:32B" = {
model = "deepseek-r1:32b";
roles = ["chat"];
apiBase = "http://twilight:11434";
};
"qwen2.5-coder:1.5b-base" = { "qwen2.5-coder:1.5b-base" = {
model = "qwen2.5-coder:1.5b-base"; model = "qwen2.5-coder:1.5b-base";
@ -49,17 +85,23 @@
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
cachefilesd
webtoon-dl webtoon-dl
prostudiomasters
]; ];
services.cachefilesd.enable = true;
programs = { programs = {
adb.enable = true; adb.enable = true;
steam = { };
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play networking = {
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server networkmanager.enable = true;
}; hostName = "horizon"; # Define your hostname.
};
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware = {
graphics.enable = true;
}; };
sops.secrets = { sops.secrets = {
@ -73,6 +115,10 @@
fprintd = { fprintd = {
enable = true; enable = true;
}; };
# firmware update tool
fwupd = {
enable = true;
};
tailscale = { tailscale = {
enable = true; enable = true;
authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path; authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path;

115
configurations/nixos/horizon/hardware-configuration.nix
View file

@ -4,7 +4,6 @@
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: { }: {
@ -12,22 +11,10 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot = { boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"];
initrd = { boot.initrd.kernelModules = [];
availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; boot.kernelModules = ["kvm-intel"];
kernelModules = []; boot.extraModulePackages = [];
};
kernelModules = ["kvm-intel" "sg"];
extraModulePackages = [];
# Bootloader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
supportedFilesystems = ["nfs"];
};
fileSystems = { fileSystems = {
"/" = { "/" = {
@ -39,98 +26,20 @@
device = "/dev/disk/by-uuid/E138-65B5"; device = "/dev/disk/by-uuid/E138-65B5";
fsType = "vfat"; fsType = "vfat";
}; };
"/mnt/leyla_documents" = {
device = "defiant:/export/leyla_documents";
fsType = "nfs";
options = [
"vers=4"
"x-systemd.automount"
"noauto"
"user"
"noatime"
"nofail"
"x-systemd.idle-timeout=600"
"fsc"
"timeo=600"
"retrans=2"
];
};
"/mnt/eve_documents" = {
device = "defiant:/export/eve_documents";
fsType = "nfs";
options = [
"vers=4"
"x-systemd.automount"
"noauto"
"user"
"nofail"
"x-systemd.idle-timeout=600"
"fsc"
"timeo=600"
"retrans=2"
];
};
"/mnt/users_documents" = {
device = "defiant:/export/users_documents";
fsType = "nfs";
options = [
"vers=4"
"x-systemd.automount"
"noauto"
"user"
"nofail"
"x-systemd.idle-timeout=600"
"fsc"
"timeo=600"
"retrans=2"
];
};
"/mnt/media" = {
device = "defiant:/export/media";
fsType = "nfs";
options = [
"vers=4"
"x-systemd.automount"
"noauto"
"user"
"noatime"
"nofail"
"x-systemd.idle-timeout=600"
"noatime"
"nodiratime"
"relatime"
"fsc"
"timeo=600"
"retrans=2"
];
};
}; };
environment.systemPackages = with pkgs; [
cachefilesd
];
services.cachefilesd.enable = true;
swapDevices = [ swapDevices = [
{device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff";} {device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff";}
]; ];
networking = { # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
networkmanager.enable = true; # (the default) this is the recommended approach. When using systemd-networkd it's
useDHCP = lib.mkDefault true; # still possible to use this option, but it's recommended to use it in conjunction
hostName = "horizon"; # Define your hostname. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
}; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware = {
graphics.enable = true;
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
} }

74
configurations/nixos/twilight/configuration.nix
View file

@ -1,6 +1,7 @@
{ {
inputs, inputs,
config, config,
pkgs,
... ...
}: { }: {
imports = [ imports = [
@ -9,6 +10,14 @@
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
boot.initrd.availableKernelModules = ["usb_storage"];
boot.kernelModules = ["sg"];
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
sops.secrets = { sops.secrets = {
"vpn-keys/tailscale-authkey/twilight" = { "vpn-keys/tailscale-authkey/twilight" = {
sopsFile = "${inputs.secrets}/vpn-keys.yaml"; sopsFile = "${inputs.secrets}/vpn-keys.yaml";
@ -121,13 +130,70 @@
syncthing.enable = true; syncthing.enable = true;
}; };
programs.steam = {
enable = true; boot.supportedFilesystems = ["nfs"];
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server fileSystems = {
"/mnt/leyla_documents" = {
device = "defiant:/exports/leyla_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"user"
"noatime"
"nofail"
"soft"
"x-systemd.idle-timeout=600"
"fsc"
];
};
"/mnt/users_documents" = {
device = "defiant:/exports/users_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"user"
"nofail"
"soft"
"x-systemd.idle-timeout=600"
"fsc"
];
};
"/mnt/media" = {
device = "defiant:/exports/media";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"user"
"noatime"
"nofail"
"soft"
"x-systemd.idle-timeout=600"
"noatime"
"nodiratime"
"relatime"
"rsize=32768"
"wsize=32768"
"fsc"
];
};
}; };
environment.systemPackages = with pkgs; [
cachefilesd
];
hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index
networking = {
networkmanager.enable = true;
hostName = "twilight"; # Define your hostname.
};
# enabled virtualisation for docker # enabled virtualisation for docker
# virtualisation.docker.enable = true; # virtualisation.docker.enable = true;

1
configurations/nixos/twilight/default.nix
View file

@ -3,5 +3,6 @@
imports = [ imports = [
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix
./nvidia-drivers.nix
]; ];
} }

136
configurations/nixos/twilight/hardware-configuration.nix
View file

@ -4,7 +4,6 @@
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: { }: {
@ -12,30 +11,10 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot = { boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"];
initrd = { boot.initrd.kernelModules = [];
availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; boot.kernelModules = ["kvm-amd"];
kernelModules = []; boot.extraModulePackages = [];
};
kernelModules = ["kvm-amd" "sg"];
extraModulePackages = [];
# Bootloader.
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
supportedFilesystems = ["nfs"];
};
services.xserver = {
# Load nvidia driver for Xorg and Wayland
videoDrivers = ["nvidia"];
# Use X instead of wayland for gaming reasons
displayManager.gdm.wayland = false;
};
fileSystems = { fileSystems = {
"/" = { "/" = {
@ -48,111 +27,16 @@
fsType = "vfat"; fsType = "vfat";
options = ["fmask=0022" "dmask=0022"]; options = ["fmask=0022" "dmask=0022"];
}; };
"/mnt/leyla_documents" = {
device = "defiant:/exports/leyla_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"user"
"noatime"
"nofail"
"soft"
"x-systemd.idle-timeout=600"
"fsc"
];
};
"/mnt/users_documents" = {
device = "defiant:/exports/users_documents";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"user"
"nofail"
"soft"
"x-systemd.idle-timeout=600"
"fsc"
];
};
"/mnt/media" = {
device = "defiant:/exports/media";
fsType = "nfs";
options = [
"x-systemd.automount"
"noauto"
"user"
"noatime"
"nofail"
"soft"
"x-systemd.idle-timeout=600"
"noatime"
"nodiratime"
"relatime"
"rsize=32768"
"wsize=32768"
"fsc"
];
};
}; };
environment.systemPackages = with pkgs; [
cachefilesd
];
swapDevices = []; swapDevices = [];
networking = { # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
networkmanager.enable = true; # (the default) this is the recommended approach. When using systemd-networkd it's
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # still possible to use this option, but it's recommended to use it in conjunction
# (the default) this is the recommended approach. When using systemd-networkd it's # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# still possible to use this option, but it's recommended to use it in conjunction networking.useDHCP = lib.mkDefault true;
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
useDHCP = lib.mkDefault true;
hostName = "twilight"; # Define your hostname.
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware = {
# Enable OpenGL
graphics.enable = true;
# install graphics drivers
nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.production;
};
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
} }

47
configurations/nixos/twilight/nvidia-drivers.nix Normal file
View file

@ -0,0 +1,47 @@
{config, ...}: {
services = {
xserver = {
# Load nvidia driver for Xorg and Wayland
videoDrivers = ["nvidia"];
};
# Use X instead of wayland for gaming reasons
displayManager.gdm.wayland = false;
};
hardware = {
# Enable OpenGL
graphics.enable = true;
# install graphics drivers
nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = true;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.production;
};
};
}

136
flake.lock generated
View file

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748225455, "lastModified": 1748832438,
"narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", "narHash": "sha256-/CtyLVfNaFP7PrOPrTEuGOJBIhcBKVQ91KiEbtXJi0A=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", "rev": "58d6e5a83fff9982d57e0a0a994d4e5c0af441e4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -28,11 +28,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1748405006, "lastModified": 1749009805,
"narHash": "sha256-pmt0SFjACJJAI8g8QU5arg2c9BXNZG9/okVwRSDJkG8=", "narHash": "sha256-eRv4m89aPJvIAX9mZQcJM+l3sYG+OJvcLsiHvAvXalg=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "f9801a86d6603260940890c36650275090d1dceb", "rev": "622c38d004cdded682d9a5ab7323181dc6efb0c1",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -75,6 +75,39 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -82,11 +115,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748455938, "lastModified": 1749049052,
"narHash": "sha256-mQ/iNzPra2WtDQ+x2r5IadcWNr0m3uHvLMzJkXKAG/8=", "narHash": "sha256-wIt8ZBc8diKg1H5ibi3Bw9HUcPR2w3xy4ddcuzjgLb0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "02077149e2921014511dac2729ae6dadb4ec50e2", "rev": "ffab96a8b4a523c4b5e2645ee09e95a75cbdbfab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -110,6 +143,41 @@
"type": "github" "type": "github"
} }
}, },
"lix": {
"flake": false,
"locked": {
"lastModified": 1746827285,
"narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=",
"rev": "47aad376c87e2e65967f17099277428e4b3f8e5a",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746838955,
"narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=",
"rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"
}
},
"nix-darwin": { "nix-darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -117,11 +185,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748352827, "lastModified": 1749012745,
"narHash": "sha256-sNUUP6qxGkK9hXgJ+p362dtWLgnIWwOCmiq72LAWtYo=", "narHash": "sha256-Cax/k9ZRPKqTz18vZtmqGR45pHRXM+sDvEVd4V/3NrU=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "44a7d0e687a87b73facfe94fba78d323a6686a90", "rev": "fa6120c32f10bd2aac9e8c9a6e71528a9d9d823b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -153,17 +221,17 @@
}, },
"nix-vscode-extensions": { "nix-vscode-extensions": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1748397853, "lastModified": 1749002682,
"narHash": "sha256-tudGoP5caIJ5TzkV6wnsmUk7Spx21oWMKpkmPbjRNZc=", "narHash": "sha256-v9K6RyPF/+4r/YJhjEH8y07VWE6Vj7Vl88E/K5m/uJ0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5", "rev": "46eb9c16d8ccfedf8bc648be03f9b2993fe3c994",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -174,11 +242,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1747900541, "lastModified": 1749056381,
"narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", "rev": "029bd66faa180e11262dd1bc2732254c33415f52",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -190,11 +258,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1748370509, "lastModified": 1748929857,
"narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4faa5f5321320e49a78ae7848582f684d64783e9", "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -211,6 +279,7 @@
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"lix-module": "lix-module",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
"nix-syncthing": "nix-syncthing", "nix-syncthing": "nix-syncthing",
"nix-vscode-extensions": "nix-vscode-extensions", "nix-vscode-extensions": "nix-vscode-extensions",
@ -223,11 +292,11 @@
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1743538790, "lastModified": 1749061163,
"narHash": "sha256-QXmvyxfAhpifxAWcYTvuGfzv9I+9gHw0bq4WYtGEB9A=", "narHash": "sha256-WflcbitH7ErNZBFqZCdy1ODUqKF51xbu2zYfqA35+1M=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "3d63dff77f8eda1667e3586169642cf256c4aa34", "rev": "1c5c059c0c7b6ce691993262fe10a2b63e1c31ba",
"revCount": 17, "revCount": 19,
"type": "git", "type": "git",
"url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git"
}, },
@ -270,6 +339,21 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

12
flake.nix
View file

@ -5,10 +5,10 @@
# base packages # base packages
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# lix-module = { lix-module = {
# url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz";
# inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
# }; };
# secret encryption # secret encryption
sops-nix = { sops-nix = {
@ -131,11 +131,11 @@
systemsHomes systemsHomes
// homeSystems; // homeSystems;
in { in {
formatter = forEachPkgs (pkgs: pkgs.alejandra); formatter = forEachPkgs (system: pkgs: pkgs.alejandra);
# templates = import ./templates; # templates = import ./templates;
devShells = forEachPkgs (pkgs: { devShells = forEachPkgs (system: pkgs: {
default = pkgs.mkShell { default = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
# for version controlling this repo # for version controlling this repo

19
modules/common-modules/pkgs/default.nix
View file

@ -1,4 +1,17 @@
# this folder is for custom derivations {pkgs, ...}: {
{...}: { nixpkgs.overlays = [
# package = pkgs.callPackage ./package.nix {}; (final: prev: {
webtoon-dl =
pkgs.callPackage
./webtoon-dl.nix
{};
})
# TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that?
(final: prev: {
prostudiomasters =
pkgs.callPackage
./prostudiomasters.nix
{};
})
];
} }

0
modules/nixos-modules/packages/prostudiomasters.nix → modules/common-modules/pkgs/prostudiomasters.nix
View file

0
modules/nixos-modules/packages/webtoon-dl.nix → modules/common-modules/pkgs/webtoon-dl.nix
View file

60
modules/home-manager-modules/continue.nix
View file

@ -7,40 +7,38 @@
}: let }: let
ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable;
in { in {
options = { options.user.continue = {
user.continue = { enable = lib.mkEnableOption "should continue be enabled on this machine";
enable = lib.mkEnableOption "should continue be enabled on this machine"; docs = lib.mkOption {
docs = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = {
options = { name = lib.mkOption {
name = lib.mkOption { type = lib.types.str;
type = lib.types.str; default = name;
default = name;
};
startUrl = lib.mkOption {
type = lib.types.str;
};
}; };
})); startUrl = lib.mkOption {
}; type = lib.types.str;
context = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
options = {
provider = lib.mkOption {
type = lib.types.str;
default = name;
};
}; };
}));
default = {
"code" = {};
"docs" = {};
"diff" = {};
"terminal" = {};
"problems" = {};
"folder" = {};
"codebase" = {};
}; };
}));
};
context = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule ({name, ...}: {
options = {
provider = lib.mkOption {
type = lib.types.str;
default = name;
};
};
}));
default = {
"code" = {};
"docs" = {};
"diff" = {};
"terminal" = {};
"problems" = {};
"folder" = {};
"codebase" = {};
}; };
}; };
}; };

3
modules/home-manager-modules/default.nix
View file

@ -1,9 +1,12 @@
# this folder container modules that are for home manager only # this folder container modules that are for home manager only
{...}: { {...}: {
imports = [ imports = [
./sops.nix
./user.nix
./flipperzero.nix ./flipperzero.nix
./i18n.nix ./i18n.nix
./openssh.nix ./openssh.nix
./continue.nix ./continue.nix
./programs
]; ];
} }

117
modules/home-manager-modules/openssh.nix
View file

@ -6,6 +6,7 @@
... ...
}: { }: {
options.programs.openssh = { options.programs.openssh = {
enable = lib.mkEnableOption "should we enable openssh";
authorizedKeys = lib.mkOption { authorizedKeys = lib.mkOption {
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
default = []; default = [];
@ -37,63 +38,65 @@
}; };
}; };
config = lib.mkMerge [ config = lib.mkIf config.programs.openssh.enable (
( lib.mkMerge [
lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { (
services.ssh-agent.enable = true; lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) {
programs.ssh = { services.ssh-agent.enable = true;
enable = true; programs.ssh = {
compression = true; enable = true;
addKeysToAgent = "confirm"; compression = true;
extraConfig = lib.strings.concatLines ( addKeysToAgent = "confirm";
builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys extraConfig = lib.strings.concatLines (
builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys
);
};
systemd.user.services = builtins.listToAttrs (
builtins.map (hostKey:
lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" {
Install = {
WantedBy = ["default.target"];
};
Service = let
path = "${config.home.homeDirectory}/.ssh/${hostKey.path}";
in {
Restart = "always";
Type = "simple";
ExecStart = "${
pkgs.writeShellScript "ssh-gen-keys" ''
if ! [ -s "${path}" ]; then
if ! [ -h "${path}" ]; then
rm -f "${path}"
fi
mkdir -p "$(dirname '${path}')"
chmod 0755 "$(dirname '${path}')"
${pkgs.openssh}/bin/ssh-keygen \
-t "${hostKey.type}" \
${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \
${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \
${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \
${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \
-f "${path}" \
-N ""
chown ${config.home.username} ${path}*
chgrp ${config.home.username} ${path}*
fi
''
}";
};
})
config.programs.openssh.hostKeys
);
}
)
(lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
files = lib.lists.flatten (
builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys
); );
}; };
})
systemd.user.services = builtins.listToAttrs ( ]
builtins.map (hostKey: );
lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" {
Install = {
WantedBy = ["default.target"];
};
Service = let
path = "${config.home.homeDirectory}/.ssh/${hostKey.path}";
in {
Restart = "always";
Type = "simple";
ExecStart = "${
pkgs.writeShellScript "ssh-gen-keys" ''
if ! [ -s "${path}" ]; then
if ! [ -h "${path}" ]; then
rm -f "${path}"
fi
mkdir -p "$(dirname '${path}')"
chmod 0755 "$(dirname '${path}')"
${pkgs.openssh}/bin/ssh-keygen \
-t "${hostKey.type}" \
${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \
${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \
${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \
${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \
-f "${path}" \
-N ""
chown ${config.home.username} ${path}*
chgrp ${config.home.username} ${path}*
fi
''
}";
};
})
config.programs.openssh.hostKeys
);
}
)
(lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
files = lib.lists.flatten (
builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys
);
};
})
];
} }

29
modules/home-manager-modules/programs/anki.nix Normal file
View file

@ -0,0 +1,29 @@
{
lib,
pkgs,
config,
osConfig,
...
}: {
options.programs.anki = {
enable = lib.mkEnableOption "enable anki";
};
config = lib.mkIf config.programs.anki.enable (lib.mkMerge [
{
home.packages = with pkgs; [
anki
];
}
(
lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
directories = [
"${config.xdg.dataHome}/Anki2/"
];
allowOther = true;
};
}
)
]);
}

29
modules/home-manager-modules/programs/bitwarden.nix Normal file
View file

@ -0,0 +1,29 @@
{
lib,
pkgs,
config,
osConfig,
...
}: {
options.programs.bitwarden = {
enable = lib.mkEnableOption "enable bitwarden";
};
config = lib.mkIf config.programs.bitwarden.enable (lib.mkMerge [
{
home.packages = with pkgs; [
bitwarden
];
}
(
lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
directories = [
"${config.xdg.configHome}/Bitwarden"
];
allowOther = true;
};
}
)
]);
}

29
modules/home-manager-modules/programs/bruno.nix Normal file
View file

@ -0,0 +1,29 @@
{
lib,
pkgs,
config,
osConfig,
...
}: {
options.programs.bruno = {
enable = lib.mkEnableOption "enable bruno";
};
config = lib.mkIf config.programs.bruno.enable (lib.mkMerge [
{
home.packages = with pkgs; [
bruno
];
}
(
lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
directories = [
"${config.xdg.configHome}/bruno/"
];
allowOther = true;
};
}
)
]);
}

29
modules/home-manager-modules/programs/calibre.nix Normal file
View file

@ -0,0 +1,29 @@
{
lib,
pkgs,
config,
osConfig,
...
}: {
options.programs.calibre = {
enable = lib.mkEnableOption "enable calibre";
};
config = lib.mkIf config.programs.calibre.enable (lib.mkMerge [
{
home.packages = with pkgs; [
calibre
];
}
(
lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
directories = [
"${config.xdg.configHome}/calibre"
];
allowOther = true;
};
}
)
]);
}

29
modules/home-manager-modules/programs/dbeaver.nix Normal file
View file

@ -0,0 +1,29 @@
{
lib,
pkgs,
config,
osConfig,
...
}: {
options.programs.dbeaver-bin = {
enable = lib.mkEnableOption "enable dbeaver";
};
config = lib.mkIf config.programs.dbeaver-bin.enable (lib.mkMerge [
{
home.packages = with pkgs; [
dbeaver-bin
];
}
(
lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
directories = [
"${config.xdg.dataHome}/DBeaverData/"
];
allowOther = true;
};
}
)
]);
}

20
modules/home-manager-modules/programs/default.nix Normal file
View file

@ -0,0 +1,20 @@
{...}: {
imports = [
./firefox.nix
./signal.nix
./bitwarden.nix
./makemkv.nix
./obs.nix
./anki.nix
./qbittorrent.nix
./discord.nix
./obsidian.nix
./prostudiomasters.nix
./idea.nix
./protonvpn.nix
./calibre.nix
./bruno.nix
./dbeaver.nix
./steam.nix
];
}

29
modules/home-manager-modules/programs/discord.nix Normal file
View file

@ -0,0 +1,29 @@
{
lib,
pkgs,
config,
osConfig,
...
}: {
options.programs.discord = {
enable = lib.mkEnableOption "enable discord";
};
config = lib.mkIf config.programs.discord.enable (lib.mkMerge [
{
home.packages = with pkgs; [
discord
];
}
(
lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
directories = [
"${config.xdg.configHome}/discord/"
];
allowOther = true;
};
}
)
]);
}

43
modules/home-manager-modules/programs/firefox.nix Normal file
View file

@ -0,0 +1,43 @@
{
lib,
config,
osConfig,
...
}: let
buildProfilePersistence = profile: {
directories = [
".mozilla/firefox/${profile}/extensions"
];
files = [
".mozilla/firefox/${profile}/cookies.sqlite"
".mozilla/firefox/${profile}/favicons.sqlite"
# Permissions and ${profileName} levels for each site
".mozilla/firefox/${profile}/permissions.sqlite"
".mozilla/firefox/${profile}/content-prefs.sqlite"
# Browser history and bookmarks
".mozilla/firefox/${profile}/places.sqlite"
# I guess this is useful?
# https://bugzilla.mozilla.org/show_bug.cgi?id=1511384
# https://developer.mozilla.org/en-US/docs/Web/API/Storage_API/Storage_quotas_and_eviction_criteria
".mozilla/firefox/${profile}/storage.sqlite"
# Extension configuration
".mozilla/firefox/${profile}/extension-settings.json"
];
allowOther = true;
};
in {
config = lib.mkIf (config.programs.firefox.enable && osConfig.host.impermanence.enable) {
home.persistence."/persist${config.home.homeDirectory}" = lib.mkMerge (
(
lib.attrsets.mapAttrsToList
(profile: _: buildProfilePersistence profile)
config.programs.firefox.profiles
)
++ (
lib.lists.optional
((builtins.length (lib.attrsets.mapAttrsToList (key: value: value) config.programs.firefox.profiles)) == 0)
(buildProfilePersistence "default")
)
);
};
}

33
modules/home-manager-modules/programs/idea.nix Normal file
View file

@ -0,0 +1,33 @@
{
lib,
pkgs,
config,
osConfig,
...
}: {
options.programs.jetbrains.idea-community = {
enable = lib.mkEnableOption "enable idea-community";
};
config = lib.mkIf config.programs.jetbrains.idea-community.enable (lib.mkMerge [
{
home.packages = with pkgs; [
jetbrains.idea-community
];
}
(
lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
directories = [
# configuration
"${config.xdg.configHome}/JetBrains/"
# plugins
"${config.xdg.dataHome}/JetBrains/"
# System and Logs
"${config.xdg.cacheHome}/JetBrains/"
];
};
}
)
]);
}

42
modules/home-manager-modules/programs/makemkv.nix Normal file
View file

@ -0,0 +1,42 @@
{
lib,
pkgs,
config,
osConfig,
...
}: {
options.programs.makemkv = {
enable = lib.mkEnableOption "enable makemkv";
appKeyFile = lib.mkOption {
type = lib.types.str;
};
destinationDir = lib.mkOption {
type = lib.types.str;
};
};
config = lib.mkIf config.programs.makemkv.enable (lib.mkMerge [
{
home.packages = with pkgs; [
makemkv
];
sops.templates."MakeMKV.settings.conf".content = ''
app_DestinationDir = "${config.programs.makemkv.destinationDir}"
app_DestinationType = "2"
app_Key = "${config.programs.makemkv.appKeyFile}"
'';
home.file.".MakeMKV/settings.conf".source = config.lib.file.mkOutOfStoreSymlink config.sops.templates."MakeMKV.settings.conf".path;
}
(
lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
directories = [
".MakeMKV"
];
};
}
)
]);
}

14
modules/home-manager-modules/programs/obs.nix Normal file
View file

@ -0,0 +1,14 @@
{
lib,
config,
osConfig,
...
}: {
config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [
(
lib.mkIf osConfig.host.impermanence.enable {
# TODO: map impermanence for obs
}
)
]);
}

18
modules/home-manager-modules/programs/obsidian.nix Normal file
View file

@ -0,0 +1,18 @@
{
lib,
config,
osConfig,
...
}: {
config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [
(
lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
directories = [
"${config.xdg.configHome}/obsidian"
];
};
}
)
]);
}

28
modules/home-manager-modules/programs/prostudiomasters.nix Normal file
View file

@ -0,0 +1,28 @@
{
lib,
pkgs,
config,
osConfig,
...
}: {
options.programs.prostudiomasters = {
enable = lib.mkEnableOption "enable prostudiomasters";
};
config = lib.mkIf config.programs.prostudiomasters.enable (lib.mkMerge [
{
home.packages = with pkgs; [
prostudiomasters
];
}
(
lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
directories = [
"${config.xdg.configHome}/ProStudioMasters"
];
};
}
)
]);
}

29
modules/home-manager-modules/programs/protonvpn.nix Normal file
View file

@ -0,0 +1,29 @@
{
lib,
pkgs,
config,
osConfig,
...
}: {
options.programs.protonvpn-gui = {
enable = lib.mkEnableOption "enable protonvpn";
};
config = lib.mkIf config.programs.protonvpn-gui.enable (lib.mkMerge [
{
home.packages = with pkgs; [
protonvpn-gui
];
}
(
lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
directories = [
"${config.xdg.configHome}/protonvpn"
"${config.xdg.configHome}/Proton"
];
};
}
)
]);
}

28
modules/home-manager-modules/programs/qbittorrent.nix Normal file
View file

@ -0,0 +1,28 @@
{
lib,
pkgs,
config,
osConfig,
...
}: {
options.programs.qbittorrent = {
enable = lib.mkEnableOption "enable qbittorrent";
};
config = lib.mkIf config.programs.qbittorrent.enable (lib.mkMerge [
{
home.packages = with pkgs; [
qbittorrent
];
}
(
lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
directories = [
"${config.xdg.configHome}/qBittorrent"
];
};
}
)
]);
}

28
modules/home-manager-modules/programs/signal.nix Normal file
View file

@ -0,0 +1,28 @@
{
lib,
pkgs,
config,
osConfig,
...
}: {
options.programs.signal-desktop-bin = {
enable = lib.mkEnableOption "enable signal";
};
config = lib.mkIf config.programs.signal-desktop-bin.enable (lib.mkMerge [
{
home.packages = with pkgs; [
signal-desktop-bin
];
}
(
lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
directories = [
"${config.xdg.configHome}/Signal"
];
};
}
)
]);
}

37
modules/home-manager-modules/programs/steam.nix Normal file
View file

@ -0,0 +1,37 @@
{
lib,
pkgs,
config,
osConfig,
...
}: {
options.programs.steam = {
enable = lib.mkEnableOption "enable steam";
};
config = lib.mkIf config.programs.steam.enable (
lib.mkMerge [
{
home.packages = with pkgs; [
steam
steam.run
];
}
(
lib.mkIf osConfig.host.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = {
directories = [
{
directory = "${config.xdg.dataHome}/Steam";
method = "symlink";
}
];
allowOther = true;
};
}
)
]
);
# TODO: bind impermanence config
}

7
modules/home-manager-modules/sops.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
config = {
sops = {
age.keyFile = "/var/lib/sops-nix/key.txt";
};
};
}

17
modules/home-manager-modules/user.nix Normal file
View file

@ -0,0 +1,17 @@
{
lib,
config,
osConfig,
...
}: {
options.user = {
isDesktopUser = lib.mkOption {
type = lib.types.bool;
default = osConfig.host.users.${config.home.username}.isDesktopUser;
};
isTerminalUser = lib.mkOption {
type = lib.types.bool;
default = osConfig.host.users.${config.home.username}.isTerminalUser;
};
};
}

2
modules/nixos-modules/default.nix
View file

@ -14,8 +14,8 @@
./ollama.nix ./ollama.nix
./ai.nix ./ai.nix
./tailscale.nix ./tailscale.nix
./steam.nix
./server ./server
./packages
]; ];
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [

10
modules/nixos-modules/desktop.nix
View file

@ -19,12 +19,6 @@
# Enable the X11 windowing system. # Enable the X11 windowing system.
enable = true; enable = true;
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true;
desktopManager = {
gnome.enable = true;
};
# Get rid of xTerm # Get rid of xTerm
desktopManager.xterm.enable = false; desktopManager.xterm.enable = false;
excludePackages = with pkgs; [ excludePackages = with pkgs; [
@ -47,6 +41,10 @@
]; ];
}; };
# Enable the GNOME Desktop Environment.
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
pipewire = { pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;

147
modules/nixos-modules/disko.nix
View file

@ -20,6 +20,8 @@
disk: lib.attrsets.nameValuePair (hashDisk disk) disk disk: lib.attrsets.nameValuePair (hashDisk disk) disk
) )
config.host.storage.pool.cache; config.host.storage.pool.cache;
datasets = config.host.storage.pool.datasets // config.host.storage.pool.extraDatasets;
in { in {
options.host.storage = { options.host.storage = {
enable = lib.mkEnableOption "are we going create zfs disks with disko on this device"; enable = lib.mkEnableOption "are we going create zfs disks with disko on this device";
@ -48,21 +50,68 @@ in {
}; };
}; };
pool = { pool = {
vdevs = lib.mkOption { mode = lib.mkOption {
type = lib.types.listOf (lib.types.listOf lib.types.str); type = lib.types.str;
description = "list of disks that are going to be in"; default = "raidz2";
default = [config.host.storage.pool.drives]; description = "what level of redundancy should this pool have";
}; };
# list of drives in pool that will have a boot partition put onto them
bootDrives = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "list of disks that are going to have a boot partition installed on them";
default = lib.lists.flatten config.host.storage.pool.vdevs;
};
# shorthand for vdevs if you only have 1 vdev
drives = lib.mkOption { drives = lib.mkOption {
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
description = "list of drives that are going to be in the vdev"; description = "list of drives that are going to be in the vdev";
default = []; default = [];
}; };
# list of all drives in each vdev
vdevs = lib.mkOption {
type = lib.types.listOf (lib.types.listOf lib.types.str);
description = "list of disks that are going to be in";
default = [config.host.storage.pool.drives];
};
# list of cache drives for pool
cache = lib.mkOption { cache = lib.mkOption {
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
description = "list of drives that are going to be used as cache"; description = "list of drives that are going to be used as cache";
default = []; default = [];
}; };
# Default datasets that are needed to make a functioning system
datasets = lib.mkOption {
type = lib.types.attrsOf (inputs.disko.lib.subType {
types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;};
});
default = {
"local" = {
type = "zfs_fs";
options.canmount = "off";
};
# nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up
"local/system/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options = {
atime = "off";
relatime = "off";
canmount = "on";
};
};
# dataset for root that gets rolled back on every boot
"local/system/root" = {
type = "zfs_fs";
mountpoint = "/";
options = {
canmount = "on";
};
postCreateHook = ''
zfs snapshot rpool/local/system/root@blank
'';
};
};
};
extraDatasets = lib.mkOption { extraDatasets = lib.mkOption {
type = lib.types.attrsOf (inputs.disko.lib.subType { type = lib.types.attrsOf (inputs.disko.lib.subType {
types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;};
@ -121,59 +170,37 @@ in {
disko.devices = { disko.devices = {
disk = ( disk = (
builtins.listToAttrs ( builtins.listToAttrs (
builtins.map
(drive:
lib.attrsets.nameValuePair (drive.name) {
type = "disk";
device = "/dev/disk/by-id/${drive.value}";
content = {
type = "gpt";
partitions = {
ESP = lib.mkIf (builtins.elem drive.value config.host.storage.pool.bootDrives) {
# The 2GB here for the boot partition might be a bit overkill we probably only need like 1/4th of that but storage is cheap
size = "2G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["umask=0077"];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "rpool";
};
};
};
};
})
( (
builtins.map (lib.lists.flatten vdevs) ++ cache
(drive:
lib.attrsets.nameValuePair (drive.name) {
type = "disk";
device = "/dev/disk/by-id/${drive.value}";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "rpool";
};
};
};
};
})
(lib.lists.flatten vdevs)
)
++ (
builtins.map
(drive:
lib.attrsets.nameValuePair (drive.name) {
type = "disk";
device = "/dev/disk/by-id/${drive.value}";
content = {
type = "gpt";
partitions = {
# We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA
ESP = {
# 2G here because its not much relative to how much storage we have for caching
size = "2G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["umask=0077"];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "rpool";
};
};
};
};
})
cache
) )
) )
); );
@ -185,7 +212,7 @@ in {
type = "topology"; type = "topology";
vdev = ( vdev = (
builtins.map (disks: { builtins.map (disks: {
mode = "raidz2"; mode = config.host.storage.pool.mode;
members = members =
builtins.map (disk: disk.name) disks; builtins.map (disk: disk.name) disks;
}) })
@ -222,13 +249,15 @@ in {
); );
datasets = lib.mkMerge [ datasets = lib.mkMerge [
(lib.attrsets.mapAttrs (name: value: { (
lib.attrsets.mapAttrs (name: value: {
type = value.type; type = value.type;
options = value.options; options = value.options;
mountpoint = value.mountpoint; mountpoint = value.mountpoint;
postCreateHook = value.postCreateHook; postCreateHook = value.postCreateHook;
}) })
config.host.storage.pool.extraDatasets) datasets
)
]; ];
}; };
}; };

1
modules/nixos-modules/home-manager/default.nix
View file

@ -4,5 +4,6 @@
./flipperzero.nix ./flipperzero.nix
./i18n.nix ./i18n.nix
./openssh.nix ./openssh.nix
./steam.nix
]; ];
} }

18
modules/nixos-modules/home-manager/steam.nix Normal file
View file

@ -0,0 +1,18 @@
{
lib,
config,
...
}: let
setupSteam =
lib.lists.any
(value: value)
(lib.attrsets.mapAttrsToList (name: value: value.programs.steam.enable) config.home-manager.users);
in {
config = lib.mkIf setupSteam {
programs.steam = {
enable = true;
# TODO: figure out how to not install steam here
# package = lib.mkDefault pkgs.emptyFile;
};
};
}

27
modules/nixos-modules/impermanence.nix
View file

@ -38,33 +38,6 @@
}; };
host.storage.pool.extraDatasets = { host.storage.pool.extraDatasets = {
# local datasets are for data that should be considered ephemeral
"local" = {
type = "zfs_fs";
options.canmount = "off";
};
# nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up
"local/system/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options = {
atime = "off";
relatime = "off";
canmount = "on";
};
};
# dataset for root that gets rolled back on every boot
"local/system/root" = {
type = "zfs_fs";
mountpoint = "/";
options = {
canmount = "on";
};
postCreateHook = ''
zfs snapshot rpool/local/system/root@blank
'';
};
# persist datasets are datasets that contain information that we would like to keep around # persist datasets are datasets that contain information that we would like to keep around
"persist" = { "persist" = {
type = "zfs_fs"; type = "zfs_fs";

17
modules/nixos-modules/packages/default.nix
View file

@ -1,17 +0,0 @@
{pkgs, ...}: {
nixpkgs.overlays = [
(final: prev: {
webtoon-dl =
pkgs.callPackage
./webtoon-dl.nix
{};
})
# TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that?
(final: prev: {
prostudiomasters =
pkgs.callPackage
./prostudiomasters.nix
{};
})
];
}

9
modules/nixos-modules/steam.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
programs = {
steam = {
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
};
}

1
modules/nixos-modules/system.nix
View file

@ -1,6 +1,5 @@
{...}: { {...}: {
nix = { nix = {
settings.download-buffer-size = 524288000;
gc = { gc = {
automatic = true; automatic = true;
dates = "weekly"; dates = "weekly";

2
nix-config-secrets

@ -1 +1 @@
Subproject commit 3d63dff77f8eda1667e3586169642cf256c4aa34 Subproject commit 1c5c059c0c7b6ce691993262fe10a2b63e1c31ba

6
util/default.nix
View file

@ -10,7 +10,7 @@
nix-syncthing = inputs.nix-syncthing; nix-syncthing = inputs.nix-syncthing;
disko = inputs.disko; disko = inputs.disko;
impermanence = inputs.impermanence; impermanence = inputs.impermanence;
# lix-module = inputs.lix-module; lix-module = inputs.lix-module;
systems = [ systems = [
"aarch64-darwin" "aarch64-darwin"
@ -53,7 +53,7 @@
../modules/system-modules ../modules/system-modules
]; ];
in { in {
forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); forEachPkgs = lambda: forEachSystem (system: lambda system (pkgsFor system));
mkUnless = condition: yes: (lib.mkIf (!condition) yes); mkUnless = condition: yes: (lib.mkIf (!condition) yes);
mkIfElse = condition: yes: no: mkIfElse = condition: yes: no:
@ -83,7 +83,7 @@ in {
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
disko.nixosModules.disko disko.nixosModules.disko
# lix-module.nixosModules.default lix-module.nixosModules.default
../modules/nixos-modules ../modules/nixos-modules
../configurations/nixos/${host} ../configurations/nixos/${host}
]; ];