diff --git a/.sops.yaml b/.sops.yaml index a6e6f4f..b8b0adf 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -13,7 +13,3 @@ creation_rules: key_groups: - age: - *leyla - - path_regex: secrets/application-keys.yaml$ - key_groups: - - age: - - *leyla \ No newline at end of file diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix index 30fc361..6cc4630 100644 --- a/configurations/home-manager/eve/packages.nix +++ b/configurations/home-manager/eve/packages.nix @@ -12,48 +12,41 @@ in { # See https://search.nixos.org/packages for all options home.packages = lib.lists.optionals userConfig.isDesktopUser ( with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop-bin ungoogled-chromium ] ); # Packages that need to be installed with some extra configuration # See https://home-manager-options.extranix.com/ for all options - programs = lib.mkMerge [ - { - # Let Home Manager install and manage itself. - home-manager.enable = true; - } - (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { - git = { - enable = true; - userName = "Eve"; - userEmail = "evesnrobins@gmail.com"; - extraConfig.init.defaultBranch = "main"; - }; + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; - openssh = { - enable = true; - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }) - (lib.mkIf config.user.isDesktopUser { - vscode = { - enable = true; - package = pkgs.vscodium; - }; + git = { + enable = true; + userName = "Eve"; + userEmail = "evesnrobins@gmail.com"; + extraConfig.init.defaultBranch = "main"; + }; - firefox.enable = true; - bitwarden.enable = true; - discord.enable = true; - makemkv.enable = true; - signal-desktop-bin.enable = true; - steam.enable = true; - }) - ]; + vscode = { + enable = true; + package = pkgs.vscodium; + }; + + openssh = { + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }; }; } diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 49abfe1..90251a3 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -1,11 +1,7 @@ -{ - config, - osConfig, - ... -}: { +{osConfig, ...}: { imports = [ - ./packages ./i18n.nix + ./packages.nix ./impermanence.nix ./dconf.nix ]; @@ -39,7 +35,7 @@ # org.gradle.console=verbose # org.gradle.daemon.idletimeout=3600000 # ''; - "${config.xdg.configHome}/user-dirs.dirs" = { + ".config/user-dirs.dirs" = { force = true; text = '' # This file is written by xdg-user-dirs-update diff --git a/configurations/home-manager/leyla/packages/firefox.nix b/configurations/home-manager/leyla/firefox.nix similarity index 98% rename from configurations/home-manager/leyla/packages/firefox.nix rename to configurations/home-manager/leyla/firefox.nix index 1613cb3..0adea28 100644 --- a/configurations/home-manager/leyla/packages/firefox.nix +++ b/configurations/home-manager/leyla/firefox.nix @@ -2,10 +2,14 @@ lib, pkgs, inputs, + osConfig, ... -}: { - config = { +}: let + is-desktop-user = osConfig.host.users.leyla.isDesktopUser; +in { + config = lib.mkIf is-desktop-user { programs.firefox = { + enable = true; profiles.leyla = { settings = { "browser.search.defaultenginename" = "Searx"; diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index 041bff8..29936b5 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -1,6 +1,5 @@ { lib, - config, osConfig, ... }: { @@ -10,10 +9,14 @@ "desktop" "downloads" "documents" + { + directory = ".local/share/Steam"; + method = "symlink"; + } ]; files = [ ".bash_history" # keep shell history around - "${config.xdg.dataHome}/recently-used.xbel" # gnome recently viewed files + ".local/share/recently-used.xbel" # gnome recently viewed files ]; allowOther = true; }; diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix new file mode 100644 index 0000000..e9ab230 --- /dev/null +++ b/configurations/home-manager/leyla/packages.nix @@ -0,0 +1,135 @@ +{ + lib, + config, + osConfig, + pkgs, + ... +}: let + userConfig = osConfig.host.users.leyla; + hardware = osConfig.host.hardware; +in { + imports = [ + ./vscode/default.nix + ./firefox.nix + ]; + + config = lib.mkMerge [ + (lib.mkIf userConfig.isTerminalUser { + home.packages = with pkgs; [ + # command line tools + sox + yt-dlp + ffmpeg + imagemagick + ]; + }) + (lib.mkIf userConfig.isDesktopUser { + nixpkgs.config = { + allowUnfree = true; + }; + + home.packages = ( + lib.lists.optionals userConfig.isDesktopUser ( + (with pkgs; [ + # helvetica font + aileron + + gnomeExtensions.dash-to-dock + + # development tools + dbeaver-bin + bruno + proxmark3 + ]) + ++ ( + lib.lists.optionals hardware.directAccess.enable (with pkgs; [ + #foss platforms + signal-desktop-bin + bitwarden + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + # kicad-small + makemkv + onionshare + # rhythmbox + (lib.mkIf hardware.graphicsAcceleration.enable obs-studio) + # wireshark + # rpi-imager + # fritzing + mfoc + tor-browser + anki + pdfarranger + calibre + qbittorrent + picard + + # proprietary platforms + discord + obsidian + (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) + + # development tools + # androidStudioPackages.canary + jetbrains.idea-community + qFlipper + + # system tools + protonvpn-gui + openvpn + noisetorch + + # hardware management tools + (lib.mkIf hardware.piperMouse.enable piper) + (lib.mkIf hardware.openRGB.enable openrgb) + (lib.mkIf hardware.viaKeyboard.enable via) + ]) + ) + ) + ); + programs = lib.mkIf userConfig.isDesktopUser { + # Let Home Manager install and manage itself. + home-manager.enable = true; + + # set up git defaults + git = { + enable = true; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; + }; + + # add direnv to auto load flakes for development + direnv = { + enable = true; + enableBashIntegration = true; + nix-direnv.enable = true; + config = { + global.hide_env_diff = true; + whitelist.exact = ["/home/leyla/documents/code/nix-config"]; + }; + }; + bash.enable = true; + + openssh = { + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" + ]; + hostKeys = [ + { + type = "ed25519"; + path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; + } + ]; + }; + }; + }) + ]; +} diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix deleted file mode 100644 index 4acfaf1..0000000 --- a/configurations/home-manager/leyla/packages/default.nix +++ /dev/null @@ -1,118 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: let - hardware = osConfig.host.hardware; -in { - imports = [ - ./vscode - ./firefox.nix - ./direnv.nix - ./openssh.nix - ./git.nix - ./makemkv.nix - ]; - - config = lib.mkMerge [ - { - programs = lib.mkMerge [ - { - # Let Home Manager install and manage itself. - home-manager.enable = true; - } - (lib.mkIf (config.user.isTerminalUser || config.user.isDesktopUser) { - bash.enable = true; - git.enable = true; - openssh.enable = true; - }) - (lib.mkIf config.user.isDesktopUser { - bitwarden.enable = true; - obs-studio.enable = hardware.graphicsAcceleration.enable; - qbittorrent.enable = true; - prostudiomasters.enable = true; - protonvpn-gui.enable = true; - dbeaver-bin.enable = true; - bruno.enable = true; - }) - (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { - anki.enable = true; - makemkv.enable = true; - discord.enable = true; - signal-desktop-bin.enable = true; - calibre.enable = true; - obsidian.enable = true; - jetbrains.idea-community.enable = true; - vscode.enable = true; - firefox.enable = true; - steam.enable = true; - }) - ]; - } - (lib.mkIf config.user.isTerminalUser { - home.packages = with pkgs; [ - # command line tools - sox - yt-dlp - ffmpeg - imagemagick - ]; - }) - (lib.mkIf config.user.isDesktopUser { - nixpkgs.config = { - allowUnfree = true; - }; - - home.packages = ( - (with pkgs; [ - aileron - - gnomeExtensions.dash-to-dock - - proxmark3 - ]) - ++ ( - lib.lists.optionals hardware.directAccess.enable (with pkgs; [ - #foss platforms - ungoogled-chromium - libreoffice - inkscape - gimp - krita - freecad - # cura - # kicad-small - onionshare - # rhythmbox - - # wireshark - # rpi-imager - # fritzing - mfoc - tor-browser - pdfarranger - picard - - # proprietary platforms - (lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve) - - # development tools - # androidStudioPackages.canary - qFlipper - - # system tools - openvpn - noisetorch - - # hardware management tools - (lib.mkIf hardware.piperMouse.enable piper) - (lib.mkIf hardware.openRGB.enable openrgb) - (lib.mkIf hardware.viaKeyboard.enable via) - ]) - ) - ); - }) - ]; -} diff --git a/configurations/home-manager/leyla/packages/direnv.nix b/configurations/home-manager/leyla/packages/direnv.nix deleted file mode 100644 index 038c149..0000000 --- a/configurations/home-manager/leyla/packages/direnv.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - lib, - config, - osConfig, - ... -}: let - userConfig = osConfig.host.users.leyla; -in { - config = lib.mkIf userConfig.isDesktopUser { - programs = { - direnv = { - enable = true; - enableBashIntegration = true; - nix-direnv.enable = true; - config = { - global.hide_env_diff = true; - whitelist.exact = ["${config.home.homeDirectory}/documents/code/nix-config"]; - }; - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/git.nix b/configurations/home-manager/leyla/packages/git.nix deleted file mode 100644 index 568cd7a..0000000 --- a/configurations/home-manager/leyla/packages/git.nix +++ /dev/null @@ -1,11 +0,0 @@ -{...}: { - config = { - programs = { - git = { - userName = "Leyla Becker"; - userEmail = "git@jan-leila.com"; - extraConfig.init.defaultBranch = "main"; - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/makemkv.nix b/configurations/home-manager/leyla/packages/makemkv.nix deleted file mode 100644 index ee71955..0000000 --- a/configurations/home-manager/leyla/packages/makemkv.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - config, - inputs, - ... -}: { - config = { - sops.secrets = { - "application-keys/makemkv" = { - sopsFile = "${inputs.secrets}/application-keys.yaml"; - }; - }; - programs.makemkv = { - appKeyFile = config.sops.placeholder."application-keys/makemkv"; - destinationDir = "/home/leyla/downloads/makemkv"; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/openssh.nix b/configurations/home-manager/leyla/packages/openssh.nix deleted file mode 100644 index 91aec11..0000000 --- a/configurations/home-manager/leyla/packages/openssh.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - config, - osConfig, - ... -}: { - config = { - programs = { - openssh = { - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" - ]; - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/vscode/default.nix similarity index 96% rename from configurations/home-manager/leyla/packages/vscode/default.nix rename to configurations/home-manager/leyla/vscode/default.nix index c21e01d..c2ee066 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/vscode/default.nix @@ -8,8 +8,9 @@ }: let nix-development-enabled = osConfig.host.nix-development.enable; ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; + is-desktop-user = osConfig.host.users.leyla.isDesktopUser; in { - config = lib.mkIf config.user.isDesktopUser { + config = lib.mkIf is-desktop-user { nixpkgs = { overlays = [ inputs.nix-vscode-extensions.overlays.default @@ -26,6 +27,8 @@ in { open-vsx = extensions.open-vsx; vscode-marketplace = extensions.vscode-marketplace; in { + enable = true; + package = pkgs.vscodium; mutableExtensionsDir = false; diff --git a/configurations/home-manager/leyla/packages/vscode/user-words.nix b/configurations/home-manager/leyla/vscode/user-words.nix similarity index 100% rename from configurations/home-manager/leyla/packages/vscode/user-words.nix rename to configurations/home-manager/leyla/vscode/user-words.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0b9d1b7..fef7a56 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -40,8 +40,6 @@ tokenFile = config.sops.secrets."services/zfs_smtp_token".path; }; pool = { - # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA - bootDrives = ["nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"]; vdevs = [ [ "ata-ST18000NE000-3G6101_ZVTCXVEB" @@ -201,14 +199,16 @@ # temp enable desktop enviroment for setup # Enable the X11 windowing system. - xserver.enable = true; + xserver = { + enable = true; - # Enable the GNOME Desktop Environment. - displayManager = { - gdm.enable = true; - }; - desktopManager = { - gnome.enable = true; + # Enable the GNOME Desktop Environment. + displayManager = { + gdm.enable = true; + }; + desktopManager = { + gnome.enable = true; + }; }; ollama = { @@ -298,7 +298,7 @@ hibernate.enable = false; hybrid-sleep.enable = false; }; - services.displayManager.gdm.autoSuspend = false; + services.xserver.displayManager.gdm.autoSuspend = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix index c75c162..2d7df4c 100644 --- a/configurations/nixos/emergent/configuration.nix +++ b/configurations/nixos/emergent/configuration.nix @@ -2,6 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { + config, lib, pkgs, ... @@ -38,8 +39,8 @@ services.xserver.enable = true; # Enable the GNOME Desktop Environment. - services.displayManager.gdm.enable = true; - services.desktopManager.gnome.enable = true; + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; host = { users = { @@ -49,14 +50,6 @@ isPrincipleUser = true; }; }; - - storage = { - enable = true; - pool = { - mode = ""; - drives = ["wwn-0x5000039fd0cf05eb"]; - }; - }; }; # Configure keymap in X11 @@ -98,7 +91,12 @@ # Packages that need to be installed with some extra configuration # See https://search.nixos.org/options for all options - programs = {}; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers + }; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. diff --git a/configurations/nixos/emergent/default.nix b/configurations/nixos/emergent/default.nix index 452334a..3455825 100644 --- a/configurations/nixos/emergent/default.nix +++ b/configurations/nixos/emergent/default.nix @@ -3,5 +3,6 @@ imports = [ ./configuration.nix ./hardware-configuration.nix + ./disco-configuration.nix ]; } diff --git a/configurations/nixos/emergent/disco-configuration.nix b/configurations/nixos/emergent/disco-configuration.nix new file mode 100644 index 0000000..ac2067f --- /dev/null +++ b/configurations/nixos/emergent/disco-configuration.nix @@ -0,0 +1,57 @@ +{...}: { + disko.devices = { + disk = { + disk1 = { + type = "disk"; + device = "/dev/disk/by-id/wwn-0x5000039fd0cf05eb"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + }; + zpool = { + zroot = { + type = "zpool"; + mode = ""; + options.cachefile = "none"; + rootFsOptions = { + compression = "zstd"; + "com.sun:auto-snapshot" = "true"; + }; + mountpoint = "/"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; + + datasets = { + "system/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + }; + }; + }; + }; +} diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index f72b264..7e2ab8a 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -1,8 +1,7 @@ { - lib, - pkgs, config, inputs, + pkgs, ... }: { imports = [ @@ -11,19 +10,6 @@ nixpkgs.config.allowUnfree = true; - boot = { - initrd = { - availableKernelModules = ["usb_storage" "sd_mod"]; - }; - kernelModules = ["sg"]; - - # Bootloader. - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - }; - host = { users = { leyla = { @@ -46,28 +32,6 @@ roles = ["chat" "edit" "apply"]; apiBase = "http://twilight:11434"; }; - "Deepseek Coder:6.7B" = { - model = "deepseek-coder:6.7b"; - roles = ["chat" "edit" "apply"]; - apiBase = "http://twilight:11434"; - }; - "Deepseek Coder:33B" = { - model = "deepseek-coder:33b"; - roles = ["chat" "edit" "apply"]; - apiBase = "http://twilight:11434"; - }; - - "Deepseek r1:8B" = { - model = "deepseek-r1:8b"; - roles = ["chat"]; - apiBase = "http://twilight:11434"; - }; - - "Deepseek r1:32B" = { - model = "deepseek-r1:32b"; - roles = ["chat"]; - apiBase = "http://twilight:11434"; - }; "qwen2.5-coder:1.5b-base" = { model = "qwen2.5-coder:1.5b-base"; @@ -85,23 +49,17 @@ }; environment.systemPackages = with pkgs; [ - cachefilesd webtoon-dl + prostudiomasters ]; - services.cachefilesd.enable = true; programs = { adb.enable = true; - }; - - networking = { - networkmanager.enable = true; - hostName = "horizon"; # Define your hostname. - }; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - hardware = { - graphics.enable = true; + steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; }; sops.secrets = { @@ -115,10 +73,6 @@ fprintd = { enable = true; }; - # firmware update tool - fwupd = { - enable = true; - }; tailscale = { enable = true; authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path; diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix index cec4914..e88d8dc 100644 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ b/configurations/nixos/horizon/hardware-configuration.nix @@ -4,6 +4,7 @@ { config, lib, + pkgs, modulesPath, ... }: { @@ -11,10 +12,22 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot = { + initrd = { + availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; + kernelModules = []; + }; + kernelModules = ["kvm-intel" "sg"]; + extraModulePackages = []; + + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + supportedFilesystems = ["nfs"]; + }; fileSystems = { "/" = { @@ -26,20 +39,98 @@ device = "/dev/disk/by-uuid/E138-65B5"; fsType = "vfat"; }; + + "/mnt/leyla_documents" = { + device = "defiant:/export/leyla_documents"; + fsType = "nfs"; + options = [ + "vers=4" + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "x-systemd.idle-timeout=600" + "fsc" + "timeo=600" + "retrans=2" + ]; + }; + + "/mnt/eve_documents" = { + device = "defiant:/export/eve_documents"; + fsType = "nfs"; + options = [ + "vers=4" + "x-systemd.automount" + "noauto" + "user" + "nofail" + "x-systemd.idle-timeout=600" + "fsc" + "timeo=600" + "retrans=2" + ]; + }; + + "/mnt/users_documents" = { + device = "defiant:/export/users_documents"; + fsType = "nfs"; + options = [ + "vers=4" + "x-systemd.automount" + "noauto" + "user" + "nofail" + "x-systemd.idle-timeout=600" + "fsc" + "timeo=600" + "retrans=2" + ]; + }; + + "/mnt/media" = { + device = "defiant:/export/media"; + fsType = "nfs"; + options = [ + "vers=4" + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "x-systemd.idle-timeout=600" + "noatime" + "nodiratime" + "relatime" + "fsc" + "timeo=600" + "retrans=2" + ]; + }; }; + environment.systemPackages = with pkgs; [ + cachefilesd + ]; + + services.cachefilesd.enable = true; + swapDevices = [ {device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff";} ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + networking = { + networkmanager.enable = true; + useDHCP = lib.mkDefault true; + hostName = "horizon"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + hardware = { + graphics.enable = true; + cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; } diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix index 111c002..e9032d8 100644 --- a/configurations/nixos/twilight/configuration.nix +++ b/configurations/nixos/twilight/configuration.nix @@ -1,7 +1,6 @@ { inputs, config, - pkgs, ... }: { imports = [ @@ -10,14 +9,6 @@ nixpkgs.config.allowUnfree = true; - boot.initrd.availableKernelModules = ["usb_storage"]; - boot.kernelModules = ["sg"]; - - boot.loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - sops.secrets = { "vpn-keys/tailscale-authkey/twilight" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; @@ -130,70 +121,13 @@ syncthing.enable = true; }; - - boot.supportedFilesystems = ["nfs"]; - - fileSystems = { - "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "soft" - "x-systemd.idle-timeout=600" - "fsc" - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "user" - "nofail" - "soft" - "x-systemd.idle-timeout=600" - "fsc" - ]; - }; - - "/mnt/media" = { - device = "defiant:/exports/media"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "user" - "noatime" - "nofail" - "soft" - "x-systemd.idle-timeout=600" - "noatime" - "nodiratime" - "relatime" - "rsize=32768" - "wsize=32768" - "fsc" - ]; - }; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server }; - - environment.systemPackages = with pkgs; [ - cachefilesd - ]; hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index - networking = { - networkmanager.enable = true; - hostName = "twilight"; # Define your hostname. - }; - # enabled virtualisation for docker # virtualisation.docker.enable = true; diff --git a/configurations/nixos/twilight/default.nix b/configurations/nixos/twilight/default.nix index 43a9164..edfb3f6 100644 --- a/configurations/nixos/twilight/default.nix +++ b/configurations/nixos/twilight/default.nix @@ -3,6 +3,5 @@ imports = [ ./configuration.nix ./hardware-configuration.nix - ./nvidia-drivers.nix ]; } diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix index 1389caf..1cba7de 100644 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ b/configurations/nixos/twilight/hardware-configuration.nix @@ -4,6 +4,7 @@ { config, lib, + pkgs, modulesPath, ... }: { @@ -11,10 +12,30 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-amd"]; - boot.extraModulePackages = []; + boot = { + initrd = { + availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"]; + kernelModules = []; + }; + kernelModules = ["kvm-amd" "sg"]; + extraModulePackages = []; + + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + supportedFilesystems = ["nfs"]; + }; + + services.xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + displayManager.gdm.wayland = false; + }; fileSystems = { "/" = { @@ -27,16 +48,111 @@ fsType = "vfat"; options = ["fmask=0022" "dmask=0022"]; }; + + "/mnt/leyla_documents" = { + device = "defiant:/exports/leyla_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; + }; + + "/mnt/users_documents" = { + device = "defiant:/exports/users_documents"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "user" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "fsc" + ]; + }; + + "/mnt/media" = { + device = "defiant:/exports/media"; + fsType = "nfs"; + options = [ + "x-systemd.automount" + "noauto" + "user" + "noatime" + "nofail" + "soft" + "x-systemd.idle-timeout=600" + "noatime" + "nodiratime" + "relatime" + "rsize=32768" + "wsize=32768" + "fsc" + ]; + }; }; + environment.systemPackages = with pkgs; [ + cachefilesd + ]; + swapDevices = []; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; + networking = { + networkmanager.enable = true; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + hostName = "twilight"; # Define your hostname. + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + hardware = { + # Enable OpenGL + graphics.enable = true; + + # install graphics drivers + nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; } diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix deleted file mode 100644 index 47763f8..0000000 --- a/configurations/nixos/twilight/nvidia-drivers.nix +++ /dev/null @@ -1,47 +0,0 @@ -{config, ...}: { - services = { - xserver = { - # Load nvidia driver for Xorg and Wayland - videoDrivers = ["nvidia"]; - }; - # Use X instead of wayland for gaming reasons - displayManager.gdm.wayland = false; - }; - - hardware = { - # Enable OpenGL - graphics.enable = true; - - # install graphics drivers - nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = false; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = true; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; - }; - }; -} diff --git a/flake.lock b/flake.lock index 636f746..fa3ad83 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1748832438, - "narHash": "sha256-/CtyLVfNaFP7PrOPrTEuGOJBIhcBKVQ91KiEbtXJi0A=", + "lastModified": 1748225455, + "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", "owner": "nix-community", "repo": "disko", - "rev": "58d6e5a83fff9982d57e0a0a994d4e5c0af441e4", + "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1749009805, - "narHash": "sha256-eRv4m89aPJvIAX9mZQcJM+l3sYG+OJvcLsiHvAvXalg=", + "lastModified": 1748405006, + "narHash": "sha256-pmt0SFjACJJAI8g8QU5arg2c9BXNZG9/okVwRSDJkG8=", "owner": "rycee", "repo": "nur-expressions", - "rev": "622c38d004cdded682d9a5ab7323181dc6efb0c1", + "rev": "f9801a86d6603260940890c36650275090d1dceb", "type": "gitlab" }, "original": { @@ -75,39 +75,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -115,11 +82,11 @@ ] }, "locked": { - "lastModified": 1749049052, - "narHash": "sha256-wIt8ZBc8diKg1H5ibi3Bw9HUcPR2w3xy4ddcuzjgLb0=", + "lastModified": 1748455938, + "narHash": "sha256-mQ/iNzPra2WtDQ+x2r5IadcWNr0m3uHvLMzJkXKAG/8=", "owner": "nix-community", "repo": "home-manager", - "rev": "ffab96a8b4a523c4b5e2645ee09e95a75cbdbfab", + "rev": "02077149e2921014511dac2729ae6dadb4ec50e2", "type": "github" }, "original": { @@ -143,41 +110,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1746827285, - "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", - "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1746838955, - "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", - "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" - } - }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -185,11 +117,11 @@ ] }, "locked": { - "lastModified": 1749012745, - "narHash": "sha256-Cax/k9ZRPKqTz18vZtmqGR45pHRXM+sDvEVd4V/3NrU=", + "lastModified": 1748352827, + "narHash": "sha256-sNUUP6qxGkK9hXgJ+p362dtWLgnIWwOCmiq72LAWtYo=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "fa6120c32f10bd2aac9e8c9a6e71528a9d9d823b", + "rev": "44a7d0e687a87b73facfe94fba78d323a6686a90", "type": "github" }, "original": { @@ -221,17 +153,17 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1749002682, - "narHash": "sha256-v9K6RyPF/+4r/YJhjEH8y07VWE6Vj7Vl88E/K5m/uJ0=", + "lastModified": 1748397853, + "narHash": "sha256-tudGoP5caIJ5TzkV6wnsmUk7Spx21oWMKpkmPbjRNZc=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "46eb9c16d8ccfedf8bc648be03f9b2993fe3c994", + "rev": "ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5", "type": "github" }, "original": { @@ -242,11 +174,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749056381, - "narHash": "sha256-QITcurR19KZlrCngBoCjsFF2BdYsiCG4UqmlrVcLb8Q=", + "lastModified": 1747900541, + "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "029bd66faa180e11262dd1bc2732254c33415f52", + "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", "type": "github" }, "original": { @@ -258,11 +190,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748929857, - "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "lastModified": 1748370509, + "narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "rev": "4faa5f5321320e49a78ae7848582f684d64783e9", "type": "github" }, "original": { @@ -279,7 +211,6 @@ "flake-compat": "flake-compat", "home-manager": "home-manager", "impermanence": "impermanence", - "lix-module": "lix-module", "nix-darwin": "nix-darwin", "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", @@ -292,11 +223,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1749061163, - "narHash": "sha256-WflcbitH7ErNZBFqZCdy1ODUqKF51xbu2zYfqA35+1M=", + "lastModified": 1743538790, + "narHash": "sha256-QXmvyxfAhpifxAWcYTvuGfzv9I+9gHw0bq4WYtGEB9A=", "ref": "refs/heads/main", - "rev": "1c5c059c0c7b6ce691993262fe10a2b63e1c31ba", - "revCount": 19, + "rev": "3d63dff77f8eda1667e3586169642cf256c4aa34", + "revCount": 17, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, @@ -339,21 +270,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 7896d60..496456a 100644 --- a/flake.nix +++ b/flake.nix @@ -5,10 +5,10 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - lix-module = { - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + # lix-module = { + # url = "https://git.lix.systems/lix-project/nixos-module/archive/stable.tar.gz"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; # secret encryption sops-nix = { @@ -131,11 +131,11 @@ systemsHomes // homeSystems; in { - formatter = forEachPkgs (system: pkgs: pkgs.alejandra); + formatter = forEachPkgs (pkgs: pkgs.alejandra); # templates = import ./templates; - devShells = forEachPkgs (system: pkgs: { + devShells = forEachPkgs (pkgs: { default = pkgs.mkShell { packages = with pkgs; [ # for version controlling this repo diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index 208ee24..3e4456b 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -1,17 +1,4 @@ -{pkgs, ...}: { - nixpkgs.overlays = [ - (final: prev: { - webtoon-dl = - pkgs.callPackage - ./webtoon-dl.nix - {}; - }) - # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? - (final: prev: { - prostudiomasters = - pkgs.callPackage - ./prostudiomasters.nix - {}; - }) - ]; +# this folder is for custom derivations +{...}: { + # package = pkgs.callPackage ./package.nix {}; } diff --git a/modules/home-manager-modules/continue.nix b/modules/home-manager-modules/continue.nix index 20ec52b..327ee44 100644 --- a/modules/home-manager-modules/continue.nix +++ b/modules/home-manager-modules/continue.nix @@ -7,38 +7,40 @@ }: let ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; in { - options.user.continue = { - enable = lib.mkEnableOption "should continue be enabled on this machine"; - docs = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; + options = { + user.continue = { + enable = lib.mkEnableOption "should continue be enabled on this machine"; + docs = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + name = lib.mkOption { + type = lib.types.str; + default = name; + }; + startUrl = lib.mkOption { + type = lib.types.str; + }; }; - startUrl = lib.mkOption { - type = lib.types.str; + })); + }; + context = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + provider = lib.mkOption { + type = lib.types.str; + default = name; + }; }; + })); + default = { + "code" = {}; + "docs" = {}; + "diff" = {}; + "terminal" = {}; + "problems" = {}; + "folder" = {}; + "codebase" = {}; }; - })); - }; - context = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - provider = lib.mkOption { - type = lib.types.str; - default = name; - }; - }; - })); - default = { - "code" = {}; - "docs" = {}; - "diff" = {}; - "terminal" = {}; - "problems" = {}; - "folder" = {}; - "codebase" = {}; }; }; }; diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index 73876f4..ee47fb5 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -1,12 +1,9 @@ # this folder container modules that are for home manager only {...}: { imports = [ - ./sops.nix - ./user.nix ./flipperzero.nix ./i18n.nix ./openssh.nix ./continue.nix - ./programs ]; } diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index c8ba22d..7b646b8 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -6,7 +6,6 @@ ... }: { options.programs.openssh = { - enable = lib.mkEnableOption "should we enable openssh"; authorizedKeys = lib.mkOption { type = lib.types.listOf lib.types.str; default = []; @@ -38,65 +37,63 @@ }; }; - config = lib.mkIf config.programs.openssh.enable ( - lib.mkMerge [ - ( - lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { - services.ssh-agent.enable = true; - programs.ssh = { - enable = true; - compression = true; - addKeysToAgent = "confirm"; - extraConfig = lib.strings.concatLines ( - builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys - ); - }; - - systemd.user.services = builtins.listToAttrs ( - builtins.map (hostKey: - lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" { - Install = { - WantedBy = ["default.target"]; - }; - Service = let - path = "${config.home.homeDirectory}/.ssh/${hostKey.path}"; - in { - Restart = "always"; - Type = "simple"; - ExecStart = "${ - pkgs.writeShellScript "ssh-gen-keys" '' - if ! [ -s "${path}" ]; then - if ! [ -h "${path}" ]; then - rm -f "${path}" - fi - mkdir -p "$(dirname '${path}')" - chmod 0755 "$(dirname '${path}')" - ${pkgs.openssh}/bin/ssh-keygen \ - -t "${hostKey.type}" \ - ${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \ - ${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \ - ${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \ - ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \ - -f "${path}" \ - -N "" - chown ${config.home.username} ${path}* - chgrp ${config.home.username} ${path}* - fi - '' - }"; - }; - }) - config.programs.openssh.hostKeys - ); - } - ) - (lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - files = lib.lists.flatten ( - builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys + config = lib.mkMerge [ + ( + lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { + services.ssh-agent.enable = true; + programs.ssh = { + enable = true; + compression = true; + addKeysToAgent = "confirm"; + extraConfig = lib.strings.concatLines ( + builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys ); }; - }) - ] - ); + + systemd.user.services = builtins.listToAttrs ( + builtins.map (hostKey: + lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" { + Install = { + WantedBy = ["default.target"]; + }; + Service = let + path = "${config.home.homeDirectory}/.ssh/${hostKey.path}"; + in { + Restart = "always"; + Type = "simple"; + ExecStart = "${ + pkgs.writeShellScript "ssh-gen-keys" '' + if ! [ -s "${path}" ]; then + if ! [ -h "${path}" ]; then + rm -f "${path}" + fi + mkdir -p "$(dirname '${path}')" + chmod 0755 "$(dirname '${path}')" + ${pkgs.openssh}/bin/ssh-keygen \ + -t "${hostKey.type}" \ + ${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \ + ${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \ + ${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \ + ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \ + -f "${path}" \ + -N "" + chown ${config.home.username} ${path}* + chgrp ${config.home.username} ${path}* + fi + '' + }"; + }; + }) + config.programs.openssh.hostKeys + ); + } + ) + (lib.mkIf osConfig.host.impermanence.enable { + home.persistence."/persist${config.home.homeDirectory}" = { + files = lib.lists.flatten ( + builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys + ); + }; + }) + ]; } diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix deleted file mode 100644 index 083d205..0000000 --- a/modules/home-manager-modules/programs/anki.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: { - options.programs.anki = { - enable = lib.mkEnableOption "enable anki"; - }; - - config = lib.mkIf config.programs.anki.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - anki - ]; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.dataHome}/Anki2/" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix deleted file mode 100644 index b9b91c4..0000000 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: { - options.programs.bitwarden = { - enable = lib.mkEnableOption "enable bitwarden"; - }; - - config = lib.mkIf config.programs.bitwarden.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - bitwarden - ]; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/Bitwarden" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix deleted file mode 100644 index 00b248f..0000000 --- a/modules/home-manager-modules/programs/bruno.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: { - options.programs.bruno = { - enable = lib.mkEnableOption "enable bruno"; - }; - - config = lib.mkIf config.programs.bruno.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - bruno - ]; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/bruno/" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix deleted file mode 100644 index 9e5f34e..0000000 --- a/modules/home-manager-modules/programs/calibre.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: { - options.programs.calibre = { - enable = lib.mkEnableOption "enable calibre"; - }; - - config = lib.mkIf config.programs.calibre.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - calibre - ]; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/calibre" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix deleted file mode 100644 index a962459..0000000 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: { - options.programs.dbeaver-bin = { - enable = lib.mkEnableOption "enable dbeaver"; - }; - - config = lib.mkIf config.programs.dbeaver-bin.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - dbeaver-bin - ]; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.dataHome}/DBeaverData/" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix deleted file mode 100644 index ee52da2..0000000 --- a/modules/home-manager-modules/programs/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{...}: { - imports = [ - ./firefox.nix - ./signal.nix - ./bitwarden.nix - ./makemkv.nix - ./obs.nix - ./anki.nix - ./qbittorrent.nix - ./discord.nix - ./obsidian.nix - ./prostudiomasters.nix - ./idea.nix - ./protonvpn.nix - ./calibre.nix - ./bruno.nix - ./dbeaver.nix - ./steam.nix - ]; -} diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix deleted file mode 100644 index e8605a5..0000000 --- a/modules/home-manager-modules/programs/discord.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: { - options.programs.discord = { - enable = lib.mkEnableOption "enable discord"; - }; - - config = lib.mkIf config.programs.discord.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - discord - ]; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/discord/" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix deleted file mode 100644 index 907b619..0000000 --- a/modules/home-manager-modules/programs/firefox.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - lib, - config, - osConfig, - ... -}: let - buildProfilePersistence = profile: { - directories = [ - ".mozilla/firefox/${profile}/extensions" - ]; - files = [ - ".mozilla/firefox/${profile}/cookies.sqlite" - ".mozilla/firefox/${profile}/favicons.sqlite" - # Permissions and ${profileName} levels for each site - ".mozilla/firefox/${profile}/permissions.sqlite" - ".mozilla/firefox/${profile}/content-prefs.sqlite" - # Browser history and bookmarks - ".mozilla/firefox/${profile}/places.sqlite" - # I guess this is useful? - # https://bugzilla.mozilla.org/show_bug.cgi?id=1511384 - # https://developer.mozilla.org/en-US/docs/Web/API/Storage_API/Storage_quotas_and_eviction_criteria - ".mozilla/firefox/${profile}/storage.sqlite" - # Extension configuration - ".mozilla/firefox/${profile}/extension-settings.json" - ]; - allowOther = true; - }; -in { - config = lib.mkIf (config.programs.firefox.enable && osConfig.host.impermanence.enable) { - home.persistence."/persist${config.home.homeDirectory}" = lib.mkMerge ( - ( - lib.attrsets.mapAttrsToList - (profile: _: buildProfilePersistence profile) - config.programs.firefox.profiles - ) - ++ ( - lib.lists.optional - ((builtins.length (lib.attrsets.mapAttrsToList (key: value: value) config.programs.firefox.profiles)) == 0) - (buildProfilePersistence "default") - ) - ); - }; -} diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix deleted file mode 100644 index f0a928c..0000000 --- a/modules/home-manager-modules/programs/idea.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: { - options.programs.jetbrains.idea-community = { - enable = lib.mkEnableOption "enable idea-community"; - }; - - config = lib.mkIf config.programs.jetbrains.idea-community.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - jetbrains.idea-community - ]; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - # configuration - "${config.xdg.configHome}/JetBrains/" - # plugins - "${config.xdg.dataHome}/JetBrains/" - # System and Logs - "${config.xdg.cacheHome}/JetBrains/" - ]; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix deleted file mode 100644 index eca059d..0000000 --- a/modules/home-manager-modules/programs/makemkv.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: { - options.programs.makemkv = { - enable = lib.mkEnableOption "enable makemkv"; - appKeyFile = lib.mkOption { - type = lib.types.str; - }; - destinationDir = lib.mkOption { - type = lib.types.str; - }; - }; - - config = lib.mkIf config.programs.makemkv.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - makemkv - ]; - - sops.templates."MakeMKV.settings.conf".content = '' - app_DestinationDir = "${config.programs.makemkv.destinationDir}" - app_DestinationType = "2" - app_Key = "${config.programs.makemkv.appKeyFile}" - ''; - - home.file.".MakeMKV/settings.conf".source = config.lib.file.mkOutOfStoreSymlink config.sops.templates."MakeMKV.settings.conf".path; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - ".MakeMKV" - ]; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix deleted file mode 100644 index 98c4fea..0000000 --- a/modules/home-manager-modules/programs/obs.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - lib, - config, - osConfig, - ... -}: { - config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ - ( - lib.mkIf osConfig.host.impermanence.enable { - # TODO: map impermanence for obs - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix deleted file mode 100644 index 4d28b3e..0000000 --- a/modules/home-manager-modules/programs/obsidian.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - lib, - config, - osConfig, - ... -}: { - config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/obsidian" - ]; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix deleted file mode 100644 index 9e6088f..0000000 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: { - options.programs.prostudiomasters = { - enable = lib.mkEnableOption "enable prostudiomasters"; - }; - - config = lib.mkIf config.programs.prostudiomasters.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - prostudiomasters - ]; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/ProStudioMasters" - ]; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix deleted file mode 100644 index dd11aae..0000000 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: { - options.programs.protonvpn-gui = { - enable = lib.mkEnableOption "enable protonvpn"; - }; - - config = lib.mkIf config.programs.protonvpn-gui.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - protonvpn-gui - ]; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/protonvpn" - "${config.xdg.configHome}/Proton" - ]; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix deleted file mode 100644 index 02e23df..0000000 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: { - options.programs.qbittorrent = { - enable = lib.mkEnableOption "enable qbittorrent"; - }; - - config = lib.mkIf config.programs.qbittorrent.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - qbittorrent - ]; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/qBittorrent" - ]; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix deleted file mode 100644 index fdf0af9..0000000 --- a/modules/home-manager-modules/programs/signal.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: { - options.programs.signal-desktop-bin = { - enable = lib.mkEnableOption "enable signal"; - }; - - config = lib.mkIf config.programs.signal-desktop-bin.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - signal-desktop-bin - ]; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/Signal" - ]; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix deleted file mode 100644 index 4661151..0000000 --- a/modules/home-manager-modules/programs/steam.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: { - options.programs.steam = { - enable = lib.mkEnableOption "enable steam"; - }; - - config = lib.mkIf config.programs.steam.enable ( - lib.mkMerge [ - { - home.packages = with pkgs; [ - steam - steam.run - ]; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - { - directory = "${config.xdg.dataHome}/Steam"; - method = "symlink"; - } - ]; - allowOther = true; - }; - } - ) - ] - ); - - # TODO: bind impermanence config -} diff --git a/modules/home-manager-modules/sops.nix b/modules/home-manager-modules/sops.nix deleted file mode 100644 index 910fbb6..0000000 --- a/modules/home-manager-modules/sops.nix +++ /dev/null @@ -1,7 +0,0 @@ -{...}: { - config = { - sops = { - age.keyFile = "/var/lib/sops-nix/key.txt"; - }; - }; -} diff --git a/modules/home-manager-modules/user.nix b/modules/home-manager-modules/user.nix deleted file mode 100644 index efce22d..0000000 --- a/modules/home-manager-modules/user.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - lib, - config, - osConfig, - ... -}: { - options.user = { - isDesktopUser = lib.mkOption { - type = lib.types.bool; - default = osConfig.host.users.${config.home.username}.isDesktopUser; - }; - isTerminalUser = lib.mkOption { - type = lib.types.bool; - default = osConfig.host.users.${config.home.username}.isTerminalUser; - }; - }; -} diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix index 2ba1a58..d668a74 100644 --- a/modules/nixos-modules/default.nix +++ b/modules/nixos-modules/default.nix @@ -14,8 +14,8 @@ ./ollama.nix ./ai.nix ./tailscale.nix - ./steam.nix ./server + ./packages ]; nixpkgs.config.permittedInsecurePackages = [ diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 323b7cc..cf59cd9 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -19,6 +19,12 @@ # Enable the X11 windowing system. enable = true; + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager = { + gnome.enable = true; + }; + # Get rid of xTerm desktopManager.xterm.enable = false; excludePackages = with pkgs; [ @@ -41,10 +47,6 @@ ]; }; - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; - pipewire = { enable = true; alsa.enable = true; diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix index 3d15498..13ddb8f 100644 --- a/modules/nixos-modules/disko.nix +++ b/modules/nixos-modules/disko.nix @@ -20,8 +20,6 @@ disk: lib.attrsets.nameValuePair (hashDisk disk) disk ) config.host.storage.pool.cache; - - datasets = config.host.storage.pool.datasets // config.host.storage.pool.extraDatasets; in { options.host.storage = { enable = lib.mkEnableOption "are we going create zfs disks with disko on this device"; @@ -50,68 +48,21 @@ in { }; }; pool = { - mode = lib.mkOption { - type = lib.types.str; - default = "raidz2"; - description = "what level of redundancy should this pool have"; - }; - # list of drives in pool that will have a boot partition put onto them - bootDrives = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "list of disks that are going to have a boot partition installed on them"; - default = lib.lists.flatten config.host.storage.pool.vdevs; - }; - # shorthand for vdevs if you only have 1 vdev - drives = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "list of drives that are going to be in the vdev"; - default = []; - }; - # list of all drives in each vdev vdevs = lib.mkOption { type = lib.types.listOf (lib.types.listOf lib.types.str); description = "list of disks that are going to be in"; default = [config.host.storage.pool.drives]; }; - # list of cache drives for pool + drives = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "list of drives that are going to be in the vdev"; + default = []; + }; cache = lib.mkOption { type = lib.types.listOf lib.types.str; description = "list of drives that are going to be used as cache"; default = []; }; - # Default datasets that are needed to make a functioning system - datasets = lib.mkOption { - type = lib.types.attrsOf (inputs.disko.lib.subType { - types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; - }); - default = { - "local" = { - type = "zfs_fs"; - options.canmount = "off"; - }; - # nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up - "local/system/nix" = { - type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - # dataset for root that gets rolled back on every boot - "local/system/root" = { - type = "zfs_fs"; - mountpoint = "/"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/system/root@blank - ''; - }; - }; - }; extraDatasets = lib.mkOption { type = lib.types.attrsOf (inputs.disko.lib.subType { types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; @@ -170,37 +121,59 @@ in { disko.devices = { disk = ( builtins.listToAttrs ( - builtins.map - (drive: - lib.attrsets.nameValuePair (drive.name) { - type = "disk"; - device = "/dev/disk/by-id/${drive.value}"; - content = { - type = "gpt"; - partitions = { - ESP = lib.mkIf (builtins.elem drive.value config.host.storage.pool.bootDrives) { - # The 2GB here for the boot partition might be a bit overkill we probably only need like 1/4th of that but storage is cheap - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; + ( + builtins.map + (drive: + lib.attrsets.nameValuePair (drive.name) { + type = "disk"; + device = "/dev/disk/by-id/${drive.value}"; + content = { + type = "gpt"; + partitions = { + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; }; }; }; - }; - }) - ( - (lib.lists.flatten vdevs) ++ cache + }) + (lib.lists.flatten vdevs) + ) + ++ ( + builtins.map + (drive: + lib.attrsets.nameValuePair (drive.name) { + type = "disk"; + device = "/dev/disk/by-id/${drive.value}"; + content = { + type = "gpt"; + partitions = { + # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA + ESP = { + # 2G here because its not much relative to how much storage we have for caching + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "rpool"; + }; + }; + }; + }; + }) + cache ) ) ); @@ -212,7 +185,7 @@ in { type = "topology"; vdev = ( builtins.map (disks: { - mode = config.host.storage.pool.mode; + mode = "raidz2"; members = builtins.map (disk: disk.name) disks; }) @@ -249,15 +222,13 @@ in { ); datasets = lib.mkMerge [ - ( - lib.attrsets.mapAttrs (name: value: { + (lib.attrsets.mapAttrs (name: value: { type = value.type; options = value.options; mountpoint = value.mountpoint; postCreateHook = value.postCreateHook; }) - datasets - ) + config.host.storage.pool.extraDatasets) ]; }; }; diff --git a/modules/nixos-modules/home-manager/default.nix b/modules/nixos-modules/home-manager/default.nix index 10f86c7..cab004b 100644 --- a/modules/nixos-modules/home-manager/default.nix +++ b/modules/nixos-modules/home-manager/default.nix @@ -4,6 +4,5 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix - ./steam.nix ]; } diff --git a/modules/nixos-modules/home-manager/steam.nix b/modules/nixos-modules/home-manager/steam.nix deleted file mode 100644 index d151bca..0000000 --- a/modules/nixos-modules/home-manager/steam.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - lib, - config, - ... -}: let - setupSteam = - lib.lists.any - (value: value) - (lib.attrsets.mapAttrsToList (name: value: value.programs.steam.enable) config.home-manager.users); -in { - config = lib.mkIf setupSteam { - programs.steam = { - enable = true; - # TODO: figure out how to not install steam here - # package = lib.mkDefault pkgs.emptyFile; - }; - }; -} diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 2f38cd3..e969e20 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -38,6 +38,33 @@ }; host.storage.pool.extraDatasets = { + # local datasets are for data that should be considered ephemeral + "local" = { + type = "zfs_fs"; + options.canmount = "off"; + }; + # nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up + "local/system/nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + options = { + atime = "off"; + relatime = "off"; + canmount = "on"; + }; + }; + # dataset for root that gets rolled back on every boot + "local/system/root" = { + type = "zfs_fs"; + mountpoint = "/"; + options = { + canmount = "on"; + }; + postCreateHook = '' + zfs snapshot rpool/local/system/root@blank + ''; + }; + # persist datasets are datasets that contain information that we would like to keep around "persist" = { type = "zfs_fs"; diff --git a/modules/nixos-modules/packages/default.nix b/modules/nixos-modules/packages/default.nix new file mode 100644 index 0000000..208ee24 --- /dev/null +++ b/modules/nixos-modules/packages/default.nix @@ -0,0 +1,17 @@ +{pkgs, ...}: { + nixpkgs.overlays = [ + (final: prev: { + webtoon-dl = + pkgs.callPackage + ./webtoon-dl.nix + {}; + }) + # TODO: this package always needs to be called with the --in-process-gpu flag for some reason, can we automate that? + (final: prev: { + prostudiomasters = + pkgs.callPackage + ./prostudiomasters.nix + {}; + }) + ]; +} diff --git a/modules/common-modules/pkgs/prostudiomasters.nix b/modules/nixos-modules/packages/prostudiomasters.nix similarity index 100% rename from modules/common-modules/pkgs/prostudiomasters.nix rename to modules/nixos-modules/packages/prostudiomasters.nix diff --git a/modules/common-modules/pkgs/webtoon-dl.nix b/modules/nixos-modules/packages/webtoon-dl.nix similarity index 100% rename from modules/common-modules/pkgs/webtoon-dl.nix rename to modules/nixos-modules/packages/webtoon-dl.nix diff --git a/modules/nixos-modules/steam.nix b/modules/nixos-modules/steam.nix deleted file mode 100644 index 20c0978..0000000 --- a/modules/nixos-modules/steam.nix +++ /dev/null @@ -1,9 +0,0 @@ -{...}: { - programs = { - steam = { - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers - }; - }; -} diff --git a/modules/nixos-modules/system.nix b/modules/nixos-modules/system.nix index b839067..51a92ed 100644 --- a/modules/nixos-modules/system.nix +++ b/modules/nixos-modules/system.nix @@ -1,5 +1,6 @@ {...}: { nix = { + settings.download-buffer-size = 524288000; gc = { automatic = true; dates = "weekly"; diff --git a/nix-config-secrets b/nix-config-secrets index 1c5c059..3d63dff 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 1c5c059c0c7b6ce691993262fe10a2b63e1c31ba +Subproject commit 3d63dff77f8eda1667e3586169642cf256c4aa34 diff --git a/util/default.nix b/util/default.nix index fb2f83d..4b713da 100644 --- a/util/default.nix +++ b/util/default.nix @@ -10,7 +10,7 @@ nix-syncthing = inputs.nix-syncthing; disko = inputs.disko; impermanence = inputs.impermanence; - lix-module = inputs.lix-module; + # lix-module = inputs.lix-module; systems = [ "aarch64-darwin" @@ -53,7 +53,7 @@ ../modules/system-modules ]; in { - forEachPkgs = lambda: forEachSystem (system: lambda system (pkgsFor system)); + forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); mkUnless = condition: yes: (lib.mkIf (!condition) yes); mkIfElse = condition: yes: no: @@ -83,7 +83,7 @@ in { impermanence.nixosModules.impermanence home-manager.nixosModules.home-manager disko.nixosModules.disko - lix-module.nixosModules.default + # lix-module.nixosModules.default ../modules/nixos-modules ../configurations/nixos/${host} ];