diff --git a/.envrc b/.envrc deleted file mode 100644 index 8392d15..0000000 --- a/.envrc +++ /dev/null @@ -1 +0,0 @@ -use flake \ No newline at end of file diff --git a/.gitconfig b/.gitconfig deleted file mode 100644 index 78d2a4a..0000000 --- a/.gitconfig +++ /dev/null @@ -1,2 +0,0 @@ -[core] - hooksPath = .hooks diff --git a/.gitignore b/.gitignore index 2810727..e2f5dd2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1 @@ -result -.direnv -.vscode/* -!.vscode/settings.json -nixos.qcow2 +result \ No newline at end of file diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index dcfaddd..0000000 --- a/.gitmodules +++ /dev/null @@ -1,3 +0,0 @@ -[submodule "secrets"] - path = secrets - url = git@git.jan-leila.com:jan-leila/nix-config-secrets.git diff --git a/.hooks/post-commit b/.hooks/post-commit deleted file mode 100755 index 03a160d..0000000 --- a/.hooks/post-commit +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env nix-shell -#! nix-shell -i bash ../shell.nix - -echo "restoring stashed changes" - -# Find the most recent pre-commit stash and restore it -recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1) - -if [ -n "$recent_stash" ]; then - echo "Found recent pre-commit stash: $recent_stash" - git stash pop -q "$recent_stash" -else - echo "No pre-commit stash found to restore" -fi diff --git a/.hooks/post-merge b/.hooks/post-merge deleted file mode 100755 index 06fabc3..0000000 --- a/.hooks/post-merge +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/env nix-shell -#! nix-shell -i bash ../shell.nix - -# Get current branch name -current_branch=$(git branch --show-current) - -# Only perform actions if we're on main branch and a merge just completed -if [ "$current_branch" = "main" ]; then - echo "Post-merge on main branch - running nix flake check" - - # Run nix flake check after merge into main - nix flake check - - if [ ! $? -eq 0 ]; then - echo "Warning: nix flake check failed after merge into main" - echo "Please fix the issues as soon as possible" - else - echo "nix flake check passed after merge" - fi - - # Check if there are any pre-commit stashes to restore - recent_stash=$(git stash list | grep "pre-commit-stash-" | head -n 1 | cut -d: -f1) - - if [ -n "$recent_stash" ]; then - echo "Post-merge: restoring pre-commit stash on main branch" - git stash pop -q "$recent_stash" - else - echo "Post-merge: no pre-commit stash to restore on main branch" - fi -else - echo "Post-merge: no action needed on branch '$current_branch'" -fi diff --git a/.hooks/pre-commit b/.hooks/pre-commit deleted file mode 100755 index 74cbc64..0000000 --- a/.hooks/pre-commit +++ /dev/null @@ -1,32 +0,0 @@ -#!/usr/bin/env nix-shell -#! nix-shell -i bash ../shell.nix - -# Get current branch name -current_branch=$(git branch --show-current) - -echo "stashing all uncommitted changes with named stash (excluding hooks)" -git stash push -q --keep-index -m "pre-commit-stash-$(date +%s)" -- ':!.hooks/' - -# Only run nix flake check if we're on main branch -if [ "$current_branch" = "main" ]; then - echo "On main branch - checking flakes all compile" - nix flake check - - if [ ! $? -eq 0 ]; then - echo "Error: nix flake check failed on main branch" - exit 1 - fi - echo "nix flake check passed" -else - echo "Not on main branch - skipping nix flake check" -fi - -echo "running linter" -alejandra -q . - -RESULT=$? - -echo "adding lint changes to commit" -git add -u - -exit $RESULT diff --git a/.hooks/pre-merge-commit b/.hooks/pre-merge-commit deleted file mode 100755 index 9b7b41d..0000000 --- a/.hooks/pre-merge-commit +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/env nix-shell -#! nix-shell -i bash ../shell.nix - -# Get the target branch (the branch being merged into) -target_branch="" - -# Check if we're in the middle of a merge -if [ -f .git/MERGE_HEAD ]; then - # We're in a merge, check if the current branch is main - current_branch=$(git branch --show-current) - if [ "$current_branch" = "main" ]; then - target_branch="main" - fi -fi - -# If we're merging into main, run nix flake check -if [ "$target_branch" = "main" ]; then - echo "Merging into main branch - running nix flake check..." - - echo "stashing all uncommitted changes with named stash (excluding hooks)" - git stash push -q --keep-index -m "pre-merge-stash-$(date +%s)" -- ':!.hooks/' - - echo "checking flakes all compile" - nix flake check - - if [ ! $? -eq 0 ]; then - echo "Error: nix flake check failed. Merge aborted." - echo "Please fix the issues and try merging again." - exit 1 - fi - - echo "nix flake check passed. Merge can proceed." -else - echo "Not merging into main branch, skipping nix flake check." -fi - -exit 0 diff --git a/.sops.yaml b/.sops.yaml index a6e6f4f..0ac5664 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,19 +1,7 @@ keys: - &leyla age15ga3jmn2mqtlgwwtdcdh6l5vdx6um9aftrkexxfyue6xvcqapqusle75jh creation_rules: - - path_regex: secrets/user-passwords.yaml$ + - path_regex: secrets/secrets.yaml$ key_groups: - age: - *leyla - - path_regex: secrets/defiant-services.yaml$ - key_groups: - - age: - - *leyla - - path_regex: secrets/vpn-keys.yaml$ - key_groups: - - age: - - *leyla - - path_regex: secrets/application-keys.yaml$ - key_groups: - - age: - - *leyla \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json deleted file mode 100644 index 8d6717e..0000000 --- a/.vscode/settings.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "cSpell.words": [ - "attrsets", - "bitwarden", - "forgejo", - "gids", - "headscale", - "hesperium", - "jellyfin", - "macvlan", - "nextcloud", - "nixos", - "nixpkgs", - "pihole", - "pkgs", - "rpool", - "searx", - "ublock", - "uids" - ] -} \ No newline at end of file diff --git a/README.md b/README.md index d29ba58..b8bed40 100644 --- a/README.md +++ b/README.md @@ -1,130 +1,66 @@ -# nix-config - -https://git.jan-leila.com/jan-leila/nix-config - -nix multi user, multi system, configuration with `sops` secret management, `home-manager`, and `nixos-anywhere` setup via `disko` with `zfs` + `impermanence` - # Hosts ## Host Map -| Hostname | Device Description | Primary User | Role | Provisioned | Using Nix | -| :---------: | :------------------------: | :--------------: | :-------: | :---------: | :-------: | -| `twilight` | Desktop Computer | Leyla | Desktop | ✅ | ✅ | -| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | ✅ | ✅ | -| `defiant` | NAS Server | Leyla | Server | ✅ | ✅ | -| `hesperium` | Mac | ????? | Mac | ❌ | ❌ | -| `emergent` | Desktop Computer | Eve | Desktop | ✅ | ✅ | -| `threshold` | Laptop | Eve | Laptop | ❌ | ❌ | -| `wolfram` | Steam Deck | House | Handheld | ✅ | ❌ | -| `ceder` | A5 Tablet | Leyla | Tablet | ✅ | ❌ | -| `skate` | A6 Tablet | Leyla | Tablet | ❌ | ❌ | -| `shale` | A6 Tablet | Eve | Tablet | ✅ | ❌ | -| `coven` | Pixel 8 | Leyla | Android | ✅ | ❌ | +| Hostname | Device Description | Primary User | Role | +| :---------: | :------------------------: | :--------------: | :-------: | +| `twilight` | Desktop Computer | Leyla | Desktop | +| `horizon` | 13 inch Framework Laptop | Leyla | Laptop | +| `defiant` | NAS Server | Leyla | Service | +| `emergent` | Desktop Computer | Eve | Laptop | +| `threshold` | Laptop | Eve | Desktop | -# Tooling -## Rebuilding + +### Rebuild current machine to match target host: +`sudo nixos-rebuild switch --flake .#hostname` + +### Rebuild current machine maintaining current target `./rebuild.sh` -## Updating -`nix flake update` +# New machine setup +keys for decrypting password secrets for each users located at `/var/lib/sops-nix/key.txt` + +updating passwords: `sops secrets/secrets.yaml` -## New host setup `./install.sh --target 192.168.1.130 --flake hostname` -## Updating Secrets -`sops secrets/secrets_file_here.yaml` +> how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU -## Inspecting a configuration -`nix-inspect -p .` +> something about ssh keys for remotes # Notes: +- Look into this for fixing nixos-anywhere `https://github.com/lucidph3nx/nixos-config/tree/main` +- Look into this for rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` +- Look into this for openssh known configurations https://search.nixos.org/options?channel=unstable&from=0&size=15&sort=alpha_asc&type=packages&query=services.openssh +- Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Look into this for headscale https://carlosvaz.com/posts/setting-up-headscale-on-nixos/ -## Research topics -- Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` -- Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ -- https://nixos-and-flakes.thiscute.world/ -- proton mail now has an smtp server we could use that for our zfs and SMART test emails -- VR https://lvra.gitlab.io/docs/distros/nixos/ +# Updating +`nix flake update` # Tasks: -## Documentation -- [ ] project layout -- [ ] users file structure -- [ ] reverse proxy design - - public service compatibility - - vpn based services compatibility -- [ ] the choice of impermanence -- [ ] storage module design - - base impermanence compatibility and structure reason - - what does local vs persist mean in pool names (do we need a second layer? ephemeral, local, and persist? local exist only on this machine and is not backed up, persist is backed up to other machines (I think we need to redo the sops and torrent/media folders?)) - - plans to possibly support btrfs in the future - - plans for home manager datasets - - plans for auto systemd service datasets -- [ ] plans to migrate to some kind of acl structure for user management -- [ ] plans to migrate from flakes to npins - -## Chores: -- [ ] test out crab hole service - ## Tech Debt -- [ ] monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- [ ] migrate away from flakes and move to npins -- [ ] `host.users` should be redone so that we just extend the base `users.users` object. Right now we cant quite do this because we have weird circular dependencies with disko/impermanence (not sure which one) and home manger enabling/disabling users per devices - -## Broken things -- [ ] figure out steam vr things? -- [ ] whisper was having issues - -## Data Integrity -- [ ] zfs email after scrubbing # TODO: test this -- [ ] SMART test with email results -- [ ] zfs encryption FIDO2 2fa (look into shavee) -- [ ] rotate sops encryption keys periodically (and somehow sync between devices?) -- [ ] Secure Boot - https://github.com/nix-community/lanzaboote -- [ ] auto turn off on power loss - nut -- [ ] every service needs to have its own data pool -- [ ] secondary server with data sync. Maybe a Pi with a usb hdd enclosure and use rtcwake to only turn on once a week to sync data over tailscale with connection initiated from pi's side. We could probably put this at LZ. Hoping for it to draw only like $1 of power a month. Initial sync should probably be done here before we move it over because that will take a while. Data should be encrypted so that devices doesn't have access to it. Project will prob cost like $1800 - -## Data Access -- [ ] nfs export should be backed by the same values for server and client -- [ ] samba mounts -- [ ] offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- [ ] figure out why syncthing and jellyfins permissions don't propagate downwards -- [ ] make radarr, sonarr, and bazarr accessible over vpn with fully qualified names via reverse proxy -- [ ] move searx, home-assistant, actual, vikunja, jellyfin, paperless, and immich to only be accessible via vpn -- [ ] FreeIPA/SSSD/LDAP/Kerberos to manage uid and gid's - -## Services -- [ ] ntfy service for unified push -- [ ] signal socket server -- [ ] vikunja service for project management -- [ ] Penpot services (need to make this custom) -- [ ] minecraft server with old world file -- [ ] storj server -- [ ] Create Tor guard/relay server -- [ ] screeps server -- [ ] mastodon instance - -## DevOps -- [ ] wake on LAN for updates -- [ ] remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- [ ] ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix -- [ ] fix panoramax package -- [ ] claude code MCP servers should bundle node with them so they work in all environments - -## Observability -- [ ] graphana for dashboards -- [ ] prometheus and loki for metric and log collection - - [ ] zfs storage usage - - [ ] zfs drive health status - - [ ] service version lag - - [ ] network/cpu/ram utilization - - [ ] http latency - - [ ] postgres db load - - [ ] nginx queries -- [ ] ntfy.sh for push notifications -- [ ] kuma for uptime visualization - -## Packages -- [ ] Custom private fork of MultiMC \ No newline at end of file +- allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) +- Move configs for pipe mouse, open rgb, and via keyboard to hardware config and install users side from those configs +- have nfs binds and exports defined by same code +- move services from defiant into own flake +- made base domain in nas services configurable +- vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) +## New Features +- GNOME default monitors per hardware configuration? +- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) +- Flake templates +- Docker parity with existing NAS on defiant +- NFS on defiant +- firefox declarative??? +- figure out steam vr things? +- Open GL? +- util functions +- openssh known hosts +- limit boot configurations to 2 on defiant +- rotate sops encryption keys periodically (and somehow sync between devices?) +- zfs email after scrubbing +- headscale server +- mastodon server +- tail scale clients +- wake on LAN \ No newline at end of file diff --git a/build-installer.sh b/build-installer.sh deleted file mode 100644 index e124091..0000000 --- a/build-installer.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/env bash - -while [ $# -gt 0 ]; do - case "$1" in - --flake*|-f*) - if [[ "$1" != *=* ]]; then shift; fi - flake="${1#*=}" - ;; - # --user*|-u*) - # if [[ "$1" != *=* ]]; then shift; fi - # user="${1#*=}" - # ;; - --help|-h) - echo "--help -h: print this message" - echo "--flake -f: set the flake to build an installer for" - # echo "--user -u: set the user to install flake as on the target system" - exit 0 - ;; - *) - echo "Error: Invalid argument $1" - exit 1 - ;; - esac - shift -done - -flake=${flake:-"basic"} -user=${user:-$USER} - -nix build .#installerConfigurations.$flake.config.system.build.isoImage \ No newline at end of file diff --git a/configurations/darwin/hesperium/configuration.nix b/configurations/darwin/hesperium/configuration.nix deleted file mode 100644 index f8af5c8..0000000 --- a/configurations/darwin/hesperium/configuration.nix +++ /dev/null @@ -1,16 +0,0 @@ -{...}: { - host = { - users = { - leyla = { - isDesktopUser = true; - isTerminalUser = true; - isPrincipleUser = true; - }; - eve.isNormalUser = false; - }; - }; - - system.stateVersion = 5; - - nixpkgs.hostPlatform = "aarch64-darwin"; -} diff --git a/configurations/darwin/hesperium/default.nix b/configurations/darwin/hesperium/default.nix deleted file mode 100644 index 220a6fb..0000000 --- a/configurations/darwin/hesperium/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{...}: { - imports = [ - ./configuration.nix - ]; -} diff --git a/configurations/home-manager/default.nix b/configurations/home-manager/default.nix deleted file mode 100644 index 3f88481..0000000 --- a/configurations/home-manager/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - lib, - config, - osConfig, - ... -}: let - users = config.host.users; -in { - leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla); - eve = lib.mkIf users.eve.isNormalUser (import ./eve); - ivy = lib.mkIf users.ivy.isNormalUser (import ./ivy); - git = lib.mkIf (osConfig.services.forgejo.enable or false) (import ./git); -} diff --git a/configurations/home-manager/eve/default.nix b/configurations/home-manager/eve/default.nix deleted file mode 100644 index 192c980..0000000 --- a/configurations/home-manager/eve/default.nix +++ /dev/null @@ -1,56 +0,0 @@ -{osConfig, ...}: let - userConfig = osConfig.host.users.eve; -in { - imports = [ - ./packages.nix - ./gnomeconf.nix - ]; - - home = { - username = userConfig.name; - homeDirectory = osConfig.users.users.eve.home; - - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - stateVersion = "23.11"; # Please read the comment before changing. - - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; - - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; - - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh - # - sessionVariables = { - # EDITOR = "emacs"; - }; - }; -} diff --git a/configurations/home-manager/eve/gnomeconf.nix b/configurations/home-manager/eve/gnomeconf.nix deleted file mode 100644 index 7cd3863..0000000 --- a/configurations/home-manager/eve/gnomeconf.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - osConfig, - lib, - ... -}: { - config = { - gnome = lib.mkMerge [ - { - colorScheme = "prefer-dark"; - accentColor = "slate"; - clockFormat = "24h"; - nightLight = { - enable = true; - automatic = false; - fromTime = 12.0; - toTime = 11.999999999999; - temperature = 2700; - }; - extraWindowControls = true; - extensions = { - dash-to-panel = { - enable = true; - }; - }; - } - - (lib.mkIf (osConfig.networking.hostName == "horizon") { - displayScaling = 125; - experimentalFeatures = { - scaleMonitorFramebuffer = true; - }; - }) - ]; - - dconf = { - enable = true; - }; - }; -} diff --git a/configurations/home-manager/eve/packages.nix b/configurations/home-manager/eve/packages.nix deleted file mode 100644 index 6b3c2e2..0000000 --- a/configurations/home-manager/eve/packages.nix +++ /dev/null @@ -1,88 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: let - userConfig = osConfig.host.users.eve; - hardware = osConfig.host.hardware; -in { - config = { - nixpkgs.config = { - allowUnfree = true; - }; - - # Packages that can be installed without any extra configuration - # See https://search.nixos.org/packages for all options - home.packages = lib.lists.optionals userConfig.isDesktopUser ( - with pkgs; [ - gnomeExtensions.dash-to-panel - claude-code - friture - ] - ); - - # Packages that need to be installed with some extra configuration - # See https://home-manager-options.extranix.com/ for all options - programs = lib.mkMerge [ - { - # Let Home Manager install and manage itself. - home-manager.enable = true; - } - (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { - git = { - enable = true; - settings = { - user.name = "Eve"; - user.email = "evesnrobins@gmail.com"; - init.defaultBranch = "main"; - }; - }; - - openssh = { - enable = true; - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }) - (lib.mkIf config.user.isDesktopUser { - vscode = { - enable = true; - package = pkgs.vscodium; - }; - - firefox.enable = true; - bitwarden.enable = true; - discord.enable = true; - makemkv.enable = true; - signal-desktop-bin.enable = true; - steam.enable = true; - piper.enable = hardware.piperMouse.enable; - krita.enable = true; - ungoogled-chromium.enable = true; - - inkscape.enable = true; - obsidian.enable = true; - obs-studio.enable = true; - kdenlive.enable = true; - tor-browser.enable = true; - olympus.enable = true; - libreoffice.enable = true; - noita-entangled-worlds.enable = true; - - claude-code.enable = osConfig.host.ai.enable; - - # Windows applications that we need to figure out how to install - guild-wars-2.enable = false; - vortex.enable = false; - dungeon-draft.enable = false; - vmware-workstation.enable = true; - }) - ]; - }; -} diff --git a/configurations/home-manager/git/default.nix b/configurations/home-manager/git/default.nix deleted file mode 100644 index 1ea29cc..0000000 --- a/configurations/home-manager/git/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{osConfig, ...}: { - impermanence.fallbackPersistence.enable = false; - - home = { - username = osConfig.users.users.git.name; - homeDirectory = osConfig.users.users.git.home; - - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - stateVersion = "23.11"; # Please read the comment before changing. - }; - - programs.ssh.extraConfig = '' - AuthorizedKeysFile - /var/lib/forgejo/.ssh/authorized_keys - ''; -} diff --git a/configurations/home-manager/ivy/default.nix b/configurations/home-manager/ivy/default.nix deleted file mode 100644 index 48a3cae..0000000 --- a/configurations/home-manager/ivy/default.nix +++ /dev/null @@ -1,55 +0,0 @@ -{osConfig, ...}: let - userConfig = osConfig.host.users.ivy; -in { - imports = [ - ./packages.nix - ]; - - home = { - username = userConfig.name; - homeDirectory = osConfig.users.users.ivy.home; - - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - stateVersion = "23.11"; # Please read the comment before changing. - - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; - - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; - - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/ivy/etc/profile.d/hm-session-vars.sh - # - sessionVariables = { - # EDITOR = "emacs"; - }; - }; -} diff --git a/configurations/home-manager/ivy/packages.nix b/configurations/home-manager/ivy/packages.nix deleted file mode 100644 index 3c2a3d9..0000000 --- a/configurations/home-manager/ivy/packages.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: { - config = { - nixpkgs.config = { - allowUnfree = true; - }; - - # Programs that need to be installed with some extra configuration - programs = lib.mkMerge [ - { - # Let Home Manager install and manage itself. - home-manager.enable = true; - } - (lib.mkIf (config.user.isDesktopUser || config.user.isTerminalUser) { - # git = { - # enable = true; - # userName = "Ivy"; - # userEmail = "ivy@example.com"; # Update this with actual email - # extraConfig.init.defaultBranch = "main"; - # }; - - openssh = { - enable = true; - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }) - (lib.mkIf config.user.isDesktopUser { - vscode = { - enable = true; - package = pkgs.vscodium; - mutableExtensionsDir = false; - - profiles.default = { - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - - extraExtensions = { - # Cline extension (Claude AI assistant) - claudeDev.enable = true; - # Auto Rename Tag - autoRenameTag.enable = true; - # Live Server - liveServer.enable = true; - }; - - extensions = let - extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - in ( - with extension-pkgs.open-vsx; [ - streetsidesoftware.code-spell-checker - ] - ); - }; - }; - - firefox.enable = true; - discord.enable = true; - signal-desktop-bin.enable = true; - claude-code.enable = true; - }) - ]; - }; -} diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix deleted file mode 100644 index 9aa61f7..0000000 --- a/configurations/home-manager/leyla/dconf.nix +++ /dev/null @@ -1,101 +0,0 @@ -{...}: { - config = { - gnome = { - extraWindowControls = true; - colorScheme = "prefer-dark"; - clockFormat = "24h"; - nightLight = { - enable = true; - automatic = false; - fromTime = 12.0; - toTime = 11.999999999999; - temperature = 2700; - }; - extensions = { - dash-to-dock = { - enable = true; - options = { - "dock-position" = "LEFT"; - "intellihide-mode" = "ALL_WINDOWS"; - "show-trash" = false; - "require-pressure-to-show" = false; - "show-mounts" = false; - }; - }; - }; - hotkeys = { - "Open Terminal" = { - binding = "t"; - command = "kgx"; - }; - "Open Firefox" = { - binding = "f"; - command = "firefox"; - }; - }; - }; - - dconf = { - enable = true; - settings = { - "org/gnome/shell" = { - favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"]; - # app-picker-layout = - # builtins.map ( - # applications: - # lib.hm.gvariant (builtins.listToAttrs (lib.lists.imap0 (i: v: lib.attrsets.nameValuePair v (lib.hm.gvariant.mkVariant "{'position': <${i}>}")) applications)) - # ) [ - # [ - # "org.gnome.Nautilus.desktop" - # "bitwarden.desktop" - # "firefox.desktop" - # "torbrowser.desktop" - # "chromium-browser.desktop" - # "codium.desktop" - # "idea-community.desktop" - # "org.gnome.TextEditor.desktop" - # "dbeaver.desktop" - # "bruno.desktop" - # "anki.desktop" - # "obsidian.desktop" - # "signal-desktop.desktop" - # "discord.desktop" - # "gimp.desktop" - # "org.inkscape.Inkscape.desktop" - # "org.kde.krita.desktop" - # "davinci-resolve.desktop" - # "com.obsproject.Studio.desktop" - # "org.freecad.FreeCAD.desktop" - # "makemkv.desktop" - # "easytag.desktop" - # "transmission-gtk.desktop" - # ] - # [ - # "SteamVR.desktop" - # "Beat Saber.desktop" - # "Noun Town.desktop" - # "WEBFISHING.desktop" - # "Factorio.desktop" - # ] - # [ - # "org.gnome.Settings.desktop" - # "org.gnome.SystemMonitor.desktop" - # "org.gnome.Snapshot.desktop" - # "org.gnome.Usage.desktop" - # "org.gnome.DiskUtility.desktop" - # "org.gnome.Evince.desktop" - # "org.gnome.fonts.desktop" - # "noisetorch.desktop" - # "nvidia-settings.desktop" - # "OpnRGB.desktop" - # "org.freedesktop.Piper.desktop" - # "via-nativia.desktop" - # "protonvpn-app.desktop" - # "simple-scan.desktop" - # ] - # ]; - }; - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix deleted file mode 100644 index 8a37754..0000000 --- a/configurations/home-manager/leyla/default.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ - pkgs, - config, - osConfig, - ... -}: { - imports = [ - ./packages - ./i18n.nix - ./impermanence.nix - ./dconf.nix - ]; - - config = { - impermanence.enable = osConfig.host.impermanence.enable; - - # Home Manager needs a bit of information about you and the paths it should - # manage. - home = { - username = osConfig.host.users.leyla.name; - homeDirectory = osConfig.users.users.leyla.home; - - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - stateVersion = "23.11"; # Please read the comment before changing. - - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; - - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - "${config.xdg.configHome}/user-dirs.dirs" = { - force = true; - text = '' - # This file is written by xdg-user-dirs-update - # If you want to change or add directories, just edit the line you're - # interested in. All local changes will be retained on the next run. - # Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped - # homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an - # absolute path. No other format is supported. - # - XDG_DESKTOP_DIR="$HOME/desktop" - XDG_DOWNLOAD_DIR="$HOME/downloads" - XDG_DOCUMENTS_DIR="$HOME/documents" - XDG_TEMPLATES_DIR="$HOME/documents/templates" - XDG_MUSIC_DIR="$HOME/documents/music" - XDG_PICTURES_DIR="$HOME/documents/photos" - XDG_VIDEOS_DIR="$HOME/documents/videos" - XDG_PUBLICSHARE_DIR="$HOME/documents/public" - ''; - }; - }; - - keyboard.layout = "us,it,de"; - - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. If you don't want to manage your shell through Home - # Manager then you have to manually source 'hm-session-vars.sh' located at - # either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh - # - sessionVariables = { - # EDITOR = "emacs"; - }; - }; - - # TODO: move this into a fonts module - home.packages = with pkgs; [ - aileron - ]; - fonts.fontconfig.enable = true; - }; -} diff --git a/configurations/home-manager/leyla/i18n.nix b/configurations/home-manager/leyla/i18n.nix deleted file mode 100644 index f12cd95..0000000 --- a/configurations/home-manager/leyla/i18n.nix +++ /dev/null @@ -1,12 +0,0 @@ -{...}: { - i18n = { - defaultLocale = "en_IE.UTF-8"; - - extraLocaleSettings = { - # LC_ADDRESS = "en_IE.UTF-8"; # lets just get used to this one now - # LC_TELEPHONE = "en_IE.UTF-8"; # lets just get used to this one now - LC_MONETARY = "en_US.UTF-8"; # to be changed once I move - LC_PAPER = "en_US.UTF-8"; # convenient for american printers until I move - }; - }; -} diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix deleted file mode 100644 index ce81c81..0000000 --- a/configurations/home-manager/leyla/impermanence.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - lib, - config, - ... -}: { - config = lib.mkIf (config.impermanence.enable) { - home.persistence."/persist/home/leyla" = { - directories = [ - "desktop" - "downloads" - "documents" - ]; - files = [ - ".bash_history" # keep shell history around - "${config.xdg.dataHome}/recently-used.xbel" # gnome recently viewed files - ]; - allowOther = true; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix deleted file mode 100644 index bc41350..0000000 --- a/configurations/home-manager/leyla/packages/default.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: let - hardware = osConfig.host.hardware; -in { - imports = [ - ./vscode - ./firefox - ./direnv.nix - ./openssh.nix - ./git.nix - ./makemkv.nix - ]; - - config = lib.mkMerge [ - { - programs = lib.mkMerge [ - { - # Let Home Manager install and manage itself. - home-manager.enable = true; - } - (lib.mkIf (config.user.isTerminalUser || config.user.isDesktopUser) { - bash.enable = true; - git.enable = true; - openssh.enable = true; - }) - (lib.mkIf config.user.isDesktopUser { - bitwarden.enable = true; - obs-studio.enable = hardware.graphicsAcceleration.enable; - qbittorrent.enable = true; - prostudiomasters.enable = true; - protonvpn-gui.enable = true; - dbeaver-bin.enable = true; - bruno.enable = true; - piper.enable = hardware.piperMouse.enable; - proxmark3.enable = true; - openrgb.enable = hardware.openRGB.enable; - via.enable = hardware.viaKeyboard.enable; - claude-code.enable = osConfig.host.ai.enable; - davinci-resolve.enable = hardware.graphicsAcceleration.enable; - mfoc.enable = true; - }) - (lib.mkIf (hardware.directAccess.enable && config.user.isDesktopUser) { - anki.enable = true; - makemkv.enable = true; - discord.enable = true; - signal-desktop-bin.enable = true; - calibre.enable = true; - obsidian.enable = true; - jetbrains.idea-community.enable = true; - vscode.enable = true; - firefox.enable = true; - steam.enable = true; - krita.enable = true; - ungoogled-chromium.enable = true; - libreoffice.enable = true; - mapillary-uploader.enable = true; - inkscape.enable = true; - gimp.enable = true; - freecad.enable = true; - onionshare.enable = true; - pdfarranger.enable = true; - picard.enable = true; - qflipper.enable = true; - openvpn.enable = true; - noisetorch.enable = true; - noita-entangled-worlds.enable = true; - tor-browser.enable = true; - gdx-liftoff.enable = true; - }) - ]; - } - (lib.mkIf config.user.isTerminalUser { - home.packages = with pkgs; [ - # command line tools - sox - yt-dlp - ffmpeg - imagemagick - ]; - }) - (lib.mkIf config.user.isDesktopUser { - nixpkgs.config = { - allowUnfree = true; - }; - }) - ]; -} diff --git a/configurations/home-manager/leyla/packages/direnv.nix b/configurations/home-manager/leyla/packages/direnv.nix deleted file mode 100644 index 038c149..0000000 --- a/configurations/home-manager/leyla/packages/direnv.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - lib, - config, - osConfig, - ... -}: let - userConfig = osConfig.host.users.leyla; -in { - config = lib.mkIf userConfig.isDesktopUser { - programs = { - direnv = { - enable = true; - enableBashIntegration = true; - nix-direnv.enable = true; - config = { - global.hide_env_diff = true; - whitelist.exact = ["${config.home.homeDirectory}/documents/code/nix-config"]; - }; - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/firefox/bookmarks.nix b/configurations/home-manager/leyla/packages/firefox/bookmarks.nix deleted file mode 100644 index 4210d1e..0000000 --- a/configurations/home-manager/leyla/packages/firefox/bookmarks.nix +++ /dev/null @@ -1,155 +0,0 @@ -{...}: { - programs.firefox = { - profiles.leyla = { - bookmarks = { - force = true; - settings = [ - # Personal Services - { - name = "Media"; - url = "https://media.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Photos"; - url = "https://photos.jan-leila.com"; - keyword = ""; - tags = [""]; - } - { - name = "Git"; - url = "https://git.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Home Automation"; - url = "https://home.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Search"; - url = "https://search.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Budget"; - url = "https://budget.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Documents"; - url = "https://documents.jan-leila.com/"; - keyword = ""; - tags = [""]; - } - - # Defiant Server Services - { - name = "QBittorrent"; - url = "http://defiant:8084"; - keyword = ""; - tags = ["defiant"]; - } - { - name = "Sonarr"; - url = "http://defiant:8989"; - keyword = ""; - tags = ["defiant"]; - } - { - name = "Radarr"; - url = "http://defiant:7878"; - keyword = ""; - tags = ["defiant"]; - } - { - name = "Bazarr"; - url = "http://defiant:6767"; - keyword = ""; - tags = ["defiant"]; - } - { - name = "Lidarr"; - url = "http://defiant:8686"; - keyword = ""; - tags = ["defiant"]; - } - { - name = "Jackett"; - url = "http://defiant:9117"; - keyword = ""; - tags = ["defiant"]; - } - { - name = "Crab-hole DNS"; - url = "http://defiant:8085"; - keyword = ""; - tags = ["defiant"]; - } - - # External Services - { - name = "Mail"; - url = "https://mail.protonmail.com"; - keyword = ""; - tags = [""]; - } - { - name = "Open Street Map"; - url = "https://www.openstreetmap.org/"; - keyword = ""; - tags = [""]; - } - { - name = "Password Manager"; - url = "https://vault.bitwarden.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Mastodon"; - url = "https://mspsocial.net"; - keyword = ""; - tags = [""]; - } - { - name = "Linked In"; - url = "https://www.linkedin.com/"; - keyword = ""; - tags = [""]; - } - { - name = "Job Search"; - url = "https://www.jobsinnetwork.com/?state=cleaned_history&language%5B%5D=en&query=react&locations.countryCode%5B%5D=IT&locations.countryCode%5B%5D=DE&locations.countryCode%5B%5D=NL&experience%5B%5D=medior&experience%5B%5D=junior&page=1"; - keyword = ""; - tags = [""]; - } - { - name = "React Docs"; - url = "https://react.dev/"; - keyword = ""; - tags = [""]; - } - { - name = "Cyberia Matrix"; - url = "https://chat.cyberia.club"; - keyword = ""; - tags = [""]; - } - # Template - # { - # name = ""; - # url = ""; - # keyword = ""; - # tags = [""]; - # } - ]; - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/firefox/default.nix b/configurations/home-manager/leyla/packages/firefox/default.nix deleted file mode 100644 index 4246c68..0000000 --- a/configurations/home-manager/leyla/packages/firefox/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - lib, - pkgs, - inputs, - ... -}: { - imports = [ - ./firefox.nix - ./bookmarks.nix - ./harden.nix - ]; - - config = { - programs.firefox = { - enable = true; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/firefox/firefox.nix b/configurations/home-manager/leyla/packages/firefox/firefox.nix deleted file mode 100644 index ef6d202..0000000 --- a/configurations/home-manager/leyla/packages/firefox/firefox.nix +++ /dev/null @@ -1,191 +0,0 @@ -{ - lib, - pkgs, - inputs, - ... -}: { - programs.firefox = { - profiles.leyla = { - settings = { - "browser.search.defaultenginename" = "Searx"; - "browser.search.order.1" = "Searx"; - }; - - search = { - force = true; - default = "Searx"; - engines = { - "Nix Packages" = { - urls = [ - { - template = "https://search.nixos.org/packages"; - params = [ - { - name = "type"; - value = "packages"; - } - { - name = "query"; - value = "{searchTerms}"; - } - ]; - } - ]; - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = ["@np"]; - }; - "NixOS Wiki" = { - urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@nw"]; - }; - "Searx" = { - urls = [{template = "https://search.jan-leila.com/?q={searchTerms}";}]; - icon = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = ["@searx"]; - }; - }; - }; - - extensions.packages = with inputs.firefox-addons.packages.${pkgs.stdenv.hostPlatform.system}; [ - bitwarden - terms-of-service-didnt-read - multi-account-containers - shinigami-eyes - - ublock-origin - sponsorblock - dearrow - df-youtube - return-youtube-dislikes - - privacy-badger - decentraleyes - clearurls - localcdn - - snowflake - - pkgs.firefox-extensions.deutsch-de-language-pack - dictionary-german - - tab-session-manager - - pkgs.firefox-extensions.italiano-it-language-pack - pkgs.firefox-extensions.dizionario-italiano - ]; - - settings = { - # Disable irritating first-run stuff - "browser.disableResetPrompt" = true; - "browser.download.panel.shown" = true; - "browser.feeds.showFirstRunUI" = false; - "browser.messaging-system.whatsNewPanel.enabled" = false; - "browser.rights.3.shown" = true; - "browser.shell.checkDefaultBrowser" = false; - "browser.shell.defaultBrowserCheckCount" = 1; - "browser.startup.homepage_override.mstone" = "ignore"; - "browser.uitour.enabled" = false; - "startup.homepage_override_url" = ""; - "trailhead.firstrun.didSeeAboutWelcome" = true; - "browser.bookmarks.restore_default_bookmarks" = false; - "browser.bookmarks.addedImportButton" = true; - "browser.newtabpage.activity-stream.feeds.section.topstories" = false; - - # Usage Experience - "browser.startup.homepage" = "about:home"; - "browser.download.useDownloadDir" = false; - "browser.uiCustomization.state" = builtins.toJSON { - "currentVersion" = 20; - "newElementCount" = 6; - "dirtyAreaCache" = [ - "nav-bar" - "PersonalToolbar" - "toolbar-menubar" - "TabsToolbar" - "unified-extensions-area" - "vertical-tabs" - ]; - "placements" = { - "widget-overflow-fixed-list" = []; - "unified-extensions-area" = [ - # bitwarden - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "ublock0_raymondhill_net-browser-action" - "sponsorblocker_ajay_app-browser-action" - "dearrow_ajay_app-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_testpilot-containers-browser-action" - "addon_simplelogin-browser-action" - "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" - "jid1-bofifl9vbdl2zq_jetpack-browser-action" - "dfyoutube_example_com-browser-action" - "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" - "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browse-action" - "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" - ]; - "nav-bar" = [ - "back-button" - "forward-button" - "stop-reload-button" - "urlbar-container" - "downloads-button" - "unified-extensions-button" - "reset-pbm-toolbar-button" - ]; - "toolbar-menubar" = [ - "menubar-items" - ]; - "TabsToolbar" = [ - "firefox-view-button" - "tabbrowser-tabs" - "new-tab-button" - "alltabs-button" - ]; - "vertical-tabs" = []; - "PersonalToolbar" = [ - "import-button" - "personal-bookmarks" - ]; - }; - "seen" = [ - "save-to-pocket-button" - "developer-button" - "privacy_privacy_com-browser-action" - "sponsorblocker_ajay_app-browser-action" - "ublock0_raymondhill_net-browser-action" - "addon_simplelogin-browser-action" - "dearrow_ajay_app-browser-action" - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "_74145f27-f039-47ce-a470-a662b129930a_-browser-action" - "jid1-bofifl9vbdl2zq_jetpack-browser-action" - "dfyoutube_example_com-browser-action" - "_testpilot-containers-browser-action" - "_b86e4813-687a-43e6-ab65-0bde4ab75758_-browser-action" - "jid1-mnnxcxisbpnsxq_jetpack-browser-action" - "_762f9885-5a13-4abd-9c77-433dcd38b8fd_-browser-action" - "_b11bea1f-a888-4332-8d8a-cec2be7d24b9_-browser-action" - "jid0-3guet1r69sqnsrca5p8kx9ezc3u_jetpack-browser-action" - ]; - }; - "browser.newtabpage.activity-stream.feeds.topsites" = false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - "browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts" = false; - "browser.newtabpage.blocked" = lib.genAttrs [ - # Facebook - "4gPpjkxgZzXPVtuEoAL9Ig==" - # Reddit - "gLv0ja2RYVgxKdp0I5qwvA==" - # Amazon - "K00ILysCaEq8+bEqV/3nuw==" - # Twitter - "T9nJot5PurhJSy8n038xGA==" - ] (_: 1); - "identity.fxaccounts.enabled" = false; - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/firefox/harden.nix b/configurations/home-manager/leyla/packages/firefox/harden.nix deleted file mode 100644 index 66310c2..0000000 --- a/configurations/home-manager/leyla/packages/firefox/harden.nix +++ /dev/null @@ -1,50 +0,0 @@ -{...}: { - programs.firefox = { - profiles.leyla = { - settings = { - # Security - "privacy.trackingprotection.enabled" = true; - "dom.security.https_only_mode" = true; - "dom.security.https_only_mode_pbm" = true; - "dom.security.https_only_mode_error_page_user_suggestions" = true; - - # Privacy & Data Protection - "extensions.formautofill.addresses.enabled" = false; - "extensions.formautofill.creditCards.enabled" = false; - "signon.rememberSignons" = false; - "privacy.sanitize.sanitizeOnShutdown" = true; - "privacy.clearOnShutdown_v2.cache" = true; - "privacy.clearOnShutdown_v2.cookiesAndStorage" = true; - "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = true; - "urlclassifier.trackingSkipURLs" = ""; - "urlclassifier.features.socialtracking.skipURLs" = ""; - - # Disable telemetry and data collection - "app.shield.optoutstudies.enabled" = false; - "browser.discovery.enabled" = false; - "browser.newtabpage.activity-stream.feeds.telemetry" = false; - "browser.newtabpage.activity-stream.telemetry" = false; - "browser.ping-centre.telemetry" = false; - "datareporting.healthreport.service.enabled" = false; - "datareporting.healthreport.uploadEnabled" = false; - "datareporting.policy.dataSubmissionEnabled" = false; - "datareporting.sessions.current.clean" = true; - "devtools.onboarding.telemetry.logged" = false; - "toolkit.telemetry.archive.enabled" = false; - "toolkit.telemetry.bhrPing.enabled" = false; - "toolkit.telemetry.enabled" = false; - "toolkit.telemetry.firstShutdownPing.enabled" = false; - "toolkit.telemetry.hybridContent.enabled" = false; - "toolkit.telemetry.newProfilePing.enabled" = false; - "toolkit.telemetry.prompted" = 2; - "toolkit.telemetry.rejected" = true; - "toolkit.telemetry.reportingpolicy.firstRun" = false; - "toolkit.telemetry.server" = ""; - "toolkit.telemetry.shutdownPingSender.enabled" = false; - "toolkit.telemetry.unified" = false; - "toolkit.telemetry.unifiedIsOptIn" = false; - "toolkit.telemetry.updatePing.enabled" = false; - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/git.nix b/configurations/home-manager/leyla/packages/git.nix deleted file mode 100644 index 499e37b..0000000 --- a/configurations/home-manager/leyla/packages/git.nix +++ /dev/null @@ -1,13 +0,0 @@ -{...}: { - config = { - programs = { - git = { - settings = { - user.name = "Leyla Becker"; - user.email = "git@jan-leila.com"; - init.defaultBranch = "main"; - }; - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/makemkv.nix b/configurations/home-manager/leyla/packages/makemkv.nix deleted file mode 100644 index ee71955..0000000 --- a/configurations/home-manager/leyla/packages/makemkv.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - config, - inputs, - ... -}: { - config = { - sops.secrets = { - "application-keys/makemkv" = { - sopsFile = "${inputs.secrets}/application-keys.yaml"; - }; - }; - programs.makemkv = { - appKeyFile = config.sops.placeholder."application-keys/makemkv"; - destinationDir = "/home/leyla/downloads/makemkv"; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/openssh.nix b/configurations/home-manager/leyla/packages/openssh.nix deleted file mode 100644 index 91aec11..0000000 --- a/configurations/home-manager/leyla/packages/openssh.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - config, - osConfig, - ... -}: { - config = { - programs = { - openssh = { - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILimFIW2exEH/Xo7LtXkqgE04qusvnPNpPWSCeNrFkP leyla@defiant" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" - ]; - hostKeys = [ - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - } - ]; - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix deleted file mode 100644 index 36168b2..0000000 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ /dev/null @@ -1,136 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: let - nix-development-enabled = osConfig.host.nix-development.enable; - ai-tooling-enabled = osConfig.host.ai.enable; -in { - imports = [ - ./user-words.nix - ]; - - config = lib.mkIf config.user.isDesktopUser { - programs = { - bash.shellAliases = { - code = "codium"; - }; - - vscode = { - package = pkgs.vscodium; - - mutableExtensionsDir = false; - - profiles.default = { - enableUpdateCheck = false; - enableExtensionUpdateCheck = false; - - userSettings = lib.mkMerge [ - { - "javascript.updateImportsOnFileMove.enabled" = "always"; - "editor.tabSize" = 2; - "editor.insertSpaces" = false; - # "terminal.integrated.fontFamily" = "'Droid Sans Mono', 'monospace', monospace"; - } - ]; - - extraExtensions = { - # vs code feel - oneDark.enable = true; - atomKeybindings.enable = true; - openRemoteSsh.enable = true; - # openDyslexicFont.enable = false; - - # html development - autoRenameTag.enable = true; - liveServer.enable = true; - - # js development - es7ReactJsSnippets.enable = true; - tauriVscode.enable = true; - vscodeEslint.enable = true; - vscodeJest.enable = true; - vitest.enable = true; - vscodeStandard.enable = true; - vscodeStylelint.enable = true; - - nearley.enable = true; - - # astro development - vscodeMdx.enable = true; - astroVscode.enable = true; - - # nix development - alejandra.enable = nix-development-enabled; - nixIde.enable = nix-development-enabled; - - # go development - go.enable = true; - - # rust development - rustAnalyzer.enable = true; - - # claude development - claudeDev = lib.mkIf ai-tooling-enabled { - enable = true; - mcp = { - nixos = { - enable = true; - autoApprove = { - nixos_search = true; - nixos_info = true; - home_manager_search = true; - home_manager_info = true; - darwin_search = true; - darwin_info = true; - nixos_flakes_search = true; - }; - }; - eslint = { - enable = true; - autoApprove = { - lint-files = true; - }; - }; - vitest = { - enable = true; - autoApprove = { - list_tests = true; - run_tests = true; - analyze_coverage = true; - set_project_root = true; - }; - }; - sleep = { - enable = true; - timeout = 18000; # 5 hours to match claude codes timeout - autoApprove = { - sleep = true; - }; - }; - }; - }; - - # misc extensions - evenBetterToml.enable = true; - direnv.enable = config.programs.direnv.enable; - conventionalCommits.enable = true; - }; - - extensions = let - extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - in ( - with extension-pkgs.open-vsx; [ - # vs code feel extensions - streetsidesoftware.code-spell-checker - streetsidesoftware.code-spell-checker-german - streetsidesoftware.code-spell-checker-italian - ] - ); - }; - }; - }; - }; -} diff --git a/configurations/home-manager/leyla/packages/vscode/user-words.nix b/configurations/home-manager/leyla/packages/vscode/user-words.nix deleted file mode 100644 index bb99bbc..0000000 --- a/configurations/home-manager/leyla/packages/vscode/user-words.nix +++ /dev/null @@ -1,126 +0,0 @@ -{ - pkgs, - lib, - ... -}: { - config.programs.vscode.profiles.default.userSettings = { - "cSpell.userWords" = [ - "leyla" - ]; - - "cSpell.languageSettings" = [ - { - "languageId" = "nix"; - "locale" = "*"; - "dictionaries" = [ - "applications" - "ai-words" - "nix-words" - - # We need to include all other dictionaries in the nix language settings because they exist in this file - # TODO: see if there is a way to make this only apply for this file - "js-words" - ]; - } - { - "languageId" = "javascript,typescript,js,ts"; - "locale" = "*"; - "dictionaries" = [ - "js-words" - ]; - } - ]; - - "cSpell.customDictionaries" = { - applications = { - name = "applications"; - description = "application names"; - path = pkgs.writeText "applications.txt" (lib.strings.concatLines [ - "ollama" - "syncthing" - "immich" - "sonos" - "makemkv" - "hass" - "qbittorent" - "prostudiomasters" - "protonmail" - "pulseaudio" - ]); - }; - - ai-words = { - name = "ai-words"; - description = "common words used for ai development"; - path = pkgs.writeText "ai-words.txt" (lib.strings.concatLines [ - "ollama" - "deepseek" - "qwen" - ]); - }; - - nix-words = { - name = "nix-words"; - description = "words used in nix configurations"; - path = pkgs.writeText "nix-words.txt" (lib.strings.concatLines [ - "pname" - "direnv" - "tmpfiles" - "Networkd" - "networkmanager" - "dialout" - "adbusers" - "authkey" - "netdevs" - "atomix" - "geary" - "gedit" - "hitori" - "iagno" - "alsa" - "timezoned" - "pipewire" - "rtkit" - "disko" - "ashift" - "autotrim" - "canmount" - "mountpoint" - "xattr" - "acltype" - "relatime" - "keyformat" - "keylocation" - "vdevs" - - # codium extensions - "akamud" - "onedark" - "jeanp" - "dsznajder" - "dbaeumer" - "orta" - "tauri" - "unifiedjs" - "tamasfe" - "pinage" - "jnoortheen" - "kamadorueda" - "karyfoundation" - "nearley" - - # nix.optimise is spelled wrong - "optimise" - ]); - }; - - js-words = { - name = "js-words"; - description = "words used in js development"; - path = pkgs.writeText "js-words.txt" (lib.strings.concatLines [ - "webdav" - ]); - }; - }; - }; -} diff --git a/configurations/installer/basic/configuration.nix b/configurations/installer/basic/configuration.nix deleted file mode 100644 index 4e63727..0000000 --- a/configurations/installer/basic/configuration.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - lib, - pkgs, - modulesPath, - ... -}: { - imports = [(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")]; - - systemd.services.sshd.wantedBy = pkgs.lib.mkForce ["multi-user.target"]; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AaAeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee username@host" - ]; - - isoImage.squashfsCompression = "gzip -Xcompression-level 1"; - - networking.hostName = "installer"; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/configurations/installer/basic/default.nix b/configurations/installer/basic/default.nix deleted file mode 100644 index 220a6fb..0000000 --- a/configurations/installer/basic/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{...}: { - imports = [ - ./configuration.nix - ]; -} diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix deleted file mode 100644 index e2f9401..0000000 --- a/configurations/nixos/defiant/configuration.nix +++ /dev/null @@ -1,413 +0,0 @@ -# server nas -{ - inputs, - config, - ... -}: { - sops.secrets = { - "vpn-keys/tailscale-authkey/defiant" = { - sopsFile = "${inputs.secrets}/vpn-keys.yaml"; - }; - "vpn-keys/proton-wireguard/defiant-p2p" = { - sopsFile = "${inputs.secrets}/vpn-keys.yaml"; - mode = "0640"; - owner = "root"; - group = "systemd-network"; - }; - "services/zfs_smtp_token" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; - "services/paperless_password" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - mode = "0700"; - owner = "paperless"; - group = "paperless"; - }; - }; - - host = { - users = { - leyla = { - isDesktopUser = true; - isTerminalUser = true; - isPrincipleUser = true; - }; - }; - impermanence.enable = true; - storage = { - enable = true; - encryption = true; - notifications = { - enable = true; - host = "smtp.protonmail.ch"; - port = 587; - to = "leyla@jan-leila.com"; - user = "noreply@jan-leila.com"; - tokenFile = config.sops.secrets."services/zfs_smtp_token".path; - }; - pool = { - # We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA - bootDrives = ["nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"]; - vdevs = [ - [ - "ata-ST18000NE000-3G6101_ZVTCXVEB" - "ata-ST18000NE000-3G6101_ZVTCXWSC" - "ata-ST18000NE000-3G6101_ZVTD10EH" - "ata-ST18000NT001-3NF101_ZVTE0S3Q" - "ata-ST18000NT001-3NF101_ZVTEF27J" - "ata-ST18000NE000-3G6101_ZVTJ7359" - ] - [ - "ata-ST4000NE001-2MA101_WS2275P3" - "ata-ST4000NE001-2MA101_WS227B9F" - "ata-ST4000NE001-2MA101_WS227CEW" - "ata-ST4000NE001-2MA101_WS227CYN" - "ata-ST4000NE001-2MA101_WS23TBWV" - "ata-ST4000NE001-2MA101_WS23TC5F" - ] - ]; - cache = [ - "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F" - ]; - }; - }; - network_storage = { - enable = true; - directories = [ - { - folder = "leyla_documents"; - user = "leyla"; - group = "leyla"; - bind = "/home/leyla/documents"; - } - { - folder = "eve_documents"; - user = "eve"; - group = "eve"; - } - { - folder = "users_documents"; - user = "root"; - group = "users"; - } - { - folder = "media"; - user = "jellyfin"; - group = "jellyfin_media"; - bind = config.services.jellyfin.media_directory; - } - ]; - nfs = { - enable = true; - directories = ["leyla_documents" "eve_documents" "users_documents" "media"]; - }; - }; - }; - - systemd.network = { - enable = true; - - netdevs = { - "10-bond0" = { - netdevConfig = { - Kind = "bond"; - Name = "bond0"; - }; - bondConfig = { - Mode = "802.3ad"; - TransmitHashPolicy = "layer3+4"; - }; - }; - - "20-wg0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg0"; - }; - wireguardConfig = { - PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; - ListenPort = 51820; - }; - wireguardPeers = [ - { - PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; - Endpoint = "185.230.126.146:51820"; - # Allow all traffic but use policy routing to prevent system-wide VPN - AllowedIPs = ["0.0.0.0/0"]; - } - ]; - }; - }; - networks = { - "40-bond0" = { - matchConfig.Name = "bond0"; - linkConfig = { - RequiredForOnline = "degraded-carrier"; - RequiredFamilyForOnline = "any"; - }; - networkConfig.DHCP = "yes"; - - address = [ - "192.168.1.10/32" - ]; - - # Set lower priority for default gateway to allow WireGuard interface binding - routes = [ - { - Destination = "0.0.0.0/0"; - Gateway = "192.168.1.1"; - Metric = 100; - } - ]; - dns = ["192.168.1.1"]; - }; - - "50-wg0" = { - matchConfig.Name = "wg0"; - networkConfig = { - DHCP = "no"; - }; - address = [ - "10.2.0.2/32" - ]; - # Configure routing for application binding - routingPolicyRules = [ - { - # Route traffic from VPN interface through VPN table - From = "10.2.0.2/32"; - Table = 200; - Priority = 100; - } - ]; - routes = [ - { - # Direct route to VPN gateway - Destination = "10.2.0.1/32"; - Scope = "link"; - } - { - # Route VPN subnet through VPN gateway in custom table - Destination = "10.2.0.0/16"; - Gateway = "10.2.0.1"; - Table = 200; - } - { - # Route all traffic through VPN gateway in custom table - Destination = "0.0.0.0/0"; - Gateway = "10.2.0.1"; - Table = 200; - } - ]; - }; - }; - }; - - # limit arc usage to 50gb because ollama doesn't play nice with zfs using up all of the memory - boot.kernelParams = ["zfs.zfs_arc_max=53687091200"]; - - # Enable policy routing and source routing for application-specific VPN binding - boot.kernel.sysctl = { - "net.ipv4.conf.all.rp_filter" = 2; - "net.ipv4.conf.default.rp_filter" = 2; - "net.ipv4.conf.wg0.rp_filter" = 2; - }; - - services = { - # PostgreSQL database server - postgresql = { - enable = true; - adminUsers = ["leyla"]; - }; - - # temp enable desktop environment for setup - # Enable the X11 windowing system. - xserver.enable = true; - - # Enable the GNOME Desktop Environment. - displayManager = { - gdm.enable = true; - }; - desktopManager = { - gnome.enable = true; - }; - - # Enable new reverse proxy system - reverseProxy = { - enable = true; - openFirewall = true; - acme = { - enable = true; - email = "jan-leila@protonmail.com"; - }; - }; - - ollama = { - enable = true; - exposePort = true; - - acceleration = false; - - environmentVariables = { - OLLAMA_KEEP_ALIVE = "24h"; - }; - - loadModels = [ - # conversation models - "llama3.1:8b" - "deepseek-r1:8b" - "deepseek-r1:32b" - "deepseek-r1:70b" - - # auto complete models - "qwen2.5-coder:1.5b-base" - "qwen2.5-coder:7b" - "deepseek-coder:6.7b" - "deepseek-coder:33b" - - # agent models - "qwen3:8b" - "qwen3:32b" - "qwen3:235b-a22b" - - "qwen3-coder:30b" - "qwen3-coder:30b-a3b-fp16" - - # embedding models - "nomic-embed-text:latest" - ]; - }; - tailscale = { - enable = true; - authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/defiant".path; - useRoutingFeatures = "server"; - extraUpFlags = [ - "--advertise-exit-node" - "--advertise-routes=192.168.0.0/24" - "--accept-dns=false" - ]; - extraSetFlags = [ - "--advertise-exit-node" - "--advertise-routes=192.168.0.0/24" - "--accept-dns=false" - ]; - }; - - syncthing.enable = true; - - fail2ban.enable = true; - - jellyfin = { - enable = true; - domain = "media.jan-leila.com"; - extraDomains = ["jellyfin.jan-leila.com"]; - }; - - immich = { - enable = true; - domain = "photos.jan-leila.com"; - }; - - forgejo = { - enable = true; - reverseProxy.domain = "git.jan-leila.com"; - }; - - searx = { - enable = true; - domain = "search.jan-leila.com"; - }; - - actual = { - enable = true; - domain = "budget.jan-leila.com"; - }; - - home-assistant = { - enable = true; - domain = "home.jan-leila.com"; - openFirewall = true; - postgres.enable = true; - - extensions = { - sonos.enable = true; - jellyfin.enable = true; - wyoming.enable = false; # Temporarily disabled due to dependency conflict in wyoming-piper - }; - }; - - paperless = { - enable = true; - domain = "documents.jan-leila.com"; - passwordFile = config.sops.secrets."services/paperless_password".path; - }; - - panoramax = { - enable = false; - openFirewall = true; - }; - - crab-hole = { - enable = true; - port = 8085; - openFirewall = true; - show_doc = true; - downstreams = { - host = { - enable = true; - openFirewall = true; - }; - }; - upstreams.cloudFlare.enable = true; - blocklists.ad_malware.enable = true; - }; - - qbittorrent = { - enable = true; - mediaDir = "/srv/qbittorent"; - openFirewall = true; - webuiPort = 8084; - }; - - sonarr = { - enable = true; - openFirewall = true; - }; - radarr = { - enable = true; - openFirewall = true; - }; - bazarr = { - enable = true; - openFirewall = true; - }; - lidarr = { - enable = true; - openFirewall = true; - }; - jackett = { - enable = true; - openFirewall = true; - }; - flaresolverr = { - enable = true; - openFirewall = true; - }; - }; - - # disable computer sleeping - systemd.targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; - services.displayManager.gdm.autoSuspend = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It's perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? -} diff --git a/configurations/nixos/defiant/default.nix b/configurations/nixos/defiant/default.nix deleted file mode 100644 index 3013946..0000000 --- a/configurations/nixos/defiant/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -# server nas -{...}: { - imports = [ - ./hardware-configuration.nix - ./configuration.nix - ./packages.nix - ]; -} diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix deleted file mode 100644 index d4a638b..0000000 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ /dev/null @@ -1,63 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot = { - initrd = { - availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "nvme" "usb_storage" "sd_mod"]; - kernelModules = []; - }; - kernelModules = ["kvm-amd"]; - extraModulePackages = []; - - # Bootloader. - loader = { - systemd-boot.enable = true; - efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "/boot"; - }; - }; - supportedFilesystems = ["zfs"]; - - zfs.extraPools = ["rpool"]; - }; - - networking = { - hostName = "defiant"; # Define your hostname. - hostId = "c51763d6"; - useNetworkd = true; - }; - - systemd.network = { - enable = true; - - networks = { - "30-eno1" = { - matchConfig.Name = "eno1"; - networkConfig.Bond = "bond0"; - }; - "30-eno2" = { - matchConfig.Name = "eno2"; - networkConfig.Bond = "bond0"; - }; - }; - }; - - networking.networkmanager.enable = true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware = { - # TODO: hardware graphics - cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - }; -} diff --git a/configurations/nixos/defiant/packages.nix b/configurations/nixos/defiant/packages.nix deleted file mode 100644 index 45780b0..0000000 --- a/configurations/nixos/defiant/packages.nix +++ /dev/null @@ -1,9 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = with pkgs; [ - ffsubsync - sox - yt-dlp - ffmpeg - imagemagick - ]; -} diff --git a/configurations/nixos/emergent/configuration.nix b/configurations/nixos/emergent/configuration.nix deleted file mode 100644 index bf6c553..0000000 --- a/configurations/nixos/emergent/configuration.nix +++ /dev/null @@ -1,175 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ - lib, - pkgs, - ... -}: { - imports = [ - ./nvidia-drivers.nix - ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # networking.hostName = "nixos"; # Define your hostname. - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - - # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - # i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. - # }; - - # Enable the X11 windowing system. - services.xserver.enable = true; - # Enable wacom touchscreen device - services.xserver.wacom.enable = true; - - # installed opentabletdriver - # hardware.opentabletdriver.enable = true; - hardware.keyboard.qmk.enable = true; - - # Enable the GNOME Desktop Environment. - services.displayManager.gdm.enable = true; - services.desktopManager.gnome.enable = true; - - host = { - ai.enable = true; - users = { - eve = { - isDesktopUser = true; - isTerminalUser = true; - isPrincipleUser = true; - }; - }; - hardware = { - piperMouse.enable = true; - }; - - storage = { - enable = true; - pool = { - mode = ""; - drives = ["wwn-0x5000039fd0cf05eb"]; - }; - }; - }; - - virtualisation.libvirtd.enable = true; - - users.users.eve = { - extraGroups = [ "libvirtd" ]; - }; - - services.tailscale.enable = true; - # We were having weird build errors so this is disabled right now - # error: The option `devices.emergent.folders.eve_records.path' was accessed but has no value defined. Try setting the option - services.syncthing.enable = false; - - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - # services.pulseaudio.enable = true; - # OR - # services.pipewire = { - # enable = true; - # pulse.enable = true; - # }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.alice = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # packages = with pkgs; [ - # tree - # ]; - # }; - - # programs.firefox.enable = true; - - nixpkgs.config.allowUnfree = true; - - # Packages that can be installed without any extra configuration - # See https://search.nixos.org/packages for all options - environment.systemPackages = with pkgs; [ - wget - gnome-boxes - libvirt - ]; - - # Packages that need to be installed with some extra configuration - # See https://search.nixos.org/options for all options - programs = {}; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - networking = { - networkmanager.enable = true; - useDHCP = lib.mkDefault true; - hostId = "7e35eb97"; # arbitrary id number generated via this command: `head -c4 /dev/urandom | od -A none -t x4` - hostName = "emergent"; # Define your hostname. - }; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "25.05"; # Did you read the comment? -} diff --git a/configurations/nixos/emergent/default.nix b/configurations/nixos/emergent/default.nix deleted file mode 100644 index 452334a..0000000 --- a/configurations/nixos/emergent/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -# evs desktop -{...}: { - imports = [ - ./configuration.nix - ./hardware-configuration.nix - ]; -} diff --git a/configurations/nixos/emergent/hardware-configuration.nix b/configurations/nixos/emergent/hardware-configuration.nix deleted file mode 100644 index b077f9c..0000000 --- a/configurations/nixos/emergent/hardware-configuration.nix +++ /dev/null @@ -1,32 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "wacom" "kvm" "kvm_amd"]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; - - swapDevices = []; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/configurations/nixos/emergent/nvidia-drivers.nix b/configurations/nixos/emergent/nvidia-drivers.nix deleted file mode 100644 index 0fc51ac..0000000 --- a/configurations/nixos/emergent/nvidia-drivers.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - # Enable OpenGL - hardware.graphics = { - enable = true; - }; - - # Load nvidia driver for Xorg and Wayland - services = { - xserver = { - # Load nvidia driver for Xorg and Wayland - videoDrivers = ["nvidia"]; - }; - # Use X instead of wayland - displayManager.gdm.wayland = true; - }; - - hardware.nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = true; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - open = true; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.stable; - }; -} diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix deleted file mode 100644 index 0e86fe7..0000000 --- a/configurations/nixos/horizon/configuration.nix +++ /dev/null @@ -1,158 +0,0 @@ -{ - lib, - pkgs, - config, - inputs, - ... -}: { - imports = [ - inputs.nixos-hardware.nixosModules.framework-11th-gen-intel - ]; - - nixpkgs.config.allowUnfree = true; - - boot = { - initrd = { - availableKernelModules = ["usb_storage" "sd_mod"]; - }; - kernelModules = ["sg"]; - - # Bootloader. - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - }; - - host = { - users = { - leyla = { - isDesktopUser = true; - isTerminalUser = true; - isPrincipleUser = true; - }; - eve.isDesktopUser = true; - ivy.isDesktopUser = true; - }; - - hardware = { - directAccess.enable = true; - }; - - ai = { - enable = true; - models = { - "Llama 3.1 8B" = { - model = "llama3.1:8b"; - roles = ["chat" "edit" "apply"]; - apiBase = "http://defiant:11434"; - }; - "Deepseek Coder:6.7B" = { - model = "deepseek-coder:6.7b"; - roles = ["chat" "edit" "apply"]; - apiBase = "http://defiant:11434"; - }; - "Deepseek Coder:33B" = { - model = "deepseek-coder:33b"; - roles = ["chat" "edit" "apply"]; - apiBase = "http://defiant:11434"; - }; - - "Deepseek r1:8B" = { - model = "deepseek-r1:8b"; - roles = ["chat"]; - apiBase = "http://defiant:11434"; - }; - - "Deepseek r1:32B" = { - model = "deepseek-r1:32b"; - roles = ["chat"]; - apiBase = "http://defiant:11434"; - }; - - "qwen2.5-coder:1.5b-base" = { - model = "qwen2.5-coder:1.5b-base"; - roles = ["autocomplete"]; - apiBase = "http://defiant:11434"; - }; - - "nomic-embed-text:latest" = { - model = "nomic-embed-text:latest"; - roles = ["embed"]; - apiBase = "http://defiant:11434"; - }; - }; - }; - }; - - environment.systemPackages = with pkgs; [ - cachefilesd - webtoon-dl - ]; - services.cachefilesd.enable = true; - - programs = { - adb.enable = true; - }; - - networking = { - networkmanager.enable = true; - hostName = "horizon"; # Define your hostname. - }; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - hardware = { - graphics.enable = true; - }; - - sops.secrets = { - "vpn-keys/tailscale-authkey/horizon" = { - sopsFile = "${inputs.secrets}/vpn-keys.yaml"; - }; - }; - - services = { - # sudo fprintd-enroll - fprintd = { - enable = true; - }; - # firmware update tool - fwupd = { - enable = true; - }; - tailscale = { - enable = true; - authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/horizon".path; - useRoutingFeatures = "client"; - }; - - syncthing.enable = true; - - ollama = { - enable = true; - loadModels = [ - "llama3.1:8b" - ]; - }; - }; - - # Enable network-online.target for better network dependency handling - systemd.services.NetworkManager-wait-online.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It's perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? -} diff --git a/configurations/nixos/horizon/default.nix b/configurations/nixos/horizon/default.nix deleted file mode 100644 index b916d82..0000000 --- a/configurations/nixos/horizon/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -# leyla laptop -{...}: { - imports = [ - ./configuration.nix - ./hardware-configuration.nix - # ./network-mount.nix - ]; -} diff --git a/configurations/nixos/horizon/hardware-configuration.nix b/configurations/nixos/horizon/hardware-configuration.nix deleted file mode 100644 index cec4914..0000000 --- a/configurations/nixos/horizon/hardware-configuration.nix +++ /dev/null @@ -1,45 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/E138-65B5"; - fsType = "vfat"; - }; - }; - - swapDevices = [ - {device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff";} - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/configurations/nixos/horizon/network-mount.nix b/configurations/nixos/horizon/network-mount.nix deleted file mode 100644 index fde16f5..0000000 --- a/configurations/nixos/horizon/network-mount.nix +++ /dev/null @@ -1,76 +0,0 @@ -{...}: { - boot.supportedFilesystems = ["nfs"]; - - fileSystems = { - "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "noatime" - "nofail" - "soft" - "intr" # Allow interruption of NFS calls - "timeo=30" # 3 second timeout (30 deciseconds) - "retrans=2" # Only 2 retries before giving up - "x-systemd.idle-timeout=300" # 5 minute idle timeout for mobile - "x-systemd.device-timeout=15" # 15 second device timeout - "bg" # Background mount - don't block boot - "fsc" # Enable caching - "_netdev" # Network device - wait for network - "x-systemd.requires=network-online.target" # Require network to be online - "x-systemd.after=network-online.target" # Start after network is online - "x-systemd.mount-timeout=30" # 30 second mount timeout - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "nofail" - "soft" - "intr" - "timeo=30" - "retrans=2" - "x-systemd.idle-timeout=300" - "x-systemd.device-timeout=15" - "bg" - "fsc" - "_netdev" - "x-systemd.requires=network-online.target" - "x-systemd.after=network-online.target" - "x-systemd.mount-timeout=30" - ]; - }; - - "/mnt/media" = { - device = "defiant:/exports/media"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "noatime" - "nofail" - "soft" - "intr" - "timeo=30" - "retrans=2" - "x-systemd.idle-timeout=300" - "x-systemd.device-timeout=15" - "bg" - # Mobile-optimized read settings - "rsize=8192" # Smaller read size for mobile - "wsize=8192" # Smaller write size for mobile - "fsc" - "_netdev" - "x-systemd.requires=network-online.target" - "x-systemd.after=network-online.target" - "x-systemd.mount-timeout=30" - ]; - }; - }; -} diff --git a/configurations/nixos/twilight/configuration.nix b/configurations/nixos/twilight/configuration.nix deleted file mode 100644 index 477c517..0000000 --- a/configurations/nixos/twilight/configuration.nix +++ /dev/null @@ -1,160 +0,0 @@ -{ - inputs, - config, - pkgs, - ... -}: { - imports = [ - ./monitors.nix - ]; - - nixpkgs.config.allowUnfree = true; - - boot.initrd.availableKernelModules = ["usb_storage"]; - boot.kernelModules = ["sg"]; - - boot.loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - sops.secrets = { - "vpn-keys/tailscale-authkey/twilight" = { - sopsFile = "${inputs.secrets}/vpn-keys.yaml"; - }; - }; - host = { - users = { - leyla = { - isDesktopUser = true; - isTerminalUser = true; - isPrincipleUser = true; - }; - eve.isDesktopUser = true; - }; - hardware = { - piperMouse.enable = true; - viaKeyboard.enable = true; - openRGB.enable = true; - graphicsAcceleration.enable = true; - directAccess.enable = true; - }; - ai = { - enable = true; - # TODO: benchmark twilight against defiant and prune this list of models that are faster on defiant - models = { - # conversation models - "Llama 3.1 8B" = { - model = "lamma3.1:8b"; - roles = ["chat" "edit" "apply"]; - }; - "deepseek-r1:8b" = { - model = "deepseek-r1:8b"; - roles = ["chat" "edit" "apply"]; - }; - "deepseek-r1:32b" = { - model = "deepseek-r1:32b"; - roles = ["chat" "edit" "apply"]; - }; - - # auto complete models - "qwen2.5-coder:1.5b-base" = { - model = "qwen2.5-coder:1.5b-base"; - roles = ["autocomplete"]; - }; - "qwen2.5-coder:7b" = { - model = "qwen2.5-coder:7b"; - roles = ["autocomplete"]; - }; - "deepseek-coder:6.7b" = { - model = "deepseek-coder:6.7b"; - roles = ["autocomplete"]; - }; - "deepseek-coder:33b" = { - model = "deepseek-coder:33b"; - roles = ["autocomplete"]; - }; - - # agent models - "qwen3:32b" = { - model = "qwen3:32b"; - roles = ["chat" "edit" "apply"]; - }; - - # embedding models - "nomic-embed-text:latest" = { - model = "nomic-embed-text:latest"; - roles = ["embed"]; - }; - }; - }; - }; - services = { - ollama = { - enable = true; - exposePort = true; - - loadModels = [ - # conversation models - "llama3.1:8b" - "deepseek-r1:8b" - "deepseek-r1:32b" - - # auto complete models - "qwen2.5-coder:1.5b-base" - "qwen2.5-coder:7b" - "deepseek-coder:6.7b" - "deepseek-coder:33b" - - # agent models - "qwen3:32b" - - # embedding models - "nomic-embed-text:latest" - ]; - }; - - tailscale = { - enable = true; - authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/twilight".path; - useRoutingFeatures = "both"; - extraUpFlags = [ - "--advertise-exit-node" - "--advertise-routes=192.168.0.0/24" - ]; - extraSetFlags = [ - "--advertise-exit-node" - "--advertise-routes=192.168.0.0/24" - ]; - }; - - syncthing.enable = true; - }; - - # Enable network-online.target for better network dependency handling - systemd.services.NetworkManager-wait-online.enable = true; - - environment.systemPackages = with pkgs; [ - cachefilesd - ]; - hardware.steam-hardware.enable = true; # Provides udev rules for controller, HTC vive, and Valve Index - - networking = { - networkmanager.enable = true; - hostName = "twilight"; # Define your hostname. - }; - - # enabled virtualisation for docker - # virtualisation.docker.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It's perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? -} diff --git a/configurations/nixos/twilight/default.nix b/configurations/nixos/twilight/default.nix deleted file mode 100644 index aa841f8..0000000 --- a/configurations/nixos/twilight/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -# leyla desktop -{...}: { - imports = [ - ./configuration.nix - ./hardware-configuration.nix - ./nvidia-drivers.nix - # ./network-mount.nix - ]; -} diff --git a/configurations/nixos/twilight/hardware-configuration.nix b/configurations/nixos/twilight/hardware-configuration.nix deleted file mode 100644 index 94c83d6..0000000 --- a/configurations/nixos/twilight/hardware-configuration.nix +++ /dev/null @@ -1,42 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-amd"]; - boot.extraModulePackages = []; - - fileSystems = { - "/" = { - device = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA100_77D21HVNS-part2"; - fsType = "ext4"; - }; - - "/boot" = { - device = "/dev/disk/by-id/ata-TOSHIBA_DT01ACA100_77D21HVNS-part1"; - fsType = "vfat"; - options = ["fmask=0022" "dmask=0022"]; - }; - }; - - swapDevices = []; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/configurations/nixos/twilight/monitors.nix b/configurations/nixos/twilight/monitors.nix deleted file mode 100644 index 1308f50..0000000 --- a/configurations/nixos/twilight/monitors.nix +++ /dev/null @@ -1,199 +0,0 @@ -{pkgs, ...}: { - systemd.tmpfiles.rules = [ - "L+ /run/gdm/.config/monitors.xml - - - - ${pkgs.writeText "gdm-monitors.xml" '' - - - - 0 - 156 - 1 - - - DP-4 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - 2560 - 324 - 1 - yes - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - 4480 - 0 - 1 - - left - no - - - - HDMI-0 - HWP - HP w2207 - CND7332S88 - - - 1600 - 1000 - 59.999 - - - - - - - 0 - 0 - 1 - yes - - - DP-1 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - 4480 - 226 - 1 - - left - no - - - - HDMI-1 - HWP - HP w2207 - CND7332S88 - - - 1680 - 1050 - 59.954 - - - - - 2560 - 226 - 1 - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - - - 2560 - 228 - 1 - yes - - - DP-2 - GSM - LG ULTRAGEAR - 0x00068c96 - - - 1920 - 1080 - 240.001 - - - - - 4480 - 69 - 1 - - left - no - - - - HDMI-1 - HWP - HP w2207 - CND7332S88 - - - 1680 - 1050 - 59.954 - - - - - 0 - 0 - 1 - - - DP-3 - DEL - DELL U2719D - 8RGXNS2 - - - 2560 - 1440 - 59.951 - - - - - - None-1 - unknown - unknown - unknown - - - - - ''}" - ]; -} diff --git a/configurations/nixos/twilight/network-mount.nix b/configurations/nixos/twilight/network-mount.nix deleted file mode 100644 index 9f84b04..0000000 --- a/configurations/nixos/twilight/network-mount.nix +++ /dev/null @@ -1,72 +0,0 @@ -{...}: { - boot.supportedFilesystems = ["nfs"]; - - fileSystems = { - "/mnt/leyla_documents" = { - device = "defiant:/exports/leyla_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "noatime" - "nofail" - "soft" - "intr" # Allow interruption of NFS calls - "timeo=50" # 5 second timeout (50 deciseconds) - longer than mobile - "retrans=3" # 3 retries for desktop - "x-systemd.idle-timeout=600" # 10 minute idle timeout for desktop - "x-systemd.device-timeout=30" # 30 second device timeout - "bg" # Background mount - don't block boot - "fsc" # Enable caching - "_netdev" # Network device - wait for network - "x-systemd.requires=network-online.target" # Require network to be online - "x-systemd.after=network-online.target" # Start after network is online - ]; - }; - - "/mnt/users_documents" = { - device = "defiant:/exports/users_documents"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "nofail" - "soft" - "intr" - "timeo=50" - "retrans=3" - "x-systemd.idle-timeout=600" - "bg" - "fsc" - "_netdev" - "x-systemd.requires=network-online.target" - "x-systemd.after=network-online.target" - ]; - }; - - "/mnt/media" = { - device = "defiant:/exports/media"; - fsType = "nfs"; - options = [ - "x-systemd.automount" - "noauto" - "noatime" - "nofail" - "soft" - "intr" - "timeo=50" - "retrans=3" - "x-systemd.idle-timeout=600" - "x-systemd.device-timeout=30" - "bg" - # Desktop-optimized read settings - "rsize=32768" # Larger read size for desktop - "wsize=32768" # Larger write size for desktop - "fsc" - "_netdev" - "x-systemd.requires=network-online.target" - "x-systemd.after=network-online.target" - ]; - }; - }; -} diff --git a/configurations/nixos/twilight/nvidia-drivers.nix b/configurations/nixos/twilight/nvidia-drivers.nix deleted file mode 100644 index d875e37..0000000 --- a/configurations/nixos/twilight/nvidia-drivers.nix +++ /dev/null @@ -1,47 +0,0 @@ -{config, ...}: { - services = { - xserver = { - # Load nvidia driver for Xorg and Wayland - videoDrivers = ["nvidia"]; - }; - # Use X instead of wayland for gaming reasons - displayManager.gdm.wayland = false; - }; - - hardware = { - # Enable OpenGL - graphics.enable = true; - - # install graphics drivers - nvidia = { - # Modesetting is required. - modesetting.enable = true; - - # Nvidia power management. Experimental, and can cause sleep/suspend to fail. - # Enable this if you have graphical corruption issues or application crashes after waking - # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead - # of just the bare essentials. - powerManagement.enable = true; - - # Fine-grained power management. Turns off GPU when not in use. - # Experimental and only works on modern Nvidia GPUs (Turing or newer). - powerManagement.finegrained = false; - - # Use the NVidia open source kernel module (not to be confused with the - # independent third-party "nouveau" open source driver). - # Support is limited to the Turing and later architectures. Full list of - # supported GPUs is at: - # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus - # Only available from driver 515.43.04+ - # Currently alpha-quality/buggy, so false is currently the recommended setting. - open = true; - - # Enable the Nvidia settings menu, - # accessible via `nvidia-settings`. - nvidiaSettings = true; - - # Optionally, you may need to select the appropriate driver version for your specific GPU. - package = config.boot.kernelPackages.nvidiaPackages.production; - }; - }; -} diff --git a/configurations/syncthing/default.nix b/configurations/syncthing/default.nix deleted file mode 100644 index 397f678..0000000 --- a/configurations/syncthing/default.nix +++ /dev/null @@ -1,119 +0,0 @@ -{config, ...}: { - folders = { - leyla_documents = { - id = "hvrj0-9bm1p"; - }; - leyla_calendar = { - id = "8oatl-1rv6w"; - }; - leyla_supernote_notes = { - id = "dwbuv-zffnf"; - }; - eve_records = { - id = "by6at-d4h9n"; - }; - share = { - id = "73ot0-cxmkx"; - }; - }; - devices = { - defiant = { - id = "3R6E6Y4-2F7MF2I-IGB4WE6-A3SQSMV-LIBYSAM-2OXHHU2-KJ6CGIV-QNMCPAR"; - folders = { - leyla_documents = { - folder = config.folders.leyla_documents; - path = "/mnt/sync/leyla/documents"; - }; - leyla_calendar = { - folder = config.folders.leyla_calendar; - path = "/mnt/sync/leyla/calendar"; - }; - leyla_supernote_notes = { - folder = config.folders.leyla_supernote_notes; - path = "/mnt/sync/leyla/notes"; - }; - eve_records = { - folder = config.folders.eve_records; - path = "/mnt/sync/eve/records"; - }; - share = { - folder = config.folders.share; - path = "/mnt/sync/default/share"; - }; - }; - }; - twilight = { - id = "UDIYL7V-OAZ2BI3-EJRAWFB-GZYVDWR-JNUYW3F-FFQ35MU-XBTGWEF-QD6K6QN"; - folders = { - leyla_documents = { - folder = config.folders.leyla_documents; - path = "/mnt/sync/leyla/documents"; - }; - share = { - folder = config.folders.share; - path = "/mnt/sync/default/share"; - }; - }; - }; - horizon = { - id = "OGPAEU6-5UR56VL-SP7YC4Y-IMVCRTO-XFD4CYN-Z6T5TZO-PFZNAT6-4MKWPQS"; - folders = { - leyla_documents = { - folder = config.folders.leyla_documents; - path = "/mnt/sync/leyla/documents"; - }; - share = { - folder = config.folders.share; - path = "/mnt/sync/default/share"; - }; - }; - }; - coven = { - id = "QGU7NN6-OMXTWVA-YCZ73S5-2O7ECTS-MUCTN4M-YH6WLEL-U4U577I-7PBNCA5"; - folders = { - leyla_documents = { - folder = config.folders.leyla_documents; - }; - share = { - folder = config.folders.share; - }; - }; - }; - ceder = { - id = "MGXUJBS-7AENXHB-7YQRNWG-QILKEJD-5462U2E-WAQW4R4-I2TVK5H-SMK6LAA"; - folders = { - share = { - folder = config.folders.share; - }; - leyla_documents = { - folder = config.folders.leyla_documents; - }; - leyla_calendar = { - folder = config.folders.leyla_calendar; - }; - leyla_notes = { - folder = config.folders.leyla_supernote_notes; - }; - }; - }; - emergent = { - id = "6MIDMKJ-7IFHXVX-FIR3YTB-KVE75LN-PA6IOTN-I257LWR-MMC4K6C-5H4SHQN"; - folders = { - eve_records = { - folder = config.folders.eve_records; - }; - share = { - folder = config.folders.share; - }; - }; - }; - shale = { - id = "AOAXEVD-QJ2IVRA-6G44Q7Q-TGUPXU2-FWWKOBH-DPKWC5N-LBAEHWJ-7EQF4AM"; - folders = { - share = { - folder = config.folders.share; - }; - }; - }; - }; -} diff --git a/const/sops_age_key_directory.nix b/const/sops_age_key_directory.nix deleted file mode 100644 index cf948df..0000000 --- a/const/sops_age_key_directory.nix +++ /dev/null @@ -1 +0,0 @@ -"/var/lib/sops-nix" diff --git a/enviroments/client/default.nix b/enviroments/client/default.nix new file mode 100644 index 0000000..555305f --- /dev/null +++ b/enviroments/client/default.nix @@ -0,0 +1,60 @@ +{ pkgs, ... }: +{ + imports = [ + ../common + ]; + + services = { + + # Enable CUPS to print documents. + printing.enable = true; + + xserver = { + # Enable the X11 windowing system. + enable = true; + + # Enable the GNOME Desktop Environment. + displayManager.gdm.enable = true; + desktopManager = { + gnome.enable = true; + xterm.enable = false; + }; + + # Get rid of xTerm + excludePackages = [ pkgs.xterm ]; + + # Configure keymap in X11 + xkb = { + layout = "us,it,de"; + variant = ""; + }; + }; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + }; + + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + + environment.systemPackages = with pkgs; [ + # helvetica font + aileron + + cachefilesd + + gnomeExtensions.dash-to-dock + ]; +} \ No newline at end of file diff --git a/enviroments/common/default.nix b/enviroments/common/default.nix new file mode 100644 index 0000000..99f3e5a --- /dev/null +++ b/enviroments/common/default.nix @@ -0,0 +1,71 @@ +{ pkgs, ... }: +{ + imports = [ + ../../users + ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.trusted-users = [ "leyla" ]; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + users.groups.users = {}; + + services = { + openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = [ "leyla" ]; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + }; + }; + }; + + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + gnupg.sshKeyPaths = []; + + age ={ + keyFile = "/var/lib/sops-nix/key.txt"; + sshKeyPaths = []; + # generateKey = true; + }; + }; + environment.sessionVariables = { + AGE_KEY_FILE_LOCATION = "/var/lib/sops-nix/"; + }; + + # List packages installed in system profile. + environment.systemPackages = with pkgs; [ + wget + + # version control + git + + # system debuging tools + iputils + dnsutils + ]; +} \ No newline at end of file diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix new file mode 100644 index 0000000..d3e9d63 --- /dev/null +++ b/enviroments/server/default.nix @@ -0,0 +1,63 @@ +{ config, ... }: +{ + imports = [ + ../common + ]; + + services = let + headscaleDomain = "headscale.jan-leila.com"; + in { + nfs.server = { + enable = true; + exports = '' + /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + ''; + }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "https://${headscaleDomain}"; + dns_config.base_domain = "jan-leila.com"; + logtail.enabled = false; + }; + }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${headscaleDomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = + "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; + + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + + networking.firewall.allowedTCPPorts = [ 2049 ]; + + environment.systemPackages = [ config.services.headscale.package ]; +} \ No newline at end of file diff --git a/flake.lock b/flake.lock index a3c552f..3f277b2 100644 --- a/flake.lock +++ b/flake.lock @@ -1,23 +1,5 @@ { "nodes": { - "devshell": { - "inputs": { - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1741473158, - "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", - "owner": "numtide", - "repo": "devshell", - "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -25,11 +7,11 @@ ] }, "locked": { - "lastModified": 1763651264, - "narHash": "sha256-8vvwZbw0s7YvBMJeyPVpWke6lg6ROgtts5N2/SMCcv4=", + "lastModified": 1725377834, + "narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=", "owner": "nix-community", "repo": "disko", - "rev": "e86a89079587497174ccab6d0d142a65811a4fd9", + "rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe", "type": "github" }, "original": { @@ -38,35 +20,14 @@ "type": "github" } }, - "firefox-addons": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "dir": "pkgs/firefox-addons", - "lastModified": 1763697825, - "narHash": "sha256-AgCCcVPOi1tuzuW5/StlwqBjRWSX62oL97qWuxrq5UA=", - "owner": "rycee", - "repo": "nur-expressions", - "rev": "cefce78793603231be226fa77e7ad58e0e4899b8", - "type": "gitlab" - }, - "original": { - "dir": "pkgs/firefox-addons", - "owner": "rycee", - "repo": "nur-expressions", - "type": "gitlab" - } - }, "flake-compat": { + "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -80,11 +41,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -93,39 +54,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -133,11 +61,11 @@ ] }, "locked": { - "lastModified": 1763748372, - "narHash": "sha256-AUc78Qv3sWir0hvbmfXoZ7Jzq9VVL97l+sP9Jgms+JU=", + "lastModified": 1725948275, + "narHash": "sha256-4QOPemDQ9VRLQaAdWuvdDBhh+lEUOAnSMHhdr4nS1mk=", "owner": "nix-community", "repo": "home-manager", - "rev": "d10a9b16b2a3ee28433f3d1c603f4e9f1fecb8e1", + "rev": "e5fa72bad0c6f533e8d558182529ee2acc9454fe", "type": "github" }, "original": { @@ -146,133 +74,20 @@ "type": "github" } }, - "impermanence": { - "locked": { - "lastModified": 1737831083, - "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", - "owner": "nix-community", - "repo": "impermanence", - "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "impermanence", - "type": "github" - } - }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1761937274, - "narHash": "sha256-KlELhsSq3XbemrGyQhmGurFu7m8wOEBw+8M04L7hn7A=", - "rev": "91867941fa73afea7869b7c71ede82e5ef8927da", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/91867941fa73afea7869b7c71ede82e5ef8927da.tar.gz?rev=91867941fa73afea7869b7c71ede82e5ef8927da" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/main.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils", - "flakey-profile": "flakey-profile", - "lix": "lix", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1763435414, - "narHash": "sha256-i2467FddWfd19q5Qoj+1/BAeg6LZmM5m4mYGRSQn/as=", - "ref": "refs/heads/main", - "rev": "192c92b603731fbc1bade6c1b18c8d8a0086f703", - "revCount": 169, - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module.git" - }, - "original": { - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module.git" - } - }, - "mcp-nixos": { - "inputs": { - "devshell": "devshell", - "flake-utils": "flake-utils_2", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760821194, - "narHash": "sha256-UCsJ8eDuHL14u2GFIYEY/drtZ6jht5zN/G/6QNlEy2g=", - "owner": "utensils", - "repo": "mcp-nixos", - "rev": "0ae453f38d0f088c31d4678da3a12b183165986f", - "type": "github" - }, - "original": { - "owner": "utensils", - "repo": "mcp-nixos", - "type": "github" - } - }, - "nix-darwin": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1763505477, - "narHash": "sha256-nJRd4LY2kT3OELfHqdgWjvToNZ4w+zKCMzS2R6z4sXE=", - "owner": "LnL7", - "repo": "nix-darwin", - "rev": "3bda9f6b14161becbd07b3c56411f1670e19b9b5", - "type": "github" - }, - "original": { - "owner": "LnL7", - "repo": "nix-darwin", - "type": "github" - } - }, - "nix-syncthing": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741849924, - "narHash": "sha256-5vyb1H6HtW24QVqfI56P4QVQP6vHh1jS9ULwnunCO94=", - "ref": "main", - "rev": "86bcb200c83b6a5d13b3583126b9d8dc6770613a", - "revCount": 6, - "type": "git", - "url": "https://git.jan-leila.com/jan-leila/nix-syncthing" - }, - "original": { - "ref": "main", - "type": "git", - "url": "https://git.jan-leila.com/jan-leila/nix-syncthing" - } - }, "nix-vscode-extensions": { "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1763690163, - "narHash": "sha256-MMl9P8f17unCvlk2IAinnMq/P72f51UUHVRIYnojT7w=", + "lastModified": 1726623336, + "narHash": "sha256-mslZtr0SPdHDLUM5VRV0ipQQ4G0Piv2Kk15490w4JXM=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "590349d9faeb398a037205c2927ffbaede980539", + "rev": "b23683fef09032c85bb8b20f8ec72fb2f70075ff", "type": "github" }, "original": { @@ -283,11 +98,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1762847253, - "narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=", + "lastModified": 1725885300, + "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9", + "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", "type": "github" }, "original": { @@ -299,27 +114,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722073938, - "narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "e36e9f57337d0ff0cf77aceb58af4c805472bfae", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1763421233, - "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=", + "lastModified": 1725634671, + "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648", + "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", "type": "github" }, "original": { @@ -329,13 +128,29 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs-stable": { "locked": { - "lastModified": 1759070547, - "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "lastModified": 1725762081, + "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1725534445, + "narHash": "sha256-Yd0FK9SkWy+ZPuNqUgmVPXokxDgMJoGuNpMEtkfcf84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9bb1e7571aadf31ddb4af77fc64b2d59580f9a39", "type": "github" }, "original": { @@ -345,95 +160,27 @@ "type": "github" } }, - "noita-entangled-worlds": { - "inputs": { - "nixpkgs": "nixpkgs_3", - "rust-overlay": "rust-overlay", - "systems": "systems_3" - }, - "locked": { - "lastModified": 1764204484, - "narHash": "sha256-S45ghD/YjcKDy8Mz3DYklLMaA/z6f6mTbx0i7pAktYk=", - "owner": "IntQuant", - "repo": "noita_entangled_worlds", - "rev": "ab2c2162157140ab519fa19f6737c044e1ed0e3b", - "type": "github" - }, - "original": { - "owner": "IntQuant", - "ref": "master", - "repo": "noita_entangled_worlds", - "type": "github" - } - }, "root": { "inputs": { "disko": "disko", - "firefox-addons": "firefox-addons", - "flake-compat": "flake-compat", "home-manager": "home-manager", - "impermanence": "impermanence", - "lix-module": "lix-module", - "mcp-nixos": "mcp-nixos", - "nix-darwin": "nix-darwin", - "nix-syncthing": "nix-syncthing", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", - "noita-entangled-worlds": "noita-entangled-worlds", - "secrets": "secrets", + "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" } }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "noita-entangled-worlds", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1759199574, - "narHash": "sha256-w24RYly3VSVKp98rVfCI1nFYfQ0VoWmShtKPCbXgK6A=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "381776b12d0d125edd7c1930c2041a1471e586c0", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "secrets": { - "flake": false, - "locked": { - "lastModified": 1759945215, - "narHash": "sha256-xmUzOuhJl6FtTjR5++OQvSoAnXe7/VA5QFCZDyFwBXo=", - "ref": "refs/heads/main", - "rev": "444229a105445339fb028d15a8d866063c5f8141", - "revCount": 21, - "type": "git", - "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" - }, - "original": { - "type": "git", - "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" - } - }, "sops-nix": { "inputs": { - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs_2", + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1763607916, - "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=", + "lastModified": 1725922448, + "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=", "owner": "Mic92", "repo": "sops-nix", - "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b", + "rev": "cede1a08039178ac12957733e97ab1006c6b6892", "type": "github" }, "original": { @@ -456,37 +203,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_3": { - "flake": false, - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index e935688..033e2c2 100644 --- a/flake.nix +++ b/flake.nix @@ -5,175 +5,71 @@ # base packages nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - lix-module = { - url = "git+https://git.lix.systems/lix-project/nixos-module.git"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + # encrypt files that contain secreats that I would like to not encrypt + sops-nix.url = "github:Mic92/sops-nix"; - # secret encryption - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - # self hosted repo of secrets file to further protect files in case of future encryption vulnerabilities - secrets = { - url = "git+ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git"; - flake = false; - }; - - # common config for syncthing - nix-syncthing = { - url = "git+https://git.jan-leila.com/jan-leila/nix-syncthing?ref=main"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - # disk configurations + # declairtive disk configuration disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; - # delete your darlings - impermanence = { - url = "github:nix-community/impermanence"; - }; - - nix-darwin = { - url = "github:LnL7/nix-darwin"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - # users home directories + # managment per user home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - # firefox extensions - firefox-addons = { - url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + # repo of hardware configs for prebuilt systems + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - # vscode extensions + # vscode extensions nix-vscode-extensions = { url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; }; - - # pregenerated hardware configurations - nixos-hardware = { - url = "github:NixOS/nixos-hardware/master"; - }; - - # this is just here so that we have a lock on it for our dev shells - flake-compat = { - url = "github:edolstra/flake-compat"; - }; - - # MCP NixOS server for Claude Dev - mcp-nixos = { - url = "github:utensils/mcp-nixos"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - # Noita Entangled Worlds package - # Not following our nixpkgs so it can use its own rust-overlay configuration - noita-entangled-worlds = { - url = "github:IntQuant/noita_entangled_worlds/master"; - }; }; - outputs = { - self, - nixpkgs, - sops-nix, - nix-syncthing, - home-manager, - impermanence, - ... - } @ inputs: let - util = import ./util {inherit inputs;}; - forEachPkgs = util.forEachPkgs; + outputs = { self, nixpkgs, disko, nixos-hardware, ... }@inputs: + let + forEachSystem = nixpkgs.lib.genAttrs [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-darwin" + "x86_64-linux" + ]; + forEachPkgs = lambda: forEachSystem (system: lambda nixpkgs.legacyPackages.${system}); + in + { + packages = forEachPkgs (pkgs: import ./pkgs { inherit pkgs; }); - mkNixosSystem = util.mkNixosSystem; - mkDarwinSystem = util.mkDarwinSystem; - mkHome = util.mkHome; - - nixosSystems = { - horizon = mkNixosSystem "horizon"; - twilight = mkNixosSystem "twilight"; - defiant = mkNixosSystem "defiant"; - emergent = mkNixosSystem "emergent"; - }; - - darwinSystems = { - hesperium = mkDarwinSystem "hesperium"; - }; - - homeSystems = { - # stand alone home manager configurations here: - # name = mkHome "name" - }; - - systemsHomes = nixpkgs.lib.attrsets.mergeAttrsList ( - nixpkgs.lib.attrsets.mapAttrsToList (hostname: system: ( - nixpkgs.lib.attrsets.mapAttrs' (user: _: { - name = "${user}@${hostname}"; - value = mkHome { - user = user; - host = hostname; - system = system.pkgs.hostPlatform.system; - osConfig = system.config; - }; - }) - system.config.home-manager.users - )) - (nixosSystems // darwinSystems) - ); - - homeConfigurations = - systemsHomes - // homeSystems; - in { - formatter = forEachPkgs (system: pkgs: pkgs.alejandra); - - # templates = import ./templates; - - devShells = forEachPkgs (system: pkgs: { - default = pkgs.mkShell { - packages = with pkgs; [ - # for version controlling this repo - git - # for formatting code in this repo - alejandra - # for editing secrets in the secrets repo - sops - # for viewing configuration options defined in this repo - nix-inspect - # for installing flakes from this repo onto other systems - nixos-anywhere - # for updating disko configurations - disko - # for viewing dconf entries - dconf-editor - # for MCP NixOS server support in development - inputs.mcp-nixos.packages.${system}.default - ]; - - SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; - - shellHook = '' - git config core.hooksPath .hooks - ''; + nixosConfigurations = { + # Leyla Laptop + horizon = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + ./hosts/horizon/configuration.nix + inputs.home-manager.nixosModules.default + nixos-hardware.nixosModules.framework-11th-gen-intel + ]; + }; + # Leyla Desktop + twilight = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + ./hosts/twilight/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; + # NAS Service + defiant = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + disko.nixosModules.disko + ./hosts/defiant/disko-config.nix + ./hosts/defiant/configuration.nix + ]; + }; }; - }); - - nixosConfigurations = nixosSystems; - - darwinConfigurations = darwinSystems; - - homeConfigurations = homeConfigurations; - }; + }; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix new file mode 100644 index 0000000..d2b1348 --- /dev/null +++ b/hosts/defiant/configuration.nix @@ -0,0 +1,57 @@ +# server nas +{ config, pkgs, inputs, ... }: +{ + imports = + [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + + ./hardware-configuration.nix + + ../../enviroments/server + ]; + + users.leyla.isThinUser = true; + + boot.loader.grub = { + enable = true; + zfsSupport = true; + efiSupport = true; + efiInstallAsRemovable = true; + }; + + nixpkgs.config.allowUnfree = true; + + services = { + zfs = { + autoScrub.enable = true; + autoSnapshot.enable = true; + }; + + # temp enable desktop enviroment for setup + # Enable the X11 windowing system. + xserver = { + enable = true; + + # Enable the GNOME Desktop Environment. + displayManager = { + gdm.enable = true; + }; + desktopManager = { + gnome.enable = true; + xterm.enable = false; + }; + + # Get rid of xTerm + excludePackages = [ pkgs.xterm ]; + }; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} \ No newline at end of file diff --git a/hosts/defiant/disko-config.nix b/hosts/defiant/disko-config.nix new file mode 100644 index 0000000..653f29f --- /dev/null +++ b/hosts/defiant/disko-config.nix @@ -0,0 +1,136 @@ +{ lib, ... }: +let + bootDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + }; + }; + }; + zfsDisk = devicePath: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; + cacheDisk = devicePath: swapSize: { + type = "disk"; + device = devicePath; + content = { + type = "gpt"; + partitions = { + encryptedSwap = { + size = swapSize; + content = { + type = "swap"; + randomEncryption = true; + discardPolicy = "both"; + resumeDevice = true; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "zroot"; + }; + }; + }; + }; + }; +in { + disko.devices = { + disk = { + boot = bootDisk "/dev/disk/by-path/pci-0000:23:00.3-usb-0:1:1.0-scsi-0:0:0:0"; + + hd_13_tb_a = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXVEB"; + hd_13_tb_b = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTCXWSC"; + hd_13_tb_c = zfsDisk "/dev/disk/by-id/ata-ST18000NE000-3G6101_ZVTD10EH"; + + # ssd_2_tb_a = cacheDisk "64G" "/dev/disk/by-id/XXX"; + }; + zpool = { + zroot = { + type = "zpool"; + mode = { + topology = { + type = "topology"; + vdev = [ + { + # should this only mirror for this inital config with 3 drives we will used raidz2 for future configs??? + mode = "mirror"; + members = [ + "hd_13_tb_a" "hd_13_tb_b" "hd_13_tb_c" + ]; + } + ]; + cache = [ ]; + # cache = [ "ssd_2_tb_a" ]; + }; + }; + + options = { + ashift = "12"; + }; + + rootFsOptions = { + encryption = "on"; + keyformat = "hex"; + keylocation = "prompt"; + compression = "lz4"; + xattr = "sa"; + acltype = "posixacl"; + "com.sun:auto-snapshot" = "false"; + }; + + mountpoint = "/"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; + + datasets = { + "nix" = { + type = "zfs_fs"; + mountpoint = "/nix"; + }; + "home" = { + type = "zfs_fs"; + mountpoint = "/mnt/home"; + options = { + "com.sun:auto-snapshot" = "true"; + }; + }; + "var" = { + type = "zfs_fs"; + mountpoint = "/var"; + }; + }; + }; + }; + }; +} + diff --git a/hosts/defiant/hardware-configuration.nix b/hosts/defiant/hardware-configuration.nix new file mode 100644 index 0000000..3ba63d0 --- /dev/null +++ b/hosts/defiant/hardware-configuration.nix @@ -0,0 +1,45 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + + supportedFilesystems = [ "zfs" ]; + + zfs.extraPools = [ "zroot" ]; + }; + + # fileSystems."/" = + # { device = "/dev/disk/by-uuid/dc6a9664-80f2-4988-afd7-fee5bd3ee2ca"; + # fsType = "ext4"; + # }; + + swapDevices = [ ]; + + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + hostId = "c51763d6"; + hostName = "defiant"; # Define your hostname. + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} \ No newline at end of file diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix new file mode 100644 index 0000000..f1c3bee --- /dev/null +++ b/hosts/horizon/configuration.nix @@ -0,0 +1,49 @@ +# leyla laptop +{ config, pkgs, inputs, ... }: +{ + imports = + [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + + ./hardware-configuration.nix + + ../../enviroments/client + ]; + + users = { + leyla.isFullUser = true; + ester.isFullUser = true; + eve.isFullUser = true; + }; + + # enabled virtualisation for docker + virtualisation.docker = { + enable = true; + rootless = { + enable = true; + setSocketVariable = true; + }; + }; + users.extraGroups.docker.members = [ "leyla" ]; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/hosts/horizon/hardware-configuration.nix b/hosts/horizon/hardware-configuration.nix new file mode 100644 index 0000000..59a900d --- /dev/null +++ b/hosts/horizon/hardware-configuration.nix @@ -0,0 +1,104 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" "sg" ]; + extraModulePackages = [ ]; + + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + + hardware.graphics.enable = true; + + fileSystems = { + "/" = + { device = "/dev/disk/by-uuid/866d422b-f816-4ad9-9846-791839cb9337"; + fsType = "ext4"; + }; + + "/boot" = + { device = "/dev/disk/by-uuid/E138-65B5"; + fsType = "vfat"; + }; + + "/mnt/leyla_home" = + { + device = "defiant:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/eve_home" = + { + device = "defiant:/home/eve"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/ester_home" = + { + device = "defiant:/home/ester"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/users_home" = + { + device = "defiant:/home/users"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + # "/mnt/legacy_leyla_home" = + # { + # device = "server.arpa:/home/leyla"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + # }; + + # "/mnt/legacy_share_home" = + # { + # device = "server.arpa:/home/share"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + # }; + + # "/mnt/legacy_docker_home" = + # { + # device = "server.arpa:/home/docker"; + # fsType = "nfs"; + # options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + # }; + }; + + services.cachefilesd.enable = true; + + swapDevices = + [ { device = "/dev/disk/by-uuid/be98e952-a072-4c3a-8c12-69500b5a2fff"; } + ]; + + networking = { + useDHCP = lib.mkDefault true; + hostName = "horizon"; # Define your hostname. + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/twilight/configuration.nix b/hosts/twilight/configuration.nix new file mode 100644 index 0000000..1352c8b --- /dev/null +++ b/hosts/twilight/configuration.nix @@ -0,0 +1,42 @@ +# leyla laptop +{ config, pkgs, inputs, ... }: +{ + imports = + [ + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + + ./hardware-configuration.nix + + ../../enviroments/client + ]; + + users = { + leyla = { + isFullUser = true; + hasPiperMouse = true; + hasOpenRGBHardware = true; + hasViaKeyboard = true; + hasGPU = true; + }; + ester.isFullUser = true; + eve.isFullUser = true; + }; + + # enabled virtualisation for docker + # virtualisation.docker.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/hosts/twilight/hardware-configuration.nix b/hosts/twilight/hardware-configuration.nix new file mode 100644 index 0000000..ab24b97 --- /dev/null +++ b/hosts/twilight/hardware-configuration.nix @@ -0,0 +1,119 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-amd" "sg" ]; + extraModulePackages = [ ]; + + # Bootloader. + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; + + services.xserver = { + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia"]; + + # Use X instead of wayland for gaming reasons + displayManager.gdm.wayland = false; + }; + + hardware = { + # Enable OpenGL + graphics.enable = true; + + # install graphics drivers + nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + }; + + fileSystems = { + "/" = + { device = "/dev/disk/by-uuid/8be49c65-2b57-48f1-b74d-244d26061adb"; + fsType = "ext4"; + }; + + "/boot" = + { device = "/dev/disk/by-uuid/3006-3867"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + "/mnt/leyla_home" = + { + device = "server.arpa:/home/leyla"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/share_home" = + { + device = "server.arpa:/home/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc" ]; + }; + + "/mnt/docker_home" = + { + device = "server.arpa:/home/docker"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + }; + + swapDevices = [ ]; + + networking = { + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + useDHCP = lib.mkDefault true; + hostName = "twilight"; # Define your hostname. + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} + diff --git a/install.sh b/install.sh index c77d748..0718998 100755 --- a/install.sh +++ b/install.sh @@ -39,7 +39,6 @@ if [ -z ${flake} ]; then exit 1; fi -# TODO: we might not need to copy the key over here anymore? temp=$(mktemp -d) # Function to cleanup temporary directory on exit cleanup() { @@ -48,8 +47,8 @@ cleanup() { trap cleanup EXIT # copy key file to temp folder to copy over to target -mkdir -p $temp$SOPS_AGE_KEY_DIRECTORY -cp -r $SOPS_AGE_KEY_DIRECTORY/* $temp$SOPS_AGE_KEY_DIRECTORY +mkdir -p $temp$AGE_KEY_FILE_LOCATION +cp -r $AGE_KEY_FILE_LOCATION/* $temp$AGE_KEY_FILE_LOCATION # commit number in this is because the main branch of nixos-anywhere is broken right now -nixos-anywhere --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target +nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target diff --git a/modules/common-modules/default.nix b/modules/common-modules/default.nix deleted file mode 100644 index 3dd1923..0000000 --- a/modules/common-modules/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -# this folder is for modules that are common between nixos, home-manager, and darwin -{...}: { - imports = [ - ./overlays - ./pkgs - ]; -} diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix deleted file mode 100644 index 3def9e9..0000000 --- a/modules/common-modules/overlays/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -# this folder is for derivation overlays -{inputs, ...}: { - nixpkgs.overlays = [ - inputs.nix-vscode-extensions.overlays.default - # Add noita_entangled_worlds from upstream flake to pkgs - (final: prev: { - noita_entangled_worlds = inputs.noita-entangled-worlds.packages.${prev.stdenv.hostPlatform.system}.noita-proxy; - }) - ]; -} diff --git a/modules/common-modules/pkgs/codium-extensions/ai-code.nix b/modules/common-modules/pkgs/codium-extensions/ai-code.nix deleted file mode 100644 index 9c9efe3..0000000 --- a/modules/common-modules/pkgs/codium-extensions/ai-code.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - buildNpmPackage, - vscode-utils, - pkgs, - ... -}: let - version = "0.0.1"; - pname = "ai-code"; - publisher = "jan-leila"; - vsix = buildNpmPackage { - inherit version pname; - - src = builtins.fetchGit { - url = "ssh://git@git.jan-leila.com/jan-leila/ai-code.git"; - rev = "d48e01713021dbb30de0ebbee2cfaf99e4e9b5a6"; - }; - - npmDepsHash = "sha256-kjMyEnT3dz0yH5Ydh+aGoFDocKpBYGRmfnwbEdvvgpY="; - - nativeBuildInputs = with pkgs; [ - vsce - ]; - - buildPhase = '' - ${pkgs.vsce}/bin/vsce package -o ${pname}.zip - ''; - - installPhase = '' - mkdir -p $out - mv ${pname}.zip $out/${pname}.zip - ''; - }; -in - vscode-utils.buildVscodeExtension { - inherit pname version; - - src = "${vsix}/${pname}.zip"; - - vscodeExtUniqueId = "${publisher}.${pname}"; - vscodeExtPublisher = publisher; - vscodeExtName = pname; - } diff --git a/modules/common-modules/pkgs/codium-extensions/default.nix b/modules/common-modules/pkgs/codium-extensions/default.nix deleted file mode 100644 index a60e8a0..0000000 --- a/modules/common-modules/pkgs/codium-extensions/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{pkgs, ...}: { - ai-code = pkgs.callPackage ./ai-code.nix {}; -} diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix deleted file mode 100644 index 2afc9f2..0000000 --- a/modules/common-modules/pkgs/default.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - pkgs, - inputs, - ... -}: { - imports = [ - ./python - ]; - - nixpkgs.overlays = [ - (final: prev: { - webtoon-dl = - pkgs.callPackage - ./webtoon-dl.nix - {}; - }) - (final: prev: { - prostudiomasters = - pkgs.callPackage - ./prostudiomasters.nix - {}; - }) - (final: prev: { - gdx-liftoff = pkgs.callPackage ./gdx-liftoff.nix {}; - }) - (final: prev: { - codium-extensions = pkgs.callPackage ./codium-extensions {}; - }) - (final: prev: { - firefox-extensions = pkgs.callPackage ./firefox-extensions { - inherit inputs; - }; - }) - (final: prev: { - mapillary-uploader = pkgs.callPackage ./mapillary-uploader.nix {}; - }) - (final: prev: { - panoramax = pkgs.python3.pkgs.callPackage ./panoramax.nix {}; - }) - (final: prev: { - sgblur = pkgs.python3.pkgs.callPackage ./sgblur.nix {}; - }) - (final: prev: { - # Override h3 C library to version 4.3.0 - h3 = pkgs.callPackage ./h3-c-lib.nix {}; - }) - ]; -} diff --git a/modules/common-modules/pkgs/firefox-extensions/default.nix b/modules/common-modules/pkgs/firefox-extensions/default.nix deleted file mode 100644 index 922dfc7..0000000 --- a/modules/common-modules/pkgs/firefox-extensions/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - pkgs, - inputs, - ... -}: let - inherit (inputs.firefox-addons.lib.${pkgs.stdenv.hostPlatform.system}) buildFirefoxXpiAddon; -in { - italiano-it-language-pack = pkgs.callPackage ./italiano-it-language-pack.nix { - inherit buildFirefoxXpiAddon; - }; - dizionario-italiano = pkgs.callPackage ./dizionario-italiano.nix { - inherit buildFirefoxXpiAddon; - }; - deutsch-de-language-pack = pkgs.callPackage ./deutsch-de-language-pack.nix { - inherit buildFirefoxXpiAddon; - }; -} diff --git a/modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix b/modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix deleted file mode 100644 index b769bfd..0000000 --- a/modules/common-modules/pkgs/firefox-extensions/deutsch-de-language-pack.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - lib, - buildFirefoxXpiAddon, - ... -}: -buildFirefoxXpiAddon rec { - pname = "deutsch-de-language-pack"; - version = "145.0.20251106.194447"; - addonId = "langpack-de@firefox.mozilla.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/4614311/deutsch_de_language_pack-${version}.xpi"; - sha256 = "aaaa95c29984fb3802a5e7edb6b7e5020c391d81f389b8a8133c163959ea4299"; - meta = with lib; { - description = "Firefox Language Pack for Deutsch (de) – German"; - license = licenses.mpl20; - mozPermissions = []; - platforms = platforms.all; - }; -} diff --git a/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix b/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix deleted file mode 100644 index 4bfca14..0000000 --- a/modules/common-modules/pkgs/firefox-extensions/dizionario-italiano.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - lib, - buildFirefoxXpiAddon, - ... -}: -buildFirefoxXpiAddon rec { - pname = "dizionario-italiano"; - version = "5.1"; - addonId = "it-IT@dictionaries.addons.mozilla.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/3693497/dizionario_italiano-${version}.xpi"; - sha256 = "90b173ffdde34a77108152a5ff51879767b1dd84e0aa0dfb7b2bab94cd2e7f53"; - meta = with lib; { - description = "Add support for Italian to spellchecking"; - license = licenses.gpl3; - mozPermissions = []; - platforms = platforms.all; - }; -} diff --git a/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix b/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix deleted file mode 100644 index 35f4243..0000000 --- a/modules/common-modules/pkgs/firefox-extensions/italiano-it-language-pack.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - lib, - buildFirefoxXpiAddon, - ... -}: -buildFirefoxXpiAddon rec { - pname = "italiano-it-language-pack"; - version = "145.0.20251106.194447"; - addonId = "langpack-it@firefox.mozilla.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/4614309/italiano_it_language_pack-${version}.xpi"; - sha256 = "1eb271cedbf326543e222ba1b9a1da62fceef9d3c523ac02a098df296f155038"; - meta = with lib; { - description = "Firefox Language Pack for Italiano (it) – Italian"; - license = licenses.mpl20; - mozPermissions = []; - platforms = platforms.all; - }; -} diff --git a/modules/common-modules/pkgs/gdx-liftoff.nix b/modules/common-modules/pkgs/gdx-liftoff.nix deleted file mode 100644 index d2e9424..0000000 --- a/modules/common-modules/pkgs/gdx-liftoff.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - stdenv, - fetchurl, - makeWrapper, - jdk, - lib, - xorg, - libGL, - ... -}: -stdenv.mkDerivation rec { - pname = "gdx-liftoff"; - version = "1.13.5.1"; - - src = fetchurl { - url = "https://github.com/libgdx/gdx-liftoff/releases/download/v${version}/gdx-liftoff-${version}.jar"; - hash = "sha256-9vCXGNGwI/P4VmcdIzTv2GPAX8bZb7nkfopaRAf6yMA="; - }; - - dontUnpack = true; - - nativeBuildInputs = [makeWrapper]; - - runtimeDependencies = lib.makeLibraryPath [ - # glfw - libGL - xorg.libX11 - xorg.libXcursor - xorg.libXext - xorg.libXrandr - xorg.libXxf86vm - ]; - - installPhase = '' - runHook preInstall - - install -Dm644 $src $out/lib/gdx-liftoff-${version}.jar - - makeWrapper ${lib.getExe jdk} $out/bin/gdx-liftoff-${version} \ - --append-flags "-jar $out/lib/gdx-liftoff-${version}.jar"\ - ${lib.optionalString stdenv.hostPlatform.isLinux "--prefix LD_LIBRARY_PATH : ${runtimeDependencies}"} - runHook postInstall - ''; -} diff --git a/modules/common-modules/pkgs/h3-c-lib.nix b/modules/common-modules/pkgs/h3-c-lib.nix deleted file mode 100644 index 2615d3c..0000000 --- a/modules/common-modules/pkgs/h3-c-lib.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - lib, - stdenv, - fetchFromGitHub, - cmake, - doxygen, -}: -stdenv.mkDerivation rec { - pname = "h3"; - version = "4.3.0"; - - src = fetchFromGitHub { - owner = "uber"; - repo = "h3"; - rev = "v${version}"; - hash = "sha256-DUILKZ1QvML6qg+WdOxir6zRsgTvk+En6yjeFf6MQBg="; - }; - - nativeBuildInputs = [ - cmake - doxygen - ]; - - cmakeFlags = [ - "-DBUILD_SHARED_LIBS=ON" - "-DBUILD_TESTING=OFF" - ]; - - meta = with lib; { - homepage = "https://github.com/uber/h3"; - description = "Hexagonal hierarchical geospatial indexing system"; - license = licenses.asl20; - maintainers = []; - platforms = platforms.all; - }; -} diff --git a/modules/common-modules/pkgs/mapillary-uploader.nix b/modules/common-modules/pkgs/mapillary-uploader.nix deleted file mode 100644 index acff772..0000000 --- a/modules/common-modules/pkgs/mapillary-uploader.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - lib, - fetchurl, - appimageTools, -}: let - pname = "mapillary-uploader"; - version = "4.7.2"; - - src = fetchurl { - url = "http://tools.mapillary.com/uploader/download/linux/${version}"; - name = "mapillary-uploader.AppImage"; - sha256 = "sha256-hpWdfeuhYylO+SFD3BsKI0s/xtObCDd5OcuJ6i/aEuI="; - }; - - appimageContents = appimageTools.extractType2 { - inherit pname version src; - }; -in - appimageTools.wrapType2 { - inherit pname version src; - - extraInstallCommands = '' - # Install desktop file - install -Dm644 ${appimageContents}/mapillary-desktop-uploader.desktop $out/share/applications/mapillary-uploader.desktop - - # Fix desktop file paths - substituteInPlace $out/share/applications/mapillary-uploader.desktop \ - --replace 'Exec=AppRun' 'Exec=${pname}' - ''; - - meta = with lib; { - description = "Mapillary Desktop Uploader - Upload street-level imagery to Mapillary"; - homepage = "https://www.mapillary.com/"; - license = licenses.unfree; # Mapillary's license terms - maintainers = []; - platforms = ["x86_64-linux"]; - sourceProvenance = with sourceTypes; [binaryNativeCode]; - }; - } diff --git a/modules/common-modules/pkgs/panoramax.nix b/modules/common-modules/pkgs/panoramax.nix deleted file mode 100644 index 75b5e0e..0000000 --- a/modules/common-modules/pkgs/panoramax.nix +++ /dev/null @@ -1,105 +0,0 @@ -{ - lib, - fetchFromGitLab, - buildPythonPackage, - flit-core, - flask, - pillow, - requests, - python-dotenv, - authlib, - sentry-sdk, - python-dateutil, - dateparser, - croniter, - pydantic, - flask-cors, - flask-compress, - flask-babel, - flasgger, - yoyo-migrations, - psycopg, - psycopg-pool, - tzdata, - email-validator, - pydantic-extra-types, - python-multipart, - fs, - fs-s3fs, - geopic-tag-reader, - pygeofilter, - pygeoif, - rfeed, - geojson-pydantic, - ... -}: let - pname = "geovisio"; - version = "2.10.0"; - repo = fetchFromGitLab { - owner = "panoramax"; - repo = "server/api"; - rev = version; - hash = "sha256-kCLcrOe7jJdIfmWWOmxQ5dOj8ZG2B7s0qFpHXs02B/E="; - }; -in - buildPythonPackage { - inherit pname version; - - pyproject = true; - - src = repo; - - build-system = [ - flit-core - ]; - - dependencies = [ - flask - pillow - requests - python-dotenv - authlib - sentry-sdk - python-dateutil - dateparser - croniter - pydantic - flask-cors - flask-compress - flask-babel - flasgger - yoyo-migrations - psycopg - psycopg-pool - tzdata - email-validator - pydantic-extra-types - python-multipart - fs - fs-s3fs - geopic-tag-reader - pygeofilter - pygeoif - rfeed - geojson-pydantic - # Missing from nixpkgs - may need custom packages: - # flask-executor - ]; - - # Skip tests as they may require network access or specific setup - doCheck = false; - - # Disable runtime dependencies check as many dependencies are not available in nixpkgs - dontCheckRuntimeDeps = true; - - # Disable imports check as many dependencies are not available in nixpkgs - pythonImportsCheck = []; - - meta = with lib; { - description = "Panoramax API client and tools for street-level imagery platform"; - homepage = "https://gitlab.com/panoramax/server/api"; - license = licenses.mit; - maintainers = []; - platforms = platforms.all; - }; - } diff --git a/modules/common-modules/pkgs/prostudiomasters.nix b/modules/common-modules/pkgs/prostudiomasters.nix deleted file mode 100644 index 1a3ad01..0000000 --- a/modules/common-modules/pkgs/prostudiomasters.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - fetchurl, - appimageTools, - writeShellScript, -}: let - pname = "prostudiomasters"; - version = "2.5.6"; - src = fetchurl { - url = "https://download.prostudiomasters.com/linux/ProStudioMasters-${version}.AppImage"; - hash = "sha256-7owOwdcucFfl+JsVj+Seau2KOz0J4P/ep7WrBSNSmbs="; - }; - - # Create the base AppImage wrapper - baseApp = appimageTools.wrapType2 { - inherit pname version src; - }; - - # Create a wrapper script that automatically adds the --in-process-gpu flag - wrapper = writeShellScript "prostudiomasters-wrapper" '' - exec ${baseApp}/bin/prostudiomasters --in-process-gpu "$@" - ''; -in - # Override the base app to use our wrapper script - baseApp.overrideAttrs (oldAttrs: { - buildCommand = - oldAttrs.buildCommand - + '' - # Replace the original binary with our wrapper - rm $out/bin/prostudiomasters - cp ${wrapper} $out/bin/prostudiomasters - chmod +x $out/bin/prostudiomasters - ''; - }) diff --git a/modules/common-modules/pkgs/python/default.nix b/modules/common-modules/pkgs/python/default.nix deleted file mode 100644 index f69c512..0000000 --- a/modules/common-modules/pkgs/python/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{...}: { - nixpkgs.overlays = [ - (final: prev: { - python3 = prev.python3.override { - packageOverrides = pythonPrev: pythonFinal: { - h3 = pythonPrev.callPackage ./h3.nix {h3 = final.h3;}; - pygeofilter = pythonPrev.callPackage ./pygeofilter.nix {}; - pygeoif = pythonPrev.callPackage ./pygeoif.nix {}; - rfeed = pythonPrev.callPackage ./rfeed.nix {}; - pyexiv2 = pythonPrev.callPackage ./pyexiv2.nix {}; - geojson-pydantic = pythonPrev.callPackage ./geojson-pydantic.nix {}; - geopic-tag-reader = pythonPrev.callPackage ./geopic-tag-reader.nix {}; - }; - }; - python3Packages = final.python3.pkgs; - }) - ]; -} diff --git a/modules/common-modules/pkgs/python/geojson-pydantic.nix b/modules/common-modules/pkgs/python/geojson-pydantic.nix deleted file mode 100644 index 96ec6b5..0000000 --- a/modules/common-modules/pkgs/python/geojson-pydantic.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - lib, - fetchPypi, - buildPythonPackage, - flit-core, - pydantic, - geojson, - ... -}: let - pname = "geojson_pydantic"; - version = "2.0.0"; -in - buildPythonPackage { - inherit pname version; - - pyproject = true; - - src = fetchPypi { - inherit pname version; - hash = "sha256-ti6LRFAt0a1Ri19zkDWoGSSnb5gMvbOk6JFu+RO+JC4="; - }; - - build-system = [ - flit-core - ]; - - dependencies = [ - pydantic - geojson - ]; - - # Skip tests as they may require specific setup - doCheck = false; - - # Disable runtime dependencies check - dontCheckRuntimeDeps = true; - - # Basic imports check - pythonImportsCheck = ["geojson_pydantic"]; - - meta = with lib; { - description = "Pydantic models for GeoJSON objects"; - homepage = "https://github.com/developmentseed/geojson-pydantic"; - license = licenses.mit; - maintainers = []; - platforms = platforms.all; - }; - } diff --git a/modules/common-modules/pkgs/python/geopic-tag-reader.nix b/modules/common-modules/pkgs/python/geopic-tag-reader.nix deleted file mode 100644 index bd8451f..0000000 --- a/modules/common-modules/pkgs/python/geopic-tag-reader.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ - lib, - fetchFromGitLab, - buildPythonPackage, - flit-core, - typer, - xmltodict, - timezonefinder, - pytz, - types-pytz, - types-python-dateutil, - rtree, - python-dateutil, - pyexiv2, - ... -}: let - pname = "geopic-tag-reader"; - version = "1.8.0"; -in - buildPythonPackage { - inherit pname version; - - pyproject = true; - - src = fetchFromGitLab { - owner = "panoramax"; - repo = "server/geo-picture-tag-reader"; - rev = version; - sha256 = "0lzf5xxxcdqmq28bpvgpkxf5jxmh2nawwa4rl4yg04bdsi16rf1j"; - }; - - build-system = [ - flit-core - ]; - - dependencies = [ - typer - xmltodict - pyexiv2 - timezonefinder - pytz - types-pytz - types-python-dateutil - rtree - ]; - - optional-dependencies = { - write-exif = [ - python-dateutil - types-python-dateutil - ]; - }; - - # Skip tests as they may require network access or specific setup - doCheck = false; - - # Disable runtime dependencies check as some dependencies might have issues - dontCheckRuntimeDeps = true; - - # Disable imports check initially to avoid dependency issues - pythonImportsCheck = []; - - meta = with lib; { - description = "GeoPic Tag Reader - Python library to read and write standardized metadata from geolocated pictures EXIF metadata"; - homepage = "https://gitlab.com/panoramax/server/geo-picture-tag-reader"; - license = licenses.mit; - maintainers = []; - platforms = platforms.all; - }; - } diff --git a/modules/common-modules/pkgs/python/h3.nix b/modules/common-modules/pkgs/python/h3.nix deleted file mode 100644 index 2dc3d26..0000000 --- a/modules/common-modules/pkgs/python/h3.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - autoPatchelfHook, - buildPythonPackage, - cmake, - cython, - fetchFromGitHub, - h3, - lib, - ninja, - numpy, - pytestCheckHook, - pytest-cov-stub, - scikit-build-core, - stdenv, -}: -buildPythonPackage rec { - pname = "h3"; - version = "4.3.1"; - pyproject = true; - - # pypi version does not include tests - src = fetchFromGitHub { - owner = "uber"; - repo = "h3-py"; - tag = "v${version}"; - hash = "sha256-zt7zbBgSp2P9q7mObZeQZpW9Szip62dAYdPZ2cGTmi4="; - }; - - dontConfigure = true; - - nativeCheckInputs = [ - pytestCheckHook - pytest-cov-stub - ]; - - build-system = - [ - scikit-build-core - cmake - cython - ninja - ] - ++ lib.optionals stdenv.hostPlatform.isLinux [ - # On Linux the .so files ends up referring to libh3.so instead of the full - # Nix store path. I'm not sure why this is happening! On Darwin it works - # fine. - autoPatchelfHook - ]; - - # This is not needed per-se, it's only added for autoPatchelfHook to work - # correctly. See the note above ^^ - buildInputs = lib.optionals stdenv.hostPlatform.isLinux [h3]; - - dependencies = [numpy]; - - # The following prePatch replaces the h3lib compilation with using the h3 packaged in nixpkgs. - # - # - Remove the h3lib submodule. - # - Patch CMakeLists to avoid building h3lib, and use h3 instead. - prePatch = let - cmakeCommands = '' - include_directories(${lib.getDev h3}/include/h3) - link_directories(${h3}/lib) - ''; - in '' - rm -r src/h3lib - substituteInPlace CMakeLists.txt \ - --replace-fail "add_subdirectory(src/h3lib)" "${cmakeCommands}" \ - --replace-fail "\''${CMAKE_CURRENT_BINARY_DIR}/src/h3lib/src/h3lib/include/h3api.h" "${lib.getDev h3}/include/h3/h3api.h" - ''; - - # Extra check to make sure we can import it from Python - pythonImportsCheck = ["h3"]; - - meta = { - homepage = "https://github.com/uber/h3-py"; - description = "Hierarchical hexagonal geospatial indexing system"; - license = lib.licenses.asl20; - maintainers = [lib.maintainers.kalbasit]; - }; -} diff --git a/modules/common-modules/pkgs/python/pyexiv2.nix b/modules/common-modules/pkgs/python/pyexiv2.nix deleted file mode 100644 index 69fa537..0000000 --- a/modules/common-modules/pkgs/python/pyexiv2.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - lib, - fetchFromGitHub, - buildPythonPackage, - exiv2, - boost, - pybind11, - setuptools, - ... -}: let - pname = "pyexiv2"; - version = "2.15.3"; -in - buildPythonPackage { - inherit pname version; - - pyproject = true; - build-system = [setuptools]; - - src = fetchFromGitHub { - owner = "LeoHsiao1"; - repo = "pyexiv2"; - rev = "v${version}"; - sha256 = "sha256-83bFMaoXncvhRJNcCgkkC7B29wR5pjuLO/EdkQdqxxo="; - }; - - buildInputs = [ - exiv2 - boost - ]; - - nativeBuildInputs = [ - pybind11 - ]; - - # Skip tests as they may require specific test images - doCheck = false; - - # Disable runtime dependencies check initially - dontCheckRuntimeDeps = true; - - meta = with lib; { - description = "Python binding to the library exiv2"; - homepage = "https://github.com/LeoHsiao1/pyexiv2"; - license = licenses.gpl3Plus; - maintainers = []; - platforms = platforms.linux; - }; - } diff --git a/modules/common-modules/pkgs/python/pygeofilter.nix b/modules/common-modules/pkgs/python/pygeofilter.nix deleted file mode 100644 index aa310f9..0000000 --- a/modules/common-modules/pkgs/python/pygeofilter.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - lib, - fetchPypi, - buildPythonPackage, - setuptools, - wheel, - lark, - python-dateutil, - shapely, - ... -}: let - pname = "pygeofilter"; - version = "0.3.1"; -in - buildPythonPackage { - inherit pname version; - - pyproject = true; - - src = fetchPypi { - inherit pname version; - hash = "sha256-+SvAYiCZ+H/os23nq92GBZ1hWontYIInNwgiI6V44VA="; - }; - - build-system = [ - setuptools - wheel - ]; - - dependencies = [ - lark - python-dateutil - shapely - ]; - - # Skip tests as they may require specific setup - doCheck = false; - - # Disable runtime dependencies check - dontCheckRuntimeDeps = true; - - # Basic imports check - pythonImportsCheck = ["pygeofilter"]; - - meta = with lib; { - description = "A pure Python parser implementation of OGC filtering standards"; - homepage = "https://github.com/geopython/pygeofilter"; - license = licenses.mit; - maintainers = []; - platforms = platforms.all; - }; - } diff --git a/modules/common-modules/pkgs/python/pygeoif.nix b/modules/common-modules/pkgs/python/pygeoif.nix deleted file mode 100644 index 12b8b12..0000000 --- a/modules/common-modules/pkgs/python/pygeoif.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - lib, - fetchPypi, - buildPythonPackage, - setuptools, - wheel, - typing-extensions, - ... -}: let - pname = "pygeoif"; - version = "1.5.1"; -in - buildPythonPackage { - inherit pname version; - - pyproject = true; - - src = fetchPypi { - inherit pname version; - hash = "sha256-8nprah7Lh66swrUbzFnKeb5w7RKgEE3oYBR4shPdXYE="; - }; - - build-system = [ - setuptools - wheel - ]; - - dependencies = [ - typing-extensions - ]; - - # Skip tests as they may require specific setup - doCheck = false; - - # Disable runtime dependencies check - dontCheckRuntimeDeps = true; - - # Basic imports check - pythonImportsCheck = ["pygeoif"]; - - meta = with lib; { - description = "A basic implementation of the __geo_interface__"; - homepage = "https://github.com/cleder/pygeoif"; - license = licenses.lgpl21Plus; - maintainers = []; - platforms = platforms.all; - }; - } diff --git a/modules/common-modules/pkgs/python/rfeed.nix b/modules/common-modules/pkgs/python/rfeed.nix deleted file mode 100644 index 0be8ab9..0000000 --- a/modules/common-modules/pkgs/python/rfeed.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - lib, - fetchPypi, - buildPythonPackage, - setuptools, - python-dateutil, -}: -buildPythonPackage rec { - pname = "rfeed"; - version = "1.1.1"; - pyproject = true; - - src = fetchPypi { - inherit pname version; - hash = "sha256-qpUG8oZrdPWjItOUoUpjwZpoJcLZR1X/GdRt0eJDSBk="; - }; - - build-system = [ - setuptools - ]; - - dependencies = [ - python-dateutil - ]; - - # No tests available in the package - doCheck = false; - - pythonImportsCheck = [ - "rfeed" - ]; - - meta = with lib; { - description = "RSS feed generation library for Python"; - homepage = "https://pypi.org/project/rfeed/"; - license = licenses.mit; - maintainers = []; - platforms = platforms.all; - }; -} diff --git a/modules/common-modules/pkgs/sgblur.nix b/modules/common-modules/pkgs/sgblur.nix deleted file mode 100644 index d007b4e..0000000 --- a/modules/common-modules/pkgs/sgblur.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - lib, - python3Packages, - fetchFromGitHub, - pkg-config, - libjpeg_turbo, - exiftran ? libjpeg_turbo, -}: -python3Packages.buildPythonPackage { - pname = "sgblur"; - version = "1.0.0"; - - pyproject = true; - - src = fetchFromGitHub { - owner = "cquest"; - repo = "sgblur"; - rev = "master"; - hash = "sha256-17wpif2sa021kaa1pbkry4l1967la1qd7knhngvxblrvd7jqqz4y="; - }; - - nativeBuildInputs = [ - pkg-config - ]; - - buildInputs = [ - libjpeg_turbo - exiftran - ]; - - build-system = with python3Packages; [ - setuptools - wheel - ]; - - dependencies = with python3Packages; [ - # Core dependencies from pyproject.toml - ultralytics - # pyturbojpeg # May need special handling - pillow - # uuid # Built into Python - # exifread - python-multipart - fastapi - uvicorn - requests - # piexif - pydantic-settings - pydantic - ]; - - # Skip tests as they may require GPU or specific setup - doCheck = false; - - # The package may have import issues due to system dependencies - pythonImportsCheck = []; - - meta = with lib; { - description = "Panoramax Speedy Gonzales Blurring Algorithm - AI-powered face and license plate blurring API"; - homepage = "https://github.com/cquest/sgblur"; - license = licenses.mit; - maintainers = []; - platforms = platforms.unix; - }; -} diff --git a/modules/common-modules/pkgs/webtoon-dl.nix b/modules/common-modules/pkgs/webtoon-dl.nix deleted file mode 100644 index 4341098..0000000 --- a/modules/common-modules/pkgs/webtoon-dl.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - buildGoModule, - fetchFromGitHub, - ... -}: -buildGoModule rec { - pname = "webtoon-dl"; - version = "0.0.10"; - - src = fetchFromGitHub { - owner = "robinovitch61"; - repo = "webtoon-dl"; - rev = "v${version}"; - hash = "sha256-geVb3LFPZxPQYARZnaqOr5sgaN6mqkEX5ZiLvg8mF5k="; - }; - - vendorHash = "sha256-NTqUygJ6b6kTnLUnJqxCo/URzaRouPLACEPi2Ob1s9w="; -} diff --git a/modules/darwin-modules/default.nix b/modules/darwin-modules/default.nix deleted file mode 100644 index 5f4447b..0000000 --- a/modules/darwin-modules/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -# this folder container modules that are for darwin only -{...}: { - imports = [ - ./home-manager - ./users.nix - ./system.nix - ]; -} diff --git a/modules/darwin-modules/home-manager/default.nix b/modules/darwin-modules/home-manager/default.nix deleted file mode 100644 index 1ebec5f..0000000 --- a/modules/darwin-modules/home-manager/default.nix +++ /dev/null @@ -1,2 +0,0 @@ -# modules in this folder are to adapt home-manager modules configs to darwin-module configs -{...}: {} diff --git a/modules/darwin-modules/system.nix b/modules/darwin-modules/system.nix deleted file mode 100644 index ee56162..0000000 --- a/modules/darwin-modules/system.nix +++ /dev/null @@ -1,27 +0,0 @@ -{self, ...}: { - system.configurationRevision = self.rev or self.dirtyRev or null; - - nix = { - gc = { - automatic = true; - interval = [ - { - Hour = 4; - Minute = 15; - Weekday = 7; - } - ]; - options = "--delete-older-than 7d"; - }; - optimise = { - automatic = true; - interval = [ - { - Hour = 4; - Minute = 15; - Weekday = 7; - } - ]; - }; - }; -} diff --git a/modules/darwin-modules/users.nix b/modules/darwin-modules/users.nix deleted file mode 100644 index 72fd1b1..0000000 --- a/modules/darwin-modules/users.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - lib, - config, - ... -}: let - host = config.host; -in { - users = { - users = { - leyla = { - name = lib.mkForce host.users.leyla.name; - home = lib.mkForce "/home/${host.users.leyla.name}"; - }; - }; - }; -} diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix deleted file mode 100644 index 29d3414..0000000 --- a/modules/home-manager-modules/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -# this folder container modules that are for home manager only -{...}: { - imports = [ - ./sops.nix - ./user.nix - ./flipperzero.nix - ./i18n.nix - ./impermanence.nix - ./openssh.nix - ./gnome.nix - ./programs - ]; -} diff --git a/modules/home-manager-modules/flipperzero.nix b/modules/home-manager-modules/flipperzero.nix deleted file mode 100644 index 6354bc0..0000000 --- a/modules/home-manager-modules/flipperzero.nix +++ /dev/null @@ -1,3 +0,0 @@ -{lib, ...}: { - options.hardware.flipperzero.enable = lib.mkEnableOption "enable flipperzero hardware"; -} diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix deleted file mode 100644 index ab56189..0000000 --- a/modules/home-manager-modules/gnome.nix +++ /dev/null @@ -1,203 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: let - enabledExtensions = - [] - ++ lib.optional config.gnome.extensions.dash-to-dock.enable pkgs.gnomeExtensions.dash-to-dock - ++ lib.optional config.gnome.extensions.dash-to-panel.enable pkgs.gnomeExtensions.dash-to-panel; - - extensions = config.gnome.extraExtensions ++ enabledExtensions; -in { - options.gnome = { - extraWindowControls = lib.mkEnableOption "Should we add back in the minimize and maximize window controls?"; - clockFormat = lib.mkOption { - type = lib.types.enum [ - "12h" - "24h" - ]; - default = "24h"; - }; - colorScheme = lib.mkOption { - type = lib.types.enum [ - "default" - "prefer-dark" - "prefer-light" - ]; - default = "default"; - }; - accentColor = lib.mkOption { - type = lib.types.enum [ - "blue" - "teal" - "green" - "yellow" - "orange" - "red" - "pink" - "purple" - "slate" - ]; - default = "blue"; - }; - extraExtensions = lib.mkOption { - type = lib.types.listOf lib.types.package; - default = []; - description = "The set of extensions to install and enable in the user environment."; - }; - hotkeys = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - key = lib.mkOption { - type = lib.types.strMatching "[a-zA-Z0-9-]+"; - default = builtins.replaceStrings [" " "/" "_"] ["-" "-" "-"] name; - }; - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - binding = lib.mkOption { - type = lib.types.str; - }; - command = lib.mkOption { - type = lib.types.str; - }; - }; - })); - default = {}; - }; - displayScaling = lib.mkOption { - type = lib.types.nullOr (lib.types.enum [100 125 150 175 200]); - default = null; - description = "Display scaling percentage for GNOME"; - }; - experimentalFeatures = lib.mkOption { - type = lib.types.submodule { - options = { - scaleMonitorFramebuffer = lib.mkEnableOption "scale-monitor-framebuffer experimental feature"; - }; - }; - default = {}; - description = "GNOME experimental features to enable"; - }; - - nightLight = lib.mkOption { - type = lib.types.submodule { - options = { - enable = lib.mkEnableOption "night light (blue light filter)"; - automatic = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Whether to automatically schedule night light based on sunset/sunrise"; - }; - fromTime = lib.mkOption { - type = lib.types.float; - default = 20.0; - description = "Start time for night light in 24-hour format (e.g., 20.0 for 8:00 PM)"; - }; - toTime = lib.mkOption { - type = lib.types.float; - default = 6.0; - description = "End time for night light in 24-hour format (e.g., 6.0 for 6:00 AM)"; - }; - temperature = lib.mkOption { - type = lib.types.int; - default = 4000; - description = "Color temperature for night light (1000-10000K, lower is warmer)"; - }; - }; - }; - default = {}; - description = "Night light configuration"; - }; - - extensions = { - dash-to-dock = { - enable = lib.mkEnableOption "Dash to Dock extension"; - options = lib.mkOption { - type = lib.types.nullOr lib.types.attrs; - default = null; - description = "Dash to Dock configuration options. If null, no custom configuration will be applied."; - }; - }; - - dash-to-panel = { - enable = lib.mkEnableOption "Dash to Panel extension"; - options = lib.mkOption { - type = lib.types.nullOr lib.types.attrs; - default = null; - description = "Dash to Panel configuration options. If null, no custom configuration will be applied."; - }; - }; - }; - }; - - config = { - home.packages = extensions; - dconf = { - settings = lib.mkMerge [ - { - "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = builtins.map (extension: extension.extensionUuid) extensions; - }; - - "org/gnome/desktop/wm/preferences".button-layout = lib.mkIf config.gnome.extraWindowControls ":minimize,maximize,close"; - - "org/gnome/desktop/interface".color-scheme = config.gnome.colorScheme; - "org/gnome/desktop/interface".accent-color = config.gnome.accentColor; - "org/gnome/desktop/interface".clock-format = config.gnome.clockFormat; - "org/gnome/desktop/interface".text-scaling-factor = lib.mkIf (config.gnome.displayScaling != null) (config.gnome.displayScaling / 100.0); - - "org/gnome/mutter".experimental-features = lib.mkIf (builtins.any (x: x) (builtins.attrValues config.gnome.experimentalFeatures)) ( - lib.optional config.gnome.experimentalFeatures.scaleMonitorFramebuffer "scale-monitor-framebuffer" - ); - } - - # Night light configuration - (lib.mkIf config.gnome.nightLight.enable { - "org/gnome/settings-daemon/plugins/color" = { - night-light-enabled = true; - night-light-schedule-automatic = config.gnome.nightLight.automatic; - night-light-schedule-from = lib.mkIf (!config.gnome.nightLight.automatic) config.gnome.nightLight.fromTime; - night-light-schedule-to = lib.mkIf (!config.gnome.nightLight.automatic) config.gnome.nightLight.toTime; - night-light-temperature = config.gnome.nightLight.temperature; - }; - }) - ( - lib.mkMerge ( - builtins.map (value: let - entry = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${value.key}"; - in { - ${entry} = { - binding = value.binding; - command = value.command; - name = value.name; - }; - - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/${entry}/" - ]; - }; - }) - ( - lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys - ) - ) - ) - - # Extension configurations - (lib.mkIf (config.gnome.extensions.dash-to-dock.enable && config.gnome.extensions.dash-to-dock.options != null) { - "org/gnome/shell/extensions/dash-to-dock" = config.gnome.extensions.dash-to-dock.options; - }) - - (lib.mkIf (config.gnome.extensions.dash-to-panel.enable && config.gnome.extensions.dash-to-panel.options != null) { - "org/gnome/shell/extensions/dash-to-panel" = config.gnome.extensions.dash-to-panel.options; - }) - ]; - }; - }; -} diff --git a/modules/home-manager-modules/i18n.nix b/modules/home-manager-modules/i18n.nix deleted file mode 100644 index 2c93e59..0000000 --- a/modules/home-manager-modules/i18n.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - lib, - config, - ... -}: { - options = { - i18n = { - defaultLocale = lib.mkOption { - type = lib.types.str; - default = "en_US.UTF-8"; - example = "nl_NL.UTF-8"; - description = '' - The default locale. It determines the language for program - messages, the format for dates and times, sort order, and so on. - It also determines the character set, such as UTF-8. - ''; - }; - - extraLocaleSettings = lib.mkOption { - type = lib.types.attrsOf lib.types.str; - default = {}; - example = { - LC_MESSAGES = "en_US.UTF-8"; - LC_TIME = "de_DE.UTF-8"; - }; - description = '' - A set of additional system-wide locale settings other than - `LANG` which can be configured with - {option}`i18n.defaultLocale`. - ''; - }; - }; - }; - - config = { - home.sessionVariables = - { - LANG = config.i18n.defaultLocale; - } - // config.i18n.extraLocaleSettings; - }; -} diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix deleted file mode 100644 index 6c75edd..0000000 --- a/modules/home-manager-modules/impermanence.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - config, - lib, - osConfig, - ... -}: let - cfg = config.impermanence; -in { - options.impermanence = { - enable = lib.mkEnableOption "impermanence for home directory"; - fallbackPersistence.enable = lib.mkOption { - type = lib.types.bool; - default = true; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf config.impermanence.enable { - assertions = [ - { - assertion = osConfig.host.impermanence.enable; - message = "impermanence can not be enabled for a user when it is not enabled for the system"; - } - ]; - }) - # If impermanence is not enabled for this user but system impermanence is enabled, - # persist the entire home directory as fallback - (lib.mkIf (osConfig.host.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { - home.persistence."/persist/home/${config.home.username}" = { - directories = ["."]; - allowOther = true; - }; - }) - ]; -} diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix deleted file mode 100644 index afc98dd..0000000 --- a/modules/home-manager-modules/openssh.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ - pkgs, - config, - osConfig, - lib, - ... -}: { - options.programs.openssh = { - enable = lib.mkEnableOption "should we enable openssh"; - authorizedKeys = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - }; - hostKeys = lib.mkOption { - type = lib.types.listOf lib.types.attrs; - default = []; - example = [ - { - type = "rsa"; - bits = 4096; - path = "${config.home.username}_${osConfig.networking.hostName}_rsa"; - rounds = 100; - openSSHFormat = true; - } - { - type = "ed25519"; - path = "${config.home.username}_${osConfig.networking.hostName}_ed25519"; - rounds = 100; - comment = "key comment"; - } - ]; - description = '' - NixOS can automatically generate SSH host keys. This option - specifies the path, type and size of each key. See - {manpage}`ssh-keygen(1)` for supported types - and sizes. Paths are relative to home directory - ''; - }; - }; - - config = lib.mkIf config.programs.openssh.enable ( - lib.mkMerge [ - ( - lib.mkIf ((builtins.length config.programs.openssh.hostKeys) != 0) { - services.ssh-agent.enable = true; - programs.ssh = { - enable = true; - enableDefaultConfig = false; - matchBlocks = { - "*" = { - compression = true; - addKeysToAgent = "confirm"; - }; - }; - extraConfig = lib.strings.concatLines ( - builtins.map (hostKey: "IdentityFile ~/.ssh/${hostKey.path}") config.programs.openssh.hostKeys - ); - }; - - systemd.user.services = builtins.listToAttrs ( - builtins.map (hostKey: - lib.attrsets.nameValuePair "ssh-gen-keys-${hostKey.path}" { - Install = { - WantedBy = ["default.target"]; - }; - Service = let - path = "${config.home.homeDirectory}/.ssh/${hostKey.path}"; - in { - Restart = "always"; - Type = "simple"; - ExecStart = "${ - pkgs.writeShellScript "ssh-gen-keys" '' - if ! [ -s "${path}" ]; then - if ! [ -h "${path}" ]; then - rm -f "${path}" - fi - mkdir -p "$(dirname '${path}')" - chmod 0755 "$(dirname '${path}')" - ${pkgs.openssh}/bin/ssh-keygen \ - -t "${hostKey.type}" \ - ${lib.optionalString (hostKey ? bits) "-b ${toString hostKey.bits}"} \ - ${lib.optionalString (hostKey ? rounds) "-a ${toString hostKey.rounds}"} \ - ${lib.optionalString (hostKey ? comment) "-C '${hostKey.comment}'"} \ - ${lib.optionalString (hostKey ? openSSHFormat && hostKey.openSSHFormat) "-o"} \ - -f "${path}" \ - -N "" - chown ${config.home.username} ${path}* - chgrp ${config.home.username} ${path}* - fi - '' - }"; - }; - }) - config.programs.openssh.hostKeys - ); - } - ) - (lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - files = lib.lists.flatten ( - builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys - ); - }; - }) - ] - ); -} diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix deleted file mode 100644 index c2f93ea..0000000 --- a/modules/home-manager-modules/programs/anki.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - lib, - config, - osConfig, - ... -}: { - config = lib.mkIf (config.programs.anki.enable && osConfig.host.impermanence.enable) { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.dataHome}/Anki2/" - ]; - allowOther = true; - }; - }; -} diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix deleted file mode 100644 index e305b6c..0000000 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.bitwarden = { - enable = lib.mkEnableOption "enable bitwarden"; - }; - - config = lib.mkIf config.programs.bitwarden.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - bitwarden-desktop - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/Bitwarden" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix deleted file mode 100644 index 8ad5e63..0000000 --- a/modules/home-manager-modules/programs/bruno.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.bruno = { - enable = lib.mkEnableOption "enable bruno"; - }; - - config = lib.mkIf config.programs.bruno.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - bruno - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/bruno/" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix deleted file mode 100644 index dbe6e2b..0000000 --- a/modules/home-manager-modules/programs/calibre.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.calibre = { - enable = lib.mkEnableOption "enable calibre"; - }; - - config = lib.mkIf config.programs.calibre.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - calibre - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/calibre" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/davinci-resolve.nix b/modules/home-manager-modules/programs/davinci-resolve.nix deleted file mode 100644 index 6c4526f..0000000 --- a/modules/home-manager-modules/programs/davinci-resolve.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.davinci-resolve = { - enable = lib.mkEnableOption "enable davinci-resolve"; - }; - - config = lib.mkIf config.programs.davinci-resolve.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - davinci-resolve - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.dataHome}/DaVinciResolve" - "${config.xdg.configHome}/blackmagic" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix deleted file mode 100644 index 8b6c41a..0000000 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.dbeaver-bin = { - enable = lib.mkEnableOption "enable dbeaver"; - }; - - config = lib.mkIf config.programs.dbeaver-bin.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - dbeaver-bin - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.dataHome}/DBeaverData/" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/default.nix b/modules/home-manager-modules/programs/default.nix deleted file mode 100644 index e70cfc8..0000000 --- a/modules/home-manager-modules/programs/default.nix +++ /dev/null @@ -1,49 +0,0 @@ -{...}: { - imports = [ - ./firefox.nix - ./signal.nix - ./bitwarden.nix - ./makemkv.nix - ./obs.nix - ./anki.nix - ./piper.nix - ./qbittorrent.nix - ./discord.nix - ./obsidian.nix - ./prostudiomasters.nix - ./idea.nix - ./kdenlive.nix - ./krita.nix - ./protonvpn.nix - ./calibre.nix - ./bruno.nix - ./dbeaver.nix - ./dungeon-draft.nix - ./steam.nix - ./vscode - ./ungoogled-chromium.nix - ./libreoffice.nix - ./mapillary-uploader.nix - ./inkscape.nix - ./gimp.nix - ./guild-wars-2.nix - ./proxmark3.nix - ./freecad.nix - ./onionshare.nix - ./mfoc.nix - ./noita-entangled-worlds.nix - ./pdfarranger.nix - ./picard.nix - ./qflipper.nix - ./openvpn.nix - ./noisetorch.nix - ./olympus.nix - ./openrgb.nix - ./via.nix - ./vortex.nix - ./davinci-resolve.nix - ./gdx-liftoff.nix - ./tor-browser.nix - ./vmware-workstation.nix - ]; -} diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix deleted file mode 100644 index 71b09b2..0000000 --- a/modules/home-manager-modules/programs/discord.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - lib, - config, - ... -}: { - config = lib.mkIf config.programs.discord.enable (lib.mkMerge [ - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/discord/" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/dungeon-draft.nix b/modules/home-manager-modules/programs/dungeon-draft.nix deleted file mode 100644 index faa69c6..0000000 --- a/modules/home-manager-modules/programs/dungeon-draft.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.programs.dungeon-draft; -in { - options.programs.dungeon-draft = { - enable = lib.mkEnableOption "Dungeon Draft"; - }; - - config = { - assertions = [ - { - assertion = !cfg.enable; - message = '' - Dungeon Draft module is not yet fully configured. - Please download the Dungeon Draft executable (.exe) from the official website, - then configure the Wine environment and executable path as needed. - ''; - } - ]; - }; -} diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix deleted file mode 100644 index 8841887..0000000 --- a/modules/home-manager-modules/programs/firefox.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - lib, - config, - ... -}: let - buildProfilePersistence = profile: { - directories = [ - ".mozilla/firefox/${profile}/extensions" - ]; - files = [ - ".mozilla/firefox/${profile}/cookies.sqlite" - ".mozilla/firefox/${profile}/favicons.sqlite" - # Permissions and ${profileName} levels for each site - ".mozilla/firefox/${profile}/permissions.sqlite" - ".mozilla/firefox/${profile}/content-prefs.sqlite" - # Browser history and bookmarks - ".mozilla/firefox/${profile}/places.sqlite" - # I guess this is useful? - # https://bugzilla.mozilla.org/show_bug.cgi?id=1511384 - # https://developer.mozilla.org/en-US/docs/Web/API/Storage_API/Storage_quotas_and_eviction_criteria - ".mozilla/firefox/${profile}/storage.sqlite" - # Extension configuration - ".mozilla/firefox/${profile}/extension-settings.json" - ]; - allowOther = true; - }; -in { - config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) { - home.persistence."/persist${config.home.homeDirectory}" = lib.mkMerge ( - ( - lib.attrsets.mapAttrsToList - (profile: _: buildProfilePersistence profile) - config.programs.firefox.profiles - ) - ++ ( - lib.lists.optional - ((builtins.length (lib.attrsets.mapAttrsToList (key: value: value) config.programs.firefox.profiles)) == 0) - (buildProfilePersistence "default") - ) - ); - }; -} diff --git a/modules/home-manager-modules/programs/freecad.nix b/modules/home-manager-modules/programs/freecad.nix deleted file mode 100644 index 89668de..0000000 --- a/modules/home-manager-modules/programs/freecad.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.freecad = { - enable = lib.mkEnableOption "enable freecad"; - }; - - config = lib.mkIf config.programs.freecad.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - freecad - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/FreeCAD" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/gdx-liftoff.nix b/modules/home-manager-modules/programs/gdx-liftoff.nix deleted file mode 100644 index 4440831..0000000 --- a/modules/home-manager-modules/programs/gdx-liftoff.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.gdx-liftoff = { - enable = lib.mkEnableOption "enable gdx-liftoff"; - }; - - config = lib.mkIf config.programs.gdx-liftoff.enable { - home.packages = with pkgs; [ - gdx-liftoff - ]; - }; -} diff --git a/modules/home-manager-modules/programs/gimp.nix b/modules/home-manager-modules/programs/gimp.nix deleted file mode 100644 index 925a2d9..0000000 --- a/modules/home-manager-modules/programs/gimp.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.gimp = { - enable = lib.mkEnableOption "enable gimp"; - }; - - config = lib.mkIf config.programs.gimp.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - gimp - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/GIMP" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/guild-wars-2.nix b/modules/home-manager-modules/programs/guild-wars-2.nix deleted file mode 100644 index 3f68ec6..0000000 --- a/modules/home-manager-modules/programs/guild-wars-2.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.programs.guild-wars-2; -in { - options.programs.guild-wars-2 = { - enable = lib.mkEnableOption "Guild Wars 2"; - }; - - config = { - assertions = [ - { - assertion = !cfg.enable; - message = '' - Guild Wars 2 module is not yet fully configured. - Please install Guild Wars 2 manually via Steam or the official client, - then configure the Wine environment as needed. - ''; - } - ]; - }; -} diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix deleted file mode 100644 index e59e7b2..0000000 --- a/modules/home-manager-modules/programs/idea.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.jetbrains.idea-community = { - enable = lib.mkEnableOption "enable idea-community"; - }; - - config = lib.mkIf config.programs.jetbrains.idea-community.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - jetbrains.idea-community - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - # configuration - "${config.xdg.configHome}/JetBrains/" - # plugins - "${config.xdg.dataHome}/JetBrains/" - # System and Logs - "${config.xdg.cacheHome}/JetBrains/" - ]; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/inkscape.nix b/modules/home-manager-modules/programs/inkscape.nix deleted file mode 100644 index a26ddec..0000000 --- a/modules/home-manager-modules/programs/inkscape.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.inkscape = { - enable = lib.mkEnableOption "enable inkscape"; - }; - - config = lib.mkIf config.programs.inkscape.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - inkscape - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/inkscape" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/kdenlive.nix b/modules/home-manager-modules/programs/kdenlive.nix deleted file mode 100644 index 05327d1..0000000 --- a/modules/home-manager-modules/programs/kdenlive.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.programs.kdenlive; -in { - options.programs.kdenlive = { - enable = lib.mkEnableOption "kdenlive"; - package = lib.mkOption { - type = lib.types.package; - default = pkgs.kdePackages.kdenlive; - description = "The kdenlive package to install."; - }; - }; - - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - home.packages = [ - cfg.package - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/kdenliverc" - "${config.xdg.dataHome}/kdenlive" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/krita.nix b/modules/home-manager-modules/programs/krita.nix deleted file mode 100644 index 3ba5560..0000000 --- a/modules/home-manager-modules/programs/krita.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.krita = { - enable = lib.mkEnableOption "enable krita"; - }; - - config = lib.mkIf config.programs.krita.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - krita - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/kritarc" - "${config.xdg.dataHome}/krita" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/libreoffice.nix b/modules/home-manager-modules/programs/libreoffice.nix deleted file mode 100644 index 93163e7..0000000 --- a/modules/home-manager-modules/programs/libreoffice.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.libreoffice = { - enable = lib.mkEnableOption "enable libreoffice"; - }; - - config = lib.mkIf config.programs.libreoffice.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - libreoffice - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/libreoffice" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix deleted file mode 100644 index e92c3d3..0000000 --- a/modules/home-manager-modules/programs/makemkv.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.makemkv = { - enable = lib.mkEnableOption "enable makemkv"; - appKeyFile = lib.mkOption { - type = lib.types.str; - }; - destinationDir = lib.mkOption { - type = lib.types.str; - }; - }; - - config = lib.mkIf config.programs.makemkv.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - makemkv - ]; - - sops.templates."MakeMKV.settings.conf".content = '' - app_DestinationDir = "${config.programs.makemkv.destinationDir}" - app_DestinationType = "2" - app_Key = "${config.programs.makemkv.appKeyFile}" - ''; - - home.file.".MakeMKV/settings.conf".source = config.lib.file.mkOutOfStoreSymlink config.sops.templates."MakeMKV.settings.conf".path; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - ".MakeMKV" - ]; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/mapillary-uploader.nix b/modules/home-manager-modules/programs/mapillary-uploader.nix deleted file mode 100644 index df1f093..0000000 --- a/modules/home-manager-modules/programs/mapillary-uploader.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.programs.mapillary-uploader; -in { - options.programs.mapillary-uploader = { - enable = mkEnableOption "Mapillary Desktop Uploader"; - }; - - config = mkIf cfg.enable (mkMerge [ - { - home.packages = [pkgs.mapillary-uploader]; - } - ( - mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/mapillary-uploader" - "${config.xdg.dataHome}/mapillary-uploader" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/mfoc.nix b/modules/home-manager-modules/programs/mfoc.nix deleted file mode 100644 index 6006c9b..0000000 --- a/modules/home-manager-modules/programs/mfoc.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.mfoc = { - enable = lib.mkEnableOption "enable mfoc"; - }; - - config = lib.mkIf config.programs.mfoc.enable { - home.packages = with pkgs; [ - mfoc - ]; - }; -} diff --git a/modules/home-manager-modules/programs/noisetorch.nix b/modules/home-manager-modules/programs/noisetorch.nix deleted file mode 100644 index 4b42638..0000000 --- a/modules/home-manager-modules/programs/noisetorch.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.noisetorch = { - enable = lib.mkEnableOption "enable noisetorch"; - }; - - config = lib.mkIf config.programs.noisetorch.enable { - home.packages = with pkgs; [ - noisetorch - ]; - }; -} diff --git a/modules/home-manager-modules/programs/noita-entangled-worlds.nix b/modules/home-manager-modules/programs/noita-entangled-worlds.nix deleted file mode 100644 index 3f3af64..0000000 --- a/modules/home-manager-modules/programs/noita-entangled-worlds.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options = { - programs.noita-entangled-worlds = { - enable = lib.mkEnableOption "Noita Entangled Worlds multiplayer mod"; - }; - }; - - config = lib.mkIf config.programs.noita-entangled-worlds.enable { - home.packages = with pkgs; [ - noita_entangled_worlds - ]; - }; -} diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix deleted file mode 100644 index bfdba90..0000000 --- a/modules/home-manager-modules/programs/obs.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - lib, - config, - ... -}: { - config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/obs-studio" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix deleted file mode 100644 index 824563d..0000000 --- a/modules/home-manager-modules/programs/obsidian.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - lib, - config, - ... -}: { - config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/obsidian" - ]; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/olympus.nix b/modules/home-manager-modules/programs/olympus.nix deleted file mode 100644 index 0e38eec..0000000 --- a/modules/home-manager-modules/programs/olympus.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.programs.olympus; -in { - options.programs.olympus = { - enable = lib.mkEnableOption "olympus"; - package = lib.mkOption { - type = lib.types.package; - default = pkgs.olympus; - description = "The olympus package to install."; - }; - }; - - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - home.packages = [ - cfg.package - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/olympus" - "${config.xdg.dataHome}/olympus" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/onionshare.nix b/modules/home-manager-modules/programs/onionshare.nix deleted file mode 100644 index 475f993..0000000 --- a/modules/home-manager-modules/programs/onionshare.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.onionshare = { - enable = lib.mkEnableOption "enable onionshare"; - }; - - config = lib.mkIf config.programs.onionshare.enable { - home.packages = with pkgs; [ - onionshare - ]; - }; -} diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix deleted file mode 100644 index c9d5e14..0000000 --- a/modules/home-manager-modules/programs/openrgb.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.openrgb = { - enable = lib.mkEnableOption "enable openrgb"; - }; - - config = lib.mkIf config.programs.openrgb.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - openrgb - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/OpenRGB" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/openvpn.nix b/modules/home-manager-modules/programs/openvpn.nix deleted file mode 100644 index dcd499c..0000000 --- a/modules/home-manager-modules/programs/openvpn.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.openvpn = { - enable = lib.mkEnableOption "enable openvpn"; - }; - - config = lib.mkIf config.programs.openvpn.enable { - home.packages = with pkgs; [ - openvpn - ]; - }; -} diff --git a/modules/home-manager-modules/programs/pdfarranger.nix b/modules/home-manager-modules/programs/pdfarranger.nix deleted file mode 100644 index 9246efd..0000000 --- a/modules/home-manager-modules/programs/pdfarranger.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.pdfarranger = { - enable = lib.mkEnableOption "enable pdfarranger"; - }; - - config = lib.mkIf config.programs.pdfarranger.enable { - home.packages = with pkgs; [ - pdfarranger - ]; - }; -} diff --git a/modules/home-manager-modules/programs/picard.nix b/modules/home-manager-modules/programs/picard.nix deleted file mode 100644 index bc37b86..0000000 --- a/modules/home-manager-modules/programs/picard.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.picard = { - enable = lib.mkEnableOption "enable picard"; - }; - - config = lib.mkIf config.programs.picard.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - picard - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/MusicBrainz" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/piper.nix b/modules/home-manager-modules/programs/piper.nix deleted file mode 100644 index 3ed25fd..0000000 --- a/modules/home-manager-modules/programs/piper.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.piper = { - enable = lib.mkEnableOption "enable piper"; - }; - - config = lib.mkIf config.programs.piper.enable { - home.packages = with pkgs; [ - piper - ]; - }; -} diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix deleted file mode 100644 index 5345169..0000000 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.prostudiomasters = { - enable = lib.mkEnableOption "enable prostudiomasters"; - }; - - config = lib.mkIf config.programs.prostudiomasters.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - prostudiomasters - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/ProStudioMasters" - ]; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix deleted file mode 100644 index 513a610..0000000 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.protonvpn-gui = { - enable = lib.mkEnableOption "enable protonvpn"; - }; - - config = lib.mkIf config.programs.protonvpn-gui.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - protonvpn-gui - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/protonvpn" - "${config.xdg.configHome}/Proton" - ]; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/proxmark3.nix b/modules/home-manager-modules/programs/proxmark3.nix deleted file mode 100644 index 656be19..0000000 --- a/modules/home-manager-modules/programs/proxmark3.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.proxmark3 = { - enable = lib.mkEnableOption "enable proxmark3"; - }; - - config = lib.mkIf config.programs.proxmark3.enable { - home.packages = with pkgs; [ - proxmark3 - ]; - }; -} diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix deleted file mode 100644 index 61d13c0..0000000 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.qbittorrent = { - enable = lib.mkEnableOption "enable qbittorrent"; - }; - - config = lib.mkIf config.programs.qbittorrent.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - qbittorrent - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/qBittorrent" - ]; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/qflipper.nix b/modules/home-manager-modules/programs/qflipper.nix deleted file mode 100644 index 8b42766..0000000 --- a/modules/home-manager-modules/programs/qflipper.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.qflipper = { - enable = lib.mkEnableOption "enable qflipper"; - }; - - config = lib.mkIf config.programs.qflipper.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - qFlipper - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/qFlipper" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix deleted file mode 100644 index 7db23a7..0000000 --- a/modules/home-manager-modules/programs/signal.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.signal-desktop-bin = { - enable = lib.mkEnableOption "enable signal"; - }; - - config = lib.mkIf config.programs.signal-desktop-bin.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - signal-desktop-bin - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/Signal" - ]; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix deleted file mode 100644 index fd98cb6..0000000 --- a/modules/home-manager-modules/programs/steam.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.steam = { - enable = lib.mkEnableOption "enable steam"; - }; - - config = lib.mkIf config.programs.steam.enable ( - lib.mkMerge [ - { - home.packages = with pkgs; [ - steam - steam.run - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - { - directory = "${config.xdg.dataHome}/Steam"; - method = "symlink"; - } - ]; - allowOther = true; - }; - } - ) - ] - ); - - # TODO: bind impermanence config -} diff --git a/modules/home-manager-modules/programs/tor-browser.nix b/modules/home-manager-modules/programs/tor-browser.nix deleted file mode 100644 index c3b085d..0000000 --- a/modules/home-manager-modules/programs/tor-browser.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.tor-browser = { - enable = lib.mkEnableOption "enable tor-browser"; - }; - - config = lib.mkIf config.programs.tor-browser.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - tor-browser - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.dataHome}/torbrowser" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/ungoogled-chromium.nix b/modules/home-manager-modules/programs/ungoogled-chromium.nix deleted file mode 100644 index ef6a881..0000000 --- a/modules/home-manager-modules/programs/ungoogled-chromium.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.ungoogled-chromium = { - enable = lib.mkEnableOption "enable ungoogled-chromium"; - }; - - config = lib.mkIf config.programs.ungoogled-chromium.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - ungoogled-chromium - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/chromium" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix deleted file mode 100644 index 0aa58e4..0000000 --- a/modules/home-manager-modules/programs/via.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.via = { - enable = lib.mkEnableOption "enable via"; - }; - - config = lib.mkIf config.programs.via.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - via - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.configHome}/via" - "${config.xdg.dataHome}/via" - ]; - allowOther = true; - }; - } - ) - ]); -} diff --git a/modules/home-manager-modules/programs/vmware-workstation.nix b/modules/home-manager-modules/programs/vmware-workstation.nix deleted file mode 100644 index 8e9d406..0000000 --- a/modules/home-manager-modules/programs/vmware-workstation.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.vmware-workstation = { - enable = lib.mkEnableOption "enable VMware Workstation"; - }; - - config = lib.mkIf config.programs.vmware-workstation.enable ( - lib.mkMerge [ - { - home.packages = with pkgs; [ - vmware-workstation - ]; - } - ( - lib.mkIf config.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - { - directory = ".vmware"; - method = "symlink"; - } - { - directory = "vmware"; - method = "symlink"; - } - ]; - allowOther = true; - }; - } - ) - ] - ); -} diff --git a/modules/home-manager-modules/programs/vortex.nix b/modules/home-manager-modules/programs/vortex.nix deleted file mode 100644 index cb86526..0000000 --- a/modules/home-manager-modules/programs/vortex.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.programs.vortex; -in { - options.programs.vortex = { - enable = lib.mkEnableOption "Vortex (Nexus Mods manager)"; - }; - - config = { - assertions = [ - { - assertion = !cfg.enable; - message = '' - Vortex module is not yet fully configured. - Please download and install Vortex manually from the Nexus Mods website, - then configure the Wine environment and dependencies as needed. - ''; - } - ]; - }; -} diff --git a/modules/home-manager-modules/programs/vscode/aiCode.nix b/modules/home-manager-modules/programs/vscode/aiCode.nix deleted file mode 100644 index 838a439..0000000 --- a/modules/home-manager-modules/programs/vscode/aiCode.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - lib, - pkgs, - ... -}: let - pkgsRepository = pkgs.codium-extensions; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.aiCode = { - enable = lib.mkEnableOption "should the ai code extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "ai-code" {}; - ollamaHost = lib.mkOption { - type = lib.types.nullOr lib.types.str; - description = "what host should be used for ollama"; - default = null; - }; - inlineCompletion = { - enable = lib.mkOption { - type = lib.types.bool; - description = "should inline completion be enabled"; - default = true; - }; - model = lib.mkOption { - type = lib.types.nullOr lib.types.str; - description = "what model should be used for ollama"; - default = null; - }; - }; - }; - }; - config = lib.mkIf config.extraExtensions.aiCode.enable { - extensions = [ - config.extraExtensions.aiCode.extension - ]; - userSettings = { - "aiCode.ollamaHost" = lib.mkIf (config.extraExtensions.aiCode.ollamaHost != null) config.extraExtensions.aiCode.ollamaHost; - "aiCode.inlineCompletion.enable" = config.extraExtensions.aiCode.inlineCompletion.enable; - "aiCode.inlineCompletion.model" = lib.mkIf (config.extraExtensions.aiCode.inlineCompletion.model != null) config.extraExtensions.aiCode.inlineCompletion.model; - }; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/alejandra.nix b/modules/home-manager-modules/programs/vscode/alejandra.nix deleted file mode 100644 index ffeaf96..0000000 --- a/modules/home-manager-modules/programs/vscode/alejandra.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.alejandra = { - enable = lib.mkEnableOption "Enable Alejandra extension for Nix formatting"; - extension = lib.mkPackageOption pkgsRepository "alejandra" { - default = ["kamadorueda" "alejandra"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.alejandra.enable { - extensions = [config.extraExtensions.alejandra.extension]; - userSettings = { - "[nix]" = { - "editor.defaultFormatter" = "kamadorueda.alejandra"; - "editor.formatOnPaste" = true; - "editor.formatOnSave" = true; - "editor.formatOnType" = true; - }; - "alejandra.program" = "alejandra"; - }; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/astroVscode.nix b/modules/home-manager-modules/programs/vscode/astroVscode.nix deleted file mode 100644 index 4bae34a..0000000 --- a/modules/home-manager-modules/programs/vscode/astroVscode.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.astroVscode = { - enable = lib.mkEnableOption "should the astro-vscode extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "astro-vscode" { - default = ["astro-build" "astro-vscode"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.astroVscode.enable { - extensions = [ - config.extraExtensions.astroVscode.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/atomKeybindings.nix b/modules/home-manager-modules/programs/vscode/atomKeybindings.nix deleted file mode 100644 index 95cd928..0000000 --- a/modules/home-manager-modules/programs/vscode/atomKeybindings.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.atomKeybindings = { - enable = lib.mkEnableOption "should the atom keybindings extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "atom-keybindings" { - default = ["ms-vscode" "atom-keybindings"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.atomKeybindings.enable { - extensions = [ - config.extraExtensions.atomKeybindings.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/autoRenameTag.nix b/modules/home-manager-modules/programs/vscode/autoRenameTag.nix deleted file mode 100644 index 5f24a32..0000000 --- a/modules/home-manager-modules/programs/vscode/autoRenameTag.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.autoRenameTag = { - enable = lib.mkEnableOption "should the auto-rename-tag extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "auto-rename-tag" { - default = ["formulahendry" "auto-rename-tag"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.autoRenameTag.enable { - extensions = [ - config.extraExtensions.autoRenameTag.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/claudeDev.nix b/modules/home-manager-modules/programs/vscode/claudeDev.nix deleted file mode 100644 index ffeaff3..0000000 --- a/modules/home-manager-modules/programs/vscode/claudeDev.nix +++ /dev/null @@ -1,207 +0,0 @@ -{ - lib, - pkgs, - config, - inputs, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; - - mcp-nixos = inputs.mcp-nixos.packages.${pkgs.stdenv.hostPlatform.system}.default; - - anyProfileHasMcpNixos = lib.any ( - profile: - profile.extraExtensions.claudeDev.enable - && profile.extraExtensions.claudeDev.mcp.nixos.enable - ) (lib.attrValues config.programs.vscode.profiles); - - anyProfileHasMcpEslint = lib.any ( - profile: - profile.extraExtensions.claudeDev.enable - && profile.extraExtensions.claudeDev.mcp.eslint.enable - ) (lib.attrValues config.programs.vscode.profiles); - - anyProfileHasMcpVitest = lib.any ( - profile: - profile.extraExtensions.claudeDev.enable - && profile.extraExtensions.claudeDev.mcp.vitest.enable - ) (lib.attrValues config.programs.vscode.profiles); - - anyProfileHasMcpSleep = lib.any ( - profile: - profile.extraExtensions.claudeDev.enable - && profile.extraExtensions.claudeDev.mcp.sleep.enable - ) (lib.attrValues config.programs.vscode.profiles); - - anyProfileHasMcp = anyProfileHasMcpNixos || anyProfileHasMcpEslint || anyProfileHasMcpVitest || anyProfileHasMcpSleep; - - getMcpTimeout = serverName: - lib.findFirst (timeout: timeout != null) null (map ( - profile: - if profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.${serverName}.enable - then profile.extraExtensions.claudeDev.mcp.${serverName}.timeout - else null - ) (lib.attrValues config.programs.vscode.profiles)); - - getMcpAutoApprove = serverName: - lib.foldl' ( - acc: profile: - if profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.${serverName}.enable - then acc // profile.extraExtensions.claudeDev.mcp.${serverName}.autoApprove - else acc - ) {} (lib.attrValues config.programs.vscode.profiles); - - getMcpPackage = serverName: - lib.findFirst (package: package != null) null (map ( - profile: - if profile.extraExtensions.claudeDev.enable && profile.extraExtensions.claudeDev.mcp.${serverName}.enable - then profile.extraExtensions.claudeDev.mcp.${serverName}.package - else null - ) (lib.attrValues config.programs.vscode.profiles)); -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.claudeDev = { - enable = lib.mkEnableOption "should the claude-dev extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "claude-dev" { - default = ["saoudrizwan" "claude-dev"]; - }; - - mcp = { - nixos = { - enable = lib.mkEnableOption "enable NixOS MCP server for Claude Dev"; - autoApprove = { - nixos_search = lib.mkEnableOption "should the nixos_search tool be auto approved for the nixos MCP server"; - nixos_info = lib.mkEnableOption "should the nixos_info tool be auto approved for the nixos MCP server"; - home_manager_search = lib.mkEnableOption "should the home_manager_search tool be auto approved for the nixos MCP server"; - home_manager_info = lib.mkEnableOption "should the home_manager_info tool be auto approved for the nixos MCP server"; - darwin_search = lib.mkEnableOption "should the darwin_search tool be auto approved for the nixos MCP server"; - darwin_info = lib.mkEnableOption "should the darwin_info tool be auto approved for the nixos MCP server"; - nixos_flakes_search = lib.mkEnableOption "should the nixos_flakes_search tool be auto approved for the nixos MCP server"; - }; - }; - eslint = { - enable = lib.mkEnableOption "enable ESLint MCP server for Claude Dev"; - package = lib.mkOption { - type = lib.types.str; - default = "@eslint/mcp@latest"; - description = "NPM package to use for ESLint MCP server"; - }; - timeout = lib.mkOption { - type = lib.types.nullOr lib.types.int; - default = null; - description = "Timeout in seconds for ESLint MCP server operations"; - }; - autoApprove = { - lint-files = lib.mkEnableOption "Should the lint-files tool be auto approved for ESLint MCP server"; - }; - }; - vitest = { - enable = lib.mkEnableOption "enable Vitest MCP server for Claude Dev"; - package = lib.mkOption { - type = lib.types.str; - default = "@djankies/vitest-mcp"; - description = "NPM package to use for Vitest MCP server"; - }; - timeout = lib.mkOption { - type = lib.types.nullOr lib.types.int; - default = null; - description = "Timeout in seconds for Vitest MCP server operations"; - }; - autoApprove = { - list_tests = lib.mkEnableOption "Should the list_tests tool be auto approved for Vitest MCP server"; - run_tests = lib.mkEnableOption "Should the run_tests tool be auto approved for Vitest MCP server"; - analyze_coverage = lib.mkEnableOption "Should the analyze_coverage tool be auto approved for Vitest MCP server"; - set_project_root = lib.mkEnableOption "Should the set_project_root tool be auto approved for Vitest MCP server"; - }; - }; - sleep = { - enable = lib.mkEnableOption "enable Sleep MCP server for Claude Dev"; - package = lib.mkOption { - type = lib.types.str; - default = "sleep-mcp"; - description = "NPM package to use for Sleep MCP server"; - }; - timeout = lib.mkOption { - type = lib.types.nullOr lib.types.int; - default = null; - description = "Timeout in seconds for Sleep MCP server operations"; - }; - autoApprove = { - sleep = lib.mkEnableOption "Should the sleep tool be auto approved for Sleep MCP server"; - }; - }; - }; - }; - }; - config = lib.mkIf config.extraExtensions.claudeDev.enable { - extensions = [ - config.extraExtensions.claudeDev.extension - ]; - }; - })); - }; - - config = lib.mkMerge [ - (lib.mkIf anyProfileHasMcpNixos { - home.packages = [ - mcp-nixos - ]; - }) - - (lib.mkIf anyProfileHasMcp { - home.file."${config.xdg.configHome}/VSCodium/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json" = { - text = builtins.toJSON { - mcpServers = - (lib.optionalAttrs anyProfileHasMcpNixos { - nixos = { - command = "${mcp-nixos}/bin/mcp-nixos"; - }; - }) - // (lib.optionalAttrs anyProfileHasMcpEslint { - eslint = - { - command = "${pkgs.nodejs}/bin/npx"; - args = ["-y" (getMcpPackage "eslint")]; - } - // (lib.optionalAttrs ((getMcpTimeout "eslint") != null) { - timeout = getMcpTimeout "eslint"; - }) - // (lib.optionalAttrs ((getMcpAutoApprove "eslint") != {}) { - autoApprove = builtins.attrNames (lib.filterAttrs (_: v: v) (getMcpAutoApprove "eslint")); - }); - }) - // (lib.optionalAttrs anyProfileHasMcpVitest { - vitest = - { - command = "${pkgs.nodejs}/bin/npx"; - args = ["-y" (getMcpPackage "vitest")]; - } - // (lib.optionalAttrs ((getMcpTimeout "vitest") != null) { - timeout = getMcpTimeout "vitest"; - }) - // (lib.optionalAttrs ((getMcpAutoApprove "vitest") != {}) { - autoApprove = builtins.attrNames (lib.filterAttrs (_: v: v) (getMcpAutoApprove "vitest")); - }); - }) - // (lib.optionalAttrs anyProfileHasMcpSleep { - sleep-mcp = - { - command = "${pkgs.nodejs}/bin/npx"; - args = ["-y" (getMcpPackage "sleep")]; - } - // (lib.optionalAttrs ((getMcpTimeout "sleep") != null) { - timeout = getMcpTimeout "sleep"; - }) - // (lib.optionalAttrs ((getMcpAutoApprove "sleep") != {}) { - autoApprove = builtins.attrNames (lib.filterAttrs (_: v: v) (getMcpAutoApprove "sleep")); - }); - }); - }; - force = true; - }; - }) - ]; -} diff --git a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix b/modules/home-manager-modules/programs/vscode/conventionalCommits.nix deleted file mode 100644 index b667c27..0000000 --- a/modules/home-manager-modules/programs/vscode/conventionalCommits.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.vscode-marketplace; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.conventionalCommits = { - enable = lib.mkEnableOption "Enable VSCode Conventional Commits extension"; - extension = lib.mkPackageOption pkgsRepository "conventional-commits" { - default = ["vivaxy" "vscode-conventional-commits"]; - }; - - gitmoji = lib.mkEnableOption "should emoji be prompted for as a part of the commit message./"; - - promptScopes = lib.mkEnableOption "prompting for scopes in conventional commits"; - - promptFooter = lib.mkEnableOption "prompting for footer in conventional commits"; - - showNewVersionNotes = lib.mkEnableOption "showing new version notes for conventional commits"; - }; - }; - config = lib.mkIf config.extraExtensions.conventionalCommits.enable { - extensions = [config.extraExtensions.conventionalCommits.extension]; - - userSettings = { - "conventionalCommits.gitmoji" = config.extraExtensions.conventionalCommits.gitmoji; - "conventionalCommits.promptScopes" = config.extraExtensions.conventionalCommits.promptScopes; - "conventionalCommits.promptFooter" = config.extraExtensions.conventionalCommits.promptFooter; - "conventionalCommits.showNewVersionNotes" = config.extraExtensions.conventionalCommits.showNewVersionNotes; - }; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/default.nix b/modules/home-manager-modules/programs/vscode/default.nix deleted file mode 100644 index f9d83dc..0000000 --- a/modules/home-manager-modules/programs/vscode/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{...}: { - imports = [ - ./oneDark.nix - ./atomKeybindings.nix - ./aiCode.nix - ./alejandra.nix - ./nixIde.nix - ./autoRenameTag.nix - ./es7ReactJsSnippets.nix - ./liveServer.nix - ./tauriVscode.nix - ./vscodeEslint.nix - ./vscodeJest.nix - ./vscodeStandard.nix - ./vscodeStylelint.nix - ./go.nix - ./evenBetterToml.nix - ./openRemoteSsh.nix - ./rustAnalyzer.nix - ./astroVscode.nix - ./vscodeMdx.nix - ./claudeDev.nix - ./nearley.nix - ./vitest.nix - ./direnv.nix - ./conventionalCommits.nix - ./openDyslexicFont.nix - ]; -} diff --git a/modules/home-manager-modules/programs/vscode/direnv.nix b/modules/home-manager-modules/programs/vscode/direnv.nix deleted file mode 100644 index 231ea17..0000000 --- a/modules/home-manager-modules/programs/vscode/direnv.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.vscode-marketplace; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.direnv = { - enable = lib.mkEnableOption "Enable direnv extension"; - extension = lib.mkPackageOption pkgsRepository "direnv" { - default = ["mkhl" "direnv"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.direnv.enable { - extensions = [config.extraExtensions.direnv.extension]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/es7ReactJsSnippets.nix b/modules/home-manager-modules/programs/vscode/es7ReactJsSnippets.nix deleted file mode 100644 index 09e6da3..0000000 --- a/modules/home-manager-modules/programs/vscode/es7ReactJsSnippets.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.es7ReactJsSnippets = { - enable = lib.mkEnableOption "should the es7-react-js-snippets extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "es7-react-js-snippets" { - default = ["dsznajder" "es7-react-js-snippets"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.es7ReactJsSnippets.enable { - extensions = [ - config.extraExtensions.es7ReactJsSnippets.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/evenBetterToml.nix b/modules/home-manager-modules/programs/vscode/evenBetterToml.nix deleted file mode 100644 index 9813ee1..0000000 --- a/modules/home-manager-modules/programs/vscode/evenBetterToml.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.evenBetterToml = { - enable = lib.mkEnableOption "should the even-better-toml extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "even-better-toml" { - default = ["tamasfe" "even-better-toml"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.evenBetterToml.enable { - extensions = [ - config.extraExtensions.evenBetterToml.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/go.nix b/modules/home-manager-modules/programs/vscode/go.nix deleted file mode 100644 index 02ffe5d..0000000 --- a/modules/home-manager-modules/programs/vscode/go.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.go = { - enable = lib.mkEnableOption "should the go extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "go" { - default = ["golang" "go"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.go.enable { - extensions = [ - config.extraExtensions.go.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/liveServer.nix b/modules/home-manager-modules/programs/vscode/liveServer.nix deleted file mode 100644 index 3f53ca3..0000000 --- a/modules/home-manager-modules/programs/vscode/liveServer.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.liveServer = { - enable = lib.mkEnableOption "should the live-server extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "live-server" { - default = ["ms-vscode" "live-server"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.liveServer.enable { - extensions = [ - config.extraExtensions.liveServer.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/nearley.nix b/modules/home-manager-modules/programs/vscode/nearley.nix deleted file mode 100644 index 3020a9e..0000000 --- a/modules/home-manager-modules/programs/vscode/nearley.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.vscode-marketplace; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.nearley = { - enable = lib.mkEnableOption "should the nearley extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "nearley" { - default = ["karyfoundation" "nearley"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.nearley.enable { - extensions = [ - config.extraExtensions.nearley.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/nixIde.nix b/modules/home-manager-modules/programs/vscode/nixIde.nix deleted file mode 100644 index bc79b69..0000000 --- a/modules/home-manager-modules/programs/vscode/nixIde.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.nixIde = { - enable = lib.mkEnableOption "Enable Nix IDE extension"; - extension = lib.mkPackageOption pkgsRepository "nix-ide" { - default = ["jnoortheen" "nix-ide"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.nixIde.enable { - extensions = [config.extraExtensions.nixIde.extension]; - userSettings = { - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - }; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/oneDark.nix b/modules/home-manager-modules/programs/vscode/oneDark.nix deleted file mode 100644 index 5ed43f4..0000000 --- a/modules/home-manager-modules/programs/vscode/oneDark.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.oneDark = { - enable = lib.mkEnableOption "should the one dark theme for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "onedark" { - default = ["akamud" "vscode-theme-onedark"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.oneDark.enable { - extensions = [ - config.extraExtensions.oneDark.extension - ]; - userSettings = { - "workbench.colorTheme" = "Atom One Dark"; - }; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix b/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix deleted file mode 100644 index f1f6215..0000000 --- a/modules/home-manager-modules/programs/vscode/openDyslexicFont.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.openDyslexicFont = { - enable = lib.mkEnableOption "should OpenDyslexic font be set as the default font for VSCode"; - package = lib.mkPackageOption pkgs "nerd-fonts.open-dyslexic" { - default = ["nerd-fonts" "open-dyslexic"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.openDyslexicFont.enable { - userSettings = { - "editor.fontFamily" = "'OpenDyslexicM Nerd Font Mono', Droid Sans Mono, monospace"; - "editor.fontSize" = 14; - "editor.letterSpacing" = -0.3; - }; - }; - })); - }; - - config = let - enabledProfiles = - lib.filter (profile: profile.extraExtensions.openDyslexicFont.enable or false) - (lib.attrValues config.programs.vscode.profiles); - - anyProfileUsesOpenDyslexicFont = enabledProfiles != []; - - fontPackages = lib.unique (map (profile: profile.extraExtensions.openDyslexicFont.package) enabledProfiles); - in { - # Ensure OpenDyslexic font packages are installed when any VSCode profile uses them - home.packages = fontPackages; - - fonts.fontconfig.enable = lib.mkIf anyProfileUsesOpenDyslexicFont true; - - # Add assertion to ensure the fonts are available - assertions = - map (fontPkg: { - assertion = lib.elem fontPkg config.home.packages; - message = "OpenDyslexic font package '${fontPkg.name or "unknown"}' must be installed when using openDyslexicFont extension for VSCode."; - }) - fontPackages; - }; -} diff --git a/modules/home-manager-modules/programs/vscode/openRemoteSsh.nix b/modules/home-manager-modules/programs/vscode/openRemoteSsh.nix deleted file mode 100644 index c1b6daa..0000000 --- a/modules/home-manager-modules/programs/vscode/openRemoteSsh.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.openRemoteSsh = { - enable = lib.mkEnableOption "should the open-remote-ssh extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "open-remote-ssh" { - default = ["jeanp413" "open-remote-ssh"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.openRemoteSsh.enable { - extensions = [ - config.extraExtensions.openRemoteSsh.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix b/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix deleted file mode 100644 index 66e9ebe..0000000 --- a/modules/home-manager-modules/programs/vscode/rustAnalyzer.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.rustAnalyzer = { - enable = lib.mkEnableOption "should the rust-analyzer extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "rust-analyzer" { - default = ["rust-lang" "rust-analyzer"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.rustAnalyzer.enable { - extensions = [ - config.extraExtensions.rustAnalyzer.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/tauriVscode.nix b/modules/home-manager-modules/programs/vscode/tauriVscode.nix deleted file mode 100644 index 9185fb3..0000000 --- a/modules/home-manager-modules/programs/vscode/tauriVscode.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.tauriVscode = { - enable = lib.mkEnableOption "should the tauri-vscode extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "tauri-vscode" { - default = ["tauri-apps" "tauri-vscode"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.tauriVscode.enable { - extensions = [ - config.extraExtensions.tauriVscode.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/vitest.nix b/modules/home-manager-modules/programs/vscode/vitest.nix deleted file mode 100644 index 446d25b..0000000 --- a/modules/home-manager-modules/programs/vscode/vitest.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.vitest = { - enable = lib.mkEnableOption "should the vitest extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "vitest" { - default = ["vitest" "explorer"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.vitest.enable { - extensions = [ - config.extraExtensions.vitest.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/vscodeEslint.nix b/modules/home-manager-modules/programs/vscode/vscodeEslint.nix deleted file mode 100644 index 64d979f..0000000 --- a/modules/home-manager-modules/programs/vscode/vscodeEslint.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.vscodeEslint = { - enable = lib.mkEnableOption "should the vscode-eslint extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "vscode-eslint" { - default = ["dbaeumer" "vscode-eslint"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.vscodeEslint.enable { - extensions = [ - config.extraExtensions.vscodeEslint.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/vscodeJest.nix b/modules/home-manager-modules/programs/vscode/vscodeJest.nix deleted file mode 100644 index 7c24f2a..0000000 --- a/modules/home-manager-modules/programs/vscode/vscodeJest.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.vscodeJest = { - enable = lib.mkEnableOption "should the vscode-jest extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "vscode-jest" { - default = ["orta" "vscode-jest"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.vscodeJest.enable { - extensions = [ - config.extraExtensions.vscodeJest.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/vscodeMdx.nix b/modules/home-manager-modules/programs/vscode/vscodeMdx.nix deleted file mode 100644 index c49fe51..0000000 --- a/modules/home-manager-modules/programs/vscode/vscodeMdx.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.vscodeMdx = { - enable = lib.mkEnableOption "should the vscode-mdx extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "vscode-mdx" { - default = ["unifiedjs" "vscode-mdx"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.vscodeMdx.enable { - extensions = [ - config.extraExtensions.vscodeMdx.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/vscodeStandard.nix b/modules/home-manager-modules/programs/vscode/vscodeStandard.nix deleted file mode 100644 index 31c8ad0..0000000 --- a/modules/home-manager-modules/programs/vscode/vscodeStandard.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.vscodeStandard = { - enable = lib.mkEnableOption "should the vscode-standard extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "vscode-standard" { - default = ["standard" "vscode-standard"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.vscodeStandard.enable { - extensions = [ - config.extraExtensions.vscodeStandard.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/programs/vscode/vscodeStylelint.nix b/modules/home-manager-modules/programs/vscode/vscodeStylelint.nix deleted file mode 100644 index 0d43b29..0000000 --- a/modules/home-manager-modules/programs/vscode/vscodeStylelint.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - pkgsRepositories = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; - pkgsRepository = pkgsRepositories.open-vsx; -in { - options.programs.vscode.profiles = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({config, ...}: { - options = { - extraExtensions.vscodeStylelint = { - enable = lib.mkEnableOption "should the vscode-stylelint extension for vscode be enabled"; - extension = lib.mkPackageOption pkgsRepository "vscode-stylelint" { - default = ["stylelint" "vscode-stylelint"]; - }; - }; - }; - config = lib.mkIf config.extraExtensions.vscodeStylelint.enable { - extensions = [ - config.extraExtensions.vscodeStylelint.extension - ]; - }; - })); - }; -} diff --git a/modules/home-manager-modules/sops.nix b/modules/home-manager-modules/sops.nix deleted file mode 100644 index 910fbb6..0000000 --- a/modules/home-manager-modules/sops.nix +++ /dev/null @@ -1,7 +0,0 @@ -{...}: { - config = { - sops = { - age.keyFile = "/var/lib/sops-nix/key.txt"; - }; - }; -} diff --git a/modules/home-manager-modules/user.nix b/modules/home-manager-modules/user.nix deleted file mode 100644 index efce22d..0000000 --- a/modules/home-manager-modules/user.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - lib, - config, - osConfig, - ... -}: { - options.user = { - isDesktopUser = lib.mkOption { - type = lib.types.bool; - default = osConfig.host.users.${config.home.username}.isDesktopUser; - }; - isTerminalUser = lib.mkOption { - type = lib.types.bool; - default = osConfig.host.users.${config.home.username}.isTerminalUser; - }; - }; -} diff --git a/modules/nixos-modules/ai.nix b/modules/nixos-modules/ai.nix deleted file mode 100644 index d8cd63d..0000000 --- a/modules/nixos-modules/ai.nix +++ /dev/null @@ -1,46 +0,0 @@ -{lib, ...}: { - options.host = { - ai = { - enable = lib.mkEnableOption "should we use AI on this machine"; - models = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - model = lib.mkOption { - type = lib.types.str; - }; - provider = lib.mkOption { - type = lib.types.str; - default = "ollama"; - }; - apiBase = lib.mkOption { - type = lib.types.str; - default = "http://localhost:11434"; - }; - roles = lib.mkOption { - type = lib.types.listOf (lib.types.enum [ - "chat" - "autocomplete" - "embed" - "rerank" - "edit" - "apply" - "summarize" - ]); - default = []; - }; - }; - })); - }; - default = {}; - }; - }; - - config = { - # TODO: configure ollama to download any modules listed in options.host.ai.models.{name}.model if options.host.ai.models.{name}.apiBase is localhost - # TODO: if we have any models that have a non localhost options.host.ai.models.{name}.apiBase then set services.ollama.enable to a lib.mkAfter true - }; -} diff --git a/modules/nixos-modules/default.nix b/modules/nixos-modules/default.nix deleted file mode 100644 index 2ba1a58..0000000 --- a/modules/nixos-modules/default.nix +++ /dev/null @@ -1,24 +0,0 @@ -# this folder container modules that are for nixos only -{...}: { - imports = [ - ./home-manager - ./system.nix - ./hardware.nix - ./users.nix - ./desktop.nix - ./ssh.nix - ./i18n.nix - ./sync.nix - ./impermanence.nix - ./disko.nix - ./ollama.nix - ./ai.nix - ./tailscale.nix - ./steam.nix - ./server - ]; - - nixpkgs.config.permittedInsecurePackages = [ - "dotnet-sdk-6.0.428" - ]; -} diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix deleted file mode 100644 index 6686ee3..0000000 --- a/modules/nixos-modules/desktop.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.host.desktop.enable = lib.mkEnableOption "should desktop configuration be enabled"; - - config = lib.mkMerge [ - { - host.desktop.enable = lib.mkDefault true; - } - (lib.mkIf config.host.desktop.enable { - environment.gnome.excludePackages = with pkgs; [ - xterm # default terminal - atomix # puzzle game - cheese # webcam tool - epiphany # web browser - geary # email reader - gedit # text editor - decibels # audio player - gnome-characters # character set viewer - gnome-music # music player - gnome-photos # photo viewer - gnome-logs # log viewer - gnome-maps # map viewer - gnome-tour # welcome tour - hitori # sudoku game - iagno # go game - tali # poker game - yelp # help viewer - ]; - services = { - # Enable CUPS to print documents. - printing = { - enable = true; - drivers = [ - pkgs.hplip - pkgs.gutenprint - pkgs.gutenprintBin - ]; - }; - - xserver = { - # Enable the X11 windowing system. - enable = true; - - # Get rid of xTerm - desktopManager.xterm.enable = false; - }; - - # Enable the GNOME Desktop Environment. - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; - - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - automatic-timezoned = { - enable = true; - }; - - # Enable sound with pipewire. - pulseaudio.enable = false; - }; - - # enable RealtimeKit for pulse audio - security.rtkit.enable = true; - }) - ]; -} diff --git a/modules/nixos-modules/disko.nix b/modules/nixos-modules/disko.nix deleted file mode 100644 index a962689..0000000 --- a/modules/nixos-modules/disko.nix +++ /dev/null @@ -1,267 +0,0 @@ -{ - lib, - pkgs, - config, - inputs, - ... -}: let - # there currently is a bug with disko that causes long disk names to be generated improperly this hash function should alleviate it when used for disk names instead of what we are defaulting to - # max gpt length is 36 and disk adds formats it like disk-xxxx-zfs which means we need to be 9 characters under that - hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive)); - - vdevs = - builtins.map ( - disks: - builtins.map (disk: lib.attrsets.nameValuePair (hashDisk disk) disk) disks - ) - config.host.storage.pool.vdevs; - cache = - builtins.map ( - disk: lib.attrsets.nameValuePair (hashDisk disk) disk - ) - config.host.storage.pool.cache; - - datasets = config.host.storage.pool.datasets // config.host.storage.pool.extraDatasets; -in { - options.host.storage = { - enable = lib.mkEnableOption "are we going create zfs disks with disko on this device"; - encryption = lib.mkEnableOption "is the vdev going to be encrypted"; - notifications = { - enable = lib.mkEnableOption "are notifications enabled"; - host = lib.mkOption { - type = lib.types.str; - description = "what is the host that we are going to send the email to"; - }; - port = lib.mkOption { - type = lib.types.port; - description = "what port is the host using to receive mail on"; - }; - to = lib.mkOption { - type = lib.types.str; - description = "what account is the email going to be sent to"; - }; - user = lib.mkOption { - type = lib.types.str; - description = "what user is the email going to be set from"; - }; - tokenFile = lib.mkOption { - type = lib.types.str; - description = "file containing the password to be used by msmtp for notifications"; - }; - }; - pool = { - mode = lib.mkOption { - type = lib.types.str; - default = "raidz2"; - description = "what level of redundancy should this pool have"; - }; - # list of drives in pool that will have a boot partition put onto them - bootDrives = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "list of disks that are going to have a boot partition installed on them"; - default = lib.lists.flatten config.host.storage.pool.vdevs; - }; - # shorthand for vdevs if you only have 1 vdev - drives = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "list of drives that are going to be in the vdev"; - default = []; - }; - # list of all drives in each vdev - vdevs = lib.mkOption { - type = lib.types.listOf (lib.types.listOf lib.types.str); - description = "list of disks that are going to be in"; - default = [config.host.storage.pool.drives]; - }; - # list of cache drives for pool - cache = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "list of drives that are going to be used as cache"; - default = []; - }; - # Default datasets that are needed to make a functioning system - datasets = lib.mkOption { - type = lib.types.attrsOf (inputs.disko.lib.subType { - types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; - }); - default = { - "local" = { - type = "zfs_fs"; - options.canmount = "off"; - }; - # nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up - "local/system/nix" = { - type = "zfs_fs"; - mountpoint = "/nix"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - # dataset for root that gets rolled back on every boot - "local/system/root" = { - type = "zfs_fs"; - mountpoint = "/"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/system/root@blank - ''; - }; - }; - }; - extraDatasets = lib.mkOption { - type = lib.types.attrsOf (inputs.disko.lib.subType { - types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;}; - }); - description = "List of datasets to define"; - default = {}; - }; - }; - }; - - config = lib.mkIf config.host.storage.enable { - programs.msmtp = lib.mkIf config.host.storage.notifications.enable { - enable = true; - setSendmail = true; - defaults = { - aliases = "/etc/aliases"; - port = config.host.storage.notifications.port; - tls_trust_file = "/etc/ssl/certs/ca-certificates.crt"; - tls = "on"; - auth = "login"; - tls_starttls = "off"; - }; - accounts = { - zfs_notifications = { - auth = true; - tls = true; - host = config.host.storage.notifications.host; - passwordeval = "cat ${config.host.storage.notifications.tokenFile}"; - user = config.host.storage.notifications.user; - from = config.host.storage.notifications.user; - }; - }; - }; - - services.zfs = { - autoScrub.enable = true; - autoSnapshot.enable = true; - - zed = lib.mkIf config.host.storage.notifications.enable { - enableMail = true; - - settings = { - ZED_DEBUG_LOG = "/tmp/zed.debug.log"; - ZED_EMAIL_ADDR = [config.host.storage.notifications.to]; - ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp"; - ZED_EMAIL_OPTS = "-a zfs_notifications @ADDRESS@"; - - ZED_NOTIFY_INTERVAL_SECS = 3600; - ZED_NOTIFY_VERBOSE = true; - - ZED_USE_ENCLOSURE_LEDS = true; - ZED_SCRUB_AFTER_RESILVER = true; - }; - }; - }; - - disko.devices = { - disk = ( - builtins.listToAttrs ( - builtins.map - (drive: - lib.attrsets.nameValuePair (drive.name) { - type = "disk"; - device = "/dev/disk/by-id/${drive.value}"; - content = { - type = "gpt"; - partitions = { - ESP = lib.mkIf (builtins.elem drive.value config.host.storage.pool.bootDrives) { - # The 2GB here for the boot partition might be a bit overkill we probably only need like 1/4th of that but storage is cheap - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = ["umask=0077"]; - }; - }; - zfs = { - size = "100%"; - content = { - type = "zfs"; - pool = "rpool"; - }; - }; - }; - }; - }) - ( - (lib.lists.flatten vdevs) ++ cache - ) - ) - ); - zpool = { - rpool = { - type = "zpool"; - mode = { - topology = { - type = "topology"; - vdev = ( - builtins.map (disks: { - mode = config.host.storage.pool.mode; - members = - builtins.map (disk: disk.name) disks; - }) - vdevs - ); - cache = builtins.map (disk: disk.name) cache; - }; - }; - - options = { - ashift = "12"; - autotrim = "on"; - }; - - rootFsOptions = - { - canmount = "off"; - mountpoint = "none"; - - xattr = "sa"; - acltype = "posixacl"; - relatime = "on"; - - compression = "lz4"; - - "com.sun:auto-snapshot" = "false"; - } - // ( - lib.attrsets.optionalAttrs config.host.storage.encryption { - encryption = "on"; - keyformat = "hex"; - keylocation = "prompt"; - } - ); - - datasets = lib.mkMerge [ - ( - lib.attrsets.mapAttrs (name: value: { - type = value.type; - options = value.options; - mountpoint = value.mountpoint; - postCreateHook = value.postCreateHook; - }) - datasets - ) - ]; - }; - }; - }; - }; -} diff --git a/modules/nixos-modules/hardware.nix b/modules/nixos-modules/hardware.nix deleted file mode 100644 index 07e6fa8..0000000 --- a/modules/nixos-modules/hardware.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: { - options.host.hardware = { - piperMouse = { - enable = lib.mkEnableOption "host has a piper mouse"; - }; - viaKeyboard = { - enable = lib.mkEnableOption "host has a via keyboard"; - }; - openRGB = { - enable = lib.mkEnableOption "host has open rgb hardware"; - }; - graphicsAcceleration = { - enable = lib.mkEnableOption "host has a gpu for graphical acceleration"; - }; - directAccess = { - enable = lib.mkEnableOption "can a host be used on its own"; - }; - }; - config = lib.mkMerge [ - (lib.mkIf config.host.hardware.piperMouse.enable { - services.ratbagd.enable = true; - }) - (lib.mkIf config.host.hardware.viaKeyboard.enable { - hardware.keyboard.qmk.enable = true; - - services.udev.packages = [pkgs.via]; - }) - ]; -} diff --git a/modules/nixos-modules/home-manager/default.nix b/modules/nixos-modules/home-manager/default.nix deleted file mode 100644 index 10f86c7..0000000 --- a/modules/nixos-modules/home-manager/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -# modules in this folder are to adapt home-manager modules configs to nixos-module configs -{...}: { - imports = [ - ./flipperzero.nix - ./i18n.nix - ./openssh.nix - ./steam.nix - ]; -} diff --git a/modules/nixos-modules/home-manager/flipperzero.nix b/modules/nixos-modules/home-manager/flipperzero.nix deleted file mode 100644 index 6c94773..0000000 --- a/modules/nixos-modules/home-manager/flipperzero.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - lib, - config, - ... -}: let - home-users = lib.attrsets.mapAttrsToList (_: user: user) config.home-manager.users; -in { - hardware.flipperzero.enable = lib.lists.any (home-user: home-user.hardware.flipperzero.enable) home-users; -} diff --git a/modules/nixos-modules/home-manager/i18n.nix b/modules/nixos-modules/home-manager/i18n.nix deleted file mode 100644 index 78b86fa..0000000 --- a/modules/nixos-modules/home-manager/i18n.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - lib, - config, - ... -}: let - home-users = lib.attrsets.mapAttrsToList (_: user: user) config.home-manager.users; -in { - config = { - i18n.supportedLocales = - lib.unique - (builtins.map (l: (lib.replaceStrings ["utf8" "utf-8" "UTF8"] ["UTF-8" "UTF-8" "UTF-8"] l) + "/UTF-8") ( - [ - "C.UTF-8" - "en_US.UTF-8" - config.i18n.defaultLocale - ] - ++ (lib.attrValues (lib.filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings)) - ++ ( - map (user-config: user-config.i18n.defaultLocale) home-users - ) - ++ (lib.lists.flatten ( - map (user-config: lib.attrValues (lib.filterAttrs (n: v: n != "LANGUAGE") user-config.i18n.extraLocaleSettings)) home-users - )) - )); - }; -} diff --git a/modules/nixos-modules/home-manager/openssh.nix b/modules/nixos-modules/home-manager/openssh.nix deleted file mode 100644 index 31a785f..0000000 --- a/modules/nixos-modules/home-manager/openssh.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - config, - lib, - ... -}: { - users.users = - lib.attrsets.mapAttrs (name: value: { - openssh.authorizedKeys.keys = value.programs.openssh.authorizedKeys; - }) - config.home-manager.users; -} diff --git a/modules/nixos-modules/home-manager/steam.nix b/modules/nixos-modules/home-manager/steam.nix deleted file mode 100644 index d151bca..0000000 --- a/modules/nixos-modules/home-manager/steam.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - lib, - config, - ... -}: let - setupSteam = - lib.lists.any - (value: value) - (lib.attrsets.mapAttrsToList (name: value: value.programs.steam.enable) config.home-manager.users); -in { - config = lib.mkIf setupSteam { - programs.steam = { - enable = true; - # TODO: figure out how to not install steam here - # package = lib.mkDefault pkgs.emptyFile; - }; - }; -} diff --git a/modules/nixos-modules/i18n.nix b/modules/nixos-modules/i18n.nix deleted file mode 100644 index eada12c..0000000 --- a/modules/nixos-modules/i18n.nix +++ /dev/null @@ -1,3 +0,0 @@ -{...}: { - i18n.defaultLocale = "en_IE.UTF-8"; -} diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix deleted file mode 100644 index 60011cb..0000000 --- a/modules/nixos-modules/impermanence.nix +++ /dev/null @@ -1,134 +0,0 @@ -{ - config, - lib, - ... -}: { - # options.storage = { - # zfs = { - # # TODO: enable option - # # when this option is enabled we need to configure and enable disko things - - # # TODO: we need some way of managing notifications - - # # TODO: we need options to configure zfs pools - # # we should have warnings when the configured pool is missing drives - - # # TODO: dataset option that is a submodule that adds datasets to the system - # # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it - - # # TODO: pools and datasets need to be passed to disko - # }; - - # impermanence = { - # # TODO: enable option - - # # TODO: datasets option that is a submodule that will be used to define what datasets to add to the storage system - # # We should by default create the `local`, `local/system/nix`, `local/system/root`, `persist` `persist/system/root`, and `persist/system/var/log` datasets - # # Then we should make a dataset for user folders local and persist - # # We should also create datasets for systemd modules that have have impermanence enabled for them - # # we need to figure out what options a dataset can have in zfs - # }; - - # # TODO: we should have an impermanence module for home manager that proxies its values namespaced to the user down here that matches the same interface - - # # TODO: we should have a way of enabling impermanence for a systemd config - # # these should have an option to put their folder into their own dataset (this needs to support private vs non private) - # # options for features that can be added to the dataset - # }; - - options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device"; - - config = lib.mkMerge [ - { - assertions = [ - { - assertion = !(config.host.impermanence.enable && !config.host.storage.enable); - message = '' - Disko storage must be enabled to use impermanence. - ''; - } - ]; - } - ( - lib.mkIf config.host.impermanence.enable { - assertions = [ - { - assertion = config.host.impermanence.enable && config.host.storage.enable; - message = "Impermanence can not be used without managed host storage."; - } - ]; - - # fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254 - system.activationScripts."createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"]; - system.activationScripts = { - "var-lib-private-permissions" = { - deps = ["specialfs"]; - text = '' - mkdir -p /persist/system/root/var/lib/private - chmod 0700 /persist/system/root/var/lib/private - ''; - }; - }; - - programs.fuse.userAllowOther = true; - - boot.initrd.postResumeCommands = lib.mkAfter '' - zfs rollback -r rpool/local/system/root@blank - ''; - - fileSystems = { - "/".neededForBoot = true; - "/persist/system/root".neededForBoot = true; - "/persist/system/var/log".neededForBoot = true; - }; - - host.storage.pool.extraDatasets = { - # persist datasets are datasets that contain information that we would like to keep around - "persist" = { - type = "zfs_fs"; - options.canmount = "off"; - options = { - "com.sun:auto-snapshot" = "true"; - }; - }; - # this is where root data actually lives - "persist/system/root" = { - type = "zfs_fs"; - mountpoint = "/persist/system/root"; - }; - "persist/system/var/log" = { - type = "zfs_fs"; - mountpoint = "/persist/system/var/log"; - # logs should be append only so we shouldn't need to snapshot them - options = { - "com.sun:auto-snapshot" = "false"; - }; - }; - }; - - environment.persistence."/persist/system/var/log" = { - enable = true; - hideMounts = true; - directories = [ - "/var/log" - ]; - }; - - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - "/var/lib/nixos" - "/var/lib/systemd/coredump" - ]; - files = [ - "/etc/machine-id" - ]; - }; - - # TODO: this should live in leylas home manager configuration - security.sudo.extraConfig = "Defaults lecture=never"; - } - ) - ]; -} diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix deleted file mode 100644 index 99819bf..0000000 --- a/modules/nixos-modules/ollama.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - config, - lib, - ... -}: { - options = { - services.ollama.exposePort = lib.mkEnableOption "should we expose ollama on tailscale"; - }; - - config = lib.mkIf config.services.ollama.enable ( - lib.mkMerge [ - { - services.ollama = { - # TODO: these should match whats set in the users file - group = "ollama"; - user = "ollama"; - }; - } - (lib.mkIf config.services.ollama.exposePort (let - ports = [ - config.services.ollama.port - ]; - in { - services.ollama.host = "0.0.0.0"; - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { - allowedTCPPorts = ports; - allowedUDPPorts = ports; - }; - })) - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = "/var/lib/private/ollama"; - user = config.services.ollama.user; - group = config.services.ollama.group; - mode = "0700"; - } - ]; - }; - }) - ] - ); -} diff --git a/modules/nixos-modules/server/actual/actual.nix b/modules/nixos-modules/server/actual/actual.nix deleted file mode 100644 index 4cca449..0000000 --- a/modules/nixos-modules/server/actual/actual.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - lib, - config, - ... -}: let - const = import ./const.nix; - dataDirectory = const.dataDirectory; -in { - options.services.actual = { - port = lib.mkOption { - type = lib.types.port; - description = "The port to listen on"; - default = 5006; - }; - }; - config = lib.mkIf config.services.actual.enable { - services.actual = { - settings = { - port = config.services.actual.port; - dataDir = dataDirectory; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/actual/const.nix b/modules/nixos-modules/server/actual/const.nix deleted file mode 100644 index 14b715e..0000000 --- a/modules/nixos-modules/server/actual/const.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - dataDirectory = "/var/lib/private/actual"; -} diff --git a/modules/nixos-modules/server/actual/default.nix b/modules/nixos-modules/server/actual/default.nix deleted file mode 100644 index b59517b..0000000 --- a/modules/nixos-modules/server/actual/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - imports = [ - ./actual.nix - ./proxy.nix - ./fail2ban.nix - ./impermanence.nix - ]; -} diff --git a/modules/nixos-modules/server/actual/fail2ban.nix b/modules/nixos-modules/server/actual/fail2ban.nix deleted file mode 100644 index 3ad754e..0000000 --- a/modules/nixos-modules/server/actual/fail2ban.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - lib, - config, - ... -}: { - config = lib.mkIf (config.services.actual.enable && config.services.fail2ban.enable) { - # TODO: configuration for fail2ban for actual - }; -} diff --git a/modules/nixos-modules/server/actual/impermanence.nix b/modules/nixos-modules/server/actual/impermanence.nix deleted file mode 100644 index d870789..0000000 --- a/modules/nixos-modules/server/actual/impermanence.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - lib, - config, - ... -}: let - const = import ./const.nix; - dataDirectory = const.dataDirectory; -in { - options.services.actual = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.actual.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.actual.impermanence.enable { - assertions = [ - { - assertion = config.services.actual.settings.dataDir == dataDirectory; - message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}"; - } - { - assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false; - message = "actual systemd service must have DynamicUser enabled to use private directory"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataDirectory; - user = "actual"; - group = "actual"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/actual/proxy.nix b/modules/nixos-modules/server/actual/proxy.nix deleted file mode 100644 index 9d37574..0000000 --- a/modules/nixos-modules/server/actual/proxy.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.actual = { - domain = lib.mkOption { - type = lib.types.str; - description = "domain that actual will be hosted at"; - default = "actual.arpa"; - }; - extraDomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for actual"; - default = []; - }; - reverseProxy.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.actual.enable && config.services.reverseProxy.enable; - }; - }; - - config = lib.mkIf config.services.actual.reverseProxy.enable { - services.reverseProxy.services.actual = { - target = "http://localhost:${toString config.services.actual.settings.port}"; - domain = config.services.actual.domain; - extraDomains = config.services.actual.extraDomains; - - settings = { - forwardHeaders.enable = true; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/bazarr/default.nix b/modules/nixos-modules/server/bazarr/default.nix deleted file mode 100644 index 86dbb4b..0000000 --- a/modules/nixos-modules/server/bazarr/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{...}: { - imports = [ - ./impermanence.nix - ]; -} diff --git a/modules/nixos-modules/server/bazarr/impermanence.nix b/modules/nixos-modules/server/bazarr/impermanence.nix deleted file mode 100644 index 70a45d1..0000000 --- a/modules/nixos-modules/server/bazarr/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - bazarr_data_directory = "/var/lib/bazarr"; -in { - options.services.bazarr = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.bazarr.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.bazarr.impermanence.enable { - assertions = [ - { - assertion = config.services.bazarr.dataDir == bazarr_data_directory; - message = "bazarr data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = bazarr_data_directory; - user = "bazarr"; - group = "bazarr"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/crab-hole/crab-hole.nix b/modules/nixos-modules/server/crab-hole/crab-hole.nix deleted file mode 100644 index d76323a..0000000 --- a/modules/nixos-modules/server/crab-hole/crab-hole.nix +++ /dev/null @@ -1,193 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.services.crab-hole; -in { - options.services.crab-hole = { - port = lib.mkOption { - type = lib.types.port; - default = 8080; - description = "Port for the crab-hole API to listen on."; - }; - - openFirewall = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Whether to open the firewall for the crab-hole API port."; - }; - - listen = lib.mkOption { - type = lib.types.str; - default = "0.0.0.0"; - description = "Address for the crab-hole API to listen on."; - }; - - show_doc = lib.mkEnableOption "OpenAPI documentation (loads content from third party websites)"; - - downstreams = { - host = { - enable = lib.mkEnableOption "host downstream DNS server accessible from network on all interfaces"; - port = lib.mkOption { - type = lib.types.port; - default = 53; - description = "Port for the host downstream DNS server to listen on."; - }; - openFirewall = lib.mkEnableOption "automatic port forwarding for the host downstream"; - disableSystemdResolved = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Whether to automatically disable systemd-resolved when using port 53. Set to false if you want to handle the conflict manually."; - }; - }; - }; - - extraDownstreams = lib.mkOption { - type = lib.types.listOf (lib.types.submodule { - options = { - protocol = lib.mkOption { - type = lib.types.enum ["udp" "tcp" "tls" "https" "quic"]; - description = "Protocol for the downstream server."; - }; - - listen = lib.mkOption { - type = lib.types.str; - description = "Address to listen on for downstream connections."; - }; - - port = lib.mkOption { - type = lib.types.port; - description = "Port to listen on for downstream connections."; - }; - }; - }); - default = []; - description = "List of additional downstream DNS server configurations."; - }; - - upstreams = { - cloudFlare = { - enable = lib.mkEnableOption "Cloudflare DNS over TLS upstream servers (1.1.1.1 and 1.0.0.1)"; - }; - }; - - extraUpstreams = lib.mkOption { - type = lib.types.listOf (lib.types.submodule { - options = { - socket_addr = lib.mkOption { - type = lib.types.str; - description = "Socket address of the upstream DNS server (e.g., \"1.1.1.1:853\" or \"[2606:4700:4700::1111]:853\")."; - }; - - protocol = lib.mkOption { - type = lib.types.enum ["udp" "tcp" "tls" "https" "quic"]; - description = "Protocol to use for upstream DNS queries."; - }; - }; - }); - default = []; - description = "List of additional upstream DNS server configurations."; - }; - - blocklists = { - ad_malware = { - enable = lib.mkEnableOption "Host file for blocking ads and malware"; - url = lib.mkOption { - type = lib.types.str; - default = "http://sbc.io/hosts/hosts"; - description = "URL of the ad and malware blocklist host file"; - }; - }; - }; - - extraBlocklists = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Additional blocklist URLs to be added to the configuration"; - }; - }; - - config = lib.mkIf cfg.enable { - # Assertions for proper configuration - assertions = [ - { - assertion = !(cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && config.services.resolved.enable && cfg.downstreams.host.disableSystemdResolved); - message = "crab-hole host downstream cannot use port 53 while systemd-resolved is enabled. Either disable systemd-resolved or use a different port."; - } - { - assertion = !(cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && !cfg.downstreams.host.disableSystemdResolved && config.services.resolved.enable); - message = "crab-hole host downstream is configured to use port 53 but systemd-resolved is still enabled and disableSystemdResolved is false. Set disableSystemdResolved = true or manually disable systemd-resolved."; - } - ]; - - # Automatically disable systemd-resolved if using port 53 - services.resolved.enable = lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && cfg.downstreams.host.disableSystemdResolved) (lib.mkForce false); - - # Configure DNS nameservers when disabling systemd-resolved - networking.nameservers = lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.port == 53 && cfg.downstreams.host.disableSystemdResolved) (lib.mkDefault ["127.0.0.1" "1.1.1.1" "8.8.8.8"]); - - services.crab-hole.settings = lib.mkMerge [ - { - api = { - port = cfg.port; - listen = cfg.listen; - show_doc = cfg.show_doc; - }; - downstream = cfg.extraDownstreams; - upstream.name_servers = cfg.extraUpstreams; - blocklist.lists = cfg.extraBlocklists; - } - (lib.mkIf cfg.blocklists.ad_malware.enable { - blocklist.lists = [cfg.blocklists.ad_malware.url]; - }) - (lib.mkIf cfg.downstreams.host.enable { - downstream = [ - { - protocol = "udp"; - listen = "0.0.0.0"; - port = cfg.downstreams.host.port; - } - ]; - }) - (lib.mkIf cfg.upstreams.cloudFlare.enable { - upstream.name_servers = [ - { - socket_addr = "1.1.1.1:853"; - protocol = "tls"; - tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; - trust_nx_responses = false; - } - { - socket_addr = "1.0.0.1:853"; - protocol = "tls"; - tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; - trust_nx_responses = false; - } - { - socket_addr = "[2606:4700:4700::1111]:853"; - protocol = "tls"; - tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; - trust_nx_responses = false; - } - { - socket_addr = "[2606:4700:4700::1001]:853"; - protocol = "tls"; - tls_dns_name = "1dot1dot1dot1.cloudflare-dns.com"; - trust_nx_responses = false; - } - ]; - }) - ]; - - # Open firewall if requested - networking.firewall = lib.mkMerge [ - (lib.mkIf cfg.openFirewall { - allowedTCPPorts = [cfg.port]; - }) - (lib.mkIf (cfg.downstreams.host.enable && cfg.downstreams.host.openFirewall) { - allowedUDPPorts = [cfg.downstreams.host.port]; - }) - ]; - }; -} diff --git a/modules/nixos-modules/server/crab-hole/default.nix b/modules/nixos-modules/server/crab-hole/default.nix deleted file mode 100644 index 158a851..0000000 --- a/modules/nixos-modules/server/crab-hole/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{...}: { - imports = [ - ./crab-hole.nix - ./impermanence.nix - ]; -} diff --git a/modules/nixos-modules/server/crab-hole/impermanence.nix b/modules/nixos-modules/server/crab-hole/impermanence.nix deleted file mode 100644 index 51efc0c..0000000 --- a/modules/nixos-modules/server/crab-hole/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - workingDirectory = "/var/lib/private/crab-hole"; -in { - options.services.crab-hole = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.crab-hole.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.crab-hole.impermanence.enable { - assertions = [ - { - assertion = - config.systemd.services.crab-hole.serviceConfig.WorkingDirectory == (builtins.replaceStrings ["/private"] [""] workingDirectory); - message = "crab-hole working directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = workingDirectory; - user = "crab-hole"; - group = "crab-hole"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix deleted file mode 100644 index 2b33089..0000000 --- a/modules/nixos-modules/server/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{...}: { - imports = [ - ./reverseProxy - ./fail2ban - ./postgres - ./network_storage - - ./actual - ./bazarr - ./crab-hole - ./flaresolverr - ./forgejo - ./home-assistant - ./immich - ./jackett - ./jellyfin - ./lidarr - ./panoramax - ./paperless - ./qbittorent - ./radarr - ./searx - ./sonarr - ./wyoming.nix - ]; -} diff --git a/modules/nixos-modules/server/fail2ban/default.nix b/modules/nixos-modules/server/fail2ban/default.nix deleted file mode 100644 index 30fca99..0000000 --- a/modules/nixos-modules/server/fail2ban/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{...}: { - imports = [ - ./fail2ban.nix - ./impermanence.nix - ]; -} diff --git a/modules/nixos-modules/server/fail2ban/fail2ban.nix b/modules/nixos-modules/server/fail2ban/fail2ban.nix deleted file mode 100644 index 261c68f..0000000 --- a/modules/nixos-modules/server/fail2ban/fail2ban.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - config = lib.mkIf config.services.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/nginx.local".text = lib.mkIf config.services.nginx.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = "limiting requests, excess:.* by zone.*client: " - '') - ); - }; - - services.fail2ban = { - maxretry = 5; - ignoreIP = [ - # Whitelist local networks - "10.0.0.0/8" - "172.16.0.0/12" - "192.168.0.0/16" - - # tail scale tailnet - "100.64.0.0/10" - "fd7a:115c:a1e0::/48" - ]; - bantime = "24h"; # Ban IPs for one day on the first ban - bantime-increment = { - enable = true; # Enable increment of bantime after each violation - formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; - maxtime = "168h"; # Do not ban for more than 1 week - overalljails = true; # Calculate the ban time based on all the violations - }; - jails = { - nginx-iptables.settings = lib.mkIf config.services.nginx.enable { - enabled = true; - filter = "nginx"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - # TODO; figure out if there is any fail2ban things we can do on searx - # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/fail2ban/impermanence.nix b/modules/nixos-modules/server/fail2ban/impermanence.nix deleted file mode 100644 index 6e214b3..0000000 --- a/modules/nixos-modules/server/fail2ban/impermanence.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - lib, - config, - ... -}: let - dataFolder = "/var/lib/fail2ban"; - dataFile = "fail2ban.sqlite3"; -in { - options.services.fail2ban = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.fail2ban.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.fail2ban.impermanence.enable { - assertions = [ - { - assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}"; - message = "fail2ban data file does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataFolder; - user = "fail2ban"; - group = "fail2ban"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/flaresolverr/default.nix b/modules/nixos-modules/server/flaresolverr/default.nix deleted file mode 100644 index 86dbb4b..0000000 --- a/modules/nixos-modules/server/flaresolverr/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{...}: { - imports = [ - ./impermanence.nix - ]; -} diff --git a/modules/nixos-modules/server/flaresolverr/impermanence.nix b/modules/nixos-modules/server/flaresolverr/impermanence.nix deleted file mode 100644 index 4544e75..0000000 --- a/modules/nixos-modules/server/flaresolverr/impermanence.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.flaresolverr = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.flaresolverr.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.flaresolverr.impermanence.enable { - # FlareSolverr typically doesn't need persistent storage as it's a proxy service - # but we'll add basic structure in case it's needed for logs or configuration - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = "/var/lib/flaresolverr"; - user = "flaresolverr"; - group = "flaresolverr"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/forgejo/const.nix b/modules/nixos-modules/server/forgejo/const.nix deleted file mode 100644 index 10e3974..0000000 --- a/modules/nixos-modules/server/forgejo/const.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - httpPort = 8081; - sshPort = 22222; -} diff --git a/modules/nixos-modules/server/forgejo/database.nix b/modules/nixos-modules/server/forgejo/database.nix deleted file mode 100644 index bb8781c..0000000 --- a/modules/nixos-modules/server/forgejo/database.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - lib, - config, - ... -}: let - usingPostgres = config.services.forgejo.database.type == "postgres"; -in { - config = lib.mkIf config.services.forgejo.enable { - assertions = [ - { - assertion = !usingPostgres || config.services.postgresql.enable; - message = "PostgreSQL must be enabled when Forgejo database type is postgres"; - } - { - assertion = !(usingPostgres && config.services.forgejo.database.createDatabase) || (builtins.any (db: db == "forgejo") config.services.postgresql.ensureDatabases); - message = "Forgejo built-in database creation failed - expected 'forgejo' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; - } - { - assertion = !(usingPostgres && config.services.forgejo.database.createDatabase) || (builtins.any (user: user.name == "forgejo") config.services.postgresql.ensureUsers); - message = "Forgejo built-in user creation failed - expected user 'forgejo' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; - } - ]; - - services.forgejo.database.createDatabase = lib.mkDefault usingPostgres; - - systemd.services.forgejo = lib.mkIf usingPostgres { - requires = [ - config.systemd.services.postgresql.name - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/forgejo/default.nix b/modules/nixos-modules/server/forgejo/default.nix deleted file mode 100644 index 4333f69..0000000 --- a/modules/nixos-modules/server/forgejo/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - imports = [ - ./forgejo.nix - ./proxy.nix - ./database.nix - ./fail2ban.nix - ./impermanence.nix - ]; -} diff --git a/modules/nixos-modules/server/forgejo/fail2ban.nix b/modules/nixos-modules/server/forgejo/fail2ban.nix deleted file mode 100644 index dfe221a..0000000 --- a/modules/nixos-modules/server/forgejo/fail2ban.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: { - options.services.forgejo = { - fail2ban = { - enable = lib.mkOption { - type = lib.types.bool; - default = config.services.forgejo.enable && config.services.fail2ban.enable; - }; - }; - }; - - config = lib.mkIf config.services.forgejo.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/forgejo.local".text = lib.mkIf config.services.forgejo.enable ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = ".*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from " - '') - ); - }; - - services.fail2ban = { - jails = { - forgejo-iptables.settings = lib.mkIf config.services.forgejo.enable { - enabled = true; - filter = "forgejo"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.forgejo.settings.log.ROOT_PATH}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/forgejo/forgejo.nix b/modules/nixos-modules/server/forgejo/forgejo.nix deleted file mode 100644 index 70d3087..0000000 --- a/modules/nixos-modules/server/forgejo/forgejo.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - lib, - config, - ... -}: let - const = import ./const.nix; - httpPort = const.httpPort; - sshPort = const.sshPort; - db_user = "forgejo"; -in { - config = lib.mkIf config.services.forgejo.enable { - assertions = [ - { - assertion = config.services.forgejo.settings.server.BUILTIN_SSH_SERVER_USER == config.users.users.git.name; - message = "Forgejo BUILTIN_SSH_SERVER_USER hardcoded value does not match expected git user name"; - } - ]; - - services.forgejo = { - database = { - type = "postgres"; - socket = "/run/postgresql"; - }; - lfs.enable = true; - settings = { - server = { - DOMAIN = config.services.forgejo.reverseProxy.domain; - HTTP_PORT = httpPort; - START_SSH_SERVER = true; - SSH_LISTEN_PORT = sshPort; - SSH_PORT = 22; - BUILTIN_SSH_SERVER_USER = "git"; - ROOT_URL = "https://git.jan-leila.com"; - }; - service = { - DISABLE_REGISTRATION = true; - }; - database = { - DB_TYPE = "postgres"; - NAME = db_user; - USER = db_user; - }; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/forgejo/impermanence.nix b/modules/nixos-modules/server/forgejo/impermanence.nix deleted file mode 100644 index 6fe3de8..0000000 --- a/modules/nixos-modules/server/forgejo/impermanence.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - lib, - config, - ... -}: let - stateDir = "/var/lib/forgejo"; -in { - options.services.forgejo = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.forgejo.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.forgejo.impermanence.enable { - assertions = [ - { - assertion = config.services.forgejo.stateDir == stateDir; - message = "forgejo state directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = stateDir; - user = "forgejo"; - group = "forgejo"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/forgejo/proxy.nix b/modules/nixos-modules/server/forgejo/proxy.nix deleted file mode 100644 index c2d3131..0000000 --- a/modules/nixos-modules/server/forgejo/proxy.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - lib, - config, - ... -}: let - const = import ./const.nix; - httpPort = const.httpPort; -in { - options.services.forgejo = { - reverseProxy = { - enable = lib.mkOption { - type = lib.types.bool; - default = config.services.forgejo.enable && config.services.reverseProxy.enable; - }; - domain = lib.mkOption { - type = lib.types.str; - description = "domain that forgejo will be hosted at"; - default = "git.jan-leila.com"; - }; - extraDomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for forgejo"; - default = []; - }; - }; - }; - - config = lib.mkIf config.services.forgejo.reverseProxy.enable { - services.reverseProxy.services.forgejo = { - target = "http://localhost:${toString httpPort}"; - domain = config.services.forgejo.reverseProxy.domain; - extraDomains = config.services.forgejo.reverseProxy.extraDomains; - - settings = { - forwardHeaders.enable = true; - }; - }; - - networking.firewall.allowedTCPPorts = [ - config.services.forgejo.settings.server.SSH_LISTEN_PORT - ]; - }; -} diff --git a/modules/nixos-modules/server/home-assistant/database.nix b/modules/nixos-modules/server/home-assistant/database.nix deleted file mode 100644 index f1927ed..0000000 --- a/modules/nixos-modules/server/home-assistant/database.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.home-assistant = { - postgres = { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Use PostgreSQL instead of SQLite"; - }; - user = lib.mkOption { - type = lib.types.str; - default = "hass"; - description = "Database user name"; - }; - database = lib.mkOption { - type = lib.types.str; - default = "hass"; - description = "Database name"; - }; - }; - }; - - config = lib.mkIf config.services.home-assistant.enable { - assertions = [ - { - assertion = !config.services.home-assistant.postgres.enable || config.services.postgresql.enable; - message = "PostgreSQL must be enabled when using postgres database for Home Assistant"; - } - ]; - - services.postgresql.databases.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { - enable = true; - user = config.services.home-assistant.postgres.user; - database = config.services.home-assistant.postgres.database; - }; - - services.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { - extraPackages = python3Packages: - with python3Packages; [ - psycopg2 - ]; - }; - - systemd.services.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable { - requires = [ - config.systemd.services.postgresql.name - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/home-assistant/default.nix b/modules/nixos-modules/server/home-assistant/default.nix deleted file mode 100644 index b6f9356..0000000 --- a/modules/nixos-modules/server/home-assistant/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - imports = [ - ./home-assistant.nix - ./proxy.nix - ./database.nix - ./fail2ban.nix - ./impermanence.nix - ./extensions - ]; -} diff --git a/modules/nixos-modules/server/home-assistant/extensions/default.nix b/modules/nixos-modules/server/home-assistant/extensions/default.nix deleted file mode 100644 index 9ef84a3..0000000 --- a/modules/nixos-modules/server/home-assistant/extensions/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - imports = [ - ./sonos.nix - ./jellyfin.nix - ./wyoming.nix - ]; -} diff --git a/modules/nixos-modules/server/home-assistant/extensions/jellyfin.nix b/modules/nixos-modules/server/home-assistant/extensions/jellyfin.nix deleted file mode 100644 index 29af274..0000000 --- a/modules/nixos-modules/server/home-assistant/extensions/jellyfin.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - lib, - config, - ... -}: -lib.mkIf (config.services.home-assistant.extensions.jellyfin.enable) { - services.home-assistant.extraComponents = ["jellyfin"]; - # TODO: configure port, address, and login information here -} diff --git a/modules/nixos-modules/server/home-assistant/extensions/sonos.nix b/modules/nixos-modules/server/home-assistant/extensions/sonos.nix deleted file mode 100644 index c70649f..0000000 --- a/modules/nixos-modules/server/home-assistant/extensions/sonos.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - lib, - config, - ... -}: -lib.mkIf (config.services.home-assistant.extensions.sonos.enable) { - services.home-assistant.extraComponents = ["sonos"]; - networking.firewall.allowedTCPPorts = [ - config.services.home-assistant.extensions.sonos.port - ]; -} diff --git a/modules/nixos-modules/server/home-assistant/extensions/wyoming.nix b/modules/nixos-modules/server/home-assistant/extensions/wyoming.nix deleted file mode 100644 index 840d360..0000000 --- a/modules/nixos-modules/server/home-assistant/extensions/wyoming.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - lib, - config, - ... -}: -lib.mkIf (config.services.home-assistant.extensions.wyoming.enable) { - services.home-assistant.extraComponents = ["wyoming"]; - services.wyoming.enable = true; -} diff --git a/modules/nixos-modules/server/home-assistant/fail2ban.nix b/modules/nixos-modules/server/home-assistant/fail2ban.nix deleted file mode 100644 index 25194ef..0000000 --- a/modules/nixos-modules/server/home-assistant/fail2ban.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - options.services.home-assistant = { - fail2ban = { - enable = lib.mkOption { - type = lib.types.bool; - default = config.services.fail2ban.enable && config.services.home-assistant.enable; - }; - }; - }; - - config = lib.mkIf config.services.home-assistant.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/hass.local".text = ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [INCLUDES] - before = common.conf - - [Definition] - failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ - - ignoreregex = - - [Init] - datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S - '') - ); - }; - - services.fail2ban = { - jails = { - home-assistant-iptables.settings = { - enabled = true; - filter = "hass"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.home-assistant.configDir}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/home-assistant/home-assistant.nix b/modules/nixos-modules/server/home-assistant/home-assistant.nix deleted file mode 100644 index fa58d5e..0000000 --- a/modules/nixos-modules/server/home-assistant/home-assistant.nix +++ /dev/null @@ -1,104 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.home-assistant = { - database = lib.mkOption { - type = lib.types.enum [ - "builtin" - "postgres" - ]; - description = "what database do we want to use"; - default = "builtin"; - }; - - extensions = { - sonos = { - enable = lib.mkEnableOption "enable the sonos plugin"; - port = lib.mkOption { - type = lib.types.int; - default = 1400; - description = "what port to use for sonos discovery"; - }; - }; - jellyfin = { - enable = lib.mkEnableOption "enable the jellyfin plugin"; - }; - wyoming = { - enable = lib.mkEnableOption "enable wyoming"; - }; - }; - }; - - config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ - { - services.home-assistant = { - configDir = "/var/lib/hass"; - extraComponents = [ - "default_config" - "esphome" - "met" - "radio_browser" - "isal" - "zha" - "webostv" - "tailscale" - "syncthing" - "analytics_insights" - "unifi" - "openweathermap" - "ollama" - "mobile_app" - "logbook" - "ssdp" - "usb" - "webhook" - "bluetooth" - "dhcp" - "energy" - "history" - "backup" - "assist_pipeline" - "conversation" - "sun" - "zeroconf" - "cpuspeed" - ]; - config = { - http = { - server_port = 8123; - use_x_forwarded_for = true; - trusted_proxies = ["127.0.0.1" "::1"]; - ip_ban_enabled = true; - login_attempts_threshold = 10; - }; - homeassistant = { - external_url = "https://${config.services.home-assistant.domain}"; - # internal_url = "http://192.168.1.2:8123"; - }; - recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; - "automation manual" = []; - "automation ui" = "!include automations.yaml"; - mobile_app = {}; - }; - extraPackages = python3Packages: - with python3Packages; [ - hassil - numpy - gtts - ]; - }; - - # TODO: configure /var/lib/hass/secrets.yaml via sops - - networking.firewall.allowedUDPPorts = [ - 1900 - ]; - - systemd.tmpfiles.rules = [ - "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" - ]; - } - ]); -} diff --git a/modules/nixos-modules/server/home-assistant/impermanence.nix b/modules/nixos-modules/server/home-assistant/impermanence.nix deleted file mode 100644 index 8c056a1..0000000 --- a/modules/nixos-modules/server/home-assistant/impermanence.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - lib, - config, - ... -}: let - configDir = "/var/lib/hass"; -in - lib.mkIf (config.host.impermanence.enable && config.services.home-assistant.enable) { - assertions = [ - { - assertion = config.services.home-assistant.configDir == configDir; - message = "home assistant config directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = configDir; - user = "hass"; - group = "hass"; - } - ]; - }; - } diff --git a/modules/nixos-modules/server/home-assistant/proxy.nix b/modules/nixos-modules/server/home-assistant/proxy.nix deleted file mode 100644 index b756459..0000000 --- a/modules/nixos-modules/server/home-assistant/proxy.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.home-assistant = { - domain = lib.mkOption { - type = lib.types.str; - description = "domain that home-assistant will be hosted at"; - default = "home-assistant.arpa"; - }; - extraDomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for home-assistant"; - default = []; - }; - reverseProxy = { - enable = lib.mkOption { - type = lib.types.bool; - default = config.services.reverseProxy.enable && config.services.home-assistant.enable; - }; - }; - }; - - config = lib.mkIf config.services.home-assistant.reverseProxy.enable { - services.reverseProxy.services.home-assistant = { - target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - domain = config.services.home-assistant.domain; - extraDomains = config.services.home-assistant.extraDomains; - - settings = { - proxyWebsockets.enable = true; - forwardHeaders.enable = true; - - # Custom timeout settings - proxyHeaders = { - enable = true; - timeout = 90; - }; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/immich/database.nix b/modules/nixos-modules/server/immich/database.nix deleted file mode 100644 index 52af51e..0000000 --- a/modules/nixos-modules/server/immich/database.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - lib, - config, - ... -}: { - config = lib.mkIf config.services.immich.enable { - assertions = [ - { - assertion = !config.services.immich.database.enable || config.services.postgresql.enable; - message = "PostgreSQL must be enabled when using postgres database for Immich"; - } - { - assertion = !(config.services.immich.database.enable && config.services.immich.database.createDB) || (builtins.any (db: db == "immich") config.services.postgresql.ensureDatabases); - message = "Immich built-in database creation failed - expected 'immich' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; - } - { - assertion = !(config.services.immich.database.enable && config.services.immich.database.createDB) || (builtins.any (user: user.name == "immich") config.services.postgresql.ensureUsers); - message = "Immich built-in user creation failed - expected user 'immich' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; - } - ]; - - # Note: Immich has built-in database creation via services.immich.database.createDB we only add the systemd dependency - - systemd.services.immich-server = lib.mkIf config.services.immich.database.enable { - requires = [ - config.systemd.services.postgresql.name - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/immich/default.nix b/modules/nixos-modules/server/immich/default.nix deleted file mode 100644 index 4d93c0b..0000000 --- a/modules/nixos-modules/server/immich/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{...}: { - imports = [ - ./proxy.nix - ./database.nix - ./fail2ban.nix - ./impermanence.nix - ]; - - # NOTE: This shouldn't be needed now that we are out of testing - # config = lib.mkIf config.services.immich.enable { - # networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { - # allowedUDPPorts = [ - # config.services.immich.port - # ]; - # allowedTCPPorts = [ - # config.services.immich.port - # ]; - # }; - # }; -} diff --git a/modules/nixos-modules/server/immich/fail2ban.nix b/modules/nixos-modules/server/immich/fail2ban.nix deleted file mode 100644 index 21593e7..0000000 --- a/modules/nixos-modules/server/immich/fail2ban.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: { - options.services.immich = { - fail2ban = { - enable = lib.mkOption { - type = lib.types.bool; - default = config.services.fail2ban.enable && config.services.immich.enable; - }; - }; - }; - - config = lib.mkIf config.services.immich.fail2ban.enable { - environment.etc = { - "fail2ban/filter.d/immich.local".text = pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = immich-server.*Failed login attempt for user.+from ip address\s? - journalmatch = CONTAINER_TAG=immich-server - ''); - }; - - services.fail2ban = { - jails = { - immich-iptables.settings = { - enabled = true; - filter = "immich"; - backend = "systemd"; - }; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/immich/impermanence.nix b/modules/nixos-modules/server/immich/impermanence.nix deleted file mode 100644 index 56e51d0..0000000 --- a/modules/nixos-modules/server/immich/impermanence.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - lib, - config, - ... -}: let - mediaLocation = "/var/lib/immich"; -in { - options.services.immich = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.immich.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.immich.impermanence.enable { - assertions = [ - { - assertion = config.services.immich.mediaLocation == mediaLocation; - message = "immich media location does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = mediaLocation; - user = "immich"; - group = "immich"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/immich/proxy.nix b/modules/nixos-modules/server/immich/proxy.nix deleted file mode 100644 index 9c8c165..0000000 --- a/modules/nixos-modules/server/immich/proxy.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.immich = { - domain = lib.mkOption { - type = lib.types.str; - description = "domain that immich will be hosted at"; - default = "immich.arpa"; - }; - extraDomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for immich"; - default = []; - }; - reverseProxy = { - enable = lib.mkOption { - type = lib.types.bool; - default = config.services.immich.enable && config.services.reverseProxy.enable; - }; - }; - }; - - config = lib.mkIf config.services.immich.reverseProxy.enable { - services.reverseProxy.services.immich = { - target = "http://localhost:${toString config.services.immich.port}"; - domain = config.services.immich.domain; - extraDomains = config.services.immich.extraDomains; - - settings = { - proxyWebsockets.enable = true; - forwardHeaders.enable = true; - maxBodySize = 50000; - - # Custom timeout settings - proxyHeaders = { - enable = true; - timeout = 600; - }; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/jackett/default.nix b/modules/nixos-modules/server/jackett/default.nix deleted file mode 100644 index 86dbb4b..0000000 --- a/modules/nixos-modules/server/jackett/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{...}: { - imports = [ - ./impermanence.nix - ]; -} diff --git a/modules/nixos-modules/server/jackett/impermanence.nix b/modules/nixos-modules/server/jackett/impermanence.nix deleted file mode 100644 index 24fc5e6..0000000 --- a/modules/nixos-modules/server/jackett/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - jackett_data_directory = "/var/lib/jackett/.config/Jackett"; -in { - options.services.jackett = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.jackett.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.jackett.impermanence.enable { - assertions = [ - { - assertion = config.services.jackett.dataDir == jackett_data_directory; - message = "jackett data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = jackett_data_directory; - user = "jackett"; - group = "jackett"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/jellyfin/default.nix b/modules/nixos-modules/server/jellyfin/default.nix deleted file mode 100644 index 2dbdcfd..0000000 --- a/modules/nixos-modules/server/jellyfin/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - imports = [ - ./jellyfin.nix - ./proxy.nix - ./fail2ban.nix - ./impermanence.nix - ]; -} diff --git a/modules/nixos-modules/server/jellyfin/fail2ban.nix b/modules/nixos-modules/server/jellyfin/fail2ban.nix deleted file mode 100644 index ba8d8ba..0000000 --- a/modules/nixos-modules/server/jellyfin/fail2ban.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: { - config = lib.mkIf (config.services.jellyfin.enable && config.services.fail2ban.enable) { - environment.etc = { - "fail2ban/filter.d/jellyfin.local".text = ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = "^.*Authentication request for .* has been denied \\\\\\(IP: \\\"\\\"\\\\\\)\\\\\\." - '') - ); - }; - - services.fail2ban = { - jails = { - jellyfin-iptables.settings = { - enabled = true; - filter = "jellyfin"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.jellyfin.dataDir}/log/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/jellyfin/impermanence.nix b/modules/nixos-modules/server/jellyfin/impermanence.nix deleted file mode 100644 index cbcb54f..0000000 --- a/modules/nixos-modules/server/jellyfin/impermanence.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - lib, - config, - ... -}: let - jellyfin_data_directory = "/var/lib/jellyfin"; - jellyfin_cache_directory = "/var/cache/jellyfin"; -in { - options.services.jellyfin = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.jellyfin.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.jellyfin.impermanence.enable { - fileSystems."/persist/system/jellyfin".neededForBoot = true; - - host.storage.pool.extraDatasets = { - # sops age key needs to be available to pre persist for user generation - "persist/system/jellyfin" = { - type = "zfs_fs"; - mountpoint = "/persist/system/jellyfin"; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - }; - - assertions = [ - { - assertion = config.services.jellyfin.dataDir == jellyfin_data_directory; - message = "jellyfin data directory does not match persistence"; - } - { - assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory; - message = "jellyfin cache directory does not match persistence"; - } - ]; - - environment.persistence = { - "/persist/system/root" = { - directories = [ - { - directory = jellyfin_data_directory; - user = "jellyfin"; - group = "jellyfin"; - } - { - directory = jellyfin_cache_directory; - user = "jellyfin"; - group = "jellyfin"; - } - ]; - }; - - "/persist/system/jellyfin" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.jellyfin.media_directory; - user = "jellyfin"; - group = "jellyfin_media"; - mode = "1770"; - } - ]; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/jellyfin/jellyfin.nix b/modules/nixos-modules/server/jellyfin/jellyfin.nix deleted file mode 100644 index 9bfa921..0000000 --- a/modules/nixos-modules/server/jellyfin/jellyfin.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - jellyfinPort = 8096; - dlanPort = 1900; -in { - options.services.jellyfin = { - media_directory = lib.mkOption { - type = lib.types.str; - description = "directory jellyfin media will be hosted at"; - default = "/srv/jellyfin/media"; - }; - }; - - config = lib.mkIf config.services.jellyfin.enable { - environment.systemPackages = [ - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; - - networking.firewall.allowedTCPPorts = [jellyfinPort dlanPort]; - - systemd.tmpfiles.rules = [ - "d ${config.services.jellyfin.media_directory} 2770 jellyfin jellyfin_media" - "A ${config.services.jellyfin.media_directory} - - - - u:jellyfin:rwX,g:jellyfin_media:rwX,o::-" - ]; - }; -} diff --git a/modules/nixos-modules/server/jellyfin/proxy.nix b/modules/nixos-modules/server/jellyfin/proxy.nix deleted file mode 100644 index 35289e7..0000000 --- a/modules/nixos-modules/server/jellyfin/proxy.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - lib, - config, - ... -}: let - jellyfinPort = 8096; -in { - options.services.jellyfin = { - domain = lib.mkOption { - type = lib.types.str; - description = "domain that jellyfin will be hosted at"; - default = "jellyfin.arpa"; - }; - extraDomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for jellyfin"; - default = []; - }; - reverseProxy = { - enable = lib.mkOption { - type = lib.types.bool; - default = config.services.jellyfin.enable && config.services.reverseProxy.enable; - }; - }; - }; - - config = lib.mkIf config.services.jellyfin.reverseProxy.enable { - services.reverseProxy.services.jellyfin = { - target = "http://localhost:${toString jellyfinPort}"; - domain = config.services.jellyfin.domain; - extraDomains = config.services.jellyfin.extraDomains; - - settings = { - forwardHeaders.enable = true; - maxBodySize = 20; - noSniff.enable = true; - proxyBuffering.enable = false; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/lidarr/default.nix b/modules/nixos-modules/server/lidarr/default.nix deleted file mode 100644 index 86dbb4b..0000000 --- a/modules/nixos-modules/server/lidarr/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{...}: { - imports = [ - ./impermanence.nix - ]; -} diff --git a/modules/nixos-modules/server/lidarr/impermanence.nix b/modules/nixos-modules/server/lidarr/impermanence.nix deleted file mode 100644 index 5d3aa3f..0000000 --- a/modules/nixos-modules/server/lidarr/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr"; -in { - options.services.lidarr = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.lidarr.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.lidarr.impermanence.enable { - assertions = [ - { - assertion = config.services.lidarr.dataDir == lidarr_data_directory; - message = "lidarr data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = lidarr_data_directory; - user = "lidarr"; - group = "lidarr"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix deleted file mode 100644 index cd100ab..0000000 --- a/modules/nixos-modules/server/network_storage/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./network_storage.nix - ./nfs.nix - ]; -} diff --git a/modules/nixos-modules/server/network_storage/network_storage.nix b/modules/nixos-modules/server/network_storage/network_storage.nix deleted file mode 100644 index ebc3bee..0000000 --- a/modules/nixos-modules/server/network_storage/network_storage.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ - config, - lib, - ... -}: let - export_directory = config.host.network_storage.export_directory; -in { - options = { - host.network_storage = { - enable = lib.mkEnableOption "is this machine going to export network storage"; - export_directory = lib.mkOption { - type = lib.types.path; - description = "what are exports going to be stored in"; - default = "/exports"; - }; - directories = lib.mkOption { - type = lib.types.listOf (lib.types.submodule ({config, ...}: { - options = { - folder = lib.mkOption { - type = lib.types.str; - description = "what is the name of this export directory"; - }; - bind = lib.mkOption { - type = lib.types.nullOr lib.types.path; - description = "is this directory bound to anywhere"; - default = null; - }; - user = lib.mkOption { - type = lib.types.str; - description = "what user owns this directory"; - default = "nouser"; - }; - group = lib.mkOption { - type = lib.types.str; - description = "what group owns this directory"; - default = "nogroup"; - }; - _directory = lib.mkOption { - internal = true; - readOnly = true; - type = lib.types.path; - default = "${export_directory}/${config.folder}"; - }; - }; - })); - description = "list of directory names to export"; - }; - }; - }; - - config = lib.mkIf config.host.network_storage.enable (lib.mkMerge [ - { - # create any folders that we need to have for our exports - systemd.tmpfiles.rules = - [ - "d ${config.host.network_storage.export_directory} 2775 nobody nogroup -" - ] - ++ ( - builtins.map ( - directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}" - ) - config.host.network_storage.directories - ); - - # set up any bind mounts that we need for our exports - fileSystems = builtins.listToAttrs ( - builtins.map (directory: - lib.attrsets.nameValuePair directory._directory { - device = directory.bind; - options = ["bind"]; - }) ( - builtins.filter (directory: directory.bind != null) config.host.network_storage.directories - ) - ); - } - # (lib.mkIf config.host.impermanence.enable { - # environment.persistence."/persist/system/root" = { - # enable = true; - # hideMounts = true; - # directories = [ - # config.host.network_storage.export_directory - # ]; - # }; - # }) - ]); -} diff --git a/modules/nixos-modules/server/network_storage/nfs.nix b/modules/nixos-modules/server/network_storage/nfs.nix deleted file mode 100644 index 297dc1a..0000000 --- a/modules/nixos-modules/server/network_storage/nfs.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ - config, - lib, - ... -}: { - options = { - host.network_storage.nfs = { - enable = lib.mkEnableOption "is this server going to export network storage as nfs shares"; - port = lib.mkOption { - type = lib.types.int; - default = 2049; - description = "port that nfs will run on"; - }; - directories = lib.mkOption { - type = lib.types.listOf ( - lib.types.enum ( - builtins.map ( - directory: directory.folder - ) - config.host.network_storage.directories - ) - ); - description = "list of exported directories to be exported via nfs"; - }; - }; - }; - config = lib.mkMerge [ - { - assertions = [ - { - assertion = !(config.host.network_storage.nfs.enable && !config.host.network_storage.enable); - message = "nfs cant be enabled with network storage disabled"; - } - ]; - } - ( - lib.mkIf (config.host.network_storage.nfs.enable && config.host.network_storage.enable) { - services.nfs = { - settings = { - nfsd = { - threads = 32; - port = config.host.network_storage.nfs.port; - }; - }; - server = { - enable = true; - - lockdPort = 4001; - mountdPort = 4002; - statdPort = 4000; - - exports = lib.strings.concatLines ( - [ - "${config.host.network_storage.export_directory} 100.64.0.0/10(rw,fsid=0,no_subtree_check)" - ] - ++ ( - lib.lists.imap0 ( - i: directory: let - createOptions = fsid: "(rw,fsid=${toString fsid},nohide,insecure,no_subtree_check)"; - addresses = [ - # loopback - "127.0.0.1" - "::1" - # tailscale - "100.64.0.0/10" - "fd7a:115c:a1e0::/48" - ]; - options = lib.strings.concatStrings ( - lib.strings.intersperse " " ( - lib.lists.imap0 (index: address: "${address}${createOptions (1 + (i * (builtins.length addresses)) + index)}") addresses - ) - ); - in "${directory._directory} ${options}" - ) - ( - builtins.filter ( - directory: lib.lists.any (target: target == directory.folder) config.host.network_storage.nfs.directories - ) - config.host.network_storage.directories - ) - ) - ); - }; - }; - networking.firewall = let - ports = [ - 111 - config.host.network_storage.nfs.port - config.services.nfs.server.lockdPort - config.services.nfs.server.mountdPort - config.services.nfs.server.statdPort - 20048 - ]; - in { - # Allow NFS on Tailscale interface - interfaces.${config.services.tailscale.interfaceName} = { - allowedTCPPorts = ports; - allowedUDPPorts = ports; - }; - # Allow NFS on local network (assuming default interface) - allowedTCPPorts = ports; - allowedUDPPorts = ports; - }; - } - ) - ]; -} diff --git a/modules/nixos-modules/server/panoramax/database.nix b/modules/nixos-modules/server/panoramax/database.nix deleted file mode 100644 index 1721726..0000000 --- a/modules/nixos-modules/server/panoramax/database.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.panoramax = { - database = { - postgres = { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Use PostgreSQL instead of SQLite"; - }; - user = lib.mkOption { - type = lib.types.str; - default = "panoramax"; - description = "Database user name"; - }; - database = lib.mkOption { - type = lib.types.str; - default = "panoramax"; - description = "Database name"; - }; - }; - }; - }; - - config = lib.mkIf config.services.panoramax.enable { - assertions = [ - { - assertion = !config.services.panoramax.database.postgres.enable || config.services.postgresql.enable; - message = "PostgreSQL must be enabled when using postgres database for Panoramax"; - } - ]; - - services.postgresql.databases.panoramax = lib.mkIf config.services.panoramax.database.postgres.enable { - enable = true; - user = config.services.panoramax.database.postgres.user; - database = config.services.panoramax.database.postgres.database; - }; - - systemd.services.panoramax = lib.mkIf config.services.panoramax.database.postgres.enable { - requires = [ - config.systemd.services.postgresql.name - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/panoramax/default.nix b/modules/nixos-modules/server/panoramax/default.nix deleted file mode 100644 index 4c6b9ea..0000000 --- a/modules/nixos-modules/server/panoramax/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{...}: { - imports = [ - ./proxy.nix - ./fail2ban.nix - ./impermanence.nix - ./panoramax.nix - ./database.nix - ]; -} diff --git a/modules/nixos-modules/server/panoramax/fail2ban.nix b/modules/nixos-modules/server/panoramax/fail2ban.nix deleted file mode 100644 index 649b53a..0000000 --- a/modules/nixos-modules/server/panoramax/fail2ban.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - lib, - config, - ... -}: { - config = lib.mkIf (config.services.panoramax.enable && config.services.fail2ban.enable) { - # TODO: configure options for fail2ban - # This is a placeholder - panoramax fail2ban configuration would need to be defined - # based on the specific log patterns and security requirements - }; -} diff --git a/modules/nixos-modules/server/panoramax/impermanence.nix b/modules/nixos-modules/server/panoramax/impermanence.nix deleted file mode 100644 index e25ef92..0000000 --- a/modules/nixos-modules/server/panoramax/impermanence.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.panoramax = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.panoramax.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.panoramax.impermanence.enable { - # TODO: configure impermanence for panoramax data - # This would typically include directories like: - # - /var/lib/panoramax - # - panoramax storage directories - # - any cache or temporary directories that need to persist - }; -} diff --git a/modules/nixos-modules/server/panoramax/panoramax.nix b/modules/nixos-modules/server/panoramax/panoramax.nix deleted file mode 100644 index fd77db7..0000000 --- a/modules/nixos-modules/server/panoramax/panoramax.nix +++ /dev/null @@ -1,359 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - options.services = { - panoramax = { - enable = lib.mkEnableOption "panoramax"; - - package = lib.mkOption { - type = lib.types.package; - default = pkgs.panoramax; - description = "The panoramax package to use"; - }; - - user = lib.mkOption { - type = lib.types.str; - default = "panoramax"; - description = "The user panoramax should run as."; - }; - - group = lib.mkOption { - type = lib.types.str; - default = "panoramax"; - description = "The group panoramax should run as."; - }; - - host = lib.mkOption { - type = lib.types.str; - default = "127.0.0.1"; - description = "Host to bind the panoramax service to"; - }; - - port = lib.mkOption { - type = lib.types.nullOr lib.types.port; - default = 5000; - description = "Port for the panoramax service"; - }; - - openFirewall = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Whether to open the panoramax port in the firewall"; - }; - - settings = { - urlScheme = lib.mkOption { - type = lib.types.enum ["http" "https"]; - default = "https"; - description = "URL scheme for the application"; - }; - - storage = { - fsUrl = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = "/var/lib/panoramax/storage"; - description = "File system URL for storage"; - }; - }; - - infrastructure = { - nbProxies = lib.mkOption { - type = lib.types.nullOr lib.types.int; - default = 1; - description = "Number of proxies in front of the application"; - }; - }; - - flask = { - secretKey = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Flask secret key for session security"; - }; - - sessionCookieDomain = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "Flask session cookie domain"; - }; - }; - - api = { - pictures = { - licenseSpdxId = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "SPDX license identifier for API pictures"; - }; - - licenseUrl = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - description = "License URL for API pictures"; - }; - }; - }; - - extraEnvironment = lib.mkOption { - type = lib.types.attrsOf lib.types.str; - default = {}; - description = "Additional environment variables"; - example = { - CUSTOM_SETTING = "value"; - DEBUG = "true"; - }; - }; - }; - - database = { - createDB = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Whether to automatically create the database and user"; - }; - - name = lib.mkOption { - type = lib.types.str; - default = "panoramax"; - description = "The name of the panoramax database"; - }; - - host = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = "/run/postgresql"; - description = "Hostname or address of the postgresql server. If an absolute path is given here, it will be interpreted as a unix socket path."; - }; - - port = lib.mkOption { - type = lib.types.nullOr lib.types.port; - default = 5432; - description = "Port of the postgresql server."; - }; - - user = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = "panoramax"; - description = "The database user for panoramax."; - }; - - # TODO: password file for external database - }; - - sgblur = { - # TODO: configs to bind to sgblur - }; - }; - sgblur = { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Whether to enable sgblur integration for face and license plate blurring"; - }; - - package = lib.mkOption { - type = lib.types.package; - default = pkgs.sgblur; - description = "The sgblur package to use"; - }; - - port = lib.mkOption { - type = lib.types.port; - default = 8080; - description = "Port for the sgblur service"; - }; - - host = lib.mkOption { - type = lib.types.str; - default = "127.0.0.1"; - description = "Host to bind the sgblur service to"; - }; - - url = lib.mkOption { - type = lib.types.str; - default = "http://127.0.0.1:8080"; - description = "URL where sgblur service is accessible"; - }; - }; - }; - - config = lib.mkIf config.services.panoramax.enable (lib.mkMerge [ - { - # Create panoramax user and group - users.users.${config.services.panoramax.user} = { - isSystemUser = true; - group = config.services.panoramax.group; - home = "/var/lib/panoramax"; - createHome = true; - }; - - users.groups.${config.services.panoramax.group} = {}; - - # Ensure storage directory exists with correct permissions - systemd.tmpfiles.rules = [ - "d '${config.services.panoramax.settings.storage.fsUrl}' 0755 ${config.services.panoramax.user} ${config.services.panoramax.group} - -" - ]; - - systemd.services.panoramax-api = { - description = "Panoramax API server (self hosted map street view)"; - after = ["network.target" "postgresql.service"]; - wantedBy = ["multi-user.target"]; - - environment = - { - # Core Flask configuration - FLASK_APP = "geovisio"; - - # Storage configuration - FS_URL = config.services.panoramax.settings.storage.fsUrl; - - # Infrastructure configuration - INFRA_NB_PROXIES = toString config.services.panoramax.settings.infrastructure.nbProxies; - - # Application configuration - PORT = toString config.services.panoramax.port; - - # Python path to include the panoramax package - PYTHONPATH = "${config.services.panoramax.package}/${pkgs.python3.sitePackages}"; - } - // ( - if config.services.panoramax.database.host == "/run/postgresql" - then { - DB_URL = "postgresql://${config.services.panoramax.database.user}@/${config.services.panoramax.database.name}?host=/run/postgresql"; - } - else { - DB_HOST = config.services.panoramax.database.host; - DB_PORT = toString config.services.panoramax.database.port; - DB_USERNAME = config.services.panoramax.database.user; - DB_NAME = config.services.panoramax.database.name; - } - ) - // (lib.optionalAttrs (config.services.panoramax.settings.flask.secretKey != null) { - FLASK_SECRET_KEY = config.services.panoramax.settings.flask.secretKey; - }) - // (lib.optionalAttrs (config.services.panoramax.settings.flask.sessionCookieDomain != null) { - FLASK_SESSION_COOKIE_DOMAIN = config.services.panoramax.settings.flask.sessionCookieDomain; - }) - // (lib.optionalAttrs (config.services.panoramax.settings.api.pictures.licenseSpdxId != null) { - API_PICTURES_LICENSE_SPDX_ID = config.services.panoramax.settings.api.pictures.licenseSpdxId; - }) - // (lib.optionalAttrs (config.services.panoramax.settings.api.pictures.licenseUrl != null) { - API_PICTURES_LICENSE_URL = config.services.panoramax.settings.api.pictures.licenseUrl; - }) - // (lib.optionalAttrs config.services.sgblur.enable { - SGBLUR_API_URL = config.services.sgblur.url; - }) - // config.services.panoramax.settings.extraEnvironment; - - path = with pkgs; [ - (python3.withPackages (ps: with ps; [config.services.panoramax.package waitress])) - ]; - - serviceConfig = { - ExecStart = "${pkgs.python3.withPackages (ps: with ps; [config.services.panoramax.package waitress])}/bin/waitress-serve --port ${toString config.services.panoramax.port} --call geovisio:create_app"; - User = config.services.panoramax.user; - Group = config.services.panoramax.group; - WorkingDirectory = "/var/lib/panoramax"; - Restart = "always"; - RestartSec = 5; - - # Security hardening - PrivateTmp = true; - ProtectSystem = "strict"; - ProtectHome = true; - ReadWritePaths = [ - "/var/lib/panoramax" - config.services.panoramax.settings.storage.fsUrl - ]; - NoNewPrivileges = true; - PrivateDevices = true; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectControlGroups = true; - RestrictSUIDSGID = true; - RestrictRealtime = true; - RestrictNamespaces = true; - LockPersonality = true; - MemoryDenyWriteExecute = true; - SystemCallArchitectures = "native"; - }; - }; - - # Open firewall if requested - networking.firewall.allowedTCPPorts = lib.mkIf config.services.panoramax.openFirewall [ - config.services.panoramax.port - ]; - } - (lib.mkIf config.services.sgblur.enable { - # SGBlur service configuration - systemd.services.sgblur = { - description = "SGBlur face and license plate blurring service"; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - - path = with pkgs; [ - config.services.sgblur.package - python3 - python3Packages.waitress - ]; - - serviceConfig = { - ExecStart = "${pkgs.python3Packages.waitress}/bin/waitress-serve --host ${config.services.sgblur.host} --port ${toString config.services.sgblur.port} src.detect.detect_api:app"; - WorkingDirectory = "${config.services.sgblur.package}"; - Restart = "always"; - RestartSec = 5; - - # Basic security hardening - PrivateTmp = true; - ProtectSystem = "strict"; - ProtectHome = true; - NoNewPrivileges = true; - PrivateDevices = true; - ProtectKernelTunables = true; - ProtectKernelModules = true; - ProtectControlGroups = true; - RestrictSUIDSGID = true; - RestrictRealtime = true; - RestrictNamespaces = true; - LockPersonality = true; - MemoryDenyWriteExecute = true; - SystemCallArchitectures = "native"; - }; - }; - - networking.firewall.allowedTCPPorts = lib.mkIf config.services.panoramax.openFirewall [ - config.services.sgblur.port - ]; - }) - (lib.mkIf config.services.panoramax.database.createDB { - services.postgresql = { - enable = true; - ensureDatabases = lib.mkIf config.services.panoramax.database.createDB [config.services.panoramax.database.name]; - ensureUsers = lib.mkIf config.services.panoramax.database.createDB [ - { - name = config.services.panoramax.database.user; - ensureDBOwnership = true; - ensureClauses.login = true; - } - ]; - extensions = ps: with ps; [postgis]; - }; - systemd.services.postgresql.serviceConfig.ExecStartPost = let - sqlFile = pkgs.writeText "panoramax-postgis-setup.sql" '' - CREATE EXTENSION IF NOT EXISTS postgis; - - -- TODO: how can we ensure that this runs after the databases have been created - -- ALTER DATABASE ${config.services.panoramax.database.name} SET TIMEZONE TO 'UTC'; - - GRANT SET ON PARAMETER session_replication_role TO ${config.services.panoramax.database.user}; - ''; - in [ - '' - ${lib.getExe' config.services.postgresql.package "psql"} -d "${config.services.panoramax.database.user}" -f "${sqlFile}" - '' - ]; - }) - ]); -} diff --git a/modules/nixos-modules/server/panoramax/proxy.nix b/modules/nixos-modules/server/panoramax/proxy.nix deleted file mode 100644 index 7cd7111..0000000 --- a/modules/nixos-modules/server/panoramax/proxy.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.panoramax = { - domain = lib.mkOption { - type = lib.types.str; - description = "domain that panoramax will be hosted at"; - default = "panoramax.arpa"; - }; - extraDomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for panoramax"; - default = []; - }; - reverseProxy = { - enable = lib.mkOption { - type = lib.types.bool; - default = config.services.panoramax.enable && config.services.reverseProxy.enable; - }; - }; - }; - - config = lib.mkIf config.services.panoramax.reverseProxy.enable { - services.reverseProxy.services.panoramax = { - target = "http://localhost:${toString config.services.panoramax.port}"; - domain = config.services.panoramax.domain; - extraDomains = config.services.panoramax.extraDomains; - - settings = { - proxyWebsockets.enable = true; - forwardHeaders.enable = true; - maxBodySize = 100000; - timeout = 300; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/paperless/database.nix b/modules/nixos-modules/server/paperless/database.nix deleted file mode 100644 index c63e59d..0000000 --- a/modules/nixos-modules/server/paperless/database.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - config, - lib, - ... -}: { - config = lib.mkIf config.services.paperless.enable { - assertions = [ - { - assertion = !config.services.paperless.database.createLocally || config.services.postgresql.enable; - message = "PostgreSQL must be enabled when using local postgres database for Paperless"; - } - { - assertion = !config.services.paperless.database.createLocally || (builtins.any (db: db == "paperless") config.services.postgresql.ensureDatabases); - message = "Paperless built-in database creation failed - expected 'paperless' in ensureDatabases but got: ${builtins.toString config.services.postgresql.ensureDatabases}"; - } - { - assertion = !config.services.paperless.database.createLocally || (builtins.any (user: user.name == "paperless") config.services.postgresql.ensureUsers); - message = "Paperless built-in user creation failed - expected user 'paperless' in ensureUsers but got: ${builtins.toString (builtins.map (u: u.name) config.services.postgresql.ensureUsers)}"; - } - ]; - - services.paperless.database.createLocally = lib.mkDefault true; - - systemd.services.paperless-scheduler = lib.mkIf config.services.paperless.database.createLocally { - requires = [ - config.systemd.services.postgresql.name - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/paperless/default.nix b/modules/nixos-modules/server/paperless/default.nix deleted file mode 100644 index 7e5e16b..0000000 --- a/modules/nixos-modules/server/paperless/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - imports = [ - ./paperless.nix - ./proxy.nix - ./database.nix - ./fail2ban.nix - ./impermanence.nix - ]; -} diff --git a/modules/nixos-modules/server/paperless/fail2ban.nix b/modules/nixos-modules/server/paperless/fail2ban.nix deleted file mode 100644 index e1a70f9..0000000 --- a/modules/nixos-modules/server/paperless/fail2ban.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - config = lib.mkIf (config.services.paperless.enable && config.services.fail2ban.enable) { - environment.etc = { - "fail2ban/filter.d/paperless.local".text = ( - pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - [Definition] - failregex = Login failed for user `.*` from (?:IP|private IP) ``\.$ - ignoreregex = - - '') - ); - }; - - services.fail2ban = { - jails = { - paperless.settings = { - enabled = true; - filter = "paperless"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.paperless.dataDir}/log/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/paperless/impermanence.nix b/modules/nixos-modules/server/paperless/impermanence.nix deleted file mode 100644 index fc87ea7..0000000 --- a/modules/nixos-modules/server/paperless/impermanence.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - lib, - ... -}: let - dataDir = "/var/lib/paperless"; -in { - options.services.paperless = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.paperless.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.paperless.impermanence.enable { - assertions = [ - { - assertion = config.services.paperless.dataDir == dataDir; - message = "paperless data location does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = dataDir; - user = "paperless"; - group = "paperless"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/paperless/paperless.nix b/modules/nixos-modules/server/paperless/paperless.nix deleted file mode 100644 index 5bcbfed..0000000 --- a/modules/nixos-modules/server/paperless/paperless.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - lib, - ... -}: { - options.services.paperless = { - database = { - user = lib.mkOption { - type = lib.types.str; - description = "what is the user and database that we are going to use for paperless"; - default = "paperless"; - }; - }; - }; - - config = lib.mkIf config.services.paperless.enable { - services.paperless = { - configureTika = true; - settings = { - PAPERLESS_DBENGINE = "postgresql"; - PAPERLESS_DBHOST = "/run/postgresql"; - PAPERLESS_DBNAME = config.services.paperless.database.user; - PAPERLESS_DBUSER = config.services.paperless.database.user; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/paperless/proxy.nix b/modules/nixos-modules/server/paperless/proxy.nix deleted file mode 100644 index 9d152c9..0000000 --- a/modules/nixos-modules/server/paperless/proxy.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - config, - lib, - ... -}: { - options.services.paperless = { - extraDomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for paperless"; - default = []; - }; - reverseProxy = { - enable = lib.mkOption { - type = lib.types.bool; - default = config.services.paperless.enable && config.services.reverseProxy.enable; - }; - }; - }; - - config = lib.mkIf config.services.paperless.reverseProxy.enable { - services.reverseProxy.services.paperless = { - target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; - domain = config.services.paperless.domain; - extraDomains = config.services.paperless.extraDomains; - - settings = { - proxyWebsockets.enable = true; - forwardHeaders.enable = true; - maxBodySize = 50000; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/postgres/default.nix b/modules/nixos-modules/server/postgres/default.nix deleted file mode 100644 index abf4ade..0000000 --- a/modules/nixos-modules/server/postgres/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{...}: { - imports = [ - ./postgres.nix - ./impermanence.nix - ]; -} diff --git a/modules/nixos-modules/server/postgres/impermanence.nix b/modules/nixos-modules/server/postgres/impermanence.nix deleted file mode 100644 index a67fb1a..0000000 --- a/modules/nixos-modules/server/postgres/impermanence.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - lib, - ... -}: let - dataDir = "/var/lib/postgresql/16"; -in { - config = lib.mkIf (config.services.postgresql.enable && config.host.impermanence.enable) { - assertions = [ - { - assertion = config.services.postgresql.dataDir == dataDir; - message = "postgres data directory does not match persistence"; - } - ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "postgres"; - group = "postgres"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/postgres/postgres.nix b/modules/nixos-modules/server/postgres/postgres.nix deleted file mode 100644 index af7d1b4..0000000 --- a/modules/nixos-modules/server/postgres/postgres.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - enabledDatabases = lib.filterAttrs (_: db: db.enable) config.services.postgresql.databases; - extraDatabasesList = config.services.postgresql.extraDatabases; - - serviceDatabaseUsers = lib.mapAttrsToList (_: db: { - name = db.user; - ensureDBOwnership = true; - }) (lib.filterAttrs (_: db: db.ensureUser) enabledDatabases); - - extraDatabaseUsers = - builtins.map (dbName: { - name = dbName; - ensureDBOwnership = true; - }) - extraDatabasesList; - - serviceDatabases = lib.mapAttrsToList (_: db: db.database) enabledDatabases; - extraDatabaseNames = extraDatabasesList; - - serviceUserMappings = lib.mapAttrsToList (_: db: "user_map ${db.user} ${db.user}") enabledDatabases; - extraUserMappings = builtins.map (dbName: "user_map ${dbName} ${dbName}") extraDatabasesList; - - builtinServiceMappings = let - forgejoMapping = lib.optional (config.services.forgejo.enable && config.services.forgejo.database.type == "postgres") "user_map forgejo forgejo"; - immichMapping = lib.optional (config.services.immich.enable && config.services.immich.database.enable) "user_map immich immich"; - paperlessMapping = lib.optional (config.services.paperless.enable && config.services.paperless.database.createLocally) "user_map paperless paperless"; - in - forgejoMapping ++ immichMapping ++ paperlessMapping; -in { - options = { - services.postgresql = { - databases = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Whether to create this database and user"; - }; - user = lib.mkOption { - type = lib.types.str; - default = name; - description = "Database user name"; - }; - database = lib.mkOption { - type = lib.types.str; - default = name; - description = "Database name"; - }; - ensureUser = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Whether to ensure the user exists"; - }; - }; - })); - default = {}; - description = "Databases to create for services"; - }; - - extraDatabases = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Additional databases to create (user name will match database name)"; - example = ["custom_db" "test_db"]; - }; - - adminUsers = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "System users who should have PostgreSQL superuser access"; - example = ["leyla" "admin"]; - }; - }; - }; - - config = lib.mkIf config.services.postgresql.enable { - services = { - postgresql = { - package = pkgs.postgresql_16; - - ensureUsers = - [ - {name = "postgres";} - ] - ++ serviceDatabaseUsers ++ extraDatabaseUsers; - - ensureDatabases = serviceDatabases ++ extraDatabaseNames; - - identMap = - '' - # ArbitraryMapName systemUser DBUser - - # Administration Users - superuser_map root postgres - superuser_map postgres postgres - '' - + ( - lib.strings.concatLines (builtins.map (user: "superuser_map ${user} postgres") config.services.postgresql.adminUsers) - ) - + '' - - # Client Users - '' - + ( - lib.strings.concatLines (serviceUserMappings ++ extraUserMappings ++ builtinServiceMappings) - ); - - authentication = pkgs.lib.mkOverride 10 '' - # type database DBuser origin-address auth-method optional_ident_map - local all postgres peer map=superuser_map - local sameuser all peer map=user_map - ''; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/qbittorent/default.nix b/modules/nixos-modules/server/qbittorent/default.nix deleted file mode 100644 index f7511e6..0000000 --- a/modules/nixos-modules/server/qbittorent/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{...}: { - imports = [ - ./qbittorent.nix - ./impermanence.nix - ]; -} diff --git a/modules/nixos-modules/server/qbittorent/impermanence.nix b/modules/nixos-modules/server/qbittorent/impermanence.nix deleted file mode 100644 index 1489e7d..0000000 --- a/modules/nixos-modules/server/qbittorent/impermanence.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ - lib, - config, - ... -}: let - qbittorent_profile_directory = "/var/lib/qBittorrent/"; -in { - options.services.qbittorrent = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.qbittorrent.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.qbittorrent.impermanence.enable { - fileSystems."/persist/system/qbittorrent".neededForBoot = true; - - host.storage.pool.extraDatasets = { - # sops age key needs to be available to pre persist for user generation - "persist/system/qbittorrent" = { - type = "zfs_fs"; - mountpoint = "/persist/system/qbittorrent"; - options = { - canmount = "on"; - }; - }; - }; - - assertions = [ - { - assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory; - message = "qbittorrent data directory does not match persistence"; - } - ]; - - environment.persistence = { - "/persist/system/root" = { - directories = [ - { - directory = qbittorent_profile_directory; - user = "qbittorrent"; - group = "qbittorrent"; - } - ]; - }; - - "/persist/system/qbittorrent" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.qbittorrent.mediaDir; - user = "qbittorrent"; - group = "qbittorrent"; - mode = "1775"; - } - ]; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/qbittorent/qbittorent.nix b/modules/nixos-modules/server/qbittorent/qbittorent.nix deleted file mode 100644 index 44603c8..0000000 --- a/modules/nixos-modules/server/qbittorent/qbittorent.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.qbittorrent = { - mediaDir = lib.mkOption { - type = lib.types.path; - description = lib.mdDoc '' - The directory to create to store qbittorrent media. - ''; - }; - }; - - config = lib.mkIf config.services.qbittorrent.enable { - # Main qbittorrent configuration goes here if needed - }; -} diff --git a/modules/nixos-modules/server/radarr/default.nix b/modules/nixos-modules/server/radarr/default.nix deleted file mode 100644 index 86dbb4b..0000000 --- a/modules/nixos-modules/server/radarr/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{...}: { - imports = [ - ./impermanence.nix - ]; -} diff --git a/modules/nixos-modules/server/radarr/impermanence.nix b/modules/nixos-modules/server/radarr/impermanence.nix deleted file mode 100644 index c948e3a..0000000 --- a/modules/nixos-modules/server/radarr/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - radarr_data_directory = "/var/lib/radarr/.config/Radarr"; -in { - options.services.radarr = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.radarr.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.radarr.impermanence.enable { - assertions = [ - { - assertion = config.services.radarr.dataDir == radarr_data_directory; - message = "radarr data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = radarr_data_directory; - user = "radarr"; - group = "radarr"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/reverseProxy/default.nix b/modules/nixos-modules/server/reverseProxy/default.nix deleted file mode 100644 index 5d57175..0000000 --- a/modules/nixos-modules/server/reverseProxy/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{...}: { - imports = [ - ./reverseProxy.nix - ./impermanence.nix - ]; -} diff --git a/modules/nixos-modules/server/reverseProxy/impermanence.nix b/modules/nixos-modules/server/reverseProxy/impermanence.nix deleted file mode 100644 index 7af55df..0000000 --- a/modules/nixos-modules/server/reverseProxy/impermanence.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - lib, - config, - ... -}: let - dataDir = "/var/lib/acme"; -in { - config = lib.mkIf (config.host.impermanence.enable && config.services.reverseProxy.enable) { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = dataDir; - user = "acme"; - group = "acme"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/reverseProxy/reverseProxy.nix b/modules/nixos-modules/server/reverseProxy/reverseProxy.nix deleted file mode 100644 index eecc9bf..0000000 --- a/modules/nixos-modules/server/reverseProxy/reverseProxy.nix +++ /dev/null @@ -1,176 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.reverseProxy = { - enable = lib.mkEnableOption "turn on the reverse proxy"; - openFirewall = lib.mkEnableOption "open the firewall"; - refuseUnmatchedDomains = lib.mkOption { - type = lib.types.bool; - description = "refuse connections for domains that don't match any configured virtual hosts"; - default = true; - }; - ports = { - http = lib.mkOption { - type = lib.types.port; - description = "HTTP port for the reverse proxy"; - default = 80; - }; - https = lib.mkOption { - type = lib.types.port; - description = "HTTPS port for the reverse proxy"; - default = 443; - }; - }; - acme = { - enable = lib.mkOption { - type = lib.types.bool; - description = "enable ACME certificate management"; - default = true; - }; - email = lib.mkOption { - type = lib.types.str; - description = "email address for ACME certificate registration"; - }; - }; - services = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - target = lib.mkOption { - type = lib.types.str; - description = "what url will all traffic to this application be forwarded to"; - }; - domain = lib.mkOption { - type = lib.types.str; - description = "what is the default subdomain to be used for this application to be used for"; - default = name; - }; - extraDomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for this domain"; - default = []; - }; - settings = { - certificateRenewal.enable = lib.mkOption { - type = lib.types.bool; - description = "auto renew certificates"; - default = true; - }; - forceSSL.enable = lib.mkOption { - type = lib.types.bool; - description = "auto renew certificates"; - default = true; - }; - proxyHeaders = { - enable = lib.mkEnableOption "should we proxy headers"; - timeout = lib.mkOption { - type = lib.types.int; - default = 60; - }; - }; - proxyWebsockets.enable = lib.mkEnableOption "should the default config proxy websockets"; - forwardHeaders.enable = lib.mkEnableOption "should the default config contain forward headers"; - noSniff.enable = lib.mkEnableOption "should the no sniff flags be set"; - proxyBuffering.enable = lib.mkOption { - type = lib.types.bool; - description = "should proxy buffering be enabled"; - default = true; - }; - maxBodySize = lib.mkOption { - type = lib.types.nullOr lib.types.int; - description = ""; - default = null; - }; - }; - }; - })); - }; - }; - - config = let - httpPort = config.services.reverseProxy.ports.http; - httpsPort = config.services.reverseProxy.ports.https; - in - lib.mkIf config.services.reverseProxy.enable { - security.acme = lib.mkIf config.services.reverseProxy.acme.enable { - acceptTerms = true; - defaults.email = config.services.reverseProxy.acme.email; - }; - - services.nginx = { - enable = true; - virtualHosts = lib.mkMerge ( - (lib.optionals config.services.reverseProxy.refuseUnmatchedDomains [ - { - "_" = { - default = true; - serverName = "_"; - locations."/" = { - extraConfig = '' - return 444; - ''; - }; - }; - } - ]) - ++ lib.lists.flatten ( - lib.attrsets.mapAttrsToList ( - name: service: let - hostConfig = { - forceSSL = service.settings.forceSSL.enable; - enableACME = service.settings.certificateRenewal.enable; - locations = { - "/" = { - proxyPass = service.target; - proxyWebsockets = service.settings.proxyWebsockets.enable; - recommendedProxySettings = service.settings.forwardHeaders.enable; - extraConfig = let - # Client upload size configuration - maxBodySizeConfig = - lib.optionalString (service.settings.maxBodySize != null) - "client_max_body_size ${toString service.settings.maxBodySize}M;"; - - # Security header configuration - noSniffConfig = - lib.optionalString service.settings.noSniff.enable - "add_header X-Content-Type-Options nosniff;"; - - # Proxy buffering configuration - proxyBufferingConfig = - lib.optionalString (!service.settings.proxyBuffering.enable) - "proxy_buffering off;"; - - # Proxy timeout configuration - proxyTimeoutConfig = - lib.optionalString service.settings.proxyHeaders.enable - '' - proxy_read_timeout ${toString service.settings.proxyHeaders.timeout}s; - proxy_connect_timeout ${toString service.settings.proxyHeaders.timeout}s; - proxy_send_timeout ${toString service.settings.proxyHeaders.timeout}s; - ''; - in - maxBodySizeConfig + noSniffConfig + proxyBufferingConfig + proxyTimeoutConfig; - }; - }; - }; - in ( - [ - { - ${service.domain} = hostConfig; - } - ] - ++ builtins.map (domain: {${domain} = hostConfig;}) - service.extraDomains - ) - ) - config.services.reverseProxy.services - ) - ); - }; - networking.firewall.allowedTCPPorts = lib.mkIf config.services.reverseProxy.openFirewall [ - httpPort - httpsPort - ]; - }; -} diff --git a/modules/nixos-modules/server/searx/default.nix b/modules/nixos-modules/server/searx/default.nix deleted file mode 100644 index 5426380..0000000 --- a/modules/nixos-modules/server/searx/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./searx.nix - ./proxy.nix - ]; -} diff --git a/modules/nixos-modules/server/searx/proxy.nix b/modules/nixos-modules/server/searx/proxy.nix deleted file mode 100644 index e994e4a..0000000 --- a/modules/nixos-modules/server/searx/proxy.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - config, - lib, - ... -}: { - options.services.searx = { - extraDomains = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "extra domains that should be configured for searx"; - default = []; - }; - reverseProxy = { - enable = lib.mkOption { - type = lib.types.bool; - default = config.services.searx.enable && config.services.reverseProxy.enable; - }; - }; - }; - - config = lib.mkIf config.services.searx.reverseProxy.enable { - services.reverseProxy.services.searx = { - target = "http://localhost:${toString config.services.searx.settings.server.port}"; - domain = config.services.searx.domain; - extraDomains = config.services.searx.extraDomains; - - settings = { - forwardHeaders.enable = true; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/searx/searx.nix b/modules/nixos-modules/server/searx/searx.nix deleted file mode 100644 index d4d4012..0000000 --- a/modules/nixos-modules/server/searx/searx.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: { - config = lib.mkIf config.services.searx.enable { - sops.secrets = { - "services/searx" = { - sopsFile = "${inputs.secrets}/defiant-services.yaml"; - }; - }; - - services.searx = { - environmentFile = config.sops.secrets."services/searx".path; - - # Rate limiting - limiterSettings = { - real_ip = { - x_for = 1; - ipv4_prefix = 32; - ipv6_prefix = 56; - }; - - botdetection = { - ip_limit = { - filter_link_local = true; - link_token = true; - }; - }; - }; - - settings = { - server = { - port = 8083; - secret_key = "@SEARXNG_SECRET@"; - }; - - # Search engine settings - search = { - safe_search = 2; - autocomplete_min = 2; - autocomplete = "duckduckgo"; - }; - - # Enabled plugins - enabled_plugins = [ - "Basic Calculator" - "Hash plugin" - "Tor check plugin" - "Open Access DOI rewrite" - "Hostnames plugin" - "Unit converter plugin" - "Tracker URL remover" - ]; - }; - }; - }; -} diff --git a/modules/nixos-modules/server/sonarr/default.nix b/modules/nixos-modules/server/sonarr/default.nix deleted file mode 100644 index 86dbb4b..0000000 --- a/modules/nixos-modules/server/sonarr/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{...}: { - imports = [ - ./impermanence.nix - ]; -} diff --git a/modules/nixos-modules/server/sonarr/impermanence.nix b/modules/nixos-modules/server/sonarr/impermanence.nix deleted file mode 100644 index 5b90ee9..0000000 --- a/modules/nixos-modules/server/sonarr/impermanence.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - config, - ... -}: let - sonarr_data_directory = "/var/lib/sonarr/.config/NzbDrone"; -in { - options.services.sonarr = { - impermanence.enable = lib.mkOption { - type = lib.types.bool; - default = config.services.sonarr.enable && config.host.impermanence.enable; - }; - }; - - config = lib.mkIf config.services.sonarr.impermanence.enable { - assertions = [ - { - assertion = config.services.sonarr.dataDir == sonarr_data_directory; - message = "sonarr data directory does not match persistence"; - } - ]; - - environment.persistence."/persist/system/root" = { - directories = [ - { - directory = sonarr_data_directory; - user = "sonarr"; - group = "sonarr"; - } - ]; - }; - }; -} diff --git a/modules/nixos-modules/server/wyoming.nix b/modules/nixos-modules/server/wyoming.nix deleted file mode 100644 index c9a1474..0000000 --- a/modules/nixos-modules/server/wyoming.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ - lib, - config, - ... -}: { - options.services.wyoming.enable = lib.mkEnableOption "should wyoming be enabled on this device"; - config = lib.mkIf config.services.wyoming.enable (lib.mkMerge [ - { - services.wyoming = { - # Text to speech - piper = { - servers = { - "en" = { - enable = true; - # see https://github.com/rhasspy/rhasspy3/blob/master/programs/tts/piper/script/download.py - voice = "en-us-amy-low"; - uri = "tcp://0.0.0.0:10200"; - speaker = 0; - }; - }; - }; - - # Speech to text - faster-whisper = { - servers = { - "en" = { - enable = true; - # see https://github.com/rhasspy/rhasspy3/blob/master/programs/asr/faster-whisper/script/download.py - model = "tiny-int8"; - language = "en"; - uri = "tcp://0.0.0.0:10300"; - device = "cpu"; - }; - }; - }; - - openwakeword = { - enable = true; - uri = "tcp://0.0.0.0:10400"; - # preloadModels = [ - # "ok_nabu" - # ]; - # TODO: custom models - }; - }; - - # needs access to /proc/cpuinfo - systemd.services."wyoming-faster-whisper-en".serviceConfig.ProcSubset = lib.mkForce "all"; - } - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = "/var/lib/private/wyoming"; - mode = "0700"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix deleted file mode 100644 index 0a82116..0000000 --- a/modules/nixos-modules/ssh.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - lib, - config, - ... -}: { - config = lib.mkMerge [ - { - services = { - openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = false; - UseDns = true; - X11Forwarding = false; - }; - }; - }; - - programs.ssh.kexAlgorithms = config.services.openssh.settings.KexAlgorithms; - } - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - files = lib.lists.flatten ( - builtins.map (hostKey: [hostKey.path "${hostKey.path}.pub"]) config.services.openssh.hostKeys - ); - }; - }) - ]; -} diff --git a/modules/nixos-modules/steam.nix b/modules/nixos-modules/steam.nix deleted file mode 100644 index 20c0978..0000000 --- a/modules/nixos-modules/steam.nix +++ /dev/null @@ -1,9 +0,0 @@ -{...}: { - programs = { - steam = { - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers - }; - }; -} diff --git a/modules/nixos-modules/sync.nix b/modules/nixos-modules/sync.nix deleted file mode 100644 index 96f54d5..0000000 --- a/modules/nixos-modules/sync.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - config, - lib, - syncthingConfiguration, - ... -}: let - mountDir = "/mnt/sync"; - configDir = "/etc/syncthing"; -in { - config = lib.mkMerge [ - { - systemd = lib.mkIf config.services.syncthing.enable { - tmpfiles.rules = [ - "A ${mountDir} - - - - u:syncthing:rwX,g:syncthing:rwX,o::-" - "d ${mountDir} 2755 syncthing syncthing -" - "d ${config.services.syncthing.dataDir} 775 syncthing syncthing -" - "d ${config.services.syncthing.configDir} 755 syncthing syncthing -" - ]; - }; - } - (lib.mkIf config.services.syncthing.enable (lib.mkMerge [ - { - services.syncthing = { - user = "syncthing"; - group = "syncthing"; - dataDir = "${mountDir}/default"; - configDir = configDir; - overrideDevices = true; - overrideFolders = true; - configuration = syncthingConfiguration; - deviceName = config.networking.hostName; - }; - } - - (lib.mkIf config.host.impermanence.enable { - assertions = - [ - { - assertion = config.services.syncthing.configDir == configDir; - message = "syncthing config dir does not match persistence"; - } - ] - ++ lib.attrsets.mapAttrsToList (_: folder: { - assertion = lib.strings.hasPrefix mountDir folder.path; - message = "syncthing folder ${folder.label} is stored at ${folder.path} which not under the persisted path of ${mountDir}"; - }) - config.services.syncthing.settings.folders; - environment.persistence = { - "/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = mountDir; - user = "syncthing"; - group = "syncthing"; - } - { - directory = configDir; - user = "syncthing"; - group = "syncthing"; - } - ]; - }; - }; - }) - ])) - ]; -} diff --git a/modules/nixos-modules/system.nix b/modules/nixos-modules/system.nix deleted file mode 100644 index b839067..0000000 --- a/modules/nixos-modules/system.nix +++ /dev/null @@ -1,13 +0,0 @@ -{...}: { - nix = { - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 7d"; - }; - optimise = { - automatic = true; - dates = ["weekly"]; - }; - }; -} diff --git a/modules/nixos-modules/tailscale.nix b/modules/nixos-modules/tailscale.nix deleted file mode 100644 index db664e8..0000000 --- a/modules/nixos-modules/tailscale.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config, - lib, - ... -}: let - tailscale_data_directory = "/var/lib/tailscale"; -in { - options.host.tailscale = { - enable = lib.mkEnableOption "should tailscale be enabled on this computer"; - }; - - config = lib.mkIf config.services.tailscale.enable ( - lib.mkMerge [ - { - # any configs we want shared between all machines - } - (lib.mkIf config.host.impermanence.enable { - environment.persistence = { - "/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = tailscale_data_directory; - user = "root"; - group = "root"; - } - ]; - }; - }; - }) - ] - ); -} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix deleted file mode 100644 index 987e080..0000000 --- a/modules/nixos-modules/users.nix +++ /dev/null @@ -1,477 +0,0 @@ -{ - lib, - config, - inputs, - ... -}: let - SOPS_AGE_KEY_DIRECTORY = import ../../const/sops_age_key_directory.nix; - - host = config.host; - - principleUsers = host.principleUsers; - terminalUsers = host.terminalUsers; - normalUsers = host.normalUsers; - - uids = { - leyla = 1000; - eve = 1002; - ivy = 1004; - jellyfin = 2000; - forgejo = 2002; - hass = 2004; - syncthing = 2007; - ollama = 2008; - git = 2009; - immich = 2010; - qbittorrent = 2011; - paperless = 2012; - actual = 2013; - radarr = 2014; - sonarr = 2015; - bazarr = 2016; - lidarr = 2017; - crab-hole = 2018; - }; - - gids = { - leyla = 1000; - eve = 1002; - ivy = 1004; - users = 100; - jellyfin_media = 2001; - jellyfin = 2000; - forgejo = 2002; - hass = 2004; - syncthing = 2007; - ollama = 2008; - git = 2009; - immich = 2010; - qbittorrent = 2011; - paperless = 2012; - actual = 2013; - radarr = 2014; - sonarr = 2015; - bazarr = 2016; - lidarr = 2017; - crab-hole = 2018; - }; - - users = config.users.users; - leyla = users.leyla.name; - eve = users.eve.name; - ivy = users.ivy.name; -in { - config = lib.mkMerge [ - { - # principle users are by definition trusted - nix.settings.trusted-users = builtins.map (user: user.name) principleUsers; - - # we should only be able to ssh into principle users of a computer who are also set up for terminal access - services.openssh.settings.AllowUsers = builtins.map (user: user.name) (lib.lists.intersectLists terminalUsers principleUsers); - - # we need to set up env variables to nix can find keys to decrypt passwords on rebuild - environment = { - sessionVariables = { - SOPS_AGE_KEY_DIRECTORY = SOPS_AGE_KEY_DIRECTORY; - SOPS_AGE_KEY_FILE = "${SOPS_AGE_KEY_DIRECTORY}/key.txt"; - }; - }; - - # set up user passwords - sops = { - defaultSopsFormat = "yaml"; - gnupg.sshKeyPaths = []; - - age = { - keyFile = "/var/lib/sops-nix/key.txt"; - sshKeyPaths = []; - # generateKey = true; - }; - - secrets = { - "passwords/leyla" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - "passwords/eve" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - "passwords/ivy" = { - neededForUsers = true; - sopsFile = "${inputs.secrets}/user-passwords.yaml"; - }; - }; - }; - - users = { - mutableUsers = false; - users = { - leyla = { - uid = lib.mkForce uids.leyla; - name = lib.mkForce host.users.leyla.name; - description = "Leyla"; - extraGroups = - (lib.lists.optionals host.users.leyla.isNormalUser ["networkmanager"]) - ++ (lib.lists.optionals host.users.leyla.isPrincipleUser ["wheel" "dialout"]) - ++ (lib.lists.optionals host.users.leyla.isDesktopUser ["adbusers"]); - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - isNormalUser = host.users.leyla.isNormalUser; - isSystemUser = !host.users.leyla.isNormalUser; - group = config.users.users.leyla.name; - }; - - eve = { - uid = lib.mkForce uids.eve; - name = lib.mkForce host.users.eve.name; - description = "Eve"; - extraGroups = - lib.optionals host.users.eve.isNormalUser ["networkmanager"] - ++ (lib.lists.optionals host.users.eve.isPrincipleUser ["wheel"]); - hashedPasswordFile = config.sops.secrets."passwords/eve".path; - isNormalUser = host.users.eve.isNormalUser; - isSystemUser = !host.users.eve.isNormalUser; - group = config.users.users.eve.name; - }; - - ivy = { - uid = lib.mkForce uids.ivy; - name = lib.mkForce host.users.ivy.name; - description = "Ivy"; - extraGroups = - lib.optionals host.users.ivy.isNormalUser ["networkmanager"] - ++ (lib.lists.optionals host.users.ivy.isPrincipleUser ["wheel"]); - hashedPasswordFile = config.sops.secrets."passwords/ivy".path; - isNormalUser = host.users.ivy.isNormalUser; - isSystemUser = !host.users.ivy.isNormalUser; - group = config.users.users.ivy.name; - }; - - jellyfin = { - uid = lib.mkForce uids.jellyfin; - isSystemUser = true; - group = config.users.users.jellyfin.name; - }; - - forgejo = { - uid = lib.mkForce uids.forgejo; - isSystemUser = true; - group = config.users.users.forgejo.name; - }; - - hass = { - uid = lib.mkForce uids.hass; - isSystemUser = true; - group = config.users.users.hass.name; - }; - - syncthing = { - uid = lib.mkForce uids.syncthing; - isSystemUser = true; - group = config.users.users.syncthing.name; - }; - - ollama = { - uid = lib.mkForce uids.ollama; - isSystemUser = true; - group = config.users.users.ollama.name; - }; - - git = { - uid = lib.mkForce uids.git; - isSystemUser = !config.services.forgejo.enable; - isNormalUser = config.services.forgejo.enable; - group = config.users.users.git.name; - }; - - immich = { - uid = lib.mkForce uids.immich; - isSystemUser = true; - group = config.users.users.immich.name; - }; - - qbittorrent = { - uid = lib.mkForce uids.qbittorrent; - isSystemUser = true; - group = config.users.users.qbittorrent.name; - }; - - paperless = { - uid = lib.mkForce uids.paperless; - isSystemUser = true; - group = config.users.users.paperless.name; - }; - - actual = { - uid = lib.mkForce uids.actual; - isSystemUser = true; - group = config.users.users.actual.name; - }; - - radarr = { - uid = lib.mkForce uids.radarr; - isSystemUser = true; - group = config.users.users.radarr.name; - }; - - sonarr = { - uid = lib.mkForce uids.sonarr; - isSystemUser = true; - group = config.users.users.sonarr.name; - }; - - bazarr = { - uid = lib.mkForce uids.bazarr; - isSystemUser = true; - group = config.users.users.bazarr.name; - }; - - lidarr = { - uid = lib.mkForce uids.lidarr; - isSystemUser = true; - group = config.users.users.lidarr.name; - }; - - crab-hole = { - uid = lib.mkForce uids.crab-hole; - isSystemUser = true; - group = config.users.users.crab-hole.name; - }; - }; - - groups = { - leyla = { - gid = lib.mkForce gids.leyla; - members = [ - leyla - ]; - }; - - eve = { - gid = lib.mkForce gids.eve; - members = [ - eve - ]; - }; - - ivy = { - gid = lib.mkForce gids.ivy; - members = [ - ivy - ]; - }; - - users = { - gid = lib.mkForce gids.users; - members = [ - leyla - eve - ivy - ]; - }; - - jellyfin_media = { - gid = lib.mkForce gids.jellyfin_media; - members = [ - users.jellyfin.name - users.radarr.name - users.sonarr.name - users.bazarr.name - users.lidarr.name - leyla - eve - ivy - ]; - }; - - jellyfin = { - gid = lib.mkForce gids.jellyfin; - members = [ - users.jellyfin.name - # leyla - ]; - }; - - forgejo = { - gid = lib.mkForce gids.forgejo; - members = [ - users.forgejo.name - # leyla - ]; - }; - - hass = { - gid = lib.mkForce gids.hass; - members = [ - users.hass.name - # leyla - ]; - }; - - syncthing = { - gid = lib.mkForce gids.syncthing; - members = [ - users.syncthing.name - leyla - eve - ivy - ]; - }; - - ollama = { - gid = lib.mkForce gids.ollama; - members = [ - users.ollama.name - ]; - }; - - git = { - gid = lib.mkForce gids.git; - members = [ - users.git.name - ]; - }; - - immich = { - gid = lib.mkForce gids.immich; - members = [ - users.immich.name - # leyla - ]; - }; - - qbittorrent = { - gid = lib.mkForce gids.qbittorrent; - members = [ - users.qbittorrent.name - leyla - ]; - }; - - paperless = { - gid = lib.mkForce gids.paperless; - members = [ - users.paperless.name - ]; - }; - - actual = { - gid = lib.mkForce gids.actual; - members = [ - users.actual.name - ]; - }; - - radarr = { - gid = lib.mkForce gids.radarr; - members = [ - users.radarr.name - ]; - }; - - sonarr = { - gid = lib.mkForce gids.sonarr; - members = [ - users.sonarr.name - ]; - }; - - bazarr = { - gid = lib.mkForce gids.bazarr; - members = [ - users.bazarr.name - ]; - }; - - lidarr = { - gid = lib.mkForce gids.lidarr; - members = [ - users.lidarr.name - ]; - }; - - crab-hole = { - gid = lib.mkForce gids.crab-hole; - members = [ - users.crab-hole.name - ]; - }; - }; - }; - } - (lib.mkIf config.host.impermanence.enable { - boot.initrd.postResumeCommands = lib.mkAfter ( - lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") - normalUsers) - ); - - systemd = { - tmpfiles.rules = - builtins.map ( - user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -" - ) - normalUsers; - }; - - fileSystems = lib.mkMerge [ - { - ${SOPS_AGE_KEY_DIRECTORY}.neededForBoot = true; - } - ( - builtins.listToAttrs ( - builtins.map (user: - lib.attrsets.nameValuePair "/persist/home/${user.name}" { - neededForBoot = true; - }) - normalUsers - ) - ) - ( - builtins.listToAttrs ( - builtins.map (user: - lib.attrsets.nameValuePair "/home/${user.name}" { - neededForBoot = true; - }) - normalUsers - ) - ) - ]; - - host.storage.pool.extraDatasets = lib.mkMerge ( - [ - { - # sops age key needs to be available to pre persist for user generation - "local/system/sops" = { - type = "zfs_fs"; - mountpoint = SOPS_AGE_KEY_DIRECTORY; - options = { - atime = "off"; - relatime = "off"; - canmount = "on"; - }; - }; - } - ] - ++ ( - builtins.map (user: { - "local/home/${user.name}" = { - type = "zfs_fs"; - mountpoint = "/home/${user.name}"; - options = { - canmount = "on"; - }; - postCreateHook = '' - zfs snapshot rpool/local/home/${user.name}@blank - ''; - }; - "persist/home/${user.name}" = { - type = "zfs_fs"; - mountpoint = "/persist/home/${user.name}"; - }; - }) - normalUsers - ) - ); - }) - ]; -} diff --git a/modules/system-modules/default.nix b/modules/system-modules/default.nix deleted file mode 100644 index 637b6b5..0000000 --- a/modules/system-modules/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -# this folder container modules that are for nixos and darwin -{...}: { - imports = [ - ./home-manager - ./system.nix - ./nix-development.nix - ./users.nix - ]; -} diff --git a/modules/system-modules/home-manager/default.nix b/modules/system-modules/home-manager/default.nix deleted file mode 100644 index 3745b8f..0000000 --- a/modules/system-modules/home-manager/default.nix +++ /dev/null @@ -1,2 +0,0 @@ -# modules in this folder are to adapt home-manager modules configs to system-module configs -{...}: {} diff --git a/modules/system-modules/nix-development.nix b/modules/system-modules/nix-development.nix deleted file mode 100644 index 6eeddc4..0000000 --- a/modules/system-modules/nix-development.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - lib, - pkgs, - config, - inputs, - ... -}: { - options.host.nix-development.enable = lib.mkEnableOption "should desktop configuration be enabled"; - - config = lib.mkMerge [ - { - host.nix-development.enable = lib.mkDefault true; - } - (lib.mkIf config.host.nix-development.enable { - nix = { - nixPath = ["nixpkgs=${inputs.nixpkgs}"]; - }; - environment.systemPackages = with pkgs; [ - # nix language server - nil - # nix formatter - alejandra - ]; - }) - ]; -} diff --git a/modules/system-modules/system.nix b/modules/system-modules/system.nix deleted file mode 100644 index f464835..0000000 --- a/modules/system-modules/system.nix +++ /dev/null @@ -1,7 +0,0 @@ -{...}: { - nix = { - settings = { - experimental-features = ["nix-command" "flakes"]; - }; - }; -} diff --git a/modules/system-modules/users.nix b/modules/system-modules/users.nix deleted file mode 100644 index dda9ed3..0000000 --- a/modules/system-modules/users.nix +++ /dev/null @@ -1,118 +0,0 @@ -{ - lib, - config, - ... -}: let - host = config.host; - - hostUsers = host.hostUsers; - principleUsers = host.principleUsers; -in { - options.host = { - users = lib.mkOption { - default = {}; - type = lib.types.attrsOf (lib.types.submodule ({ - config, - name, - ... - }: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - description = '' - What should this users name on the system be - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.name"; - }; - isPrincipleUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should be configured as root and have ssh access - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isPrincipleUser"; - }; - isDesktopUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should install their desktop applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser"; - }; - isTerminalUser = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - User should install their terminal applications - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser"; - }; - isNormalUser = lib.mkOption { - type = lib.types.bool; - default = config.isDesktopUser || config.isTerminalUser; - description = '' - User should install their applications and can log in - ''; - defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser"; - }; - }; - })); - }; - hostUsers = lib.mkOption { - default = lib.attrsets.mapAttrsToList (_: user: user) host.users; - }; - principleUsers = lib.mkOption { - default = lib.lists.filter (user: user.isPrincipleUser) hostUsers; - }; - normalUsers = lib.mkOption { - default = lib.lists.filter (user: user.isNormalUser) hostUsers; - }; - desktopUsers = lib.mkOption { - default = lib.lists.filter (user: user.isDesktopUser) hostUsers; - }; - terminalUsers = lib.mkOption { - default = lib.lists.filter (user: user.isTerminalUser) hostUsers; - }; - }; - - config = { - host.users = { - leyla = { - isPrincipleUser = lib.mkDefault false; - isDesktopUser = lib.mkDefault false; - isTerminalUser = lib.mkDefault false; - }; - eve = { - isPrincipleUser = lib.mkDefault false; - isDesktopUser = lib.mkDefault false; - isTerminalUser = lib.mkDefault false; - }; - ivy = { - isPrincipleUser = lib.mkDefault false; - isDesktopUser = lib.mkDefault false; - isTerminalUser = lib.mkDefault false; - }; - }; - - assertions = - ( - builtins.map (user: { - assertion = !(user.isPrincipleUser && !user.isNormalUser); - message = '' - Non normal user ${user.name} can not be a principle user. - ''; - }) - hostUsers - ) - ++ [ - { - assertion = (builtins.length principleUsers) > 0; - message = '' - At least one user must be a principle user. - ''; - } - ]; - }; -} diff --git a/nix-config-secrets b/nix-config-secrets deleted file mode 160000 index 444229a..0000000 --- a/nix-config-secrets +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 444229a105445339fb028d15a8d866063c5f8141 diff --git a/overlays/intellij.nix b/overlays/intellij.nix new file mode 100644 index 0000000..d83bd15 --- /dev/null +++ b/overlays/intellij.nix @@ -0,0 +1,19 @@ +_: +{ + # nixpkgs.overlays = [ + # (self: super: { + # # idea is too out of date for android gradle things + # jetbrains = { + # jdk = super.jdk17; + # idea-community = super.jetbrains.idea-community.overrideAttrs (oldAttrs: rec { + # version = "2023.3.3"; + # name = "idea-community-${version}"; + # src = super.fetchurl { + # sha256 = "sha256-3BI97Tx+3onnzT1NXkb62pa4dj9kjNDNvFt9biYgP9I="; + # url = "https://download.jetbrains.com/idea/ideaIC-${version}.tar.gz"; + # }; + # }); + # }; + # }) + # ]; +} \ No newline at end of file diff --git a/overlays/vscodium.nix b/overlays/vscodium.nix new file mode 100644 index 0000000..618af19 --- /dev/null +++ b/overlays/vscodium.nix @@ -0,0 +1,15 @@ +_: +{ + # nixpkgs.overlays = [ + # (self: super: { + # # ui is broken on 1.84 + # vscodium = super.vscodium.overrideAttrs (oldAttrs: rec { + # version = "1.85.2.24019"; + # src = super.fetchurl { + # sha256 = "sha256-OBGFXOSN+Oq9uj/5O6tF0Kp7rxTY1AzNbhLK8G+EqVk="; + # url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz"; + # }; + # }); + # }) + # ]; +} \ No newline at end of file diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..9a81f3b --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,3 @@ +pkgs: { + +} \ No newline at end of file diff --git a/rebuild.sh b/rebuild.sh index 48746d9..b37be13 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -1,32 +1,12 @@ #!/usr/bin/env bash -# Get current branch and git status for branch-aware behavior -current_branch=$(git branch --show-current 2>/dev/null || echo "unknown") -git_status=$(git status --porcelain 2>/dev/null || echo "") - -# Default values -default_target=$(hostname) -default_user="$USER" -default_host=$(hostname) -default_mode=$(if [[ "$current_branch" != "main" ]]; then echo "test"; else echo "switch"; fi) - -if [ -d "result" ]; -then - preserve_result=true -else - preserve_result=false -fi - -show_trace=false -clean_vm=false - while [ $# -gt 0 ]; do case "$1" in --target*|-t*) if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=` target="${1#*=}" ;; - --flake*|-f*) + --flake*|-h*) if [[ "$1" != *=* ]]; then shift; fi flake="${1#*=}" ;; @@ -38,50 +18,12 @@ while [ $# -gt 0 ]; do if [[ "$1" != *=* ]]; then shift; fi user="${1#*=}" ;; - --host*) - if [[ "$1" != *=* ]]; then shift; fi - host="${1#*=}" - ;; - --preserve-result) - preserve_result=true - ;; - --no-preserve-result) - preserve_result=false - ;; - --show-trace) - show_trace=true - ;; - --clean-vm) - clean_vm=true - ;; --help|-h) echo "--help -h: print this message" - echo "--target -t: defaults to the current system" - echo " currently: $default_target" - echo "--flake -f: defaults to same as target" - echo " currently: ${target:-$default_target}" - echo "--mode -m: defaults to 'switch', but 'test' on non-main branches" - echo " currently would be: $default_mode" - echo " Available modes: switch, test, build, boot, vm" - echo " 'vm' mode builds and starts a virtual machine" - echo "--user -u: defaults to the current user" - echo " currently: $default_user" - echo "--host: defaults to building on the current machine" - echo " currently: $default_host" - echo "--preserve-result: do not remove the generated result folder after building" - echo "--no-preserve-result: remove any result folder after building" - echo "--show-trace: show trace on builds" - echo "--clean-vm: remove existing VM disk (nixos.qcow2) before building" - echo "" - echo "Branch-aware behavior:" - echo " - On non-main branches: defaults to test mode with warning" - echo " - On main with uncommitted changes: shows warning about creating a branch" - echo " - Current branch: $current_branch" - if [[ -n "$git_status" ]]; then - echo " - Git status: uncommitted changes detected" - else - echo " - Git status: clean working tree" - fi + echo "--target -t: set the target system to rebuild on" + echo "--flake -f: set the flake to rebuild on the target system" + echo "--mode -m: set the mode to rebuild flake as on the target system" + echo "--user -u: set the user to rebuild flake as on the target system" exit 0 ;; *) @@ -92,73 +34,14 @@ while [ $# -gt 0 ]; do shift done -target=${target:-$default_target} +target=${target:-$(hostname)} flake=${flake:-$target} -mode=${mode:-$default_mode} -user=${user:-$default_user} +mode=${mode:-switch} +user=${user:-$USER} -# Validate mode -valid_modes="switch test build boot vm" -if [[ ! " $valid_modes " =~ " $mode " ]]; then - echo "Error: Invalid mode '$mode'" - echo "Valid modes are: $valid_modes" - exit 1 -fi - -# Clean VM disk if requested -if [[ "$clean_vm" = true ]] && [[ -f "nixos.qcow2" ]]; then - echo "Removing existing VM disk: nixos.qcow2" - rm nixos.qcow2 -fi - -# Branch-aware warnings and behavior -if [[ "$current_branch" != "main" ]] && [[ "$mode" == "test" ]]; then - echo "⚠️ WARNING: You are on branch '$current_branch' (not main)" - echo " Defaulting to test mode to prevent accidental system changes" - echo " Specify --mode=switch explicitly if you want to apply changes" -elif [[ "$current_branch" == "main" ]] && [[ -n "$git_status" ]] && [[ "$mode" != "test" ]]; then - echo "⚠️ WARNING: You are on main branch with uncommitted changes" - echo " Consider creating a feature branch for development:" - echo " git checkout -b feature/your-feature-name" -fi - -if [[ "$mode" == "vm" ]]; then - command="nix build .#nixosConfigurations.$flake.config.system.build.vm" - - if [[ "$show_trace" = true ]]; then - command="$command --show-trace" - fi - - echo $command - $command - - if [[ $? -eq 0 ]] && [[ -d "result" ]]; then - echo "Starting VM..." - QEMU_KERNEL_PARAMS=console=ttyS0 ./result/bin/run-nixos-vm -nographic; reset - fi -else - command="nixos-rebuild $mode --sudo --ask-sudo-password --flake .#$flake" - - if [[ $host ]]; then - command="$command --build-host $host" - fi - - if [[ "$target" != "$(hostname)" ]]; then - command="$command --target-host $user@$target" - fi - - if [[ "$show_trace" = true ]]; then - command="$command --show-trace" - fi - - echo $command - $command -fi - -if [ -d "result" ]; +if [[ "$target" == "$(hostname)" ]] then - if [[ "$preserve_result" == "false" ]]; - then - rm -r result - fi + nixos-rebuild $mode --use-remote-sudo --flake .#$flake +else + nixos-rebuild $mode --use-remote-sudo --target-host $user@$target --flake .#$flake fi diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 0000000..1c7579e --- /dev/null +++ b/secrets/secrets.yaml @@ -0,0 +1,24 @@ +passwords: + leyla: ENC[AES256_GCM,data:c69e5uF40ACxVI0zXizydaqMVk6MXVJ13HwptHKeYIJ9H6bCgZRK0HCoTYw366mIpe7zt2V/OVdNr6hdzGfLa90/iOAMaCGqgw==,iv:esVvjfJm3RvO8RdXPvrnT/+At7VFl9Vt6077I5Ks89Q=,tag:fHfIFBRVH3y/V16rHYsT2g==,type:str] + ester: ENC[AES256_GCM,data:Cz3oXNOVz35Uino3HLUNcao4YbG1QwmZn6ulWafGpa6Z3U+X+92f+PpHNx6L+q9ToIDabx0vNGs0Pfsrs4y9k/nmhWB1i66PzA==,iv:pY3aVbxmILYXHG06+XJWM6nHA8FbmsNBssh5LXplCOM=,tag:D09d2Bv4SAO7v4JeHVM+tw==,type:str] + eve: ENC[AES256_GCM,data:XvJjFNIujwk9ttYLTbAE+PEMUpWzLXrJeJJ0aEqWBwx+gjOwX4XVg0J/B75ByJxflh9RSwB0oAGfC+6coAHoMTXPyym52zAYBw==,iv:lVbZ8uC6IKn3Bew0LHmwl47nFfBuNqslltNBiv6cx7I=,tag:lgE0N6JKDcOPqynwtXJKzQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age15ga3jmn2mqtlgwwtdcdh6l5vdx6um9aftrkexxfyue6xvcqapqusle75jh + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXd3BCR2RmMms4ZkNlbTdy + SzRKQ1NqZmFmOHJIS0oxZ3BMSnUyWXAyUUVrCk9tNjNNb0xEcnkvamJpSFF5UlhU + ejF4ZHFlZzJoemxpWXd0clN3cFZvMlkKLS0tIDdoK1oxc2doQTh3QlVyc3dhUE1W + VFBiZm5ZK2kwZjJPd3dCai9QUlpLaFEKFuwGgcdleN69voM5mpsa4J/ulmzZo7q+ + Q7KHOOidDH9C4xKjztYMuJSyviOYiIgILhljMXbNlmZnRs867gmmbw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-09-03T02:19:43Z" + mac: ENC[AES256_GCM,data:Wc8nCiXVj6/+FANq82T+KsObOgwKUJTfkEnrK5MRU5gbLF3Skn0BY/alskV4aI9Kgi1cwh5ZBhHNzvyeIujuRB55QYyoocY0Pq7vLH5dgnA58DKEzrb09SAayiiH9hzRSTkdhtxj8FgCAdA6dWVkHEAO351ee67QNkG0nSwDdK0=,iv:vwUO50SKvzAPwACV1xhh7r+Am/OdlkNEN1pMimEVfC8=,tag:yF2CK41sLHLQqIISlQGAGg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/shell.nix b/shell.nix deleted file mode 100644 index d7c46b9..0000000 --- a/shell.nix +++ /dev/null @@ -1,14 +0,0 @@ -( - import - ( - let - lock = builtins.fromJSON (builtins.readFile ./flake.lock); - in - fetchTarball { - url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; - sha256 = lock.nodes.flake-compat.locked.narHash; - } - ) - {src = ./.;} -) -.shellNix diff --git a/templates/default.nix b/templates/default.nix new file mode 100644 index 0000000..f9d63b0 --- /dev/null +++ b/templates/default.nix @@ -0,0 +1,2 @@ +_: +{} \ No newline at end of file diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 0000000..57effe3 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,8 @@ +{ inputs, ... }: +{ + imports = [ ./leyla ./ester ./eve ]; + + users.mutableUsers = false; + + home-manager.extraSpecialArgs = { inherit inputs; }; +} \ No newline at end of file diff --git a/users/ester/default.nix b/users/ester/default.nix new file mode 100644 index 0000000..156716f --- /dev/null +++ b/users/ester/default.nix @@ -0,0 +1,45 @@ +{ lib, config, pkgs, ... }: +let + cfg = config.users.ester; +in +{ + options.users.ester = { + isFullUser = lib.mkEnableOption "ester"; + }; + + config = { + sops.secrets = lib.mkIf cfg.isFullUser { + "passwords/ester" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; + + users.groups.ester = {}; + + users.users.ester = lib.mkMerge [ + { + uid = 1001; + description = "Ester"; + group = "ester"; + } + + ( + if cfg.isFullUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" "users" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + } else { + isSystemUser = true; + } + ) + ]; + }; +} \ No newline at end of file diff --git a/users/eve/default.nix b/users/eve/default.nix new file mode 100644 index 0000000..4ed06a8 --- /dev/null +++ b/users/eve/default.nix @@ -0,0 +1,47 @@ +{ lib, config, pkgs, ... }: +let + cfg = config.users.eve; +in +{ + options.users.eve = { + isFullUser = lib.mkEnableOption "eve"; + }; + + config = { + sops.secrets = lib.mkIf cfg.isFullUser { + "passwords/eve" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; + + users.groups.eve = {}; + + users.users.eve = lib.mkMerge [ + { + uid = 1002; + description = "Eve"; + group = "eve"; + } + + ( + if cfg.isFullUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" "users" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + } else { + isSystemUser = true; + } + ) + ]; + }; +} \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix new file mode 100644 index 0000000..7a8dc54 --- /dev/null +++ b/users/leyla/default.nix @@ -0,0 +1,72 @@ +{ lib, config, pkgs, ... }: +let + cfg = config.users.leyla; +in +{ + imports =[ + ./packages.nix + ]; + + options.users.leyla = { + isFullUser = lib.mkEnableOption "create usable leyla user"; + isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; + hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; + hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; + hasViaKeyboard = lib.mkEnableOption "install programs for managing via supported keyboards"; + hasGPU = lib.mkEnableOption "installs gpu intensive programs"; + }; + + config = { + sops.secrets = lib.mkIf (cfg.isFullUser || cfg.isThinUser) { + "passwords/leyla" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; + + users.groups.leyla = {}; + + users.users.leyla = lib.mkMerge [ + { + uid = 1000; + description = "Leyla"; + group = "leyla"; + } + + ( + if (cfg.isFullUser || cfg.isThinUser) then { + isNormalUser = true; + extraGroups = lib.mkMerge [ + ["networkmanager" "wheel" "users"] + ( + lib.mkIf (!cfg.isThinUser) [ "adbusers" ] + ) + ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + openssh = { + authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight" + ]; + }; + } else { + isSystemUser = true; + } + ) + ]; + + # TODO: this should reference the home directory from the user config + services.openssh.hostKeys = [ + { + comment = "leyla@" + config.networking.hostName; + path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519"; + rounds = 100; + type = "ed25519"; + } + ]; + + home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix); + }; +} \ No newline at end of file diff --git a/users/leyla/home.nix b/users/leyla/home.nix new file mode 100644 index 0000000..40a6926 --- /dev/null +++ b/users/leyla/home.nix @@ -0,0 +1,125 @@ +{ config, pkgs, ... }: + +{ + # Home Manager needs a bit of information about you and the paths it should + # manage. + home = { + username = "leyla"; + homeDirectory = "/home/leyla"; + + # This value determines the Home Manager release that your configuration is + # compatible with. This helps avoid breakage when a new Home Manager release + # introduces backwards incompatible changes. + # + # You should not change this value, even if you update Home Manager. If you do + # want to update the value, then make sure to first check the Home Manager + # release notes. + stateVersion = "23.11"; # Please read the comment before changing. + + # The home.packages option allows you to install Nix packages into your + # environment. + packages = [ + # # Adds the 'hello' command to your environment. It prints a friendly + # # "Hello, world!" when run. + # pkgs.hello + + # # It is sometimes useful to fine-tune packages, for example, by applying + # # overrides. You can do that directly here, just don't forget the + # # parentheses. Maybe you want to install Nerd Fonts with a limited number of + # # fonts? + # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) + + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + # (pkgs.writeShellScriptBin "my-hello" '' + # echo "Hello, ${config.home.username}!" + # '') + ]; + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/leyla/etc/profile.d/hm-session-vars.sh + # + sessionVariables = { + # EDITOR = "emacs"; + }; + }; + + programs = { + # Let Home Manager install and manage itself. + home-manager.enable = true; + git = { + enable = true; + userName = "Leyla Becker"; + userEmail = "git@jan-leila.com"; + extraConfig.init.defaultBranch = "main"; + }; + }; + + dconf = { + enable = true; + settings = { + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; + + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = [ + # Put UUIDs of extensions that you want to enable here. + # If the extension you want to enable is packaged in nixpkgs, + # you can easily get its UUID by accessing its extensionUuid + # field (look at the following example). + pkgs.gnomeExtensions.dash-to-dock.extensionUuid + + # Alternatively, you can manually pass UUID as a string. + # "dash-to-dock@micxgx.gmail.com" + ]; + }; + + "org/gnome/shell/extensions/dash-to-dock" = { + "dock-position" = "LEFT"; + "intellihide-mode" = "ALL_WINDOWS"; + "show-trash" = false; + "require-pressure-to-show" = true; + "show-mounts" = false; + }; + + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = "kgx"; + name = "Open Terminal"; + }; + }; + }; +} diff --git a/users/leyla/packages.nix b/users/leyla/packages.nix new file mode 100644 index 0000000..223f568 --- /dev/null +++ b/users/leyla/packages.nix @@ -0,0 +1,129 @@ +{ lib, config, pkgs, inputs, ... }: +let + cfg = config.users.leyla; +in +{ + imports = [ + ../../overlays/intellij.nix + ../../overlays/vscodium.nix + ]; + + nixpkgs = { + overlays = [ + inputs.nix-vscode-extensions.overlays.default + ]; + }; + + programs = { + bash.shellAliases = lib.mkIf cfg.isFullUser { + code = "codium"; + }; + + steam = lib.mkIf cfg.isFullUser { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; + + noisetorch.enable = cfg.isFullUser; + + adb.enable = cfg.isFullUser; + }; + + users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) ( + lib.mkMerge [ + ( + with pkgs; [ + # comand line tools + yt-dlp + ffmpeg + imagemagick + ] + ) + ( + lib.mkIf (!cfg.isThinUser) ( + with pkgs; [ + #foss platforms + signal-desktop + bitwarden + firefox + ungoogled-chromium + libreoffice + inkscape + gimp + krita + freecad + # cura + kicad-small + makemkv + transmission_4-gtk + onionshare + easytag + # rhythmbox + (lib.mkIf cfg.hasGPU obs-studio) + # wireshark + # rpi-imager + # fritzing + + # proprietary platforms + discord + obsidian + steam + (lib.mkIf cfg.hasGPU davinci-resolve) + + # development tools + (vscode-with-extensions.override { + vscode = vscodium; + vscodeExtensions = with open-vsx; [ + # vs code feel extensions + ms-vscode.atom-keybindings + akamud.vscode-theme-onedark + streetsidesoftware.code-spell-checker + streetsidesoftware.code-spell-checker-german + streetsidesoftware.code-spell-checker-italian + jeanp413.open-remote-ssh + + # nix extensions + pinage404.nix-extension-pack + jnoortheen.nix-ide + + # html extensions + formulahendry.auto-rename-tag + ms-vscode.live-server + + # js extensions + dsznajder.es7-react-js-snippets + dbaeumer.vscode-eslint + standard.vscode-standard + firsttris.vscode-jest-runner + stylelint.vscode-stylelint + tauri-apps.tauri-vscode + + # misc extensions + bungcip.better-toml + ] ++ (with vscode-marketplace; [ + # js extensions + karyfoundation.nearley + ]); + }) + androidStudioPackages.canary + jetbrains.idea-community + dbeaver-bin + bruno + + # system tools + protonvpn-gui + openvpn + nextcloud-client + noisetorch + + # hardware managment tools + (lib.mkIf cfg.hasPiperMouse piper) + (lib.mkIf cfg.hasOpenRGBHardware openrgb) + (lib.mkIf cfg.hasViaKeyboard via) + ] + ) + ) + ] + ); +} \ No newline at end of file diff --git a/util/default.nix b/util/default.nix index 66e300b..a4fab1e 100644 --- a/util/default.nix +++ b/util/default.nix @@ -1,118 +1,8 @@ -{inputs}: let - util = (import ./default.nix) {inherit inputs;}; - outputs = inputs.self.outputs; - - lib = inputs.lib; - nixpkgs = inputs.nixpkgs; - home-manager = inputs.home-manager; - nix-darwin = inputs.nix-darwin; - sops-nix = inputs.sops-nix; - nix-syncthing = inputs.nix-syncthing; - disko = inputs.disko; - impermanence = inputs.impermanence; - lix-module = inputs.lix-module; - - systems = [ - "aarch64-darwin" - "aarch64-linux" - "x86_64-darwin" - "x86_64-linux" - ]; - forEachSystem = nixpkgs.lib.genAttrs systems; - pkgsFor = system: nixpkgs.legacyPackages.${system}; - - common-modules = [ - ../modules/common-modules - ]; - - home-manager-modules = - common-modules - ++ [ - sops-nix.homeManagerModules.sops - impermanence.homeManagerModules.impermanence - ../modules/home-manager-modules - ]; - - home-manager-config = nixpkgs: { - home-manager.useUserPackages = true; - home-manager.backupFileExtension = "backup"; - home-manager.extraSpecialArgs = { - inherit inputs outputs util; - }; - home-manager.users = import ../configurations/home-manager (nixpkgs - // { - osConfig = nixpkgs.config; - }); - home-manager.sharedModules = home-manager-modules; - }; - - system-modules = - common-modules - ++ [ - home-manager-config - ../modules/system-modules - ]; - - syncthingConfiguration = nix-syncthing.lib.syncthingConfiguration { - modules = [ - (import ../configurations/syncthing) - ]; - }; -in { - forEachPkgs = lambda: forEachSystem (system: lambda system (pkgsFor system)); - - mkUnless = condition: yes: (lib.mkIf (!condition) yes); - mkIfElse = condition: yes: no: - lib.mkMerge [ - (lib.mkIf condition yes) - (lib.mkUnless condition no) - ]; - - mkNixosSystem = host: - nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs outputs util syncthingConfiguration;}; - modules = - system-modules - ++ [ - sops-nix.nixosModules.sops - nix-syncthing.nixosModules.syncthing - impermanence.nixosModules.impermanence - home-manager.nixosModules.home-manager - disko.nixosModules.disko - # lix-module.nixosModules.default - ../modules/nixos-modules - ../configurations/nixos/${host} - ]; - }; - - mkDarwinSystem = host: - nix-darwin.lib.darwinSystem { - specialArgs = {inherit inputs outputs util;}; - modules = - system-modules - ++ [ - sops-nix.darwinModules.sops - home-manager.darwinModules.home-manager - ../modules/darwin-modules - ../configurations/darwin/${host} - ]; - }; - - mkHome = { - user, - host, - system, - osConfig, - }: - home-manager.lib.homeManagerConfiguration { - pkgs = pkgsFor system; - extraSpecialArgs = { - inherit inputs util outputs osConfig; - }; - modules = - home-manager-modules - ++ [ - ../configurations/home-manager/${user} - ]; - }; -} +_: +{ + # mkUnless = condition: then: (mkIf (!condition) then); + # mkIfElse = condition: then: else: lib.mkMerge [ + # (mkIf condition then) + # (mkUnless condition else) + # ]; +} \ No newline at end of file