From 4825c5ec5ed5287f208dab10e109037a30d66b81 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 13:32:07 -0500 Subject: [PATCH 01/30] made common configuration place for gnome extensions --- configurations/home-manager/leyla/dconf.nix | 20 +++++---------- .../home-manager/leyla/packages/default.nix | 2 -- modules/home-manager-modules/default.nix | 1 + modules/home-manager-modules/gnome.nix | 25 +++++++++++++++++++ 4 files changed, 32 insertions(+), 16 deletions(-) create mode 100644 modules/home-manager-modules/gnome.nix diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 5818641..08fd36f 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -1,5 +1,11 @@ {pkgs, ...}: { config = { + gnome = { + extensions = [ + pkgs.gnomeExtensions.dash-to-dock + ]; + }; + dconf = { enable = true; settings = { @@ -7,20 +13,6 @@ "org/gnome/desktop/wm/preferences".button-layout = ":minimize,maximize,close"; - "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = [ - # Put UUIDs of extensions that you want to enable here. - # If the extension you want to enable is packaged in nixpkgs, - # you can easily get its UUID by accessing its extensionUuid - # field (look at the following example). - pkgs.gnomeExtensions.dash-to-dock.extensionUuid - - # Alternatively, you can manually pass UUID as a string. - # "dash-to-dock@micxgx.gmail.com" - ]; - }; - "org/gnome/shell/extensions/dash-to-dock" = { "dock-position" = "LEFT"; "intellihide-mode" = "ALL_WINDOWS"; diff --git a/configurations/home-manager/leyla/packages/default.nix b/configurations/home-manager/leyla/packages/default.nix index bbd8152..63f9661 100644 --- a/configurations/home-manager/leyla/packages/default.nix +++ b/configurations/home-manager/leyla/packages/default.nix @@ -69,8 +69,6 @@ in { (with pkgs; [ aileron - gnomeExtensions.dash-to-dock - proxmark3 ]) ++ ( diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index 73876f4..f83f143 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -7,6 +7,7 @@ ./i18n.nix ./openssh.nix ./continue.nix + ./gnome.nix ./programs ]; } diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix new file mode 100644 index 0000000..a8503e8 --- /dev/null +++ b/modules/home-manager-modules/gnome.nix @@ -0,0 +1,25 @@ +{ + lib, + config, + ... +}: { + options.gnome = { + extensions = lib.mkOption { + type = lib.types.listOf lib.types.package; + default = []; + description = "The set of extensions to install and enable in the user environment."; + }; + }; + + config = { + home.packages = config.gnome.extensions; + dconf = { + settings = { + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; + }; + }; + }; + }; +} From 7c61f8617b19cd6f730b2200819815ca214ec34d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 14:30:12 -0500 Subject: [PATCH 02/30] created hotkey generator --- configurations/home-manager/leyla/dconf.nix | 12 +++---- modules/home-manager-modules/gnome.nix | 40 +++++++++++++++++---- 2 files changed, 40 insertions(+), 12 deletions(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 08fd36f..847977d 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -4,6 +4,12 @@ extensions = [ pkgs.gnomeExtensions.dash-to-dock ]; + hotkeys = { + "Open Terminal" = { + binding = "t"; + command = "kgx"; + }; + }; }; dconf = { @@ -27,12 +33,6 @@ ]; }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "kgx"; - name = "Open Terminal"; - }; - "org/gnome/shell" = { favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"]; # app-picker-layout = diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index a8503e8..531ad86 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -9,17 +9,45 @@ default = []; description = "The set of extensions to install and enable in the user environment."; }; + hotkeys = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { + options = { + binding = lib.mkOption { + type = lib.types.str; + }; + command = lib.mkOption { + type = lib.types.str; + }; + }; + })); + default = {}; + }; }; config = { home.packages = config.gnome.extensions; dconf = { - settings = { - "org/gnome/shell" = { - disable-user-extensions = false; # enables user extensions - enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; - }; - }; + settings = lib.mkMerge [ + { + "org/gnome/shell" = { + disable-user-extensions = false; # enables user extensions + enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; + }; + } + ( + builtins.listToAttrs ( + lib.lists.imap0 ( + i: value: lib.attrsets.nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}" value + ) + (lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys) + ) + ) + # "org/gnome/settings-daemon/plugins/media-keys" = { + # custom-keybindings = [ + # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" + # ]; + # }; + ]; }; }; } From f8aa299e16fc02bea2f7a4b1f0584ce2b67540ea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 17:27:18 -0500 Subject: [PATCH 03/30] fixed hotkey config --- configurations/home-manager/leyla/dconf.nix | 6 ----- modules/home-manager-modules/gnome.nix | 30 ++++++++++++++++++--- 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 847977d..0e4a6a7 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -27,12 +27,6 @@ "show-mounts" = false; }; - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - ]; - }; - "org/gnome/shell" = { favorite-apps = ["org.gnome.Nautilus.desktop" "firefox.desktop" "codium.desktop" "steam.desktop" "org.gnome.Console.desktop"]; # app-picker-layout = diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index 531ad86..ace1da7 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -12,6 +12,10 @@ hotkeys = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { + name = lib.mkOption { + type = lib.types.strMatching "[a-zA-Z0-9_-]+"; + default = builtins.replaceStrings [" " "/"] ["_" "-"] name; + }; binding = lib.mkOption { type = lib.types.str; }; @@ -35,13 +39,31 @@ }; } ( - builtins.listToAttrs ( - lib.lists.imap0 ( - i: value: lib.attrsets.nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}" value + lib.mkMerge ( + builtins.map (value: let + entry = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${value.name}"; + in { + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "${entry}/" + ]; + }; + + ${entry} = value; + }) + ( + lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys ) - (lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys) ) ) + # ( + # builtins.listToAttrs ( + # lib.lists.imap0 ( + # i: value: lib.attrsets.nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}" value + # ) + # (lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys) + # ) + # ) # "org/gnome/settings-daemon/plugins/media-keys" = { # custom-keybindings = [ # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" From b3f992f0010578fd53477416ce619ec788c382b5 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 17:42:37 -0500 Subject: [PATCH 04/30] added more options to gnome.nix --- configurations/home-manager/leyla/dconf.nix | 7 ++-- modules/home-manager-modules/gnome.nix | 36 +++++++++++++++++++++ rebuild.sh | 2 +- 3 files changed, 40 insertions(+), 5 deletions(-) diff --git a/configurations/home-manager/leyla/dconf.nix b/configurations/home-manager/leyla/dconf.nix index 0e4a6a7..ef75db6 100644 --- a/configurations/home-manager/leyla/dconf.nix +++ b/configurations/home-manager/leyla/dconf.nix @@ -1,6 +1,9 @@ {pkgs, ...}: { config = { gnome = { + extraWindowControls = true; + colorScheme = "prefer-dark"; + clockFormat = "24h"; extensions = [ pkgs.gnomeExtensions.dash-to-dock ]; @@ -15,10 +18,6 @@ dconf = { enable = true; settings = { - "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - - "org/gnome/desktop/wm/preferences".button-layout = ":minimize,maximize,close"; - "org/gnome/shell/extensions/dash-to-dock" = { "dock-position" = "LEFT"; "intellihide-mode" = "ALL_WINDOWS"; diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index ace1da7..6a01b2b 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -4,6 +4,36 @@ ... }: { options.gnome = { + extraWindowControls = lib.mkEnableOption "Should we add back in the minimize and maximize window controls?"; + clockFormat = lib.mkOption { + type = lib.types.enum [ + "12h" + "24h" + ]; + default = "24h"; + }; + colorScheme = lib.mkOption { + type = lib.types.enum [ + "default" + "prefer-dark" + "prefer-light" + ]; + default = "default"; + }; + accentColor = lib.mkOption { + type = lib.types.enum [ + "blue" + "teal" + "green" + "yellow" + "orange" + "red" + "pink" + "purple" + "slate" + ]; + default = "blue"; + }; extensions = lib.mkOption { type = lib.types.listOf lib.types.package; default = []; @@ -37,6 +67,12 @@ disable-user-extensions = false; # enables user extensions enabled-extensions = builtins.map (extension: extension.extensionUuid) config.gnome.extensions; }; + + "org/gnome/desktop/wm/preferences".button-layout = lib.mkIf config.gnome.extraWindowControls ":minimize,maximize,close"; + + "org/gnome/desktop/interface".color-scheme = config.gnome.colorScheme; + "org/gnome/desktop/interface".accent-color = config.gnome.accentColor; + "org/gnome/desktop/interface".clock-format = config.gnome.clockFormat; } ( lib.mkMerge ( diff --git a/rebuild.sh b/rebuild.sh index 32fd303..37b6e10 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -65,7 +65,7 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -command="nixos-rebuild $mode --use-remote-sudo --ask-sudo-password --flake .#$flake" +command="nixos-rebuild $mode --sudo --flake .#$flake" if [[ $host ]]; then From 4c0c443048dd178eebe0331c3c07d5a1344a5024 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Wed, 25 Jun 2025 18:35:51 -0500 Subject: [PATCH 05/30] fixed hotkeys --- modules/home-manager-modules/gnome.nix | 37 +++++++++++--------------- 1 file changed, 16 insertions(+), 21 deletions(-) diff --git a/modules/home-manager-modules/gnome.nix b/modules/home-manager-modules/gnome.nix index 6a01b2b..8c70cf6 100644 --- a/modules/home-manager-modules/gnome.nix +++ b/modules/home-manager-modules/gnome.nix @@ -42,9 +42,13 @@ hotkeys = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { options = { + key = lib.mkOption { + type = lib.types.strMatching "[a-zA-Z0-9-]+"; + default = builtins.replaceStrings [" " "/" "_"] ["-" "-" "-"] name; + }; name = lib.mkOption { - type = lib.types.strMatching "[a-zA-Z0-9_-]+"; - default = builtins.replaceStrings [" " "/"] ["_" "-"] name; + type = lib.types.str; + default = name; }; binding = lib.mkOption { type = lib.types.str; @@ -77,34 +81,25 @@ ( lib.mkMerge ( builtins.map (value: let - entry = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${value.name}"; + entry = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/${value.key}"; in { - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ - "${entry}/" - ]; + ${entry} = { + binding = value.binding; + command = value.command; + name = value.name; }; - ${entry} = value; + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ + "/${entry}/" + ]; + }; }) ( lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys ) ) ) - # ( - # builtins.listToAttrs ( - # lib.lists.imap0 ( - # i: value: lib.attrsets.nameValuePair "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}" value - # ) - # (lib.attrsets.mapAttrsToList (_: value: value) config.gnome.hotkeys) - # ) - # ) - # "org/gnome/settings-daemon/plugins/media-keys" = { - # custom-keybindings = [ - # "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" - # ]; - # }; ]; }; }; From b6ce78b35ceaf833278e2c44e4ada85e356e33d0 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 28 Jun 2025 10:33:59 -0500 Subject: [PATCH 06/30] updated nix flake --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 2d00dff..0bea92a 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1750680230, - "narHash": "sha256-kD88T/NqmcgfOBFAwphN30ccaUdj6K6+LG0XdM2w2LA=", + "lastModified": 1750903843, + "narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=", "owner": "nix-community", "repo": "disko", - "rev": "8fd2d6c75009ac75f9a6fb18c33a239806778d01", + "rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1750737804, - "narHash": "sha256-wClGd2PhxdjjphR6wIgoiDcR+Gfg4/+FyseSOjIIzVU=", + "lastModified": 1751083400, + "narHash": "sha256-0hZWDzX7/C0NcsiOW+WBvdb+aGDnydw1xku3UUXzm/4=", "owner": "rycee", "repo": "nur-expressions", - "rev": "aaaf4fec792bad465ea4a35c0be5bc2a54f33095", + "rev": "e805fa9d7c2968712896f71684540dac21449744", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1750730235, - "narHash": "sha256-rZErlxiV7ssvI8t7sPrKU+fRigNc2KvoKZG3gtUtK50=", + "lastModified": 1750973805, + "narHash": "sha256-BZXgag7I0rnL/HMHAsBz3tQrfKAibpY2vovexl2lS+Y=", "owner": "nix-community", "repo": "home-manager", - "rev": "d07e9cceb4994ed64a22b9b36f8b76923e87ac38", + "rev": "080e8b48b0318b38143d5865de9334f46d51fce3", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1750730765, - "narHash": "sha256-MIcOcvxqAXUv2TJjf19aVXdtVrD8Gkcfi4W4pKkT0Lw=", + "lastModified": 1751076164, + "narHash": "sha256-to92MoMF7QC2K2gdpkYoN/Y9wuF6Q/qlvNyHca6uPjQ=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "1a1442e13dc1730de0443f80dcf02658365e999a", + "rev": "7f443f5e4125f9aad3885542c04653f29b15b92a", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750431636, - "narHash": "sha256-vnzzBDbCGvInmfn2ijC4HsIY/3W1CWbwS/YQoFgdgPg=", + "lastModified": 1750837715, + "narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "1552a9f4513f3f0ceedcf90320e48d3d47165712", + "rev": "98236410ea0fe204d0447149537a924fb71a6d4f", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1750506804, - "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", + "lastModified": 1751011381, + "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4206c4cb56751df534751b058295ea61357bbbaa", + "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", "type": "github" }, "original": { From 4db136d5271d93d680995a5e44406fcc3b47223e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 30 Jun 2025 22:37:38 -0500 Subject: [PATCH 07/30] updated flake lock --- flake.lock | 30 +++++++++++++++--------------- rebuild.sh | 2 +- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index 0bea92a..7bb221c 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1751083400, - "narHash": "sha256-0hZWDzX7/C0NcsiOW+WBvdb+aGDnydw1xku3UUXzm/4=", + "lastModified": 1751256218, + "narHash": "sha256-WC1YSV4lFT41AaEhpiQZRuofe+2WLI9PNuuqgdRmjVM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "e805fa9d7c2968712896f71684540dac21449744", + "rev": "fa40d85b15cbfb1a488ef9a119ff2d40a481c8da", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1750973805, - "narHash": "sha256-BZXgag7I0rnL/HMHAsBz3tQrfKAibpY2vovexl2lS+Y=", + "lastModified": 1751336185, + "narHash": "sha256-ptnVr2x+sl7cZcTuGx/0BOE2qCAIYHTcgfA+/h60ml0=", "owner": "nix-community", "repo": "home-manager", - "rev": "080e8b48b0318b38143d5865de9334f46d51fce3", + "rev": "96354906f58464605ff81d2f6c2ea23211cbf051", "type": "github" }, "original": { @@ -185,11 +185,11 @@ ] }, "locked": { - "lastModified": 1750618568, - "narHash": "sha256-w9EG5FOXrjXGfbqCcQg9x1lMnTwzNDW5BMXp8ddy15E=", + "lastModified": 1751313918, + "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "1dd19f19e4b53a1fd2e8e738a08dd5fe635ec7e5", + "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1751076164, - "narHash": "sha256-to92MoMF7QC2K2gdpkYoN/Y9wuF6Q/qlvNyHca6uPjQ=", + "lastModified": 1751336244, + "narHash": "sha256-4fz6Xy9L1/9LXpueprfycJKggWZYPZfQxb5Qf8ay6As=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "7f443f5e4125f9aad3885542c04653f29b15b92a", + "rev": "0011bc2bd9af8ee1a093d13c37dc8fa862132c1b", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751011381, - "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", + "lastModified": 1751271578, + "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", + "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", "type": "github" }, "original": { diff --git a/rebuild.sh b/rebuild.sh index 37b6e10..36a1201 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -65,7 +65,7 @@ flake=${flake:-$target} mode=${mode:-switch} user=${user:-$USER} -command="nixos-rebuild $mode --sudo --flake .#$flake" +command="nixos-rebuild $mode --sudo --ask-sudo-password --flake .#$flake" if [[ $host ]]; then From 43ce00703399eea337bceae14fcb2b9586868cb2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 5 Jul 2025 00:01:28 -0500 Subject: [PATCH 08/30] moved impermanence config for var lib private into impermanence module --- modules/nixos-modules/impermanence.nix | 12 ++++++++++++ modules/nixos-modules/ollama.nix | 4 ---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index 2f38cd3..7735e97 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -25,6 +25,18 @@ } ]; + # fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254 + system.activationScripts."createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"]; + system.activationScripts = { + "var-lib-private-permissions" = { + deps = ["specialfs"]; + text = '' + mkdir -p /persist/system/root/var/lib/private + chmod 0700 /persist/system/root/var/lib/private + ''; + }; + }; + programs.fuse.userAllowOther = true; boot.initrd.postResumeCommands = lib.mkAfter '' diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix index a29a9aa..99819bf 100644 --- a/modules/nixos-modules/ollama.nix +++ b/modules/nixos-modules/ollama.nix @@ -28,10 +28,6 @@ }; })) (lib.mkIf config.host.impermanence.enable { - # TODO: move this somewhere common - systemd.tmpfiles.rules = [ - "d /var/lib/private 0700 root root" - ]; environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; From 84dfcfddbd8ec7f8e81643675f0b6c56dfff40f6 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 5 Jul 2025 00:18:00 -0500 Subject: [PATCH 09/30] updated flake lock --- flake.lock | 36 +++++++++---------- .../home-manager-modules/programs/anki.nix | 28 ++++----------- 2 files changed, 25 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 7bb221c..ee4ebda 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1750903843, - "narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=", + "lastModified": 1751607816, + "narHash": "sha256-5PtrwjqCIJ4DKQhzYdm8RFePBuwb+yTzjV52wWoGSt4=", "owner": "nix-community", "repo": "disko", - "rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae", + "rev": "da6109c917b48abc1f76dd5c9bf3901c8c80f662", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1751256218, - "narHash": "sha256-WC1YSV4lFT41AaEhpiQZRuofe+2WLI9PNuuqgdRmjVM=", + "lastModified": 1751688200, + "narHash": "sha256-4W+Bw2G9bTUuvAVS0g1rTdm5jyxxZoPFSSSk3S5yOPQ=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fa40d85b15cbfb1a488ef9a119ff2d40a481c8da", + "rev": "7dc9a3c333983e3dcc19eb29b8e98184ef7e51e7", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1751336185, - "narHash": "sha256-ptnVr2x+sl7cZcTuGx/0BOE2qCAIYHTcgfA+/h60ml0=", + "lastModified": 1751690735, + "narHash": "sha256-/FkoEVh6LzzunOYd5yZ2uo4HHzLqaKi6VH2kPus9hk0=", "owner": "nix-community", "repo": "home-manager", - "rev": "96354906f58464605ff81d2f6c2ea23211cbf051", + "rev": "e8da7372fd1f0da3fe3874af3aa9ddd78662d8ae", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1751336244, - "narHash": "sha256-4fz6Xy9L1/9LXpueprfycJKggWZYPZfQxb5Qf8ay6As=", + "lastModified": 1751681058, + "narHash": "sha256-b9JMD1j+zqGbrWSobXq4icjOm5tdoy7dWBLSe6WTCSE=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "0011bc2bd9af8ee1a093d13c37dc8fa862132c1b", + "rev": "0cadf3b87cce52af29c3cc98be8ee81b3c05f2c1", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1750837715, - "narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=", + "lastModified": 1751432711, + "narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "98236410ea0fe204d0447149537a924fb71a6d4f", + "rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f", "type": "github" }, "original": { @@ -313,11 +313,11 @@ ] }, "locked": { - "lastModified": 1750119275, - "narHash": "sha256-Rr7Pooz9zQbhdVxux16h7URa6mA80Pb/G07T4lHvh0M=", + "lastModified": 1751606940, + "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "77c423a03b9b2b79709ea2cb63336312e78b72e2", + "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d", "type": "github" }, "original": { diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index 083d205..c2f93ea 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -1,29 +1,15 @@ { lib, - pkgs, config, osConfig, ... }: { - options.programs.anki = { - enable = lib.mkEnableOption "enable anki"; - }; - - config = lib.mkIf config.programs.anki.enable (lib.mkMerge [ - { - home.packages = with pkgs; [ - anki + config = lib.mkIf (config.programs.anki.enable && osConfig.host.impermanence.enable) { + home.persistence."/persist${config.home.homeDirectory}" = { + directories = [ + "${config.xdg.dataHome}/Anki2/" ]; - } - ( - lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - "${config.xdg.dataHome}/Anki2/" - ]; - allowOther = true; - }; - } - ) - ]); + allowOther = true; + }; + }; } From 56ef83b4ba8acdfd6f456089b1dc4007123eece7 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Jul 2025 17:01:37 -0500 Subject: [PATCH 10/30] updated flake lock and fixed vscode extensions --- .../leyla/packages/vscode/default.nix | 25 +++++-------- flake.lock | 36 +++++++++---------- modules/common-modules/overlays/default.nix | 1 + 3 files changed, 27 insertions(+), 35 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index c21e01d..74673a0 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -1,7 +1,6 @@ { lib, pkgs, - inputs, config, osConfig, ... @@ -10,22 +9,12 @@ ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; in { config = lib.mkIf config.user.isDesktopUser { - nixpkgs = { - overlays = [ - inputs.nix-vscode-extensions.overlays.default - ]; - }; - programs = { bash.shellAliases = { code = "codium"; }; - vscode = let - extensions = inputs.nix-vscode-extensions.extensions.${pkgs.system}; - open-vsx = extensions.open-vsx; - vscode-marketplace = extensions.vscode-marketplace; - in { + vscode = { package = pkgs.vscodium; mutableExtensionsDir = false; @@ -57,12 +46,12 @@ in { }; }) (lib.mkIf ai-tooling-enabled { - "continue.telemetryEnabled" = false; + # "continue.telemetryEnabled" = false; }) ]; extensions = ( - with open-vsx; + with pkgs.open-vsx; [ # vs code feel extensions ms-vscode.atom-keybindings @@ -80,7 +69,7 @@ in { dsznajder.es7-react-js-snippets dbaeumer.vscode-eslint standard.vscode-standard - firsttris.vscode-jest-runner + orta.vscode-jest stylelint.vscode-stylelint tauri-apps.tauri-vscode @@ -101,13 +90,15 @@ in { kamadorueda.alejandra ]) ++ ( - with vscode-marketplace; + with pkgs.vscode-marketplace; [ # js extensions karyfoundation.nearley ] ++ (lib.lists.optionals ai-tooling-enabled [ - continue.continue + # continue.continue + github.copilot + github.copilot-chat ]) ) ); diff --git a/flake.lock b/flake.lock index ee4ebda..a60584d 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1751607816, - "narHash": "sha256-5PtrwjqCIJ4DKQhzYdm8RFePBuwb+yTzjV52wWoGSt4=", + "lastModified": 1752113600, + "narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=", "owner": "nix-community", "repo": "disko", - "rev": "da6109c917b48abc1f76dd5c9bf3901c8c80f662", + "rev": "79264292b7e3482e5702932949de9cbb69fedf6d", "type": "github" }, "original": { @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1751688200, - "narHash": "sha256-4W+Bw2G9bTUuvAVS0g1rTdm5jyxxZoPFSSSk3S5yOPQ=", + "lastModified": 1752269946, + "narHash": "sha256-vL26J2f9uXvwBNkfwYH1v75VwN22ZLhBcyZeenJwnCU=", "owner": "rycee", "repo": "nur-expressions", - "rev": "7dc9a3c333983e3dcc19eb29b8e98184ef7e51e7", + "rev": "9885400dbd82f9b2970b30e18f233404416f7cca", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1751690735, - "narHash": "sha256-/FkoEVh6LzzunOYd5yZ2uo4HHzLqaKi6VH2kPus9hk0=", + "lastModified": 1752265577, + "narHash": "sha256-YhnBM3oknReSFTAuc2SMwekwjl9nDd5PUhcar4DsefM=", "owner": "nix-community", "repo": "home-manager", - "rev": "e8da7372fd1f0da3fe3874af3aa9ddd78662d8ae", + "rev": "3976e0507edc9a5f332cb2be93fa20e646d22374", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1751681058, - "narHash": "sha256-b9JMD1j+zqGbrWSobXq4icjOm5tdoy7dWBLSe6WTCSE=", + "lastModified": 1752200230, + "narHash": "sha256-WqqWjRX4qZYqO/cgvU/ZEzJBQqHBi17OEVv2kt05WiU=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "0cadf3b87cce52af29c3cc98be8ee81b3c05f2c1", + "rev": "3c866dfb70d282247452742098d315b97df713d2", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1751432711, - "narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=", + "lastModified": 1752048960, + "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f", + "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806", "type": "github" }, "original": { @@ -258,11 +258,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751271578, - "narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=", + "lastModified": 1751984180, + "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df", + "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", "type": "github" }, "original": { diff --git a/modules/common-modules/overlays/default.nix b/modules/common-modules/overlays/default.nix index 1fab060..465e83f 100644 --- a/modules/common-modules/overlays/default.nix +++ b/modules/common-modules/overlays/default.nix @@ -2,5 +2,6 @@ {inputs, ...}: { nixpkgs.overlays = [ inputs.steam-fetcher.overlays.default + inputs.nix-vscode-extensions.overlays.default ]; } From 9650c7335a268ab29dd530c870197615a45215d8 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Jul 2025 18:02:05 -0500 Subject: [PATCH 11/30] installed copilot for vscode --- .../home-manager/leyla/packages/vscode/default.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 74673a0..8a5e15e 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -50,8 +50,10 @@ in { }) ]; - extensions = ( - with pkgs.open-vsx; + extensions = let + extension-pkgs = pkgs.nix-vscode-extensions.forVSCodeVersion config.programs.vscode.package.version; + in ( + with extension-pkgs.open-vsx; [ # vs code feel extensions ms-vscode.atom-keybindings @@ -90,7 +92,7 @@ in { kamadorueda.alejandra ]) ++ ( - with pkgs.vscode-marketplace; + with extension-pkgs.vscode-marketplace; [ # js extensions karyfoundation.nearley @@ -98,7 +100,7 @@ in { ++ (lib.lists.optionals ai-tooling-enabled [ # continue.continue github.copilot - github.copilot-chat + # github.copilot-chat ]) ) ); From c863b8c4b5a7180d743937710063d8457c4114a9 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 11 Jul 2025 18:08:06 -0500 Subject: [PATCH 12/30] removed copilot --- .../home-manager/leyla/packages/vscode/default.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 8a5e15e..696f770 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -46,7 +46,7 @@ in { }; }) (lib.mkIf ai-tooling-enabled { - # "continue.telemetryEnabled" = false; + "continue.telemetryEnabled" = false; }) ]; @@ -98,9 +98,7 @@ in { karyfoundation.nearley ] ++ (lib.lists.optionals ai-tooling-enabled [ - # continue.continue - github.copilot - # github.copilot-chat + continue.continue ]) ) ); From 1d7e0d11f04524827ada4515f49f8447c22c0f16 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 11:53:53 -0500 Subject: [PATCH 13/30] removed continue vscode plugin --- configurations/home-manager/leyla/default.nix | 26 ------- .../leyla/packages/vscode/default.nix | 8 +- modules/home-manager-modules/continue.nix | 73 ------------------- modules/home-manager-modules/default.nix | 1 - 4 files changed, 3 insertions(+), 105 deletions(-) delete mode 100644 modules/home-manager-modules/continue.nix diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 49abfe1..538eab8 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -82,31 +82,5 @@ # EDITOR = "emacs"; }; }; - - user = { - continue = { - enable = true; - docs = { - "Continue Docs" = { - startUrl = "https://docs.continue.dev"; - }; - "Nixpkgs" = { - startUrl = "https://ryantm.github.io/nixpkgs/#preface"; - }; - "Nix Manual" = { - startUrl = "https://nixos.org/manual/nixos/stable/"; - }; - "Home manager Manual" = { - startUrl = "https://nix-community.github.io/home-manager/"; - }; - "Nix Docs" = { - startUrl = "https://nix.dev/index.html"; - }; - "Linux Man Page" = { - startUrl = "https://linux.die.net/man/"; - }; - }; - }; - }; }; } diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 696f770..89ee876 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -6,7 +6,7 @@ ... }: let nix-development-enabled = osConfig.host.nix-development.enable; - ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; + ai-tooling-enabled = osConfig.host.ai.enable; in { config = lib.mkIf config.user.isDesktopUser { programs = { @@ -46,8 +46,7 @@ in { }; }) (lib.mkIf ai-tooling-enabled { - "continue.telemetryEnabled" = false; - }) + }) ]; extensions = let @@ -98,8 +97,7 @@ in { karyfoundation.nearley ] ++ (lib.lists.optionals ai-tooling-enabled [ - continue.continue - ]) + ]) ) ); }; diff --git a/modules/home-manager-modules/continue.nix b/modules/home-manager-modules/continue.nix deleted file mode 100644 index 20ec52b..0000000 --- a/modules/home-manager-modules/continue.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - lib, - pkgs, - config, - osConfig, - ... -}: let - ai-tooling-enabled = config.user.continue.enable && osConfig.host.ai.enable; -in { - options.user.continue = { - enable = lib.mkEnableOption "should continue be enabled on this machine"; - docs = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - name = lib.mkOption { - type = lib.types.str; - default = name; - }; - startUrl = lib.mkOption { - type = lib.types.str; - }; - }; - })); - }; - context = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({name, ...}: { - options = { - provider = lib.mkOption { - type = lib.types.str; - default = name; - }; - }; - })); - default = { - "code" = {}; - "docs" = {}; - "diff" = {}; - "terminal" = {}; - "problems" = {}; - "folder" = {}; - "codebase" = {}; - }; - }; - }; - - config = - lib.mkIf ai-tooling-enabled - (lib.mkMerge [ - { - home = { - file = { - ".continue/config.yaml".source = (pkgs.formats.yaml {}).generate "continue-config" { - name = "Assistant"; - version = "1.0.0"; - schema = "v1"; - models = lib.attrsets.attrValues osConfig.host.ai.models; - context = lib.attrsets.attrValues config.user.continue.context; - docs = lib.attrsets.attrValues config.user.continue.docs; - }; - }; - }; - } - (lib.mkIf osConfig.host.impermanence.enable { - home.persistence."/persist${config.home.homeDirectory}" = { - directories = [ - ".continue/index" - ".continue/sessions" - ]; - allowOther = true; - }; - }) - ]); -} diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index f83f143..4c085a5 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -6,7 +6,6 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix - ./continue.nix ./gnome.nix ./programs ]; From 3ce9b625d1630bccef9cf89fe70a0f0c29e21063 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 15:00:59 -0500 Subject: [PATCH 14/30] fixed home assistant --- .../nixos/defiant/configuration.nix | 9 +- modules/nixos-modules/server/adguardhome.nix | 2 +- modules/nixos-modules/server/default.nix | 2 +- .../nixos-modules/server/home-assistant.nix | 220 +++++++++--------- modules/nixos-modules/server/podman.nix | 2 +- .../server/virt-home-assistant.nix | 155 ------------ 6 files changed, 122 insertions(+), 268 deletions(-) delete mode 100644 modules/nixos-modules/server/virt-home-assistant.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 7d9c6d8..9824e56 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -282,10 +282,11 @@ subdomain = "search"; }; - virt-home-assistant = { - enable = false; - networkBridge = "bond0"; - hostDevice = "0x10c4:0xea60"; + home-assistant = { + enable = true; + subdomain = "home"; + openFirewall = true; + database = "postgres"; }; qbittorrent = { diff --git a/modules/nixos-modules/server/adguardhome.nix b/modules/nixos-modules/server/adguardhome.nix index 866ad8a..abd1254 100644 --- a/modules/nixos-modules/server/adguardhome.nix +++ b/modules/nixos-modules/server/adguardhome.nix @@ -6,7 +6,7 @@ dnsPort = 53; in { options.host.adguardhome = { - enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + enable = lib.mkEnableOption "should ad guard home be enabled on this computer"; directory = lib.mkOption { type = lib.types.str; default = "/var/lib/AdGuardHome/"; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 7beee8b..83a0830 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -8,7 +8,7 @@ ./jellyfin.nix ./forgejo.nix ./searx.nix - ./virt-home-assistant.nix + ./home-assistant.nix ./adguardhome.nix ./immich.nix ./qbittorent.nix diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index a90bd6d..7497995 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,130 +1,138 @@ { lib, config, - inputs, ... }: let configDir = "/var/lib/hass"; + dbUser = "hass"; in { - options.host.home-assistant = { - enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + options.services.home-assistant = { subdomain = lib.mkOption { type = lib.types.str; description = "subdomain of base domain that home-assistant will be hosted at"; default = "home-assistant"; }; + + database = lib.mkOption { + type = lib.types.enum [ + "builtin" + "postgres" + ]; + description = "what database do we want to use"; + default = "builtin"; + }; }; - config = lib.mkIf config.host.home-assistant.enable (lib.mkMerge [ + config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ { - virtualisation.libvirt = { - swtpm.enable = true; - connections."qemu:///session" = { - networks = [ - { - definition = inputs.nix-virt.lib.network.writeXML (inputs.nix-virt.lib.network.templates.bridge - { - uuid = "d57e37e2-311f-4e5c-a484-97c2210c2770"; - subnet_byte = 71; - }); - active = true; - } - ]; - domains = [ - { - definition = inputs.nix-virt.lib.domain.writeXML (inputs.nix-virt.lib.domain.templates.linux - { - name = "Home Assistant"; - uuid = "c5cc0efc-6101-4c1d-be31-acbba203ccde"; - memory = { - count = 4; - unit = "GiB"; - }; - # storage_vol = { - # pool = "MyPool"; - # volume = "Penguin.qcow2"; - # }; - }); - } - ]; + host = { + reverse_proxy.subdomains.${config.services.home-assistant.subdomain} = { + target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + add_header Upgrade $http_upgrade; + add_header Connection \"upgrade\"; + + proxy_buffering off; + + proxy_read_timeout 90; + ''; }; }; - # systemd.tmpfiles.rules = [ - # "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" - # ]; - # services.home-assistant = { - # enable = true; - # configDir = configDir; - # extraComponents = [ - # "met" - # "radio_browser" - # "isal" - # "zha" - # "jellyfin" - # "webostv" - # "tailscale" - # "syncthing" - # "sonos" - # "analytics_insights" - # "unifi" - # "openweathermap" - # ]; - # config = { - # http = { - # server_port = 8082; - # use_x_forwarded_for = true; - # trusted_proxies = ["127.0.0.1" "::1"]; - # ip_ban_enabled = true; - # login_attempts_threshold = 10; - # }; - # # recorder.db_url = "postgresql://@/${db_user}"; - # "automation manual" = []; - # "automation ui" = "!include automations.yaml"; - # }; - # extraPackages = python3Packages: - # with python3Packages; [ - # hassil - # numpy - # gtts - # ]; - # }; - # host = { - # reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = { - # target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; + services.home-assistant = { + configDir = configDir; + extraComponents = [ + "met" + "radio_browser" + "isal" + "zha" + "jellyfin" + "webostv" + "tailscale" + "syncthing" + "sonos" + "analytics_insights" + "unifi" + "openweathermap" + "ollama" + ]; + config = { + http = { + server_port = 8123; + use_x_forwarded_for = true; + trusted_proxies = ["127.0.0.1" "::1"]; + ip_ban_enabled = true; + login_attempts_threshold = 10; + }; + recorder.db_url = "postgresql://@/${dbUser}"; + "automation manual" = []; + "automation ui" = "!include automations.yaml"; + }; + extraPackages = python3Packages: + with python3Packages; [ + hassil + numpy + gtts + ]; + }; - # websockets.enable = true; - # forwardHeaders.enable = true; - - # extraConfig = '' - # add_header Upgrade $http_upgrade; - # add_header Connection \"upgrade\"; - - # proxy_buffering off; - - # proxy_read_timeout 90; - # ''; - # }; - # }; + systemd.tmpfiles.rules = [ + "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" + ]; } + (lib.mkIf (config.services.home-assistant.database == "postgres") { + host = { + postgres = { + enable = true; + extraUsers = { + ${dbUser} = { + isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${dbUser} = { + name = dbUser; + }; + }; + }; + }; + + services.home-assistant = { + extraPackages = python3Packages: + with python3Packages; [ + psycopg2 + ]; + }; + + systemd.services.home-assistant = { + requires = [ + config.systemd.services.postgresql.name + ]; + }; + }) (lib.mkIf config.host.impermanence.enable { - # assertions = [ - # { - # assertion = config.services.home-assistant.configDir == configDir; - # message = "home assistant config directory does not match persistence"; - # } - # ]; - # environment.persistence."/persist/system/root" = { - # enable = true; - # hideMounts = true; - # directories = [ - # { - # directory = configDir; - # user = "hass"; - # group = "hass"; - # } - # ]; - # }; + assertions = [ + { + assertion = config.services.home-assistant.configDir == configDir; + message = "home assistant config directory does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = configDir; + user = "hass"; + group = "hass"; + } + ]; + }; }) ]); } diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix index e806e65..9301140 100644 --- a/modules/nixos-modules/server/podman.nix +++ b/modules/nixos-modules/server/podman.nix @@ -4,7 +4,7 @@ ... }: { options.host.podman = { - enable = lib.mkEnableOption "should home-assistant be enabled on this computer"; + enable = lib.mkEnableOption "should podman be enabled on this computer"; macvlan = { subnet = lib.mkOption { type = lib.types.str; diff --git a/modules/nixos-modules/server/virt-home-assistant.nix b/modules/nixos-modules/server/virt-home-assistant.nix deleted file mode 100644 index 4212668..0000000 --- a/modules/nixos-modules/server/virt-home-assistant.nix +++ /dev/null @@ -1,155 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - options.services.virt-home-assistant = { - enable = lib.mkEnableOption "Wether to enable home assistant virtual machine"; - networkBridge = lib.mkOption { - type = lib.types.str; - description = "what network bridge should we attach to the image"; - }; - hostDevice = lib.mkOption { - type = lib.types.str; - description = "what host devices should be attached to the image"; - }; - initialVersion = lib.mkOption { - type = lib.types.str; - description = "what home assistant image version should we pull for initial instal"; - default = "15.0"; - }; - imageName = lib.mkOption { - type = lib.types.str; - description = "where should the image be installed to"; - default = "home-assistant.qcow2"; - }; - installLocation = lib.mkOption { - type = lib.types.str; - description = "where should the image be installed to"; - default = "/etc/hass"; - }; - virtualMachineName = lib.mkOption { - type = lib.types.str; - description = "what name should we give the virtual machine"; - default = "home-assistant"; - }; - subdomain = lib.mkOption { - type = lib.types.str; - description = "subdomain of base domain that home-assistant will be hosted at"; - default = "home-assistant"; - }; - }; - config = lib.mkIf config.services.virt-home-assistant.enable (lib.mkMerge [ - { - # environment.systemPackages = with pkgs; [ - # virt-manager - # ]; - - # TODO: move this to external module and just have an assertion here that its enabled - # enable virtualization on the system - virtualisation = { - libvirtd = { - enable = true; - qemu.ovmf.enable = true; - }; - }; - - # TODO: deactivation script? - # create service to install and start the container - systemd.services.virt-install-home-assistant = let - # TODO: all of these need to be escaped to be used in commands reliably - bridgedNetwork = config.services.virt-home-assistant.networkBridge; - hostDevice = config.services.virt-home-assistant.hostDevice; - virtualMachineName = config.services.virt-home-assistant.virtualMachineName; - imageName = config.services.virt-home-assistant.imageName; - installLocation = config.services.virt-home-assistant.installLocation; - installImage = "${installLocation}/${imageName}"; - initialVersion = config.services.virt-home-assistant.initialVersion; - - home-assistant-qcow2 = pkgs.fetchurl { - name = "home-assistant.qcow2"; - url = "https://github.com/home-assistant/operating-system/releases/download/${initialVersion}/haos_ova-${initialVersion}.qcow2.xz"; - hash = "sha256-V1BEjvvLNbMMKJVyMCmipjQ/3owoJteeVxoF9LDHo1U="; - postFetch = '' - cp $out src.xz - rm -r $out - ${pkgs.xz}/bin/unxz src.xz --stdout > $out/${imageName} - ''; - }; - - # Write a script to install the Home Assistant OS qcow2 image - virtInstallScript = pkgs.writeShellScriptBin "virt-install-hass" '' - # Copy the initial image out of the package store to the install location if we don't have one yet - if [ ! -f ${installImage} ]; then - cp ${home-assistant-qcow2} ${installLocation} - fi - - # Check if VM already exists, and other pre-conditions - if ! ${pkgs.libvirt}/bin/virsh list --all | grep -q ${virtualMachineName}; then - ${pkgs.virt-manager}/bin/virt-install --name ${virtualMachineName} \ - --description "Home Assistant OS" \ - --os-variant=generic \ - --boot uefi \ - --ram=2048 \ - --vcpus=2 \ - --import \ - --disk ${installImage},bus=sata \ - --network bridge=${bridgedNetwork} \ - --host-device ${hostDevice} \ - --graphics none - ${pkgs.libvirt}/bin/virsh autostart ${virtualMachineName} - fi - ''; - in { - description = "Install and start Home Assistant"; - wantedBy = ["multi-user.target"]; - after = ["local-fs.target"]; - requires = ["libvirtd.service"]; - serviceConfig.Type = "oneshot"; - serviceConfig = { - ExecStart = "${virtInstallScript}/bin/virt-install-hass"; - }; - }; - - # TODO: figure out what we need to proxy to the virtual image - # host = { - # reverse_proxy.subdomains.${config.services.virt-home-assistant.subdomain} = { - # target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}"; - - # websockets.enable = true; - # forwardHeaders.enable = true; - - # extraConfig = '' - # add_header Upgrade $http_upgrade; - # add_header Connection \"upgrade\"; - - # proxy_buffering off; - - # proxy_read_timeout 90; - # ''; - # }; - # }; - } - (lib.mkIf config.services.fail2ban.enable { - # TODO: figure out how to write a config for this, prob based on nginx proxy logs? - }) - (lib.mkIf config.host.impermanence.enable { - # assertions = [ - # { - # assertion = config.services.virt-home-assistant.installLocation == configDir; - # message = "home assistant install location does not match persistence"; - # } - # ]; - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.virt-home-assistant.installLocation; - } - ]; - }; - }) - ]); -} From 644f9371ebfe91fdc535d5b8fad2c8a22e14a994 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 15:04:44 -0500 Subject: [PATCH 15/30] added home assistant to fail2ban --- modules/nixos-modules/server/fail2ban.nix | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index be83e6f..1851e33 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -61,16 +61,16 @@ in { bantime = 600; maxretry = 5; }; - # home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - # enabled = true; - # filter = "hass"; - # action = ''iptables-multiport[name=HTTP, port="http,https"]''; - # logpath = "${config.services.home-assistant.configDir}/*.log"; - # backend = "auto"; - # findtime = 600; - # bantime = 600; - # maxretry = 5; - # }; + home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { + enabled = true; + filter = "hass"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; # TODO; figure out if there is any fail2ban things we can do on searx # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; }; From 3631ba11a8ee10f53e222f180f252943ca8e7df4 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 15:06:32 -0500 Subject: [PATCH 16/30] removed unused parts of configuration --- .../nixos/defiant/configuration.nix | 7 -- modules/nixos-modules/server/adguardhome.nix | 72 ------------------- modules/nixos-modules/server/default.nix | 1 - 3 files changed, 80 deletions(-) delete mode 100644 modules/nixos-modules/server/adguardhome.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 9824e56..2b221ab 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -109,13 +109,6 @@ }; }; }; - # home-assistant = { - # enable = false; - # subdomain = "home"; - # }; - adguardhome = { - enable = false; - }; }; systemd.network = { diff --git a/modules/nixos-modules/server/adguardhome.nix b/modules/nixos-modules/server/adguardhome.nix deleted file mode 100644 index abd1254..0000000 --- a/modules/nixos-modules/server/adguardhome.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - lib, - config, - ... -}: let - dnsPort = 53; -in { - options.host.adguardhome = { - enable = lib.mkEnableOption "should ad guard home be enabled on this computer"; - directory = lib.mkOption { - type = lib.types.str; - default = "/var/lib/AdGuardHome/"; - }; - }; - config = lib.mkIf config.host.adguardhome.enable (lib.mkMerge [ - { - services.adguardhome = { - enable = true; - mutableSettings = false; - settings = { - dns = { - bootstrap_dns = [ - "1.1.1.1" - "9.9.9.9" - ]; - upstream_dns = [ - "dns.quad9.net" - ]; - }; - filtering = { - protection_enabled = true; - filtering_enabled = true; - - parental_enabled = false; # Parental control-based DNS requests filtering. - safe_search = { - enabled = false; # Enforcing "Safe search" option for search engines, when possible. - }; - }; - # The following notation uses map - # to not have to manually create {enabled = true; url = "";} for every filter - # This is, however, fully optional - filters = - map (url: { - enabled = true; - url = url; - }) [ - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist - ]; - }; - }; - - networking.firewall.allowedTCPPorts = [ - dnsPort - ]; - } - (lib.mkIf config.host.impermanence.enable { - environment.persistence."/persist/system/root" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.host.adguardhome.directory; - user = "adguardhome"; - group = "adguardhome"; - } - ]; - }; - }) - ]); -} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 83a0830..5f63925 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -9,7 +9,6 @@ ./forgejo.nix ./searx.nix ./home-assistant.nix - ./adguardhome.nix ./immich.nix ./qbittorent.nix ]; From 9699472b1ecefbfae9033590cc680ef6e2f48d15 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 15:36:02 -0500 Subject: [PATCH 17/30] update readme --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bc31eca..75ff24c 100644 --- a/README.md +++ b/README.md @@ -66,5 +66,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html - migrate away from flakes and move to npins - fix nfs -- fix home assistant -- create adguard server \ No newline at end of file +- crab-hole +- nix mcp +- figure out ai vs code plugin +- whisper \ No newline at end of file From 776bf8f7442d212aba194d279a9dbb01e65c156c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 18:25:53 -0500 Subject: [PATCH 18/30] updated readme --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 75ff24c..d41b7a3 100644 --- a/README.md +++ b/README.md @@ -41,14 +41,13 @@ nix multi user, multi system, configuration with `sops` secret management, `home ## Research topics - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` -- Look into this for flake templates https://nix.dev/manual/nix/2.22/command-ref/new-cli/nix3-flake-init +- Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ # Tasks: ## Tech Debt - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) -- syncthing folder passwords - nfs export should be backed by the same values for server and client ## New Features - offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) @@ -69,4 +68,6 @@ nix multi user, multi system, configuration with `sops` secret management, `home - crab-hole - nix mcp - figure out ai vs code plugin -- whisper \ No newline at end of file +- whisper +- figure out why syncthing and jellyfins permissions don't propagate downwards +- auto turn off on power loss \ No newline at end of file From 035089be385da1ad5e553876992034607b43b88b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 19:14:32 -0500 Subject: [PATCH 19/30] updated README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d41b7a3..e9a0629 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ nix multi user, multi system, configuration with `sops` secret management, `home - Look into this for auto rotating sops keys `https://technotim.live/posts/rotate-sops-encryption-keys/` - Look into this for npins https://jade.fyi/blog/pinning-nixos-with-npins/ - https://nixos-and-flakes.thiscute.world/ +- nix config mcp https://github.com/utensils/mcp-nixos # Tasks: From b8e21e6c61d5b969ceac78cacbb53d792bf6017c Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sat, 12 Jul 2025 22:44:49 -0500 Subject: [PATCH 20/30] organized README.md --- README.md | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index e9a0629..141c2fd 100644 --- a/README.md +++ b/README.md @@ -51,24 +51,23 @@ nix multi user, multi system, configuration with `sops` secret management, `home - monitor configuration in `~/.config/monitors.xml` should be sym linked to `/run/gdm/.config/monitors.xml` (https://www.reddit.com/r/NixOS/comments/u09cz9/home_manager_create_my_own_symlinks_automatically/) - nfs export should be backed by the same values for server and client ## New Features -- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) -- samba mounts +- crab-hole +- figure out why syncthing and jellyfins permissions don't propagate downwards - figure out steam vr things? -- Open GL? -- rotate sops encryption keys periodically (and somehow sync between devices?) +- auto turn off on power loss - nut - zfs email after scrubbing # TODO: test this -- wake on LAN for updates -- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix +- SMART test with email results +- fix nfs +- samba mounts +- offline access for nfs mounts (overlay with rsync might be a good option here? https://www.spinics.net/lists/linux-unionfs/msg07105.html note about nfs4 and overlay fs) +- Create Tor guard/relay server +- migrate away from flakes and move to npins +- whisper +- figure out ai vs code plugin +- nix mcp - zfs encryption FIDO2 2fa (look into shavee) - Secure Boot - https://github.com/nix-community/lanzaboote -- SMART test with email results -- Create Tor guard/relay server +- rotate sops encryption keys periodically (and somehow sync between devices?) +- wake on LAN for updates - remote distributed builds - https://nix.dev/tutorials/nixos/distributed-builds-setup.html -- migrate away from flakes and move to npins -- fix nfs -- crab-hole -- nix mcp -- figure out ai vs code plugin -- whisper -- figure out why syncthing and jellyfins permissions don't propagate downwards -- auto turn off on power loss \ No newline at end of file +- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix \ No newline at end of file From 0e8a148517cc90cdd3f6c2ac963b010ce7ca958a Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 16:10:30 -0500 Subject: [PATCH 21/30] started to break up home-assistant config --- .../nixos/defiant/configuration.nix | 5 ++++ .../nixos-modules/server/home-assistant.nix | 28 +++++++++++++++++-- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 2b221ab..6655572 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -280,6 +280,11 @@ subdomain = "home"; openFirewall = true; database = "postgres"; + + extensions = { + sonos.enable = true; + jellyfin.enable = true; + }; }; qbittorrent = { diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 7497995..231c2e1 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -21,6 +21,20 @@ in { description = "what database do we want to use"; default = "builtin"; }; + + extensions = { + sonos = { + enable = lib.mkEnableOption "enable the sonos plugin"; + port = lib.mkOption { + type = lib.types.int; + default = 1400; + description = "what port to use for sonos discovery"; + }; + }; + jellyfin = { + enable = lib.mkEnableOption "enable the jellyfin plugin"; + }; + }; }; config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ @@ -50,11 +64,9 @@ in { "radio_browser" "isal" "zha" - "jellyfin" "webostv" "tailscale" "syncthing" - "sonos" "analytics_insights" "unifi" "openweathermap" @@ -80,10 +92,22 @@ in { ]; }; + # TODO: configure /var/lib/hass/secrets.yaml via sops + systemd.tmpfiles.rules = [ "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" ]; } + (lib.mkIf (config.services.home-assistant.extensions.sonos.enable) { + services.home-assistant.extraComponents = ["sonos"]; + networking.firewall.allowedTCPPorts = [ + config.services.home-assistant.extensions.sonos.port + ]; + }) + (lib.mkIf (config.services.home-assistant.extensions.jellyfin.enable) { + services.home-assistant.extraComponents = ["jellyfin"]; + # TODO: configure port, address, and login information here + }) (lib.mkIf (config.services.home-assistant.database == "postgres") { host = { postgres = { From 2e8eba77099804b300597e760389760a446f02a2 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 17:22:46 -0500 Subject: [PATCH 22/30] installed wyoming --- modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/home-assistant.nix | 7 +++ modules/nixos-modules/server/wyoming.nix | 50 +++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 modules/nixos-modules/server/wyoming.nix diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 5f63925..00e506d 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -9,6 +9,7 @@ ./forgejo.nix ./searx.nix ./home-assistant.nix + ./wyoming.nix ./immich.nix ./qbittorent.nix ]; diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 231c2e1..6eb5682 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -34,6 +34,9 @@ in { jellyfin = { enable = lib.mkEnableOption "enable the jellyfin plugin"; }; + wyoming = { + enable = lib.mkEnableOption "enable wyoming"; + }; }; }; @@ -108,6 +111,10 @@ in { services.home-assistant.extraComponents = ["jellyfin"]; # TODO: configure port, address, and login information here }) + (lib.mkIf (config.services.home-assistant.extensions.wyoming.enable) { + services.home-assistant.extraComponents = ["wyoming"]; + services.wyoming.enable = true; + }) (lib.mkIf (config.services.home-assistant.database == "postgres") { host = { postgres = { diff --git a/modules/nixos-modules/server/wyoming.nix b/modules/nixos-modules/server/wyoming.nix new file mode 100644 index 0000000..d41a962 --- /dev/null +++ b/modules/nixos-modules/server/wyoming.nix @@ -0,0 +1,50 @@ +{ + lib, + config, + ... +}: { + options.services.wyoming.enable = lib.mkEnableOption "should wyoming be enabled on this device"; + config = lib.mkIf config.services.wyoming.enable (lib.mkMerge [ + { + services.wyoming.piper = { + servers = { + "en" = { + enable = true; + # see https://github.com/rhasspy/rhasspy3/blob/master/programs/tts/piper/script/download.py + voice = "en-us-amy-low"; + uri = "tcp://0.0.0.0:10200"; + speaker = 0; + }; + }; + }; + + services.wyoming.faster-whisper = { + servers = { + "en" = { + enable = true; + # see https://github.com/rhasspy/rhasspy3/blob/master/programs/asr/faster-whisper/script/download.py + model = "tiny-int8"; + language = "en"; + uri = "tcp://0.0.0.0:10300"; + device = "cpu"; + }; + }; + }; + + # needs access to /proc/cpuinfo + systemd.services."wyoming-faster-whisper-en".serviceConfig.ProcSubset = lib.mkForce "all"; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + enable = true; + hideMounts = true; + directories = [ + { + directory = "/var/lib/private/wyoming"; + mode = "0700"; + } + ]; + }; + }) + ]); +} From 2188954b79aabbf3835ec9af5f1811d672283ece Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 17:39:25 -0500 Subject: [PATCH 23/30] installed open wake word --- .../nixos/defiant/configuration.nix | 1 + modules/nixos-modules/server/wyoming.nix | 49 ++++++++++++------- 2 files changed, 32 insertions(+), 18 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 6655572..3ab557d 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -284,6 +284,7 @@ extensions = { sonos.enable = true; jellyfin.enable = true; + wyoming.enable = true; }; }; diff --git a/modules/nixos-modules/server/wyoming.nix b/modules/nixos-modules/server/wyoming.nix index d41a962..4894dd4 100644 --- a/modules/nixos-modules/server/wyoming.nix +++ b/modules/nixos-modules/server/wyoming.nix @@ -6,29 +6,42 @@ options.services.wyoming.enable = lib.mkEnableOption "should wyoming be enabled on this device"; config = lib.mkIf config.services.wyoming.enable (lib.mkMerge [ { - services.wyoming.piper = { - servers = { - "en" = { - enable = true; - # see https://github.com/rhasspy/rhasspy3/blob/master/programs/tts/piper/script/download.py - voice = "en-us-amy-low"; - uri = "tcp://0.0.0.0:10200"; - speaker = 0; + services.wyoming = { + # Text to speech + piper = { + servers = { + "en" = { + enable = true; + # see https://github.com/rhasspy/rhasspy3/blob/master/programs/tts/piper/script/download.py + voice = "en-us-amy-low"; + uri = "tcp://0.0.0.0:10200"; + speaker = 0; + }; }; }; - }; - services.wyoming.faster-whisper = { - servers = { - "en" = { - enable = true; - # see https://github.com/rhasspy/rhasspy3/blob/master/programs/asr/faster-whisper/script/download.py - model = "tiny-int8"; - language = "en"; - uri = "tcp://0.0.0.0:10300"; - device = "cpu"; + # Speech to text + faster-whisper = { + servers = { + "en" = { + enable = true; + # see https://github.com/rhasspy/rhasspy3/blob/master/programs/asr/faster-whisper/script/download.py + model = "tiny-int8"; + language = "en"; + uri = "tcp://0.0.0.0:10300"; + device = "cpu"; + }; }; }; + + openwakeword = { + enable = true; + uri = "tcp://0.0.0.0:10400"; + preloadModels = [ + "ok_nabu" + ]; + # TODO: custom models + }; }; # needs access to /proc/cpuinfo From 92839b4603b4a820bac53062226f9abd854d1d2b Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 18:30:45 -0500 Subject: [PATCH 24/30] got hass app config closer to working --- modules/nixos-modules/server/home-assistant.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 6eb5682..07dcc03 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -74,6 +74,7 @@ in { "unifi" "openweathermap" "ollama" + "mobile_app" ]; config = { http = { @@ -83,6 +84,10 @@ in { ip_ban_enabled = true; login_attempts_threshold = 10; }; + homeassistant = { + external_url = "https://home.jan-leila.com"; + internal_url = "http://192.168.1.2:8123"; + }; recorder.db_url = "postgresql://@/${dbUser}"; "automation manual" = []; "automation ui" = "!include automations.yaml"; @@ -97,6 +102,10 @@ in { # TODO: configure /var/lib/hass/secrets.yaml via sops + networking.firewall.allowedUDPPorts = [ + 1900 + ]; + systemd.tmpfiles.rules = [ "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" ]; From 2fb56dc2967f97512cb09ff198b35c884984e664 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 13 Jul 2025 19:00:16 -0500 Subject: [PATCH 25/30] moved home-assistant fail2ban config to its own module --- modules/nixos-modules/server/fail2ban.nix | 24 ------------- .../nixos-modules/server/home-assistant.nix | 34 +++++++++++++++++++ 2 files changed, 34 insertions(+), 24 deletions(-) diff --git a/modules/nixos-modules/server/fail2ban.nix b/modules/nixos-modules/server/fail2ban.nix index 1851e33..d19aeeb 100644 --- a/modules/nixos-modules/server/fail2ban.nix +++ b/modules/nixos-modules/server/fail2ban.nix @@ -16,20 +16,6 @@ in { failregex = "limiting requests, excess:.* by zone.*client: " '') ); - # "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( - # pkgs.lib.mkDefault (pkgs.lib.mkAfter '' - # [INCLUDES] - # before = common.conf - - # [Definition] - # failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ - - # ignoreregex = - - # [Init] - # datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S - # '') - # ); }; services.fail2ban = { @@ -61,16 +47,6 @@ in { bantime = 600; maxretry = 5; }; - home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { - enabled = true; - filter = "hass"; - action = ''iptables-multiport[name=HTTP, port="http,https"]''; - logpath = "${config.services.home-assistant.configDir}/*.log"; - backend = "auto"; - findtime = 600; - bantime = 600; - maxretry = 5; - }; # TODO; figure out if there is any fail2ban things we can do on searx # searx-iptables.settings = lib.mkIf config.services.searx.enable {}; }; diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 07dcc03..3e225ff 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -1,5 +1,6 @@ { lib, + pkgs, config, ... }: let @@ -155,6 +156,39 @@ in { ]; }; }) + (lib.mkIf config.services.fail2ban.enable { + environment.etc = { + "fail2ban/filter.d/hass.local".text = lib.mkIf config.services.home-assistant.enable ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [INCLUDES] + before = common.conf + + [Definition] + failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from .*$ + + ignoreregex = + + [Init] + datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S + '') + ); + }; + + services.fail2ban = { + jails = { + home-assistant-iptables.settings = lib.mkIf config.services.home-assistant.enable { + enabled = true; + filter = "hass"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.home-assistant.configDir}/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; + }) (lib.mkIf config.host.impermanence.enable { assertions = [ { From 1e5eed80c16c5f9049773bae0df4d495544585ea Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Jul 2025 10:49:04 -0500 Subject: [PATCH 26/30] installed more home assistant components --- modules/nixos-modules/server/home-assistant.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index 3e225ff..f91e02e 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -64,6 +64,8 @@ in { services.home-assistant = { configDir = configDir; extraComponents = [ + "default_config" + "esphome" "met" "radio_browser" "isal" @@ -76,6 +78,20 @@ in { "openweathermap" "ollama" "mobile_app" + "logbook" + "ssdp" + "usb" + "webhook" + "bluetooth" + "dhcp" + "energy" + "history" + "backup" + "assist_pipeline" + "conversation" + "sun" + "zeroconf" + "cpuspeed" ]; config = { http = { @@ -92,6 +108,7 @@ in { recorder.db_url = "postgresql://@/${dbUser}"; "automation manual" = []; "automation ui" = "!include automations.yaml"; + mobile_app = {}; }; extraPackages = python3Packages: with python3Packages; [ From 3a875e0c1f6587530aa4844c84b7939a2c194cae Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Jul 2025 11:43:45 -0500 Subject: [PATCH 27/30] drafted out paperless config --- .../nixos/defiant/configuration.nix | 5 ++ modules/nixos-modules/server/default.nix | 1 + .../nixos-modules/server/home-assistant.nix | 4 +- modules/nixos-modules/server/paperless.nix | 80 +++++++++++++++++++ modules/nixos-modules/users.nix | 15 ++++ 5 files changed, 103 insertions(+), 2 deletions(-) create mode 100644 modules/nixos-modules/server/paperless.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 3ab557d..0d6173c 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -288,6 +288,11 @@ }; }; + paperless = { + enable = false; + subdomain = "documents"; + }; + qbittorrent = { enable = true; mediaDir = "/srv/qbittorent"; diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 00e506d..95c7096 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -12,5 +12,6 @@ ./wyoming.nix ./immich.nix ./qbittorent.nix + ./paperless.nix ]; } diff --git a/modules/nixos-modules/server/home-assistant.nix b/modules/nixos-modules/server/home-assistant.nix index f91e02e..57bedc1 100644 --- a/modules/nixos-modules/server/home-assistant.nix +++ b/modules/nixos-modules/server/home-assistant.nix @@ -102,8 +102,8 @@ in { login_attempts_threshold = 10; }; homeassistant = { - external_url = "https://home.jan-leila.com"; - internal_url = "http://192.168.1.2:8123"; + external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}"; + # internal_url = "http://192.168.1.2:8123"; }; recorder.db_url = "postgresql://@/${dbUser}"; "automation manual" = []; diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix new file mode 100644 index 0000000..e49249d --- /dev/null +++ b/modules/nixos-modules/server/paperless.nix @@ -0,0 +1,80 @@ +{ + config, + lib, + ... +}: let + dataDir = "/var/lib/paperless"; +in { + options.services.paperless = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that paperless will be hosted at"; + default = "paperless"; + }; + database = { + user = lib.mkOption { + type = lib.types.str; + description = "what is the user and database that we are going to use for paperless"; + default = "paperless"; + }; + }; + }; + + config = lib.mkIf config.services.paperless.enable (lib.mkMerge [ + { + host = { + reverse_proxy.subdomains.${config.services.paperless.subdomain} = { + target = "http://${config.services.paperless.address}:${config.services.paperless.port}"; + + websockets.enable = true; + forwardHeaders.enable = true; + + extraConfig = '' + # allow large file uploads + client_max_body_size 50000M; + ''; + }; + postgres = { + enable = true; + extraUsers = { + ${config.services.paperless.database.user} = { + isClient = true; + }; + }; + }; + }; + services.paperless = { + # TODO: configure passwordFile with sops + configureTika = true; + settings = { + PAPERLESS_URL = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; + + PAPERLESS_DBENGINE = "postgresql"; + PAPERLESS_DBHOST = "/run/postgresql"; + PAPERLESS_DBNAME = config.services.paperless.database.user; + PAPERLESS_DBUSER = config.services.paperless.database.user; + }; + }; + } + (lib.mkIf config.services.fail2ban.enable { + # TODO: fail2ban config + }) + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.paperless.dataDir == dataDir; + message = "paperless data location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataDir; + user = "paperless"; + group = "paperless"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 68bd78b..a774e44 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -24,6 +24,7 @@ git = 2009; immich = 2010; qbittorrent = 2011; + paperless = 2012; }; gids = { @@ -40,6 +41,7 @@ git = 2009; immich = 2010; qbittorrent = 2011; + paperless = 2012; }; users = config.users.users; @@ -169,6 +171,12 @@ in { isNormalUser = true; group = config.users.users.qbittorrent.name; }; + + paperless = { + uid = lib.mkForce uids.paperless; + isSystemUser = true; + group = config.users.users.paperless.name; + }; }; groups = { @@ -273,6 +281,13 @@ in { leyla ]; }; + + paperless = { + gid = lib.mkForce gids.paperless; + members = [ + users.paperless.name + ]; + }; }; }; } From c8f163ed0c1950ea5f0cd25bef96d3a912f13526 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 14 Jul 2025 19:38:24 -0500 Subject: [PATCH 28/30] fixed paperless --- .../nixos/defiant/configuration.nix | 9 ++++- flake.lock | 26 ++++++------- modules/nixos-modules/server/forgejo.nix | 6 +++ modules/nixos-modules/server/jellyfin.nix | 4 +- modules/nixos-modules/server/paperless.nix | 38 +++++++++++++++++-- nix-config-secrets | 2 +- 6 files changed, 64 insertions(+), 21 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 0d6173c..960e90b 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -17,6 +17,12 @@ "services/zfs_smtp_token" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; + "services/paperless_password" = { + sopsFile = "${inputs.secrets}/defiant-services.yaml"; + mode = "0700"; + owner = "paperless"; + group = "paperless"; + }; }; host = { @@ -289,8 +295,9 @@ }; paperless = { - enable = false; + enable = true; subdomain = "documents"; + passwordFile = config.sops.secrets."services/paperless_password".path; }; qbittorrent = { diff --git a/flake.lock b/flake.lock index a60584d..a32ae84 100644 --- a/flake.lock +++ b/flake.lock @@ -28,11 +28,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1752269946, - "narHash": "sha256-vL26J2f9uXvwBNkfwYH1v75VwN22ZLhBcyZeenJwnCU=", + "lastModified": 1752379414, + "narHash": "sha256-0R3slhrjrnzyxR/fAYy5UliZvSgaVS38YCESBdH5RJw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9885400dbd82f9b2970b30e18f233404416f7cca", + "rev": "51e77bb95540b7dd6c60f8fd65a0c472a2c9c3b7", "type": "gitlab" }, "original": { @@ -115,11 +115,11 @@ ] }, "locked": { - "lastModified": 1752265577, - "narHash": "sha256-YhnBM3oknReSFTAuc2SMwekwjl9nDd5PUhcar4DsefM=", + "lastModified": 1752467539, + "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", "owner": "nix-community", "repo": "home-manager", - "rev": "3976e0507edc9a5f332cb2be93fa20e646d22374", + "rev": "1e54837569e0b80797c47be4720fab19e0db1616", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1752200230, - "narHash": "sha256-WqqWjRX4qZYqO/cgvU/ZEzJBQqHBi17OEVv2kt05WiU=", + "lastModified": 1752459325, + "narHash": "sha256-46TgjdxT02a4nFd9HCXCf8kK5ZSH7r9gYROLtc8zVOg=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "3c866dfb70d282247452742098d315b97df713d2", + "rev": "61c2e99ebd586f463a6c0ebe3d931e74883b163d", "type": "github" }, "original": { @@ -293,11 +293,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1749061163, - "narHash": "sha256-WflcbitH7ErNZBFqZCdy1ODUqKF51xbu2zYfqA35+1M=", + "lastModified": 1752531440, + "narHash": "sha256-04tQ3EUrtmZ7g6fVUkZC4AbAG+Z7lng79qU3jsiqWJY=", "ref": "refs/heads/main", - "rev": "1c5c059c0c7b6ce691993262fe10a2b63e1c31ba", - "revCount": 19, + "rev": "f016767c13aa36dde91503f7a9f01bdd02468045", + "revCount": 20, "type": "git", "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" }, diff --git a/modules/nixos-modules/server/forgejo.nix b/modules/nixos-modules/server/forgejo.nix index 40a5303..7898daa 100644 --- a/modules/nixos-modules/server/forgejo.nix +++ b/modules/nixos-modules/server/forgejo.nix @@ -28,6 +28,12 @@ in { extraUsers = { ${db_user} = { isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${db_user} = { + name = db_user; }; }; }; diff --git a/modules/nixos-modules/server/jellyfin.nix b/modules/nixos-modules/server/jellyfin.nix index a8bbe71..bad04c9 100644 --- a/modules/nixos-modules/server/jellyfin.nix +++ b/modules/nixos-modules/server/jellyfin.nix @@ -55,7 +55,7 @@ in { } (lib.mkIf config.services.fail2ban.enable { environment.etc = { - "fail2ban/filter.d/jellyfin.local".text = lib.mkIf config.services.jellyfin.enable ( + "fail2ban/filter.d/jellyfin.local".text = ( pkgs.lib.mkDefault (pkgs.lib.mkAfter '' [Definition] failregex = "^.*Authentication request for .* has been denied \\\(IP: \"\"\\\)\\\." @@ -65,7 +65,7 @@ in { services.fail2ban = { jails = { - jellyfin-iptables.settings = lib.mkIf config.services.jellyfin.enable { + jellyfin-iptables.settings = { enabled = true; filter = "jellyfin"; action = ''iptables-multiport[name=HTTP, port="http,https"]''; diff --git a/modules/nixos-modules/server/paperless.nix b/modules/nixos-modules/server/paperless.nix index e49249d..0243d53 100644 --- a/modules/nixos-modules/server/paperless.nix +++ b/modules/nixos-modules/server/paperless.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, ... }: let dataDir = "/var/lib/paperless"; @@ -24,7 +25,7 @@ in { { host = { reverse_proxy.subdomains.${config.services.paperless.subdomain} = { - target = "http://${config.services.paperless.address}:${config.services.paperless.port}"; + target = "http://${config.services.paperless.address}:${toString config.services.paperless.port}"; websockets.enable = true; forwardHeaders.enable = true; @@ -39,15 +40,20 @@ in { extraUsers = { ${config.services.paperless.database.user} = { isClient = true; + createUser = true; + }; + }; + extraDatabases = { + ${config.services.paperless.database.user} = { + name = config.services.paperless.database.user; }; }; }; }; services.paperless = { - # TODO: configure passwordFile with sops configureTika = true; settings = { - PAPERLESS_URL = "${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; + PAPERLESS_URL = "https://${config.services.paperless.subdomain}.${config.host.reverse_proxy.hostname}"; PAPERLESS_DBENGINE = "postgresql"; PAPERLESS_DBHOST = "/run/postgresql"; @@ -57,7 +63,31 @@ in { }; } (lib.mkIf config.services.fail2ban.enable { - # TODO: fail2ban config + environment.etc = { + "fail2ban/filter.d/paperless.local".text = ( + pkgs.lib.mkDefault (pkgs.lib.mkAfter '' + [Definition] + failregex = Login failed for user `.*` from (?:IP|private IP) ``\.$ + ignoreregex = + + '') + ); + }; + + services.fail2ban = { + jails = { + paperless.settings = { + enabled = true; + filter = "paperless"; + action = ''iptables-multiport[name=HTTP, port="http,https"]''; + logpath = "${config.services.paperless.dataDir}/log/*.log"; + backend = "auto"; + findtime = 600; + bantime = 600; + maxretry = 5; + }; + }; + }; }) (lib.mkIf config.host.impermanence.enable { assertions = [ diff --git a/nix-config-secrets b/nix-config-secrets index 1c5c059..f016767 160000 --- a/nix-config-secrets +++ b/nix-config-secrets @@ -1 +1 @@ -Subproject commit 1c5c059c0c7b6ce691993262fe10a2b63e1c31ba +Subproject commit f016767c13aa36dde91503f7a9f01bdd02468045 From 3f3ae74fac8f7437d4510fa4ca79c9f96743a594 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Fri, 18 Jul 2025 21:19:18 -0500 Subject: [PATCH 29/30] enabled ollama on horizon --- configurations/nixos/horizon/configuration.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/configurations/nixos/horizon/configuration.nix b/configurations/nixos/horizon/configuration.nix index 42dcbb9..99b6ee9 100644 --- a/configurations/nixos/horizon/configuration.nix +++ b/configurations/nixos/horizon/configuration.nix @@ -126,6 +126,13 @@ }; syncthing.enable = true; + + ollama = { + enable = true; + loadModels = [ + "llama3.1:8b" + ]; + }; }; # Enable touchpad support (enabled default in most desktopManager). From 358f0394607843d23f659d6aae633c1c29b1a9ef Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Mon, 21 Jul 2025 19:35:11 -0500 Subject: [PATCH 30/30] created custom vscode extension --- .../leyla/packages/vscode/default.nix | 5 +++ .../pkgs/codium-extensions/ai-code.nix | 42 +++++++++++++++++++ .../pkgs/codium-extensions/default.nix | 3 ++ modules/common-modules/pkgs/default.nix | 3 ++ 4 files changed, 53 insertions(+) create mode 100644 modules/common-modules/pkgs/codium-extensions/ai-code.nix create mode 100644 modules/common-modules/pkgs/codium-extensions/default.nix diff --git a/configurations/home-manager/leyla/packages/vscode/default.nix b/configurations/home-manager/leyla/packages/vscode/default.nix index 89ee876..f911104 100644 --- a/configurations/home-manager/leyla/packages/vscode/default.nix +++ b/configurations/home-manager/leyla/packages/vscode/default.nix @@ -99,6 +99,11 @@ in { ++ (lib.lists.optionals ai-tooling-enabled [ ]) ) + ++ ( + with pkgs.codium-extensions; [ + ai-code + ] + ) ); }; }; diff --git a/modules/common-modules/pkgs/codium-extensions/ai-code.nix b/modules/common-modules/pkgs/codium-extensions/ai-code.nix new file mode 100644 index 0000000..ccd4cb8 --- /dev/null +++ b/modules/common-modules/pkgs/codium-extensions/ai-code.nix @@ -0,0 +1,42 @@ +{ + buildNpmPackage, + vscode-utils, + pkgs, + ... +}: let + version = "0.0.1"; + pname = "ai-code"; + publisher = "jan-leila"; + vsix = buildNpmPackage { + inherit version pname; + + src = builtins.fetchGit { + url = "ssh://git@git.jan-leila.com/jan-leila/ai-code.git"; + rev = "480b51830602b28009e6b5c5014e7e2970a0a3b3"; + }; + + npmDepsHash = "sha256-WxLb+e0itOCIRXpVOjcbPm6QNWbdSKZOPeXLyOa4ROQ="; + + nativeBuildInputs = with pkgs; [ + vsce + ]; + + buildPhase = '' + ${pkgs.vsce}/bin/vsce package -o ${pname}.zip + ''; + + installPhase = '' + mkdir -p $out + mv ${pname}.zip $out/${pname}.zip + ''; + }; +in + vscode-utils.buildVscodeExtension { + inherit pname version; + + src = "${vsix}/${pname}.zip"; + + vscodeExtUniqueId = "${publisher}.${pname}"; + vscodeExtPublisher = publisher; + vscodeExtName = pname; + } diff --git a/modules/common-modules/pkgs/codium-extensions/default.nix b/modules/common-modules/pkgs/codium-extensions/default.nix new file mode 100644 index 0000000..a60e8a0 --- /dev/null +++ b/modules/common-modules/pkgs/codium-extensions/default.nix @@ -0,0 +1,3 @@ +{pkgs, ...}: { + ai-code = pkgs.callPackage ./ai-code.nix {}; +} diff --git a/modules/common-modules/pkgs/default.nix b/modules/common-modules/pkgs/default.nix index e955354..16f3a3c 100644 --- a/modules/common-modules/pkgs/default.nix +++ b/modules/common-modules/pkgs/default.nix @@ -19,5 +19,8 @@ (final: prev: { gdx-liftoff = pkgs.callPackage ./gdx-liftoff.nix {}; }) + (final: prev: { + codium-extensions = pkgs.callPackage ./codium-extensions {}; + }) ]; }